© Bruno Sommerfeld | Dreamstime
Cybersecurity Hacker 6056406ec79b8

COVID-19 Unemployment Scams Persist

March 20, 2021
Teach your employees about how they can be vigilant. An EHS Today Intelligence exclusive.

ANALYSIS

In the rush to get financial assistance to Americans who were hurt in the economic turmoil created by the COVID-19 pandemic, a number of highly successful and extraordinarily expensive unemployment scams have arisen from the resulting bureaucratic confusion. Caught too late, these scams have resulted in losses that have been measured in the hundreds of millions of dollars.

These kind of unemployment scams may not be as much in evidence in the news lately, but they are still around and represent an ongoing danger to both employers and employees. “Threat actors continue to exploit overwhelmed governmental agencies and are filing claims for benefits using the personal information of people who have not lost their jobs,” say attorneys Jay Carle and Scott Carlson of the Seyfarth Shaw law firm.

“This fraud is a sharp reminder that sensitive personal information in the wrong hands can result in tremendous harm. Employers should remain vigilant and alert their workforce, promptly challenge fraudulent claims, and check cybersecurity practices and policies to help protect against this and other cyber threats.”

The total number of unemployment claims that have been filed during the coronavirus pandemic are estimated at upwards of nearly 53 million. State agencies that process unemployment insurance claims were already understaffed and dependent on older technology and fraud detention protocols. It didn’t take long for the scammers to uncover and exploit these weaknesses after the state agencies quickly become totally overwhelmed by the crush of applications.

“The resulting delays and chaos in processing so many unemployment claims in such a short time has set the perfect stage for threat actors to take advantage, and the threat has continued into 2021,” explain Carle and Carlson.

Before the pandemic, when an unemployment claim was filed, the state agency usually would send a timely notice to an employer to provide them with an opportunity to protest the claim. In normal circumstances, the employer would then have about 10 days to challenge the claim.

Because of the overwhelming numbers of claims that were filed during the pandemic, unemployment offices found this schedule impossible to meet, taking months rather than days to get the notices out to employers. The end result is that employers have been receiving the protest notices long after the time has expired to protest the claim.

Most employees learn this has happened when they get a notice from the state unemployment benefits office about their supposed application for benefits. “By then, however, the benefits usually have been paid to an account the criminals’ control,” Carle and Carlson note. “Further, it is not clear given the magnitude of claims and impact on individuals whether in some instances agencies are paying even before they send the protest notice.”

Employers and individuals affected by the scam are then left to find out the source of the Personal Identifying Information (PII) used in the fraud. For this unemployment scam to work, it usually requires possession of at least four critical pieces of information obtained from the employee—name, employer, Social Security number, and date of birth.

A number of the state agencies responsible for maintaining this information have begun requiring additional forms of information such as driver license numbers. However, that has just created a new approach for attackers to now seek out driver license numbers, too, the attorneys point out. The scammers also appear to be making a point of targeting highly-compensated individuals in order to maximize the payouts.

Not a Targeted Hack

Because this fraud is a pandemic-specific threat that is designed to take advantage of overwhelmed state agencies and has hit employers across the country, Carle and Carlson believe it is more likely that the threat actors obtained the PII of employees on the Dark Web, rather than as a result of phishing and other cyber-attacks directed specifically at individual employers.

Not exactly a comforting thought, either, but it appears to be more likely that the PII was exposed sometime in the past as a result of ID theft or as a result of one of the high-profile hacks of retailers and other corporations breaches that gathered the personal information of millions of people. “However, employers should not completely rule out the possibility of a past or recent breach if they have been impacted by a significant number of fraudulent claims,” the attorneys warn.

Carle and Carlson urge employers to remain vigilant about this scam. They outline several steps that can help an employer respond quickly to any phony claims and help employees whose personal information has been misused.

Inform your employees. Educate employees about the scam and ask them to report potentially fraudulent benefits claims. Similarly, direct your human resources team to flag any notice they get from the state about a claim supposedly filed by a current employee and immediately notify the employee about any suspicious claim that your business receives.

Report the fraud. If your company and employees have become victims, report the fraud to the state agency. Check your state unemployment benefits agency’s website for reporting instructions.

Enhance and communicate cybersecurity practices. This fraud serves as a reminder that when sensitive personal information is compromised it can result in tremendous harm. The risks of potential missteps leading to a breach are amplified by so many employees now working from home. Remind employees of your company’s cybersecurity policies and practices and provide tips to help your employees maintain personal security when working from home.

Carle and Carlson also offer advice to those individual employees who find themselves the victim of fraudulent unemployment claims, by taking the following steps as quickly as possible to help protect against identity theft and potential benefit repayment liabilities:

• Report the fraudulent claim to the following: your local HR department, your state’s unemployment benefits agency, the FBI via their Internet Crime Complaint Center (IC3), and your financial institutions (bank, credit card companies, retirement and trading accounts, etc.).

• Contact the three major credit bureaus to place a fraud alert on your account: Equifax, Experian and Transunion.

• Follow the Federal Trade Commission’s guidance for reporting Identity Theft at https://identitytheft.gov/.

• Consider submitting IRS Form 14039: “Identity Theft Affidavit.”

About the Author

David Sparkman

David Sparkman is founding editor of ACWI Advance (www.acwi.org), the newsletter of the American Chain of Warehouses Inc. He also heads David Sparkman Consulting, a Washington D.C. area public relations and communications firm. Prior to these he was director of industry relations for the International Warehouse Logistics Association. Sparkman has also been a freelance writer, specializing in logistics and freight transportation. He has served as vice president of communications for the American Moving and Storage Association, director of communications for the National Private Truck Council, and for two decades with American Trucking Associations on its weekly newspaper, Transport Topics.

Sponsored Recommendations

Avetta Named a Leader in The Verdantix Green Quadrant: Supply Chain Sustainability Software 2024

Nov. 26, 2024
Avetta was named a leader by Verdantix in a 2024 sustainability software report for our ability to help clients and suppliers build sustainable supply chains.

Avetta is a Leader in Supply Chain Sustainability Software

Nov. 26, 2024
Verdantix has named Avetta a leader in its 2024 Green Quadrant for Supply Chain Sustainability Software. Download the report for independent insights into market trends and top...

The Power of Benchmarking in Procurement: Driving Success and Strategic Planning

Nov. 26, 2024
Explore the strategic impact of benchmarking in procurement to drive success and plan effectively.

What We Can Learn From OSHA's 2024 Top 10 Safety Violations

Nov. 26, 2024
Learn what OSHA’s 2024 top 10 incident list reveals about the limitations of compliance and the need for proactive, continual safety improvement.

Voice your opinion!

To join the conversation, and become an exclusive member of EHS Today, create an account today!