A fraud campaign that has wrested millions of dollars from state unemployment agencies shows how states’ poor information security protections have left them highly vulnerable during the coronavirus pandemic.
The scammers took advantage of weak systems states use to verify the identities of people applying for unemployment benefits to file thousands of fraudulent claims, as the New York Times’s Mike Baker reports.
Those systems are even more vulnerable now because states are rushing to get funds out to millions of newly unemployed people and, in some cases, foregoing lengthy reviews that weed out phony claims.
“There’s a dire need to get money out quickly. This makes us an attractive target for fraudsters,” Suzi LeVine, commissioner of Washington State’s Employment Security Department, which has been hit hard by the scammers, told the Times.
The crimes are going to cost states whose resources are already stretched to the breaking point by the pandemic. “This is a gut punch,” LeVine said.
The phony unemployment claims could cost states hundreds of millions of dollars, the U.S. Secret Service warns.
The Secret Service has spotted claims that are likely fraudulent in Washington state, Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island and Wyoming, according to a memo reviewed by the Times. But the fraud could be far broader and the Secret Service is still investigating.
The scammers appear to be part of a well-organized Nigerian fraud ring, the memo states.
The unemployment systems mostly rely on easy-to-find information to verify people are who they say they are.
This makes them especially vulnerable. In some cases, applicants don’t need to provide anything more than their name, Social Security number and some other basic information, cybersecurity blogger Brian Krebs notes. That information has all likely been exposed by numerous past data breaches, and scammers can easily find it for sale on dark corners of the Internet.