In June 2020, the Federal Trade Commission (FTC) warned that “imposters are filing claims for unemployment benefits [in the US], using the names and personal information of people who have not filed claims.” How do such scams look from the victim’s perspective, and what can you do if you’re affected? As a victim of this scheme, I’d like to share my experience.
How the Scam Works
In the scheme that I encountered, the scammer impersonates the victim to file an unemployment claim with the state to receive the monetary unemployment benefit. To achieve this, the scammer:
- Obtains the victim’s personal information, including name, date of birth, social security number, address, and probably employment history. I believe in this scheme, the scammers get these details from massive data breaches, such as the Equifax breach.
- Opens a bank account in the victim’s name with a provider such as GoBank or Green Dot for receiving the unemployment payments. Because this is not a credit account, this action doesn’t trigger a credit check and works even if the victim’s credit file is frozen.
- Files a claim with the state’s unemployment office, impersonating the victim, and falsely claiming that the person was laid off. If the claim is approved, the scammer receives the payments, and gets the money out of the system with the help of a money mule.
The state’s ability to identify and investigate such scams is dampened by the “the avalanche of legitimate claims” that have occurred due to the COVID-19 crisis, noted the New York Attorney General in a June 2020 fraud alert. The criminals behind this scheme are probably counting on this.
The scammers behind such schemes recruit US-based individuals to act as money mules. As the FBI explained in a June 2020 statement, the scammers persuade these individuals “to receive funds in their personal bank account and then ‘process’ or ‘transfer’ funds via wire transfer, ACH, mail, or money service businesses, such as Western Union or MoneyGram.”
Who Is Behind This Scheme?
According to the New York Times article from May 2020, the US Secret Service “had information suggesting that the scheme was coming from a well-organized Nigerian fraud ring.” At the time, the Washington State appeared to be the epicenter of such activities. Since then, the scheme spread to other states, including New York.
The analysis of the scammer’s operations, published by Agari Data in May 2020, also implicated a Nigerian criminal group. According to Agari:
This group “has been involved in a wide variety of fraudulent activity against government services over their 10+ year history, including unemployment fraud, social security fraud, disaster relief fraud, and student aid fraud.”
The author of the Agari report, Crane Hassold, suggested that the unemployment scam was so effective, “because the normal validations that occur when a claim is filed wasn’t happening for the first month after the CARES Act was passed.” He explained that “most states have put additional identity validation procedures in place at this point, which has decreased the amount of fraud pretty substantially.”
Even if this group was, indeed, involved in the scheme initially, it’s possible that other criminals began participating in a similar capacity.
An Unsolicited Debit Card: One Sign You May Be a Victim
One way in which you might learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail.
In my case, the scammer opened a GoBank account, specifying my former mailing address. The card and accompanying letter, which the bank sent using USPS, looked like this:
The bottom right corner of the letter included the checking account number that the scammer opened at GoBank in my name.
The scammer was able to use my stolen identity to create the GoBank account even though I had placed a credit freeze with the major bureaus, including ChexSystems, which many banks query before opening an account. GoBank is among those that doesn’t use this service. At least one thread on Reddit discusses similar cases, where people didn’t know their identities were stolen until they received an unsolicited GoBank card.
A Department of Labor Letter: Another Sign
Once the scammer files the fraudulent unemployment claim in your name, the unemployment agency sends a letter to the address the scammer specified as the home address. (At least that’s what happens in New York.)
Below is a page from the letter I received. Since it was mailed to my former address, I didn’t learn of its existence until several months after it was sent:
If you receive an unexpected letter from the state that talks about validating or otherwise processing an unemployment claim, you too may be a victim of such a scam.
People in New York, where I live, use ny.gov for many interactions with the state government. In my case, I already had an account on that website. However, the scammer was still able to open a claim in my name without the site notifying me of any activity. There is no evidence of the claim in my account.
The only anomaly I noticed in my ny.gov account was that when I tried to access the unemployment area, the system presented an error, stating that I used a different username to file a claim. This might be because the scammer had set up another account in my name to file the claim; unfortunately, I don’t know how to identify it, and I’m now locked out of that part of the system.
A Department of Labor Letter to Your Employer
In New York, the Department of Labor contacts the person’s (supposedly former) employer to confirm the details of the claim, such as the person’s wages. Its first page of the letter looks like this:
The letter offers the employer a chance to contest the claim. For example, the employer can indicate that the claimant shouldn’t receive unemployment benefits because the person voluntarily quit or was discharged due to misconduct. Unfortunately, “identity theft” isn’t one of the options. If your employer reports that you’re still employed without clarifying that your claim was filed by an imposter, I worry that the response might imply that you’re the one who attempted to commit fraud.
The letter includes the employer’s ID. I believe this is the Employer Identification Number (EIN) that’s typically issued by the IRS. In my case, the number in the letter was incorrect. I think the claimant needs to specify this number when submitting the unemployment claim; if I’m right, this implies that the scammer didn’t know the company’s EIN. (In that case, why did the Department of Labor process the claim?)
The employer of the person whose identity was stolen in this scheme might also become a victim if the company doesn’t contest the fraudulent claim. This is because the employer will end up subsidizing a portion of the illigitemate payments, at least in New York.
What Should You Do?
What should you do if you’ve fallen victim to identity theft and the scammer filed a fraudulent unemployment claim in your name? The best advice I’ve seen so far came from the June 2020 notice by the FTC, which encourages victims to report fraud to their employer, the state unemployment agency, and the FTC.
In truth, I’m uncertain whether FTC-recommended steps will be sufficient to curtail the scam and clean up the victim’s reputation with the Department of Labor. For example, the New York Times article, published in July 2020, speaks of a victim who was unable to file a legitimate unemployment claim because an imposter “had filed in her name nearly six years ago. She told officials back then that it was fraudulent and thought that was the end of it.”
I reported the incident to the following government organizations:
- The New York Department of Labor website, which has a Report Unemployment Insurance Fraud form.
- The FTC using the IdentityTheft.gov website. The system immediately generated an Identity Theft Report, stating that I can use it to prove to businesses and credit bureaus that I “submitted an FTC Identity Theft Report to law enforcement.” It also stated, “Some businesses might request that you also file a report with your local police.”
- The New York Attorney General duding the Online Complaint Form, as requested in the Attorney General’s fraud alert.
- The Office of Inspector General in the US Department of Labor department.
- The FBI Internet Crime Complaint Center (IC3).
I also took the following steps:
- Reported the incident to my employer, asking the company to watch out for the Department of Labor letter and, if it arrives, to notify the state that the claim was filed fraudulently in my name by an impersonator.
- Called GoBank to report that the account they have in my name was opened by a scammer. Their automated system told me, “A review of your account activity has resulted in a decision to close your account.” I spoke with a human in their fraud department just to make sure.
- Contacted the Experian Identity Theft Restoration service, because I received free access to it courtesy of the Marriott data breach. Unfortunately, the team wasn’t of much help because, as their specialist explained, they help restore victim’s credit and in the case of this incident, my credit wasn’t affected.
- Checked my credit reports by visiting AnnualCreditReport.com to look for recent anomalies, such as new unexplained accounts (there were none). Though this website normally provides free credit reports once a year, due to COVID-19, it offers them weekly “through April 2021.”
Alas, if you live in the US, I believe there’s nothing you can do to prevent becoming a victim of this scheme. It’s just a matter of luck whether your identity gets used. Even once you discover that you’re a victim, it’s unclear what is involved in cleaning up your reputation with the government organization that manages unemployment insurance in your state.
I wrote this article to help other victims of this unemployment insurance fraud and identity theft scam. I’m also hoping that I’ll learn more about this scheme through the readers’ feedback. If you understand some aspect of this scam better than I described it, please share your insights with me.