Criminals are seizing on a surge in job losses to steal unemployment benefits from Americans nationwide. This complicates an already tough situation for millions of financially strapped Americans and overwhelmed state unemployment offices.
While there's no exact measure of how many fraudulent claims have been made, states from Washington to Maine say they've seen an increase, and numerous federal agencies are working to fight it.
"About 10% of [unemployment insurance] payments are improper under the best of times, and we are in the worst of times," Scott Dahl, inspector general for the U.S. Labor Department, told the House Subcommittee on Government Operations. Dahl estimated that at least $26 billion in benefits could be wasted, with the bulk of that going to fraudsters.
This forces unemployed workers, already reeling from job losses, to fight for the benefits they need and are entitled to.
"We are deeply concerned about the well-being of these people and when they will get this resolved and get the money they need to live on," said Eva Velasquez, president and CEO of the nonprofit Identity Theft Resource Center, which has seen a sharp jump in calls for help with unemployment fraud.
Since mid-March, 42.7 million people have applied for unemployment benefits, though some have been rehired as states allow businesses to reopen. On Thursday, the federal government said 21.5 million people are receiving jobless aid. That creates added opportunity for criminals. An extra $600 a week in benefits makes it more lucrative.
Additionally, state unemployment agencies have been overwhelmed by claims and are working to get payments to those in need as quickly as possible. In some cases, security experts say the new processes, added workload and outdated systems may have made it easier for criminals to act.
"This is El Dorado for them and it's pure hell for victims," said Adam Levin, founder of data security firm CyberScout.
Security experts say the bulk of the fraud appears to be committed by criminals using stolen data to make claims using someone else's identity. The information has often been gleaned from previous data breaches or direct attacks on state systems.
In many cases, victims don't know they have been affected until they apply for benefits and find out someone has beat them to the punch. Some even find their benefit payments halted when a criminal usurps their benefits.
Victims should report a suspected fraud to the state and their employer and file a police report. But resolving the issue and getting proper payment means going through the state agency that processes unemployment benefit claims, which is potentially already overwhelmed.
The U.S. Secret Service issued a memo last month that suggested a well-organized Nigerian fraud ring was targeting state unemployment systems, according to The New York Times, which got a copy of the document. But agents were still working to pinpoint who was involved and from where.
The memo said Washington was the hardest-hit state and there was evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida. The California cybersecurity firm Agari estimated last week that at least 11 states have been targeted.
On Thursday, officials in Washington said the state has recovered $333 million out of an estimated $550 million to $650 million paid out fraudulently.
Federal officials previously said that some recipients of Washington's unemployment checks have been sent to individuals residing out of state. The fraud ring appears to have obtained those benefits by using personal information harnessed from local first responders, government personnel and school employees, according to the unreleased Secret Service document.
JOB-HOLDERS ALSO TARGETED
Those with jobs are also targets of fraudsters. Blake Victor Kent said that last week he got a letter from the Massachusetts Department of Unemployment Assistance informing him that they had commenced payments for his unemployment claim.
"That's funny, because I am still employed," he said.
Kent thought his information may have been exposed when he was a victim of a data breach a few years back. But his employer, Massachusetts General Hospital, sent an email to its staff a few days later saying it was aware of a number of such cases among employees.
In other cases, criminals are targeting people with false job offers, assistance filing for unemployment and to glean personal information. Other people may also be targeted and used as "mules" to move money for the criminals.
Experts warn that if criminals have enough information to make an unemployment claim, they have enough information to commit other acts of identity theft. So people need to protect themselves from further harm by freezing their credit and monitoring it regularly for any irregularities.
People should practice good cyber-hygiene as well, suggests John Breyault, who manages the National Consumers League's Fraud Center. That means changing passwords regularly, using two-factor authentication whenever possible to log into accounts, and being wary of offers that seem too good to be true, whether by phone, online, mail or in person.
"Until this unemployment problem starts to recede, this is going to be a problem that sticks with us," Breyault said.
Information for this article was contributed by Rachel La Corte of The Associated Press and by Tony Romm of The Washington Post.