Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Unemployment Fraud – Preying on Those Most in Need

The Covid-19 pandemic has been raging for nearly a year now.  With the pandemic has come a tremendous amount of uncertainty.  Many of us wonder when we will be able to return to normal life, when we will be able to see family and friends, and when we might resume those everyday activities we used to take for granted.

The Covid-19 pandemic has been raging for nearly a year now.  With the pandemic has come a tremendous amount of uncertainty.  Many of us wonder when we will be able to return to normal life, when we will be able to see family and friends, and when we might resume those everyday activities we used to take for granted.

Perhaps no group has experienced more uncertainty than those that have lost their livelihood due to the pandemic and the corresponding lockdowns, travel restrictions, and closures that have come with it.  These people have, unfortunately, had to turn to state government unemployment insurance to make ends meet.  As if this weren’t disruptive and troubling enough, fraudsters have looked at the current pandemic as an opportunity to commit unemployment fraud on a massive scale.

How widespread is the problem? According to a December 31, 2020 USA Today piece, COVID-19 related unemployment fraud losses totaled $36 Billion in 2020. Put another way, unemployment fraud has been rampant since the beginning of the pandemic, with virtually every US state affected.

So, what exactly is unemployment fraud? While there are different types, the version seen during the COVID-19 pandemic involves filing fraudulent unemployment claims. At a high level, fraudsters use the following tactics to do so:

● Buy stolen identities from the underground via dark web websites

● Fill out unemployment claims using that information

● Receive unemployment benefits to a drop account

One might ask how fraudsters are able to take these steps so easily at scale? The answer lies in the perfect storm of circumstances that facilitates this.

Advertisement. Scroll to continue reading.

According to an F5 Labs blog post from May 22, 2020, unemployment fraud “stands out from others because it requires attackers to have a legitimate social security number. Unfortunately, that’s not a problem for attackers. Massive data breaches in 2015, 2017, and 2019 at healthcare providers, credit bureaus, credit card companies, and retailers (among others) compromised virtually every American’s social security number.” In other words, there are a plethora of stolen identities available on the underground, and it is quite easy to purchase them.

Once the fraudster has obtained one or more stolen identities, they need to fill out a fraudulent unemployment claim. Fortunately for the fraudsters, online tutorials are available to help with this for anywhere from $5-$100. Further, fraudsters seem to be able to get away with using nearly any physical address when they file a fraudulent claim. For example, CBS Los Angeles found that uninhabited mansions that were for sale had hundreds or even thousands of fraudulent unemployment claims with those properties as the physical address on file.

Add to the mix that states are overwhelmed and under-resourced to handle the uptick in unemployment claims, never mind identify inconsistencies that would be indicative of fraud, and we see that COVID-19 has created a unique opportunity for unemployment fraud. Most states do not have controls in place that would prevent fraud, have little to no fraud detection capability, and are under intense pressure to pay first and ask questions later.

While the situation sounds dire, there are straightforward steps that can be taken by states to detect and prevent unemployment fraud. By implementing controls to prevent fraud and implementing fraud monitoring capabilities, state agencies can greatly reduce the amount of unemployment fraud that happens under their auspices. Implementing processes and procedures to govern the unemployment benefit application process is a great start for states. Combining that with technology to detect and prevent fraud and to monitor for abuse of unemployment benefits empowers state agencies to combat unemployment fraud head-on, reducing losses and saving taxpayers money.

What are some anomalous behaviors state governments can monitor for in order to detect and prevent unemployment fraud?  While there are many, here are a few notable ones:

● Numerous unemployment applications from the same device and/or email address

● Suspicious user behavior patterns when interacting with the site, such as:

– Copying and pasting PII

– Submitting unemployment applications very quickly

– Navigating the site quickly and showing a high degree of familiarity with the site

– Referencing another window continuously

– Attempting to evade detection (e.g., connecting from a VPN or the cloud)

– Submitting multiple applications with no subsequent login

– Completing the same form repeatedly from the same device

● Suspicious environmental indicators, such as applying for unemployment benefits in California from a device located outside of the U.S.

● Multiple unemployment benefits heading to the same drop account

● Multiple unemployment claims with the same physical address

● Suspicious combinations that come from connecting the dots between the above points and others

Rampant unemployment fraud is just about the last thing that we want to be dealing with during this pandemic. Unfortunately, the fraudsters haven’t given us much choice in the matter. The good news is that there are straightforward steps that state governments can take to combat this issue head-on.

Written By

Joshua Goldfarb (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.