Technology Blog »

Alarming Rise in Imposter Unemployment Insurance Claims

What is an imposter unemployment claim?

In recent months the Security Operations Center (SOC) at Delaney Computer Services, Inc. has discovered that an alarming number of people have recently received notices from the state about a recent unemployment insurance claim.  But wait, you're not unemployed, or you didn't file a claim.  You are most likely a victim of a new combination of identity theft and unemployment fraud known as an imposter unemployment insurance claim.

What is an Imposter Unemployment Insurance Claim?

An imposter unemployment insurance claim is an illegitimate unemployment insurance claim illegally filed in your name but without your knowledge or consent.  A cybercriminal uses stolen personally identifiable information (PII) to file the unemployment claim and funnel the stolen proceeds into a bank account ultimately controlled by them. It is a toxic mix of identity theft and cyber fraud spawned by the recent, massive increase in the availability of unemployment funds made available by Federal and State Governments amid the Coronavirus pandemic.

How does an Imposter Unemployment Insurance Claim Scam work?

A cybercriminal, sometimes part of an online organized crime ring, will target a user they feel is an easy target because of the rich amount of PII readily available on the DarkWeb from previous data breaches, such as the Equifax Breach in 2017 or through social media accounts, computer intrusion, impersonation scams, email Phishing, or physical theft of data by an insider threat.

With the stolen information, the cybercriminals quickly go to the state's website and file the imposter claim using your name and other stolen personally identifiable information (PII) such as your date of birth and social security number.  Most of this information is available to hackers and other cybercriminals from the DarkWeb.

In many cases, there is a very high likelihood that you won't even know about this until you get a letter or notice from the state unemployment benefits office. It is common that your employer is notified of the claim first.

How do the imposters get access to the funds? Don't be caught up in a Money Mule Scam because it can cause you even more difficulties

Most unemployment claims are now deposited directly into accounts that the imposter controls due to the fact that they created the imposter unemployment insurance claim, however, in many cases the payments get sent to your account, much to the dismay of the scammer. If this happens to you, the imposters may try to contact you on the telephone, SMS, or by email to attempt to trick you into sending them the funds by either pretending to be from the state agency that issued the funds or maybe a representative of the bank where the deposit account where the money was sent by mistake, this is a money mule scam and if you fall victim to it you will only have more difficulties.

In the event you have fallen victim to an imposter unemployment insurance claim, you need to take action with the following as quickly as possible:

  • Report the fraudulent unemployment claim to the state agency that issued the notice
  • If you have received notice or have received a debit card for an account opened by the imposters contact that bank directly and inform them
  • Obtain a copy of your current credit report. You can obtain a credit report free of charge through several sources;  make sure you review the report regularly to see if any other accounts have been opened in your name.
  • Sign up with a reputable credit monitoring service that also monitors your PII and will provide ongoing monitoring and notifications of updates to your credit report, notices of any new accounts,  as well as the monitoring of your social security number and other PII on the DarkWeb.
  • You need to notify your current and possibly your past employers of the imposter claim.
  • Report the identity theft to the FTC, where you can also place a fraud alert on your credit reports free of charge
  • Get a password manager so you can change your passwords for sensitive financial accounts with complex passwords. Never use the same password twice.
  • Get ongoing cybersecurity awareness training. This is key because it is really the only effective way that you can reduce your chances of falling victim to the activities that can lead up to having your identity stolen.