As the coronavirus outbreak has caused record number of people to seek unemployment benefits Washington state officials said Thursday that impostors have used the stolen information of tens of thousands of people to receive hundreds of millions of dollars in unemployment benefits.
KASTE: Turns out, somebody was impersonating university faculty members, using their names and Social Security numbers to apply for unemployment benefits. But right now, there's this - all this money just flowing out of the federal government for aid in different forms.
This does not appear to have been a case of hacking, or a data breach.
In many cases - likely most cases - the real Washingtonians had not actually lost their jobs.
The state of Washington admitted yesterday that it has lost hundreds of millions of dollars to bogus unemployment claims.
To defraud the system, the group set up multiple emails on the target websites - such as state unemployment benefits and IRS websites - using Gmail dots account. And that's exactly what appears to be going on right now as multiple US states struggle to combat a tsunami of phony Pandemic Unemployment Assistance (PUA) claims.
A number of states have suffered security issues with the PUA websites that exposed personal details of citizens filing unemployment insurance claims.
Many of those letters languished in piles of mail delivered to offices closed under emergency social distancing rules.
Eventually, enough employer responses made it through to alert the department that something was amiss.
It finally did. Right around May 11, it says it noticed a flood of messages from supposedly former employers saying, wait a minute; that person still works here. "It was at that moment where, you know, 'Break glass and pull the alarm'". "This adds up to a maximum potential loss as a result of these fraudulent claims of $4.7 million".
Investigators with the email security firm Agari say they've observed a major overseas cybercrime gang targeting Washington and other states for this kind of large-scale imposter unemployment fraud.
To carry out the scam, the perpetrators, posing for instance as the State of Washington Unemployment Benefits Programme, sent individuals residing out-of-state Automated Clearing House (ACH) deposits in different names without connection to the account holders. We learned, locally, well over 100 Richland School workers have had compromised identity issues, as have many others in our area. There's not even a camera on an A.T.M.
Yes, for roughly $50 worth of bitcoin, you too can quickly jump on the unemployment fraud "wave" and learn how to swindle unemployment insurance money from different states.
Washington's Employment Security Department would not confirm whether fraudulent claims had been paid to such cards, and Green Dot didn't respond to a request from NPR for comment.
The official said law enforcement agents are working on recovering as much money as possible and the department has taken steps to prevent new fraudulent unemployment claims from being filed or paid. The statement did not say what type of financial institution it was.
"The ones we're seeing worst hit are the states that aren't aren't asking where you work", the investigator said.
LeVine also said the processing time would also have to be increased to allow for proper scrutiny of filed claims.
SUZI LEVINE: That's what makes me especially mad.
Levine noted that Washington's state's weekly maximum benefit - the second highest in the nation - plus the additional federal weekly money "does make us a more attractive target overall".