With Americans filing claims for unemployment benefits in record numbers, unemployment insurance fraud in the U.S. has reached dramatic levels during the COVID-19 pandemic. The Labor Department inspector general’s office estimates more than $63 billion has been paid out improperly through fraud or errors since March 2020. Not only can unemployment fraud result in a loss for the victim, but it may also increase employer contribution rates.
Using phishing scams and database breaches, criminals have used compromised personal identifying information to target billions of dollars in unemployment aid in the U.S., with identity theft victims numbering in the hundreds of thousands. Similarly, the Canadian Anti-Fraud Centre has received hundreds of identity theft reports linked to the Canadian Emergency Response Benefit (CERB).
At least 11 U.S. states have reported increases in unemployment insurance fraud activity, including Arizona, Colorado, Illinois, New York, Ohio, Texas and Washington, which have reported billions of dollars in fraud since the pandemic began. The Illinois Department of Employment Service announced in February 2021 they have identified more than one million fraudulent claims. Colorado’s Office of the State Auditor issued a report on March 16 saying the state paid $6.5 million on 1.1 million claims later deemed fraudulent.
Prior to the pandemic, benefits program fraud most often came from individual, dishonest applicants. This past year was unprecedented, both in terms of the number of claims filed and the sophisticated, coordinated attempts of criminals to target the system. The number of unemployment claims initially overwhelmed many state government systems, forcing some to temporarily suspend all benefit payments because of fraudulent activity. There are currently 10 million Americans unemployed due to the pandemic and expanded relief funding provided by the new administration remains an irresistible target for cybercrooks.
Victims of unemployment insurance fraud today need not be unemployed. Identity thieves procure personally identifiable information — such as a date of birth, Social Security number or driver’s license information — then sell or use the information to file an unemployment claim. Benefits are often issued in victims’ names on debit cards and sent to addresses associated with or accessible to the criminals.
Most victims are unaware of the fraud until they receive a letter or benefit card from a government unemployment agency. Others find out when their current or former employer asks to confirm they have applied for unemployment benefits. People are also made aware when they try to file a claim online and are notified one already exists under their name.
What can employers do to prevent or minimize unemployment insurance fraud?
Employers may be the first to learn of a scam when an unemployment notice is received regarding an existing employee. Help combat unemployment insurance fraud with these tips that also safeguard your organization and employees:
1. Prompt and accurate new-hire reporting. Labor departments in the U.S. and Canada often compare new hire data against unemployment claims to help uncover fraud.
3. Educate your workforce. Alert current or former employees immediately if your organization receives suspicious information from a labor agency. Educate employees about these types of scams and make sure they know to notify HR of any fraudulent benefits claims as soon as possible. Offer guidance to affected employees by helping them recover from identity theft and credit issues and making sure they know how to notify the appropriate state and federal agencies.
4. Scrutinize unemployment reports. Follow your unemployment claims, whether through an employee or a third-party claims administrator. Check quarterly charge reports to ensure contribution rates are not being adversely affected by fraudulent claims. Ensure vigilance when state labor agencies verify employee details and compensation information.
5. Assess your cybersecurity. Much like an individual engages in certain personal hygiene practices to maintain good health and well-being, cyber hygiene practices can keep data safe and well-protected. Sensitive personal information can be compromised in many ways, including vendor breaches, compromised computer networks and phishing scams. Assess how well your organization guards against these threats.
Brian J. Schnese is a senior risk consultant with HUB International’s Risk Services Division and a member of the Division’s Organizational Resilience consulting team. Brian has over 15 years of professional experience in regulatory compliance and managing risk in state and federal government agencies, and in private industry operations including brick and mortar and online retail, supply chain, transportation, healthcare, and the financial industry.