Top 5 Trends in Unemployment Fraud

In our previous blog post on unemployment fraud, we discussed the perfect storm of fraud created by the economic fallout from the COVID-19 pandemic, the pressure on state government agencies to provide unemployment benefits, and a lack of anti-fraud infrastructure within those state government agencies. While the situation isn’t good, there are, thankfully, clear paths forward for combating unemployment fraud.

As we continue to learn about and confront unemployment fraud, here are the top five trends that we at F5 see from unemployment fraudsters:

1. It’s now easier for fraudsters: The pressure on state government agencies to provide monetary resources for families in need, along with the increased volume of claims, has made it easier for fraudsters to get away with unemployment fraud. Fraudsters have simply used the volume of claims to help obscure their fraudulent activities. Further, fraudsters took advantage of and targeted states with no income tax, as those states had no tax records with which to verify identities. In fact, many states only became aware of fraud when notified by legitimate citizens who had had their identities stolen and fraudulent claims filed in their names. In response, states slowed claims payments in order to verify information before paying out claims. This only resulted in the slowed payment of benefits to families in need, leading to additional frustration from many benefits recipients. A better approach for states would be to adopt technology to detect and prevent fraud in real-time without slowing or putting payments of unemployment benefits to legitimate recipients on hold.
   
   
2. Stolen identities rule the day: The easiest and most predominant means by which unemployment fraud is committed begins with fraudsters stealing identities. This is quite easy according to an F5 Labs article from May 22, 2020: “Massive data breaches in 2015, 2017, and 2019 at healthcare providers, credit bureaus, credit card companies, and retailers (among others) compromised virtually every American’s social security number.” Once fraudsters have amassed a list of stolen identities, they can begin the process of attempting to open new accounts and file unemployment claims with state agencies. To reduce exposure, fraudsters often use stolen PII data for people who have died, have just been born, are in prison, or who are even still employed. They can also create fake “synthetic identities" by mashing PII together to create a fake person.
   
   
3. Need an address? No problem: Fraudsters need to supply a physical address during the unemployment claim application process. To use the real addresses of the people whose identities have been stolen would be too risky. Instead, fraudsters use addresses for vacant properties, often submitting hundreds of applications with the same physical address. For example, CBS Los Angeles found that uninhabited mansions that were for sale had hundreds or even thousands of fraudulent unemployment claims with those properties as the physical address on file. And in some cases, fraudsters may even hire illicit couriers to pick up pre-paid debit cards loaded with unemployment benefits.
   
   
4. Fraudsters love to copy and paste: As it turns out, fraudsters paste information roughly 10 times more frequently as compared to legitimate users. In addition, most fraudsters open their web browsers only to a portion of the available screen real estate. What goes in the rest of the screen real estate? The text file they put side by side next to the browser window for copying and pasting ease. If you’re like me, you don’t usually copy and paste first name and last name into online forms. Unless, of course, you’re attempting to open dozens or hundreds of fraudulent unemployment claims in other people’s names.
   
   
5. Fraudsters love to hide: A key part of the fraudster playbook is hiding in plain sight and avoiding detection. Fraudsters employ a variety of techniques to accomplish this. Many fraudsters use VPNs and cloud infrastructure to try and disguise their identities. They also often rotate their IP addresses and user agents. How do we know this? When they do this, the time zones on their devices often don’t match the geolocation of their IP address. Fraudsters do love a familiar device though. Our research indicates that the same bad devices access a high number of unemployment benefits accounts. For example, it is not uncommon for a single fraudster’s device being utilized as the primary device for more than 20 fraudulent accounts. (For comparison’s sake, known good devices most often access 1, 2, or perhaps 3 accounts.)

The COVID-19 pandemic and the associated economic turmoil continue to pose enormous challenges. Unfortunately, fraudsters have been quick to capitalize on the pandemic and take advantage of unemployment benefits intended for individuals and families who desparately need them during these turbulent times. By educating ourselves on how fraudsters commit unemployment fraud and implementing technology solutions to detect and prevent it, we can reduce fraud losses for state governments and ensure that those state governments accurately and successfully direct those funds to their intended recipients.