The Impact of (Skyrocketing) Unemployment Fraud during COVID-19

Joshua Goldfarb Miniatur
Joshua Goldfarb
Published January 21, 2021

The COVID-19 pandemic has affected billions of people around the world. Aside from the virus’ health ramifications, the corresponding lockdowns, travel restrictions, and closures have brought with them a tremendous economic impact. The unfortunate result of this downturn is that many are hurting financially, having lost their jobs or otherwise suffered a drastic reduction in income.

One might think that these financial hardships and significant disruptions to daily life would be enough to deal with, even as state and local governments enact programs to help shoulder the burden of these challenging times. Fraudsters, however, seem to think otherwise, and have, sadly, looked at the current pandemic as an opportunity to commit unemployment fraud on a massive scale. The pandemic has accelerated the digital shift that was already underway, presenting fraudsters with unprecedented opportunities to do harm while enterprises struggle to keep pace with the speed of the shift.

How widespread is the problem? According to a December 31, 2020 USA Today piece, COVID-19 related unemployment fraud losses totaled $36 Billion in 2020. Put another way, unemployment fraud has been rampant since the beginning of the pandemic, with virtually every U.S. state affected.

So, what exactly is unemployment fraud? While there are different types, the version seen during the COVID-19 pandemic involves filing fraudulent unemployment claims. At a high level, fraudsters use the following tactics to do so:

  • Buy stolen identities from the underground via dark web websites
  • Fill out unemployment claims using that information
  • Receive unemployment benefits to a drop account

One might ask how fraudsters are able to take these steps so easily at scale? The answer lies in the perfect storm of circumstances that facilitates this.

According to an F5 Labs blog post from May 22, 2020, unemployment fraud “stands out from others because it requires attackers to have a legitimate social security number. Unfortunately, that’s not a problem for attackers. Massive data breaches in 2015, 2017, and 2019 at healthcare providers, credit bureaus, credit card companies, and retailers (among others) compromised virtually every American's social security number.” In other words, there are a plethora of stolen identities available on the underground, and it is quite easy to purchase them.

Once the fraudster has obtained one or more stolen identities, they need to fill out a fraudulent unemployment claim. Fortunately for the fraudsters, online tutorials are available to help with this for anywhere from $5-$100. Further, fraudsters seem to be able to get away with using nearly any physical address when they file a fraudulent claim. For example, CBS Los Angeles found that uninhabited mansions that were for sale had hundreds or even thousands of fraudulent unemployment claims with those properties as the physical address on file.

Add to the mix that states are overwhelmed and under-resourced to handle the uptick in unemployment claims, never mind identify inconsistencies that would be indicative of fraud, and we see that COVID-19 has created a unique opportunity for unemployment fraud. Most states do not have controls in place that would prevent fraud, have little to no fraud detection capability, and are under intense pressure to pay first and ask questions later.

In our research, we have found that the following behaviors across the following categories are indicative of unemployment fraud:

  • Device Signals
    • Recognizing devices and digital users online
    • Unusual time zones
    • Multiple users logging in from the same device
  • Network Signals
    • Unusual countries
    • ASNs located in hosting environments
    • Unusual time zones associated with US ASNs
  • Environment Spoofing Signals
    • Transactions via VPN, anonymizing proxies, or other technologies designed to hide or spoof environments
    • Multiple transactions of the same type from the same device
    • Previously unseen, unique browser fingerprints
    • Minute changes in the device’s integrity, identity, and legitimacy detected through browser interrogation
  • Behavior Signals
    • Typing patterns, such as the keys pressed, typing speed, and suspiciously large amounts of copy and paste, including into first name and last name fields
    • Browser window occupying only a part of screen real estate (likely indicating that a text file—the source for copying and pasting—is open beside it)
    • Mouse movement from text input fields to outside of the browser (likely indicating copying and pasting from a text file open beside the browser window)

While the situation sounds dire, there are straightforward steps that can be taken by states to detect and prevent unemployment fraud. A fraud solution, such as the Shape AI Fraud Engine (SAFE), can be leveraged to identify and stop suspicious, malicious, and/or anomalous activity.

Some of the ways in which SAFE protects against unemployment fraud include detecting:

  • Numerous unemployment applications from the same device and/or email address
  • Suspicious user behavior patterns when interacting with the site, such as:
    • Copying and pasting PII
    • Submitting unemployment applications very quickly
    • Navigating the site quickly and showing a high degree of familiarity with the site
    • Referencing another window continuously
    • Attempting to evade detection (e.g., connecting from a VPN or the cloud)
    • Submitting multiple applications with no subsequent login
    • Completing the same form repeatedly from the same device
  • Suspicious environmental indicators, such as applying for unemployment benefits in California from a device located outside of the U.S.
  • Multiple unemployment benefits heading to the same drop account
  • Multiple unemployment claims with the same physical address
  • Suspicious combinations that come from connecting the dots between the above points and others

In addition to these points, deploying SAFE is an extremely simple and straightforward process. Enterprises can be up and running with SAFE in a matter of hours.

By implementing controls to prevent fraud and implementing fraud monitoring capabilities, state agencies can greatly reduce the amount of unemployment fraud that happens under their auspices. Implementing processes and procedures to govern the unemployment benefit application process is a great start for states. Combining that with a fraud detection and prevention platform to monitor for abuse of unemployment benefits empowers state agencies to combat unemployment fraud head-on, reducing losses and saving taxpayers money. Shape has been able to facilitate millions of dollars in fraud savings for our clients. Our data and signal efficiency has been able to detect twice as much fraud as in-house and other vendor fraud solutions, thus helping clients detect and prevent fraud losses.

The COVID-19 pandemic has introduced complexity and chaos into many areas of our lives. The associated surge in unemployment fraud merely adds to that complexity and chaos. Rather than giving up and opting to live with billions of dollars in fraud losses each year, the time has come to take action. Fraud detection and prevention platforms such as the Shape AI Fraud Engine (SAFE) can empower us to identify and stop different types of fraud, including unemployment fraud.

To learn more, please contact a local F5 sales office.