Education
May 22, 2020

Fraudulent Unemployment Claims Signal Consumers to Step Up Personal Identity Protection

Three steps you can take immediately to protect your identity.
Additional Contributions By Preston Hogue


This two-part series looks at how to protect your identity in the face of rampant fraud during the COVID-19 pandemic (part one) and throughout your lifetime in the wake of massive data breaches (part two).

Fraudulent unemployment claims filed by attackers against residents of the state of Washington1 and at least six other U.S. states2 are sending worried consumers into panic. Many are caught completely off guard by letters they’ve received from their states’ employment security departments notifying them that their unemployment claim is being processed. The problem? They didn’t file an unemployment claim.

As cybercriminals find new opportunities to exploit innocent victims during the COVID-19 pandemic, this particular scam stands out from others because it requires attackers to have a legitimate social security number. Unfortunately, that’s not a problem for attackers. Massive data breaches in 2015,34 2017,5 and 20196 at healthcare providers, credit bureaus, credit card companies, and retailers (among others) compromised virtually every American’s social security number. It’s arguably the single worst piece of personal information to be breached because, unlike a credit card that can be replaced or a password that can be reset, a social security number cannot be changed. This means that identity fraud is now a risk for every U.S. citizen for the remainder of their lifetime.

No matter what state you live in or whether or not you’re a victim of an unemployment scam, here are three proactive, practical steps you can take today to improve your personal security.

1. Prevent New Fraudulent Use of Your Identity by Freezing or Locking Your Credit

Freezing or locking your credit is the most important first step to take to protect your identity. Both measures prevent creditors, lenders, and unauthorized users from accessing your credit information, which makes it much more difficult for anyone to open a fraudulent account in your name. Whenever you want to apply for credit yourself, however, you’ll need to temporarily lift a freeze or lock.

So, what’s the difference between the two? A freeze, which is federally regulated and lasts indefinitely, is considered a more stringent control that requires a password and can take a bit more time to lift. Credit freezes are free from all three credit bureaus; credit locks are free from Equifax and TransUnion and available for a fee from Experian. A lock is temporary (it generally lasts 7 years but varies by state) and is not federally regulated, so it may provide less legal protection. A lock is often considered more convenient because it can be lifted immediately without a password from a mobile device or online app.

To freeze your credit, you must do it independently with all three major credit bureaus. If you don’t already have an account at each bureau, you’ll need to set them up individually. Note that placing a freeze with only one or two bureaus is like locking your car and then leaving the windows rolled down: thieves can still get in.

To request a freeze, go to:

Experian: https://www.experian.com/freeze/center.html

Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/

TransUnion: https://www.transunion.com/credit-freeze

TIP: If you have children under the age of 16, consider freezing their credit, too, as their social security numbers can be stolen and used fraudulently just like any adult’s.

To lock your credit instead of freezing it, again, you’ll need to do it independently with all three credit bureaus. Go to:

Experian: https://www.experian.com/consumer-products/creditlock.html
Equifax: https://www.equifax.com/personal/products/credit/credit-lock-alert/
TransUnion: https://www.transunion.com/product/credit-lock

TIP: When accessing these sites and setting up accounts, use a secure browser and let it memorize and save your login credentials. Most security best practices advise against doing this but in this case, you don’t want to run the risk of being locked out of your credit bureau accounts if you forget your password.

2. Detect Fraud with Credit Monitoring

In the wake of massive data breaches, every U.S. consumer should keep a regular, watchful eye on their credit. Each of the three major credit bureaus offer different services for doing this.

a. Monitor Your Credit Reports

Under federal law, U.S. consumers are entitled to a free credit report annually from each credit bureau directly. However, during the COVID-19 pandemic, all three credit bureaus are offering all U.S. consumers free weekly credit reports through AnnualCreditReport.com. It is strongly recommended that you take advantage of this offer, especially during this time when so many consumers are vulnerable to rampant fraud.

b. Purchase Extended Protection Plans

All three credit bureaus offer additional, subscription-based services that can monitor, alert, and/or provide protection when fraudulent, suspicious, or unauthorized activity is detected with your social security number, financial accounts, passport, driver’s license, and more. Services and fees vary widely across bureaus. To learn more, go to each credit bureau’s main website and look under Products or search for Identity Protection.

3. Prevent New Fraud by Stopping Unsolicited, Pre-Approved Credit and Insurance Offers

The U.S. Federal Trade Commission provides a way for you to put an end to unsolicited, pre-approved (also known as prescreened or prequalified) credit and insurance offers that typically arrive in your mailbox, but also by phone or email. For individuals who do not have a secure home mailbox, these unsolicited offers can present a significant security risk due to mail theft.

To opt out of pre-approved offers for five years, call toll-free 1-888-5-OPT-OUT (1-888-567-8688) or go to www.optoutprescreen.com.

To opt out permanently, begin the process online at www.optoutprescreen.com and then complete your request by signing and returning the form that’s sent to you. Be prepared to provide personal information including your social security number and date of birth.

Conclusion

When it comes to personal security, it’s easy to feel like the bad guys have won and the good guys are fighting a losing battle. Unfortunately, many consumers throw in the towel and resort to just hoping for the best. But doing nothing is counterproductive. Imagine if you were diagnosed with a chronic illness; would you shrug your shoulders and give up? Of course not. You’d accept the reality and then follow your doctor’s advice for dealing with it in a productive way. That might involve developing some new habits and routines that at first you resist or even resent. But eventually you incorporate them into your everyday life. Protecting your identity against fraud is not much different. You can’t change the fact that your personal information has been compromised, but you can proactively take charge of the things you can control.

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.