A few months back, a long-term client of ours left a message that they had "found something and needed to run it by us." When our COO, Bridget and I called back, my heart sank as the client told us how several executives learned they were victims of unemployment claim fraud. Someone had stolen the victims' identities and applied for unemployment benefits. At one point, the client asked, "Did we do something wrong?" The answer is no, they did not do anything wrong.
Fast forward, and at Fortalice, we have seen a 300% increase in client cases, year over year. This advisory serves as a guidebook to help you get ahead of this issue. Unfortunately, the pace of the fraudsters is accelerating. If you find your organization, executives, or employees are a victim of this unemployment insurance fraud, this guide provides steps you can take to maintain resiliency and minimize damages.
According to a Wall Street Journal article, "This year's tax season is bringing an extra surprise to many Americans: the news that they were victims of unemployment-insurance fraud that has topped billions of dollars nationwide." The U.S. Labor Department believes $63 billion may have been paid out due to this type of fraud and other errors since March 2020.
Fortalice Point of View
Profiles of the Fraudsters
1. Insider Threat: In some cases, a current insider or recently displaced employee takes executive data and employee data to file fake unemployment claims.
2. Social Engineers: In other cases, employees have been duped by emails that encourage them to visit a fake government site to fill out information. Once the victim has been duped into providing data, the fraudsters file the fake unemployment claim.
3. Dark Web and Open Web Credential Traders: Much of the recent volume is believed to be the work of professional, Identity-theft crime rings reusing data stolen from prior data breaches such as, but not limited to, Yahoo!, Experian, LinkedIn, Netflix, Capital One, Office of Personnel management, hotel and airline travel sites, and significant healthcare institutions.
Unemployment claims are handled at the State level; each state reports historical levels of filed claims, making it easier for fraudsters to slip through.
Based upon the numerous cases we have handled at Fortalice, we have recommendations on how to best spot, stop, and respond to this type of fraud.
Indications Your Organization Might be a Victim:
Indications Your Executives or Employees Might be a Victim:
The Fortalice Fix
Your company can take a few steps to prepare:
Rapid Crisis response is critical if your executives are impacted.
Create an account team to handle the matter
a. Department of Labor has launched a new site for victims: www.dol.gov/fraud
b. Use the FTC’s IdentityTheft.gov, for step-by-step recovery assistance.
c. U.S. Department of Justice's National Center for Disaster Fraud form is online.
d. File a report online at the FBI's Internet Crime Complaint Center at www.ic3.gov .
For An Impacted Employee:
It is my hope that your organization, executives and employees can avoid being a victim of this scam. Should you have questions or need assistance with any of the guidance above, call us at 877.487.8160 or email us at Watchmen@FortaliceSolutions.com. We stand at the ready to serve.
Be healthy. Be safe. Be well.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.