Our 24x7 comprehensive monitoring of the Digital Underground can help you transform your information security and anti-fraud operations from reactive to proactive.

orange arrow

Fraudsters Filing for Unemployment

intro image

Written by Mara Gibor

During the COVID-19 pandemic, millions of Americans have filed for unemployment benefits. Seizing the opportunity, fraudsters have seemingly found success by fraudulently filing for unemployment benefits, and the Dark Web has been bustling with chatter about the most effective techniques and best states to target. As expected, underground ‘service providers’ have popped up, primarily offering the following:

  1. Personally identifiable information (PII) and documents.
  2. Tutorials and ‘how-to’ guides.
  3. Compromised unemployment benefit accounts.

PII and documents

‘Fullz’ is an underground term for a complete record of personally identifiable information (PII) that includes the victim’s name, date of birth, social security number, address, and more. Fullz data is used by fraudsters and cybercriminals for numerous schemes – from tax refund fraud to identity theft. Over the past few months, more and more underground vendors of Fullz have aggressively promoted their data for use in unemployment benefits fraud.

Recent advertisement from an underground Fullz vendor
Recent advertisement from an underground Fullz vendor

Similarly, underground vendors of fake and stolen documents such as paystubs, credit reports, W-2 forms, and fake ID’s, have been marketing their goods in connection with unemployment benefits fraud.

Underground vendor advertising documents for sale
Underground vendor advertising documents for sale

Tutorials and ‘how-to’ guides

Some underground actors have been promoting tutorials and ‘how-to’ guides for fraudulent unemployment applications. These guides provide a step-by-step explanation and recommendations on the types of documents needed to file for unemployment benefits, URLs of preferred state unemployment agencies, bank or money transfer applications (e.g., Venmo), ideal termination dates to include in the application, and more. These guides sell for an average of $50 to $150 dollars. Often, the authors offer ‘proof’ that their method is successful by including images of unemployment benefit payments.

‘Proof’ from an author to demonstrate the quality of his scheme
‘Proof’ from an author to demonstrate the quality of his scheme

Compromised unemployment benefit accounts

Finally, some underground actors are offering access to compromised unemployment benefit accounts. This scheme involves the unauthorized takeover of an existing legitimate unemployment benefit account and redirecting payments by modifying the beneficiary bank account from that of the accountholder to that of the fraudster. This service often includes the victim’s ‘Fullz’ and bank account information, login credentials for the state unemployment benefit website, and email account credentials, among other necessary documents.

An underground actor selling compromised unemployment benefit accounts for $200 each
An underground actor selling compromised unemployment benefit accounts for $200 each


To reduce the risk of fraudulent unemployment claims for your employees, consider the following:

  1. Monitor the surface and dark web for compromised employee records. These can be used to target and populate ‘Fullz’ profiles for your employees.
  2. Increase employee awareness of unemployment fraud, as well as phishing and other scams used to harvest PII.
  3. Ask your employees to immediately report any communications from state unemployment agencies and have an in-house point of contact to support them in reporting fraudulent applications.

Don't forget

to Visit

Our Solutions

About the Author

Mara Gibor is the Director of Threat Intelligence at Q6 Cyber. She leads analyst teams in the collection and analysis of E-Crime intelligence from numerous open and restricted sources.