Blog

During the COVID-19 pandemic, millions of Americans have filed for unemployment benefits. Seizing the opportunity, fraudsters have seemingly found success by fraudulently filing for unemployment benefits, and the Dark Web has been bustling with chatter about the most effective techniques and best states to target. As expected, underground ‘service providers’ have popped up, primarily offering the following:

1. Personally identifiable information (PII) and documents.
2. Tutorials and ‘how-to’ guides.
3. Compromised unemployment benefit accounts.

PII and documents

‘Fullz’ is an underground term for a complete record of personally identifiable information (PII) that includes the victim’s name, date of birth, social security number, address, and more. Fullz data is used by fraudsters and cybercriminals for numerous schemes – from tax refund fraud to identity theft. Over the past few months, more and more underground vendors of Fullz have aggressively promoted their data for use in unemployment benefits fraud.

Similarly, underground vendors of fake and stolen documents such as paystubs, credit reports, W-2 forms, and fake ID’s, have been marketing their goods in connection with unemployment benefits fraud.

Tutorials and ‘how-to’ guides

Some underground actors have been promoting tutorials and ‘how-to’ guides for fraudulent unemployment applications. These guides provide a step-by-step explanation and recommendations on the types of documents needed to file for unemployment benefits, URLs of preferred state unemployment agencies, bank or money transfer applications (e.g., Venmo), ideal termination dates to include in the application, and more. These guides sell for an average of $50 to $150 dollars. Often, the authors offer ‘proof’ that their method is successful by including images of unemployment benefit payments.

Compromised unemployment benefit accounts

Finally, some underground actors are offering access to compromised unemployment benefit accounts. This scheme involves the unauthorized takeover of an existing legitimate unemployment benefit account and redirecting payments by modifying the beneficiary bank account from that of the accountholder to that of the fraudster. This service often includes the victim’s ‘Fullz’ and bank account information, login credentials for the state unemployment benefit website, and email account credentials, among other necessary documents.

Recommendations

To reduce the risk of fraudulent unemployment claims for your employees, consider the following:

1. Monitor the surface and dark web for compromised employee records. These can be used to target and populate ‘Fullz’ profiles for your employees.
2. Increase employee awareness of unemployment fraud, as well as phishing and other scams used to harvest PII.
3. Ask your employees to immediately report any communications from state unemployment agencies and have an in-house point of contact to support them in reporting fraudulent applications.