The national attention given to recent data breaches, including the theft of personally identifiable information (PII), has highlighted potential issues for the victims of the breaches. Identity theft is one of the more obvious concerns. Breached organizations offer free access to identity protection services, which offer more psychological relief to victims than actual safeguards from identity theft.

Perhaps one of the most underreported vectors to monetize stolen PII is unemployment insurance scams. In fact, identity protection services do next to nothing to stop the improper use of government benefits, including unemployment benefits.

What Is Unemployment Insurance Fraud?

Unemployment insurance fraud, also known as unemployment claims fraud or benefits fraud, is the collection of benefits from unemployment claims filed using false or inaccurate information. According to the Department of Employment Services, unemployment insurance fraud may take several forms, such as the following:

  • An individual returns to work but continues to collect unemployment insurance benefits.
  • An individual works a part-time job but does not report his or her earnings to the state, thereby collecting more benefits than he or she is allowed.
  • An individual performs temporary work while collecting unemployment insurance benefits but does not report the earnings when filing his or her weekly claim.
  • An individual holds back information or gives false information to the state unemployment insurance agency.

While unemployment insurance fraud is often perpetrated by individuals on their own account, the proliferation of stolen PII in underground markets opens new doors for criminals looking to commit the fraud using stolen IDs. It is now economically practical for organized crime groups to use unemployment insurance fraud to monetize stolen PII purchased from data breaches and other forms of mass data compromises. More importantly, identity theft victims of unemployment benefits are often left in the dark until they are approached by their human resources department for filing an unemployment claim while still employed, or until the victim actually becomes eligible for the benefits, but a submitted claim is denied.

Recent Cases

In Miami, two brothers were sentenced to more than nine years in prison each and ordered to pay more than $800,000 in restitution after being found guilty of identity theft and unemployment fraud. The investigation kicked off after one of the victims filed a complaint with law enforcement about the unauthorized use of her identity for unemployment benefits. Investigators tracked the IP address used to file the claim back to the brothers, who reportedly used more than 650 personal identities to claim unemployment benefits.

A group of five co-conspirators in Milwaukee and Gary, Indiana, were convicted of executing an identity theft and unemployment insurance fraud scheme resulting in the fraudulent obtainment of $357,420 in unemployment benefits. In a well-calculated fraud scheme, the perpetrators created several fictitious companies and registered both complicit and identity theft victims as employees of the companies, with the end goal of collecting unemployment benefits. One of the suspects, who worked as a certified nursing assistant at a rehabilitation center, used her access to patients to supply the group with identity theft victims.

In Trenton, New Jersey, a resident led a team of three other co-conspirators who perpetrated a fraud scheme that netted more than $180,000 in unemployment benefits. The group leader used two defunct companies with which he was previously associated to submit fraudulent quarterly wage statements to the state. This allowed the group to later file unemployment claims. Two of the co-conspirators unsuccessfully filed unemployment claims using false identities. In an interesting twist, the lead fraudster launched the scheme while serving time for other convictions, including tax refund fraud. He was also able to receive proceeds from the unemployment fraud into his prison account.

Detection in a Digital World

State agencies can use the large volumes of claimant data to accurately identify fraud. Each claimant service encounters data that can be used for analytics. Most of these encounters happen in the online world. The challenge is finding a solution that can scale to cover multiple data sets with speed, accuracy and efficiency. There are numerous analytics that can be performed on the data collected through online customer interactions. The following are some of the analytics that can be run:

  • IP Address Analysis: Any organization not scrutinizing the IP address activity of claimants misses out on potentially low-hanging fruit. A single IP address linked to multiple claimants hints at identity theft fraud. At the very least, it deserves to be further investigated. Accordingly, out-of-state and especially out-of-country IP address activity is another red flag.
  • Device Fingerprinting: IP address analysis has limitations, since even the less sophisticated bad actors can easily misrepresent their IP address in order to circumvent geolocation fraud detection strategies. A more advanced method of tracking Internet user activity is device fingerprinting. Similar to IP addresses, a single device fingerprint linked to multiple claimants is reason for concern. However, even device fingerprinting is not foolproof.
  • Link Analysis: From the perspective of identity theft unemployment fraud detection, link analysis is a powerful technique used to obtain actionable intelligence from the data to which state agencies have access. One of the challenges is maintaining an environment that will let organizations quickly identify relationships between nodes, often in real time or near-real time as new data comes in. As new unemployment insurance claims are submitted, organizations need to resolve entities and discover relationships between new and historical data points.

Fraud management solutions can provide organizations with a single, integrated solution to combat the full life cycle of unemployment insurance fraud. The discussed data analytics techniques are only a piece of the puzzle. The solution is designed to help prevent and intercept attempted fraud while detecting, identifying and building the case against past fraudulent activity and improper payments.

More from Government

Who Will Be the Next National Cyber Director?

After Congress approved his nomination in 2021, Chris Inglis served as the first-ever National Cyber Director for the White House. Now, he plans to retire. So who’s next? As of this writing in January of 2023, there remains uncertainty around who will fill the role. However, the frontrunner is Kemba Walden, Acting Director of the National Cyber Director’s office. Walden is a former Microsoft executive who joined the National Cyber Director’s office in May. Before her appointment, Walden was the…

How Much is the U.S. Investing in Cyber (And is it Enough)?

It’s no secret that cyberattacks in the U.S. are increasing in frequency and sophistication. Since cyber crime impacts millions of businesses and individuals, many look to the government to see what it’s doing to anticipate, prevent and deal with these crimes. To gain perspective on what’s happening in this area, the U.S. government’s budget and spending plans for cyber is a great place to start. This article will explore how much the government is spending, where that money is going…

What the New Federal Cybersecurity Act Means for Businesses

On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act. The risk of quantum-powered password decryption is increasing exponentially. The new legislation is designed to help federal agencies proactively shift to a post-quantum security posture. Agencies have until May 4, 2023, to submit an inventory of potentially vulnerable systems, and the Act directs the Office of Management and Budget (OMB) to prioritize the adoption of post-quantum cryptography standards. For businesses, government efforts to address emerging quantum risks…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…