The Colorado Department of Labor and Employment has been flooded with fraudulent claims for unemployment insurance — more than 1.1 million claims have been flagged as possibly fraudulent since the start of 2020.
Bank employees and customers, like those in other industries, have been targeted by scammers who have used their identities to file false claims.
While many of these claims are now being caught by more sophisticated identification tools, many others result in great inconvenience for businesses and individuals and in millions of dollars in payments to scammers.
According to Jessica Smith, CDLE Division of Unemployment Insurance press secretary, scammers were successful in stealing $6,562,264 through fraudulent claims in 2020, but the department prevented more than $91 million in fraud losses.
Nationwide, unemployment insurance fraud has been so rampant since the start of the COVID-19 pandemic that the U.S. Treasury’s Financial Crimes Enforcement Agency has enlisted banks to help identify fraudulent claims.
A Financial Crimes Enforcement Network (FinCEN) advisory sent to financial institutions in October 2020 identified several types of fraudulent activity and urged banks to be on the lookout for these scams.
•Fictitious employer-employee fraud: Filers falsely claim they work for a legitimate company or create a fictitious company and supply fictitious employee and wage records to apply for unemployment insurance payments.
•Employer-employee collusion fraud: The employee receives unemployment insurance payments while the employer continues to pay the employee reduced, unreported wages.
•Misrepresentation of income fraud: An individual returns to work and fails to report the income in order to continue receiving payments, or claims higher wages than he or she previously earned.
•Identity-related fraud: Filers submit applications for unemployment insurance payments using stolen or fake identification information to take over an account.
“Fraudsters using stolen personal information to file fraudulent claims” is the most common type of unemployment insurance fraud in Colorado, Smith said.
FinCEN advised financial institutions to take into account surrounding facts and make additional inquiries when unemployment insurance fraud is suspected, and listed numerous red flags for banks to watch for, including:
•unemployment payments from a different state from the one in which the account holder resides;
•multiple state unemployment payments;
•unemployment insurance payments in the name of a person other than the account holder;
•deposits of both unemployment payments and regular work earnings;
•withdrawals of unemployment insurance payments in a lump sum by cashier’s check or transfer to an out-of-state account;
•diversion of unemployment insurance funds via wire transfer to foreign accounts;
•deposit of unemployment insurance payments into suspected shell or front company accounts; and
•deposit of numerous unemployment insurance deposits into a newly opened account.
According to an online June 8, 2020, American Banker article, security research firm Agari discovered a well-organized West Africa-based fraud ring it called Scattered Canary, believed to be behind most unemployment fraud up to that time.
Scattered Canary obtained basic information to apply for unemployment insurance claims through purchase of Social Security numbers and email addresses on the dark web. Its members also sent emails masquerading as messages from targets’ colleagues, asking for information — such as a request from a company officer telling employees to provide documents such as W-2s.
The fraudsters file applications with state governments and set up accounts to receive the benefits.
Often, according to the American Banker article, they recruit people to act as money mules who set up new accounts to receive the funds.
Some of these money mules are unwitting accomplices engaged through a romance scam, in which the scammer pretends to be a love interest. Other money mules are willing participants who are paid a portion of the proceeds, the article stated.
In Colorado, unemployment insurance fraud has increased dramatically since the state ramped up its unemployment insurance program, MyUI+, in March 2020.
CDLE has been working with banks from the beginning, said Phil Spesshardt, director of the Division of Unemployment Insurance.
“Banks tend to have algorithms that they look at for certain activity,” Spesshardt said. “When they see suspicious activity, they have been shutting down those accounts and seizing those funds. To the extent that they know which state that those benefits came from, they’re then returning those funds back to those states.”
Colorado had received $21 million in such payments as of the middle of last year, he said.
“That was the result of the Secret Service and a couple of banks noticing this type of activity, stopping that activity and seizing those funds,” he said. “Banks have been very strong in that space.”
U.S. Bank is the issuer of the ReliaCard, a debit card that Colorado and other states use to direct-deposit unemployment funds to claimants.
“Once an unemployment insurance claim is filed, it creates paperwork and a series of files,” Spesshardt said. “One of those is a file that goes to U.S. Bank indicating that a ReliaCard needs to be created and sent to a particular address.”
U.S. Bank is working with the department to flag possible fraudulent claims. For example, Spesshardt said, the bank may flag numerous requests for ReliaCards to be sent to the same address.
“We continue to work back and forth with U.S. Bank … every day to see if there aren’t better ways to refine the process,” he said.
Both the bank and CDLE would prefer that cards not be issued if they are based upon a fraudulent claim, Spesshardt said, since it costs money to issue them. “On the other hand, that’s been a great tool for people to realize, ‘Oh, I need to report this somewhere. This may be fraud.’”
U.S. Bank declined to be interviewed, but Communications Manager Boua Xiong-Roy said in an email that, “States have experienced a surge in fraudulent unemployment claims across the country. While state governments manage the claims and enrollment processes and provide debit card issuance instructions to card issuers, U.S. Bank Reliacard is working closely with them to detect and mitigate fraud.”
Financial institutions like Ent Credit Union are working with CDLE and being more vigilant than ever to catch unemployment insurance fraud, which also can be perpetrated by individuals.
“Members are reporting to us that they’ve been notified that a claim has been filed, either from their current or past employer,” said LaShae Woodard, Ent vice president of financial crimes.
“We have also had some members report that they received a tax form in the mail showing that they had received unemployment, and they did not,” Woodard said.
Another common scheme involves a scammer posing as an employer, telling employees that they are going to receive funds and directing them to send funds to someone else.
“The people receiving the funds generally don’t have any idea that they’re receiving someone else’s unemployment,” Woodard said.
Ent, like other financial institutions, is monitoring accounts through name matching. While she couldn’t go into all of the details, Woodard said financial institutions use in-person and online methods to verify the identities of depositors and new account holders and vet subsequent transactions.
“If we did receive an electronic deposit and the name did not match, we would send it back electronically” to CDLE, she said. “Catching them before they get posted is the key.”
Woodard said Ent treats unemployment fraud as identity theft and helps members who report it take necessary steps, including directing victims to file reports with CDLE and the Federal Trade Commission.
“We have a handout that we email our members that tells them what to do,” she said.
The flyer, developed by the FTC, “walks them through how to place a freeze and gives them the numbers if they want to freeze their credit or if they just want to do a fraud alert, and explains the difference between the two,” Woodard said. “We also ask them to file a police report so that they can have on record that they are a victim of identity theft.”
Ent also posts information on unemployment insurance fraud in the privacy and security section of its financial education tab on ent.com.
All types of fraud have increased since the beginning of the pandemic, probably because of people staying at home, Woodard said.
Of all types of fraud the credit union sees, “unemployment insurance fraud is not like half of our fraud,” she said. “There’s always a new type of fraud every couple months, because fraudsters get craftier to try and circumvent what we do to stop them.”
Scams can impact financial institutions directly, and can require additional time and effort to help customers, she said.
“Depending upon the type of fraud, sometimes they need a new account,” Woodard said. “Sometimes they need their account monitored. We can stop certain types of transactions. But if someone has their account number, they’ll need a new account.”
For members with multiple accounts, “we do a lot of background work to move things for them,” she said.
Ent’s fraud investigators help members determine losses and protect their accounts. Ent has a team of about 20 fraud investigators and card fraud investigators, who work with members who report a lost or stolen debit card or dispute purchases, Woodard said. Her department also includes regulatory specialists.
“It’s absolutely something we plan for,” she said. “We can’t put a price tag on protecting our members from taking a loss.”
Prevention is just as important, if not more so, than reacting to fraud, Woodard said.
Ent works with law enforcement authorities, monitors FinCEN alerts and meets regularly with fraud investigators from other financial institutions to share information about new fraud schemes.
“We definitely could not do it alone,” she said. “We work together with our peers.”