depiction of unemployment scams during COVID-19 pandemic

The U.S. unemployment rate hit a mind-boggling 14.8% last year. That statistic translates into missed rent and mortgage payments, unpaid bills, and understandably sleepless nights for millions of Americans.  But for many laid-off individuals, that was just the beginning of their nightmare. That’s because fraudsters made off with 10s if not 100s of billions of US dollars intended for out-of-work individuals. One organized ring alone looted $36 billion in taxpayer dollars through unemployment scams.

The total fraud losses are still being tabulated but could reach into the 10s or 100s of billions. These scams caused significant problems for real people who were relying on unemployment insurance to get by. State governments proved ill-equipped to detect and stop fraud. That’s why it may ultimately be up to the banking community to take action against unemployment scammers.

Here’s what your bank can do to stop unemployment scams, protect your customers, and safeguard your bank’s reputation. 

The pandemic opens unemployment fraud floodgates

The large number of unemployment claims filed last year allowed fraudsters to blend in with the crowd. They filed unemployment claims using stolen credentials from unsuspecting victims. The massive influx of new unemployment claims overwhelmed state governments, limiting officials’ ability to catch fraudsters in the act.

Fraudsters’ actions hurt real people at a time when they needed assistance the most. Legitimate claimants learned they couldn’t access much-needed funds because their identities were used to file fraudulent claims. Many people faced significant financial insecurity and weren’t able to pay their bills, buy groceries, or worse. One person in Massachusetts, for example, faced eviction because of lengthy delays. In another case, a California resident went months without getting unemployment assistance and drained their savings account to make ends meet.

How unemployment scams work 

As mentioned earlier, fraudsters had all the tools they needed to pull off unemployment scams at a massive scale. These bad actors had already spent years collecting personally identifiable information (PII) through data breaches, phishing scams, or dark web purchases. This stolen information includes names, addresses, emails, phone numbers, social security numbers, bank account information, and more.

The COVID-19 pandemic presented the right opportunity for fraudsters to launch attacks at an unprecedented scale and put those stolen credentials to use. Fraudsters used the stolen PII and credentials to launch automated script attacks on states’ unemployment filing systems, similar to a bot attack. Even if just one of their attempts was successful, they profited from the scam. This means they were undeterred by failure and profited with little effort.

The fraudulent claim surge caught both state governments and victims off-guard. Victims of identity theft related to unemployment scams often do not find out unless they attempted to file a real unemployment claim for legitimate reasons or if they received an official form 1099-G notifying them of their opened claim.

Money mules assist scammers

Money mules helped fraudsters profit off of unemployment scams by providing a legitimate bank account to move money. Fraudsters leveraged mule accounts as a means to siphon funds out of the banks. While some mules were scammed into participating in ploys, other mules acted willingly. Fraudsters told their victim or participant they will deposit money into the account and promised to give them a share of the funds.

Mules (victim or participant) withdraw cash, send wire transfers, or buy gift cards and direct them to the fraudsters. Whether they realize it or not, money mules are breaking the law and face very real consequences for their actions. A 70-year-old Mississippi woman was arrested for accepting unemployment payments into her bank account and then sending cash and gift cards to fraudsters. If convicted, the woman faces hundreds of years in prison.

Regulators are taking notice

A recent report from the U.S. Department of Labor indicates that the unemployment scams cost taxpayers billions last year. What’s more, fraudsters are still looking to exploit vulnerabilities in the unemployment assistance system. The recent $1.9 trillion COVID relief package that was recently signed into law includes a $300 increase in unemployment benefits. This means unemployment assistance will continue to be an enticing target for fraudsters, and losses will be compounded by the increase in benefits.

The hefty cost of unemployment scams ultimately means financial regulators will review the process and try to understand how such unemployment fraud was possible. This will likely mean financial institutions are in for some uncomfortable conversations with government agencies. It’s worth remembering that while you may disagree over which side bears the most responsibility for fixing the issue, regulators are most likely the ones who will have the final say.

Your FI might face pressure from regulators to implement fixes to keep unemployment fraud in check. Your bank could face a reputational risk if a regulatory body decides to investigate your protocols. It’s wise to start building a pathway to keep regulators appeased now.

5 tips to stop unemployment scams

Banks have to stay vigilant and monitor for suspicious activity to protect their customers from unemployment scams. Here’s what your bank can do to help protect customers from unemployment scammers.

1. Match the names with the claims

Fraudsters are counting on victims to act on their behalf and move unemployment assistance to accounts that they control. Your bank can play a critical role in stopping unemployment fraud by monitoring the names of all parties involved in a transfer. For example, using naming logic, you can determine if the name on the unemployment claim matches the account holder’s name or if the money is being transferred to another account with a different name. If your model or rules spot a naming mismatch like this it can flag the activity as potential fraud. 

2. Adjust your rules and models for new realities

As millions of people filed unemployment assistance claims, your bank should adjust its rules accordingly to catch suspicious behaviors. For example, rules can be implemented to your risk engine to highlight if a bank account is less than a year old and suddenly receiving unemployment deposits. You can also create additional rules that can flag a relatively new account that receives an unusual number of deposits for unemployment assistance.

3. Know your customers, spot suspicious behaviors

Implementing rules related to unusual activities can help you establish a sense of your customer’s normal behaviors and whether they might be caught up in a money mule scam. If your customers are transacting unusually – such as receiving unemployment deposits and making transfers to other bank accounts in different geographic regions or transacting at a faster pace than normal – adjust your rules to flag this as potentially fraudulent activity. Your bank can also proactively warn customers that they might be participating in a money mule scam. 

4. Flag dormant accounts 

Some accounts were opened for fraudulent purposes years before the coronavirus pandemic unfolded. When these accounts suddenly start showing signs of life after years of inactivity, that’s certainly cause for concern. Naming mismatches or unusual account activity can trigger rules. This could include if the account holder suddenly begins rapidly transacting with an unfamiliar bank account after a steady period of inactivity. 

5. Monitor device hygiene

Machine learning systems have an easier time telling which accounts have been used by a certain device. These systems can also tell if those same devices are interacting with an unusual number of bank accounts. Link analysis solutions, for example, pinpoint connections between your customer’s devices and other, suspicious accounts. Based on these insights, your bank can flag the account as suspicious and stop fraud in its tracks.

Fraudsters rejoiced at the rapid shift to digital banking and eCommerce witnessed in 2020. Case in point, account takeover (ATO) attacks rose by a shocking 650%. Download Feedzai’s Financial Crime Report – Q1 2021 to learn how the pandemic impacted different global regions, plus the top five fraud trends and how to fight back.