In the few short months since the novel coronavirus outbreak and ensuing social distancing measures started disrupting communities and economies across the globe, the unemployment rate in America has soared to levels not seen since the Great Depression. At the time of writing, the unemployment rate sits at 13.3%, which translates to roughly 21 million jobless Americans. The subsequent spike in unemployment benefits claims has created a unique opportunity for imposter scammers, who are taking advantage of overwhelmed state and federal agencies, busy phone lines, and the heightened anxiety of those who have recently lost their jobs and financial security.
In this article, we’ll discuss some common tactics that fraudsters are employing to try to scam people out of their unemployment benefits, and give some practical next steps for credit unions to help insulate themselves from risk and keep their members from falling victim to imposter scams.
Phishing for information
One tactic that scammers use to get sensitive personal data such as Social Security numbers or bank and credit card information is through phishing emails. In this scam model, a cyber-criminal sends an email that looks like it’s from a trusted source, like the U.S. Department of Labor, the state unemployment office, or the individual’s financial institution. The email is intended to play off the fears of the individual, and will often include threatening language such as “We’ve identified fraudulent activity on your account. Click here to resolve the issue and avoid further charges.” If the email is successful in getting the recipient to click on the link, the attacker can then install malware to gain access to any sensitive information that is stored on the recipient’s computer, or even the entire network that their computer is connected to. The link may also take the individual to a fake website that looks legitimate and asks them to input valuable personal information.
According to a recent article by Norton Security, “One scam that has hit unemployed claimants in several states recently is an email from ‘Unemployment Assist.’ Its subject line reads: ID Eligibility Requirement 1: Must be Available for Work, or Verification Required: 2nd Request. The fraudulent email claims that you must provide certain personal information to either file or complete your unemployment-insurance claim.”
Scammers target state unemployment agencies
In May of this year, federal authorities became aware of a massive and sophisticated attack being carried out on many U.S unemployment systems. The attackers, using detailed personal data such as Social Security numbers and bank account information obtained from previous cyber hacks, have started filing fraudulent claims on behalf of individuals who are still employed, taking advantage of overrun state systems to successfully steal millions of dollars in relief payments that were intended to support those who have lost jobs due to the coronavirus.
According to the New York Times, a secret service memo released in May revealed that, “Washington State had emerged as the primary target thus far, but there was also evidence of attacks in Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island and Wyoming. The agency warned that every state was vulnerable and could be targeted, noting that the attackers appeared to have extensive records of personally identifiable information.”
Job search scams
With so many millions of Americans out of work, many cyber criminals are ramping up their efforts to perpetrate job search scams. In fact, since the coronavirus first appeared on the world stage in December, the Better Business Bureau has reported more than 13,000 job listing scams in North America alone.
In job search scams, cyber criminals attempt to position themselves as potential employers to obtain personal data or direct payments from unsuspecting individuals. According to Flex Jobs, “There are some telltale signs that indicate a job posting is probably a scam:
- The ad uses words that are probably too good to be true: quick money, unlimited earning potential, free work-from-home jobs.
- There is a sense of urgency, or the recruiter is pushing you to accept the job now. Any legitimate company won’t push anyone into accepting a job offer immediately.
- The job post or email has obvious grammatical or spelling errors.
- The “company” has an email domain from Gmail or other popular providers.
- The job description is unusually vague.
Practical next steps for credit unions
To help protect their members and minimize risk to their institutions, credit unions should help educate their borrowers about potential COVID-19 related scams and red flags. Other action items may include:
- Enhancing monitoring of unusual and suspicious account activity to identify patterns that point to potential fraud
- Closely following all regulatory reporting requirements
- Reviewing internal policies governing payment size and frequency and considering adding additional approvals for large transactions
These are challenging times for credit unions as they try their best to adapt to change while still serving their members. But there is still plenty of opportunity for financial institutions to thrive in 2020. Keeping up with industry trends is going to be key to success for credit unions going forward. Download our free ebook to learn more about how payment preferences are evolving.