The COVID-19 pandemic has put millions of Americans out of work, with over 30 million unemployment claims submitted since the start of the crisis. As the months drag on, there’s no sign of when the job cuts will stop — or when economic recovery can begin in earnest.
As a result of the staggering economic impact, Congress passed the CARES Act — which contains a provision that increases unemployment benefits by an additional $600 per week until July 25. Unfortunately, not all jobless Americans are getting their money just yet. Tap or click to see how Cold War-era computers are messing things up.
In addition to outdated digital infrastructure, another factor is harming Americans’ unemployment money: Scammers. Investigators have concluded that a foreign cybercrime ring has been posing as Americans and collecting unemployment benefits. What’s worse, they’re using stolen data to make it happen! Here’s how.
Remember that time you got phished?
Thanks to an unprecedented number of jobless claims in the past two months, many states are reducing their review period for unemployment benefits. This is supposed to speed up the process for Americans that need money now, but scammers are also taking advantage of this new lack of oversight to make some serious cash.
According to the “New York Times,” investigators with the U.S. Secret Service have determined that a Nigerian fraud ring has been illegally capturing unemployment benefits intended for jobless Americans. Using a combination of stolen data and money-mules, they’ve been able to make away with “hundreds of millions of dollars.”
Many fraud victims have only found out they’ve been ripped off thanks to confirmation letters sent via mail by the state governments. In several cases, the victim was still employed despite the claim being made in their name.
With so many Americans out of work, it’s absurd that fraud of this scale is even occurring. But it shows just how low cybercriminals are willing to sink to make some money off of a crisis. Tap or click here to see how scammers are using COVID-19 to phish email users.
The prince pays up
Of course, to make the claims in the first place, these scammers need access to a range of personal data like names, birthdays, Social Security Numbers and job history. Lucky for them, much of this data can be gained through data breaches.
Some Dark Web marketplaces even sell personal data like this for pennies on the dollar. Tap or click here to see an example.
But that’s not the only method scammers are using to access their ill-gotten funds. In several cases, investigators have identified the use of “money mules,” or stateside bank account holders who willingly share their accounts with scammers for a cut of the profits.
If you’ve ever heard of the “Nigerian Prince” scam, the fraudster proposes you share your bank account with him so he can deposit his fortune while he flees his home country. Then, when he’s overseas, you can “take your cut” of the money. This is essentially the same thing, except this time, cash is actually deposited in the money mule’s account.
Of course, if you take part in this scam, you risk jail time for yourself. Yes, really! Tap or click here to find out why.
How can I protect myself from having a claim made in my name?
A good place to start is the all-purpose data breach search engine HaveIBeenPwned. This handy website will search if your email address matches any known data breaches, and will inform you of your risk factors in the event yours was accessed. Tap or click here to check if you’ve been “Pwned.”
If your data was leaked in a breach for any reason, change any passwords for accounts you have associated with that user name. In addition, you may want to consider freezing your credit, which can prevent additional accounts from being opened in your name. Tap or click here to find out how.
If someone has already impersonated you to collect an unemployment check, you should call your state’s Labor Department and let them know the situation. According to the “NY Times” report, states like Florida have already received numerous calls on the matter.
If your email address has not been leaked, you’re probably on the safe side. Still, you may want to consider deleting any personal data from social media platforms you’re using and maybe even locking down your accounts with two-factor authentication. Tap or click here to see how to set it up.
In addition, signing up for an identity protection service can alert you to fraudulent activity in your name. We recommend our sponsor Identity Guard, which includes a robust suite of security features like bank alerts, threat analysis and Dark Web monitoring for your most valuable logins.
Scammers and identity thieves can only use the data you or the web provides them. If you’re sharing every single aspect of your life, you’re only giving them more ammunition to potentially harm you with. To stay safe, rein in the sharing. You won’t regret it. Tap or click here to see all the things (like oversharing) you should never do online.