Unemployment insurance claims of $100 million were fraudulently sent to jailed inmates in 2020, and it all happened because of weak authentication protocols. The inspector general of the U.S. Labor Department confirmed. What actions are they taking to stop a further money drain? In this article at KrebsonSecurity, find out how states are fighting this cybercrime.
Stealing Unemployment Claims
ID.me is a private company helping 15 states to beef up authentication methods and block fraudulent money transfers. A new report from the Labor Department’s Office of the Inspector General (OIG) conveyed that from March to October in 2020, $3.5 billion went to people with Social Security numbers filed in several states. Some $100 million went to more than 13,000 unqualified inmates.
OIG confesses that identity thieves and cybercriminals have stolen billions in unemployment claims. As a result, California lost $11 billion in 2020. The Labor Department wanted states to utilize a centralized hub to report such hacks. Since participation was not mandatory, only 32 out of 54 U.S. workforce agencies are using it.
More than 36 million people have signed up with ID.me for unemployment claims. So, the company is asking for more information than the states to identify or flag suspicious claimants. Founder and CEO Black Hall remarked, “There’s literally every form of attack, from nation states and organized crime to prisoners.” Social engineering is one of the primary ways cybercriminals are demanding money. While young people are facing job-related scams, elderly citizens are encountering romance and prize-related frauds.
Attacks on ID.me
Cybercriminals are relentlessly attacking ID.me with a range of denial-of-service (DDoS) attacks. KrebsonSecurity identified Telegram posts that are offering services to help people bypass the company’s screening process. Though ID.me cannot always detect fraudulent unemployment claims, its systems will stop multiple claim benefits from the same scammer, assures Hall.
States have relied on data brokerage firms for these authentication services for far too long. To avoid such situations again, ID.me had to make its security guidelines stringent. So, some legitimate unemployment claims fail to pass through their filters. California’s Republican assemblyman Jim Patterson pointed that out. Hall explained, “For individuals who fail this process, we are the only company in the United States that offers a secure, video chat based method of identity verification to ensure that all users are able to prove their identity online.”
To view the original article in full, visit the following link: https://krebsonsecurity.com/2021/02/how-100m-in-jobless-claims-went-to-inmates/