* This is so odd…
* From the link…
Nearly a dozen people contacted the ABC7 I-Team about receiving unemployment benefits even though they never actually applied for unemployment.
They said a debit card just showed up at their home, and they weren’t sure if it was junk mail or a hoax. But after calling the number of the back of the card, they learned they could have a big problem on their hands. […]
She called KeyBank, the company that administers the cards, and said she was told the Illinois Department of Employment Security instructed them to send her the card.
Somehow all her personal information matched what KeyBank had in their system, except her phone number, which she said they wouldn’t give out.
* The SJ-R has a good explainer…
When a person applies for unemployment, they are sent a KeyBank debit card in an inactivated state. It is up to the recipient to call KeyBank and have the card activated and set up a PIN number. It’s only then that the card would be ready to use, Salustro said.
At the same time, IDES always asks people to sign up for direct deposit of benefits because it is faster and more secure, he said. What scammers do is apply for benefits using a person’s stolen identify and then quickly convert the benefits into a direct deposit of an account that they control.
If someone gets a card or other notices that they are receiving benefits when they didn’t apply, IDES is asking people to report it as fraud. People should not activate the cards, but neither should they simply shred them and ignore what happened, Salustro said.
“In most cases, a person committing unemployment fraud in someone else’s name is, in all likelihood, using their name and identifying information, obtained through various methods and avenues, simply to receive unemployment funds,” he said. “Once this has been detected and reported, the claim is stopped and the fraudulent individuals pursued. The department is working with federal law enforcement authorities to investigate, pursue and prosecute those who defraud the unemployment insurance systems.”
Good luck getting through to IDES to report this fraud, however.
*** UPDATE 1 *** IDES…
The increase in the fraudulent unemployment claims is believed to be coming primarily out of the Pandemic Unemployment Assistance (PUA) program. Under the ambiguous federal guidelines, which were developed in haste because of the urgency of the pandemic and issued to every state without a uniform method of implementation, the potential for fraud within this system is abundant.
One of the largest vulnerabilities within PUA is the absence of an employer on the other side of the claim to contest the claim in the event the it is fraudulent or should be protested. Under regular unemployment insurance guidelines, an employer has the ability to alert IDES if a claim has been filed in the name of an employee who is currently employed, and has the ability to protest a claim if they believe the employee does not fall into the category of having lost work through no fault of their own.
This fraud scheme is in no way connected to the PUA program access issue experienced in May. The limited data access issue of the PUA system found that one PUA claimant was able to inadvertently access personal identifying information of a limited number of claimants who had already filed an unemployment claim. Out of an abundance of caution, a year’s worth of free credit monitoring was provided to any claimant whose information may have been inadvertently viewed by this one individual claimant.
*** UPDATE 2 *** This is getting ridiculous…
And check this out…
Maryland is investigating a vast operation using identity theft to commit coronavirus unemployment insurance fraud on the order of more than half a billion dollars, Maryland Gov. Larry Hogan announced Wednesday.
The Maryland operation involved more than 47,500 fraudulent claims and totaled over $501 million, according to Hogan. […]
After finding “an unusual increase in out of state, federal pandemic unemployment assistance claims,” the Maryland Department of Labor discovered the claims, “which were involving massive identity theft, attempting to utilize stolen identities and the personal information of innocent and unsuspecting individuals, which was apparently acquired from previous national data breaches,” Hogan said.
- SSL - Wednesday, Jul 22, 20 @ 9:48 am:
It’s too early to tell the scope of this problem, but this should be a priority for IDES. Take a couple of bodies, set up a different phone number for fraud reporting and get the word out via the media. These are professional scammers and need to be stopped.
- South of Sherman - Wednesday, Jul 22, 20 @ 9:49 am:
I got an approval of benefits and a debit card sent to my address — but under someone else’s name. Not really sure why someone would use a fraudulent address. I did report it to IDES, and later got a notice sent to my address (with the other person’s name on it) saying the benefits had been canceled.
Still not really sure what’s the point of applying for benefits under someone else’s address.
- northsider (the original) - Wednesday, Jul 22, 20 @ 9:53 am:
They need a separate dedicated telephone number for this, and that number should be on the KeyBank card.
- Lynn S. - Wednesday, Jul 22, 20 @ 9:54 am:
I’ve been on layoff, and got an email from IDES late last week, warning me about this.
Supposedly, they have set up a phone tree option (#5) to report this.
I’m willing to bet $2 that that option is the only one that rings directly to a real, live person.
- Kelly Cassidy - Wednesday, Jul 22, 20 @ 9:56 am:
Early on, we would maybe hear from 1 or 2 people a month with this problem. In the last couple of weeks it’s been as many as 3-4 people a day. We send these to the department and hope for the best as we usually don’t get an acknowledgement & these folks don’t seem to be getting called back any faster than anyone else. The sudden uptick should be concerning to everyone.
- Morningstar - Wednesday, Jul 22, 20 @ 10:03 am:
Same as Lynn S., I received a warning email from IDES last week, which included these paragraphs:
“If you have never filed a claim for unemployment insurance, IDES would not have your personal identifying information (PII) to expose it to these bad actors. Instead, perpetrators are obtaining PII through cyber hacks, social media, and online purchase of stolen PII on the dark web from data breaches.”
“Speaking of data breaches, you can use the lookup tool [link provided] to see if you were one of the 147 million impacted from the Equifax breach…”
I found the segue to Equifax interesting.
- pool boy - Wednesday, Jul 22, 20 @ 10:05 am:
It amazes me how ingenious these devious people are. Too bad they can’t do something good with their talents.
- Precinct Captain - Wednesday, Jul 22, 20 @ 10:06 am:
The FBI put out a circular last month about UI fraud rings and the NY Times has reported that the Secret Service has identified international fraud rings running UI benefit scams against the states.
- Annonin' - Wednesday, Jul 22, 20 @ 10:07 am:
Since KeyBank seems better at answering phones perhaps the fraud should be reported there
- John J - Wednesday, Jul 22, 20 @ 10:07 am:
I just checked the toll free line. After selecting 2 (Individual), then 2 (for claims inside Illinois), these are the options:
Press 1 - PIN/Password Reset
2 - To report a lost or stolen debit card
3 - Update info on an existing claim
4 - To file a new claim
5 - Questions about certification or status
6 - IL Job Link
7 - Repeat
- Commonsense in Illinois - Wednesday, Jul 22, 20 @ 10:10 am:
I’m a bit concerned that IDES would say they would not have anyone’s PII. That’s not true.
Every calendar quarter, every employer reports the wages paid to each of its workers by SSN. The Quarterly Wage Report is how a benefit amount is determined for each individual claimant.
- Lynn S. - Wednesday, Jul 22, 20 @ 10:11 am:
@ South of Sherman,
“What’s the point of doing this”?
Same reason folks commit other frauds–it’s easy money for the fraudster, and fraudster counting on low probability of getting caught.
If you can find an account with a base benefit of $200 and get the extra $600, that’s $1600 every two weeks. Do this in ten states, $16,000 every two weeks, or not to far from what you would make at a full-time minimum wage job.
Find a way to do it in all 50 states, and that’s about $80,000, every two weeks. Do you have any idea how far $80 grand goes in Nigeria, where the majority of these scams are originating? After a few cycles, you truly can be as rich as your local King (banned punctuation).
Although the technology seems to be from about 2012, IDES website is set up to be super easy to apply and do bi-weekly reporting through, assuming there are no issues with your claim.
My initial report took about 30 minutes, and probably 20 of those were spent trying to come up with a username* and password that their system would accept. From the level of vulgarity in my password, you can safely assume that the majority of the 20 minutes were spent trying to come up with a password that the system would accept.
I can knock out my bi-weekly reporting in probably less than 10 minutes.
* The whole “pick your username” would work a lot faster if the system didn’t suggest usernames that are apparently being used by other people.
- Newcomer - Wednesday, Jul 22, 20 @ 10:12 am:
They have a designated line for reporting, see here: https://www2.illinois.gov/ides/Pages/Ui_fraud_reporting_options.aspx
Cases of suspected identity theft are widespread across the state. It also appears to be targeting the senior/retired population.
- the Patriot - Wednesday, Jul 22, 20 @ 10:13 am:
Let’s face it, the AG is not going to do anything.
20 years of AG’s not doing anything has made IL State agencies an easy target without consequences.
- Rich Miller - Wednesday, Jul 22, 20 @ 10:15 am:
=== the AG is not going to do anything===
What role does the AG even have in this? Apparently, you think Jim Ryan, Roland Burris or Neil Hartigan would’ve done something different. What would that be?
- 1st Ward - Wednesday, Jul 22, 20 @ 10:16 am:
It keeps on coming for IDES. In addition to the above, given the calculation difference for regular (based on gross) and PUA (based on net) UI IDES is requesting paybacks from UI recipients due to overpayment per ABC Chicago.
https://abc7chicago.com/illinois-unemployment-certify-ides-pua-il/6326541/
- Lynn S. - Wednesday, Jul 22, 20 @ 10:20 am:
Morningstar, do you realize how many times information from that Equifax data breach got sold over the dark web? It’s going to be out there for eternity.
John J, I’d have to dig out the email, but I remember it saying to choose option 1, then 5. Did you also get that email, or are you just calling the 1-800 number for unemployment and going through what seemed a logical chain of choices?
- Newcomer - Wednesday, Jul 22, 20 @ 10:20 am:
==Since KeyBank seems better at answering phones perhaps the fraud should be reported there==
KeyBank manages the debit cards but does not authorize the payments for direct deposit. Therefore, once an account is switched to direct deposit KeyBank will not be of much help but should still be made aware nevertheless. People can also report the matter to local law enforcement who will forward the cases to IDES.
The bigger issue will be if these folks actually become unemployed in the future and try to turn to UI benefits but cannot because their identity was used to fraudulently reap the benefits.
- Chicagonk - Wednesday, Jul 22, 20 @ 10:28 am:
@Rich Which begs the question why not give the AG additional responsibilities to address these issues.
- 44th - Wednesday, Jul 22, 20 @ 10:28 am:
State of Washington got taken for $100mm. That’s a lot of accounts. I assume the fraudsters need a US bank account. That’s where the feds will stop this I hope. Follow the money. It would be pretty hard to open that many accounts for any period of time to collect the checks. They have to be diverting the money somehow. Anyone know? See state of washington.
- Morningstar - Wednesday, Jul 22, 20 @ 10:32 am:
Lynn S. - yes. I have never bothered to “check” to see if my information was stolen and just assumed that it was. The only result of checking into this is recommendations from Equifax and others to get a fraud monitoring service… which I already have.
- Lynn S. - Wednesday, Jul 22, 20 @ 10:47 am:
44th, it’s a pretty simple scheme.
1. Go into state website and file claim.
2. Go back a few days later and switch your payment option from “debit benefit card” to “direct deposit in my bank account”.
3. Once payments start hitting the bank account, use bank’s system to transfer the money to another account, overseas, in someone else’s name.
4. After money hits first account overseas, start routing money to countries where the banking system isn’t as technologically advanced as the U.S. or Europe. This makes tracing the chain of transfers much harder for law enforcement.
After the second or third transfer, best to pick a bank where, for a 5 or 10% fee, manager will drag his feet in assisting any law enforcement people who come around asking questions. Even better if you can find one who will alert you as soon as the law shows up, so that you can take your business to a bank in the next town.
5. Once the money gets to the final bank, withdraw every penny of it. Bury it in your backyard or put it in your mattress, or take it to still another bank, about 3 towns over, where you deposit it in an account under yet another name.
The goal is to keep the money away from the kleptocrats in whatever country you’re living in, and spend as little as possible on “fees” and bribes.
- Rutro - Wednesday, Jul 22, 20 @ 11:58 am:
I would have no idea as the mail comes once or twice a week now.
- John J - Wednesday, Jul 22, 20 @ 12:03 pm:
Lynne - I was just going through the logical choices. Which was probably my first mistake.
- Amalia - Wednesday, Jul 22, 20 @ 12:12 pm:
deeply concerned that even though we’ve not received such cards at our house that identity could be compromised. confidence is now shattered in the system as people who are not asking for money are getting hit.
- OneMan - Wednesday, Jul 22, 20 @ 12:50 pm:
Had a co-worker who got a call from our HR asking if he had filed (he is still with us). This was at least 6 weeks ago.
- MiddleGround - Wednesday, Jul 22, 20 @ 3:12 pm:
Back in May our business got a handful of notices for claims from IDES for employees still working. Employees didn’t file claims. It was reported pretty high up IDES through our Springfield contacts. They’ve known about this for months.
- Jeremy Rosen - Wednesday, Jul 22, 20 @ 4:36 pm:
This is happening in lots of states. Bottom line, where there’s money, there will be people trying to steal it.
- Candy Dogood - Wednesday, Jul 22, 20 @ 5:33 pm:
States have taken relatively few measures to prevent identity theft from being used to steal benefits, tax refunds, etc. And the ones they do take are often not comprehensive enough to prevent fraud, but are at least a visible effort they can point to.
This shouldn’t be a surprise to anyone.
We’ve spent decades whining about making investments in our public sector and expecting everything to be done as cheaply as possible, and this is one of the consequences.
- Candy Dogood - Wednesday, Jul 22, 20 @ 5:41 pm:
===The goal is to keep the money away from the kleptocrats in whatever country you’re living in===
The only thing that really needs to be added to Lynn’s explanation is that sometimes the operation is run by the kleptocrats and the final bank on the list is also run by the kleptocrats and that this scheme can wind up being used by governments to fund whatever pet interference projects they’d like to run without having to draw on official funds or appropriations.
You know, like that time we trafficked cocaine and sold weapons to support the Contra. Our unemployment benefits being poorly deployed by state governments are probably funding the next series of attacks on our Democracy.
We’re not victims of fraud, we’re just helping Russians buy Facebook ads during our elections, and helping them provide loans to keep some of our Senators on the take.