* Joe Mahr at the Tribune…
IDES has said it cannot by law discuss individual cases. In what little IDES has said about account hijacking, the agency has suggested that beneficiaries are falling for scams that allow thieves to steal their login information and redirect the cash, as opposed to hackers breaking into computer systems used by IDES.
Even if that’s true, IDES has yet to explain how it has been unable to stop repeated thefts from the same accounts, even after fraud was reported.
That’s the case with Winston. Winston, who lives about 45 miles southeast of Quincy, on the state’s western border, provided records to the Tribune showing that payments were being sent to his bank near Springfield through late March.
When an IDES email alerted Winston in April that his direct deposit information had been changed, he called IDES to report the fraud, then dug into it more himself.
Logging into his account, he saw his bank’s name had been erased from the direct deposit screen, and the routing and account numbers had been replaced.
Winston traced the routing number to a bank registered in Sandy, Utah, tied to Go2Bank. That’s an affiliate of the branchless Green Dot financial services firm that scammers have used to quickly transfer cash online or siphon it out through prepaid cards.
IDES told Winston to reenter his banking information online, and he did. Winston said he changed his IDES account password, to better protect himself, and also reported the fraud to Green Dot. So both IDES and the bank were on notice, according to a complaint Winston later filed with the state. Yet weeks after the first fraudulent transfer, another one was sent to the same Go2Bank account, Winston’s records show.
And then it happened yet again.
* Meanwhile, here’s Jared Rutecki and Ray Long…
Illinois Attorney General Kwame Raoul said he has spent more than $2.5 million in crisis management after a massive ransomware hack crippled the agency in April and potentially exposed gigabytes of personal and confidential records on the dark web.
The taxpayer money is being used to rebuild computer systems, notify individuals their personal information may be at risk and get the office fully back online following the April 10 attack, carried out under a name linked to a notorious gang of cybercriminals based in Russia.
The breach came just eight weeks after state auditors met with officials at the attorney general’s office to warn of deficiencies in the agency’s cybersecurity programs.
In the meantime, many of the basic functions of the office — including consumer complaints, public records disputes and financial aid for crime victims — are being conducted by mail and telephone as online access remains shut down. The office has established a call center to handle identity theft issues and other public inquiries.
In his first detailed interview about the attack, Raoul told the Tribune and the Better Government Association his office never considered paying the blackmail demand from the hackers. He declined to say the amount of the ransom demand or how it was conveyed because of the ongoing federal investigation.
* How Unemployment Insurance Fraud Exploded During the Pandemic - Bots filing bogus applications in bulk, teams of fraudsters in foreign countries making phony claims, online forums peddling how-to advice on identity theft: Inside the infrastructure of perhaps the largest fraud wave in history.
* Organization warns about continues scams in Illinois amid pandemic confusion: Illinois residents should be on high alert for potential scams. That’s the word from the Better Business Bureau, which says the state has become a hot spot for identity theft attempts. “In particular, they’re claiming to be from the Secretary of State’s office,” said Steve Bernas, president and CEO of the BBB in Chicago and Northern Illinois. “They’re basically asking you to click on a link or a text message, because something is wrong with your account or you need to update your driver’s license information or something of that kind.”
* IDES news: Illinois Republicans seek review of potentially fraudulent jobless payouts