the staff of the Ridgewood blog
Ridgewood NJ, over the course of the COVID-19 pandemic, there has been a significant increase in attempts to engage in unemployment insurance (UI) fraud. Cybercriminals are using individual’s personally identifiable information (PII) to submit fraudulent unemployment claims. PII and other sensitive information, such as account passwords, are often exposed in data breaches and later published or sold online. Several SMS text scams have also been observed impersonating departments of labor stating that there is an issue with their UI claim and include links, which direct to malicious websites requesting PII that can be subsequently used to file a fraudulent claim. In some cases, cybercriminals simply use information exposed in data breaches to file a claim; however, in other cases, an exposed password may be used to log into a portal account where UI claims can be submitted or verified. Unless multi-factor authentication (MFA) is enabled on the account, cybercriminals can easily gain access to these accounts and, in addition to submitting fraudulent claims, they can modify account information, such as mailing and email addresses, phone numbers, and bank account details. Cybercriminals may also use online bots and scripts to automatically submit claims using compromised PII, which allows them to file fraudulent claims at mass scale. Victims typically only discover that fraudulent UI.