Posted on

Since the start of the coronavirus pandemic there has been a tremendous spike in unemployment insurance (UI) fraud

hacker-neo

the staff of the Ridgewood blog

Ridgewood NJ, over the course of the COVID-19 pandemic, there has been a significant increase in attempts to engage in unemployment insurance (UI) fraud. Cybercriminals are using individual’s personally identifiable information (PII) to submit fraudulent unemployment claims. PII and other sensitive information, such as account passwords, are often exposed in data breaches and later published or sold online. Several SMS text scams have also been observed impersonating departments of labor stating that there is an issue with their UI claim and include links, which direct to malicious websites requesting PII that can be subsequently used to file a fraudulent claim. In some cases, cybercriminals simply use information exposed in data breaches to file a claim; however, in other cases, an exposed password may be used to log into a portal account where UI claims can be submitted or verified. Unless multi-factor authentication (MFA) is enabled on the account, cybercriminals can easily gain access to these accounts and, in addition to submitting fraudulent claims, they can modify account information, such as mailing and email addresses, phone numbers, and bank account details. Cybercriminals may also use online bots and scripts to automatically submit claims using compromised PII, which allows them to file fraudulent claims at mass scale. Victims typically only discover that fraudulent UI.

The NJCCIC highly advises those who have a portal account with their respective state’s department of labor to ensure they are using very strong and unique passwords and to enable multi-factor authentication where available. We also remind users to refrain from clicking links delivered in SMS text messages from unknown sources and, instead, navigate directly to the official corresponding website. Information on how exposed PII is used in cybercriminal activity, recommendations, credit freezes, and other resources can be found in the NJCCIC post Compromised PII: Facilitating Malicious Targeting and Fraudulent Activity . NJ citizens can submit any fraudulent UI claims to the NJ Department of Labor and Workforce Development on their website.

 

Leave a Reply

Your email address will not be published.