If You Can’t Fake It, Steal It

Unemployment insurance form on a table.

The better law enforcement and government agencies get at preventing scams, the more devious and inventive the crooks become. (A twisted variant on “no good deed goes unpunished.”) So it was that the Colorado Department of Labor and Employment (CDLE) found that their successful work in reducing fraudulent claims via fake identities inspired a new scam tactic: stealing log-in information from legitimate unemployment recipients.

The department had implemented a successful identification verification strategy, thwarting fraudsters’ efforts to make phony claims. So, the criminals began sending phishing emails and robocalls purportedly from CDLE and other government sources.

Some emails claim and appear to be from the official unemployment insurance site, offering an “easier” (uh, easier for the crooks!) way to sign in. If an unwitting user takes the bait, he or she has given login credentials to the scammers. The criminals then log into the account to change the worker’s direct deposit information to a bank account the thieves control, and pocket the unemployment benefit payments.

Like many scams, it’s a heartless crime, because so many recipients sorely need their benefits to pay for living essentials like food, shelter, and medication. (While many scammers seem to run through their stolen lucre buying luxury cars, jewelry, and pricey vacations—no doubt why they can never get enough.)

Most victims notice the missing unemployment benefits quickly, but they must proactively verify that their deposit information was changed and then file a fraud report on the CDLE website. The process requires time and effort for officials to investigate the fraud and then process the missing payments. Meanwhile, the scammers just keep moving on to the next unemployment recipient, in hopes of scooping up lots of cash through many small thefts.

Today’s Fraud of the Day comes from a Denver Post article, “Fraudsters sneaking into Colorado unemployment accounts via a back door,” dated June 22, 2021.

The Colorado Department of Labor and Employment has made big strides in reducing fraudulent claims filed using stolen or fabricated identities. But that has pushed scammers in a new and more conventional direction: trying to steal the log-in information of claimants who have successfully passed the ID.me screen.

The phishing ploy involves sending out emails or making robocalls that claim to be from the CDLE or another official source. Some emails look like they’re directly from MyUI, the official unemployment insurance site, and are providing an easier way to sign in.




Previous articleLions and Tigers and Fraudulent Medical Reports, Oh My 
Next articleBye Bye, La La Land Scam  
Larry Benson
Larry Benson is currently the Director of Strategic Alliances for Revenue Discovery and Recovery at LexisNexis Risk Solutions. In this role, Benson is responsible for developing partnerships for the tax and revenue and child support enforcement verticals. He focuses on embedded companies that have a need for third-party analytics to enhance their current offerings.