For two years in a row, the Association of Certified Fraud Examiners has placed theft of pandemic-related enhanced unemployment benefits at the top of its annual list of five most scandalous frauds. The association compiles its list based on money lost, lives affected, and relevance to the anti-fraud profession. In 2020 and 2021, fraudulent unemployment benefits claims connected to identity theft and stolen personally identifiable information (PII) met those criteria (Fraud Magazine (Jan./Feb. 2021) and (Jan./Feb. 2022)).
The U.S. Federal Unemployment Tax Act of 1939 established the unemployment compensation program. Funding is provided through payroll taxes levied by federal and state governments on a portion of wages paid by covered employers. FUTA imposes on employers a gross federal payroll tax of 6 percent on the first $7,000 of wages paid annually to each employee. It lowers the federal unemployment tax to 0.6 percent if the state follows federal guidelines on the types of employment covered by the program and state unemployment taxes on employers meet FUTA rules; all U.S. states adhere to those standards.
In response to pandemic-related shutdowns, the U.S. government enacted several stimulus measures that included enhanced unemployment benefits. Enacted March 18, 2020, the Families First Coronavirus Response Act increased flexibility for state unemployment insurance agencies and provided additional funding to respond to the COVID-19 pandemic. Enacted days later, the Coronavirus Aid, Relief, and Economic Security Act expanded states’ ability to provide unemployment insurance for workers affected by the coronavirus, including workers who aren’t ordinarily eligible for unemployment benefits, such as independent contractors.
What followed were countless fraudulent benefits claims: The Office of the Inspector General for the U.S. Department of Labor estimated about $87 billion in fraud-related payouts, although some experts think losses could be much higher than that.
Bots and low-wage workers completed high volumes of online application forms and claimed unemployment benefits in all 50 states. Bots automatically populated the forms with stolen PII, while Chinese and West African crime syndicates hired low-wage workers across the globe to input stolen data into unemployment benefits portals. One U.S. state received claims from IP addresses in nearly 170 countries.
Those actors used messaging applications such as Telegram to provide instructions for completing online forms without triggering anti-fraud software and exchange stolen PII. Some of the stolen PII was obtained via cyberattacks against companies that maintain PII databases, including Experian, Yahoo, LinkedIn, and Facebook.
According to the IRS website, stolen PII was also obtained through websites that mimic unemployment benefits websites, including state workforce agency websites, to unlawfully capture consumers’ PII. Consumers are lured to the fake websites by spam text messages and emails claiming to be from a state workforce agency with instructions to click a link. The fake sites are designed to trick consumers into thinking they are applying for unemployment benefits. In doing so, they disclose PII and other sensitive data that are used to commit identity theft.
The urgent need to distribute benefits made it difficult for states to verify information thoroughly. The relaxed rules for obtaining funds and the expanded aid to independent contractors who couldn’t confirm employer or income information complicated the verification process. Outdated online unemployment systems with obsolete software were unable to handle the unusually high volume of claims. Frozen or slow databases impeded the ability of benefits administrators to cross-check information.
Many victims discovered their identities had been stolen when they filed claims for benefits and learned that someone had already created an account and used their Social Security numbers to receive payments. Others discovered the fraud when their unemployment payments stopped and they were informed that claims with their PII had been filed in another state. Some individuals were victimized more than once.
According to the IRS, victims who neither claimed unemployment benefits nor had payments stop were notified of the fraud when they received a Form 1099-G, “Certain Government Payments,” reflecting unexpected benefits. Because unemployment benefits are taxable income, state governments issue the form to recipients and the IRS to report taxable compensation received and any withholding in box 1.
Fraudulent payments may generate a Form 1099-G reflecting unemployment benefits that a victim never received or an amount that exceeds the unemployment benefits they did receive. Moreover, the form itself may be from a state where the victim did not file for benefits.
Victims also were alerted to fraud via government agency letters about unemployment claims or payments when they never filed an application for benefits, including unexpected payments or debit cards from any state. Finally, some employed victims received notices from their employers indicating that they had received a request for information about unemployment claims in the employees’ names.
The IRS advises taxpayers who were victims of unemployment benefits identity theft to request a corrected Form 1099-G, to not report incorrect Form 1099-G information on their tax returns, and to opt into the IRS identity protection personal identification number program. An IP PIN is a six-digit number that prevents federal tax returns from being filed in the names of identity theft victims. The IP PIN is a voluntary program open to any taxpayers who can verify their identities.
The IRS also notes that employers are often the first line of defense against unemployment fraud. Employers are advised to respond quickly to state notices that employees have filed benefits claims — especially if the names on the notices aren’t employees. Employers should monitor for misuse of their own employer identification numbers. If the company’s EIN is used to generate fraudulent unemployment benefits claims, it should file Form 14039-B, “Business Identity Theft Affidavit.” Finally, employers should close out their business tax accounts after going out of business to help curtail the misuse of dormant EINs.