How scammers siphoned $36B in fraudulent unemployment payments from US

By Nick Penzenstadler, USA TODAY. Excerpt:

"In a Zoom session with the camera turned off, Mayowa describes how he scoops up U.S. unemployment benefits fattened by COVID-19 relief, an international imposter attack that has contributed to at least $36 billion being siphoned away from out-of-work Americans. 

Mayowa is an engineering student in Nigeria who estimates he’s made about $50,000 since the pandemic began. After compiling a list of real people, he turns to databases of hacked information that charge $2 in cryptocurrency to link that name to a date of birth and Social Security number. 

In most states that information is all it takes to file for unemployment. Even when state applications require additional verification, a little more money spent on sites such as FamilyTreeNow and TruthFinder provides answers – your mother’s maiden name, where you were born, your high school mascot. Mayowa said he is successful about one in six times he files a claim. 

“Once we have that information, it’s over,” Mayowa said. “It’s easy money.” 

Mayowa agreed to take USA TODAY inside the fraud in an interview arranged by security firm Agari, using only his first name to hide his identity. The security company gives him another source of cash: It pays him in Bitcoin to provide information about active scams.

Coronavirus-era unemployment fraud was first identified in the state of Washington in May and since has spread to all 50 states, skipping to new targets as government agencies plug holes exposed by the massive scams. Mayowa and his crew of foreign scammers focused in November on Hawaii, Florida and Pennsylvania.

In addition to the crushing volume of legitimate claims during COVID-19 and public pressure to speed up payments, mobile banking apps and prepaid debit cards issued by some state unemployment offices paved the way for fraud this year, security experts said.

The step-by-step playbook the scammers follow is shared on Telegram, an app that provides cloud-based anonymous messaging and acts as an internet bulletin board of tips and questions.

Asked whether he feels bad about stealing from unemployed Americans, Mayowa pointed out that 70% of his peers in school are working the scams as side hustles, too.  

“No, no remorse,” Mayowa said. “We don’t know them. We don’t know who they are; it’s nobody.” 

States for years had prepared for low-level fraud, focusing on whether actual state residents filing for unemployment were telling the truth. The recent wave of imposter fraud – including from overseas – caught them off guard. 

In Washington, alarms began flashing red for Suzi LeVine on May 12. It was 10 p.m. and the message was clear: We are under attack. 

The commissioner of the state’s unemployment system knew claims were increasing as the pandemic and its economic devastation spread. But suddenly claims were 10-fold what LeVine expected.  

Things got crazy quickly. Within two weeks of CARES Act funding enriching weekly benefits, $600 million had been bled from the state system – roughly 8% of the $8.6 billion paid over the summer. The state pulled the plug on all payments for two days while it struggled to figure out what was happening. 

Eventually, the state’s computers started to flag anomalies: out-of-state banks, duplicate email addresses and multiple names using the same bank accounts. But there and elsewhere, antiquated state computer systems failed to flag foreign IP addresses, repeated computer serial numbers and techniques to mask that number.

Washington generally sees a few dozen fraudulent claims from imposters a year. Since March, the state has identified 122,000. 

“When you consider the policy factors accelerating benefits and getting them to the neediest people and the expanded $600 available … we had the perfect storm,” said LeVine, who served as ambassador to Switzerland during the Obama administration. “They have been lying in wait for this moment.”

Washington should’ve been a wakeup call for every other state. Instead, it took some states six months or more to introduce new two-factor authentication systems and third-party ID verification tools and to block suspicious addresses. Many also began relying more heavily on a national shared database to detect suspicious actors.

A failure to move quickly combined with the ingenuity of the scammers has allowed the fraud to continue rippling across the country, contributing to delays in payments to out-of-work Americans, according to Michele Evermore, a policy analyst at the National Employment Law Project."