skip navigation

Unemployment Claims Fraud Rises During COVID-19 Pandemic


May 18, 2020 by Mike Bailey
Category: Cybersecurity , COVID-19

Unemployment Claims Fraud Rises During COVID-19 Pandemic

During the COVID 19 pandemic a new challenge has emerged — fraudulent unemployment claims! Many local governments have furloughed staff, laid staff off, or severely reduced hours. In many cases, these employees are now eligible for unemployment compensation — along with thousands (millions) of others. This extraordinary high volume of unemployment claims activity has created yet another opportunity for bad actors to attempt to profit from previously stolen identities. This blog will help you understand the issue, determine how to protect your agency, and help you provide advice to your employees.

The Issue

Here in Washington State, many services of the state government are accessed by clients using a common identity verification portal known as Secure Access Washington. For example, before a person can apply for unemployment compensation benefits, they have to create a Secure Access Washington (SAW) account. This is a very good thing. The process to set up an account is relatively robust, and an individual must provide lots of personally identifiable information — such as your physical address, email address, social security number, date of birth, etc — to obtain one. Once a SAW account is established, it can be used for a variety of state services, including applying for unemployment compensation. More about setting up the SAW account later, as it is a key to identifying fraud.

Once the unemployment account is set up, the applicant will then be asked questions about their previous employment. The applicant may either list the state and/or a local government as their sole previous employer, or as one of many. In my experience, if an applicant lists the government as a previous employer, that employer may find they have a financial responsibility for the unemployment compensation, even if that employee only worked for them a short time. Again, more about this later.

The unemployment fraud problem stems from imposters using previously obtained information about an individual to set up the SAW account, and then using that SAW account to apply for unemployment compensation. Many governments are only becoming aware of the problem when they get a verification statement from the state’s Employment Security Department (ESD) and find active, full-time employees on the list of potential unemployment compensation recipients.

As many local governments are self-insured in one form or another (most are on a reimbursable basis), this poses a financial risk to the agency. Of course, our employees are unnerved to learn that enough of their personal information was available to an imposter to create the SAW account in the first place.

How Can Your Agency Protect Itself?

The local government should promptly follow its process to review and verify the unemployment application claimants for any potential errors or fraud. While this process isn’t new, you may want to review and potentially change it. One of the apparent elements of this fraud is an attempt to overwhelm both the ESD and the employer. We have heard reports of local government employers getting hundreds of potential claims overnight!

The traditional verification process is unlikely to be able to review and verify the validity of these claims in a timely manner. In at least some cases, the claims are legitimate; jobs have been lost and these laid-off employees have filed for unemployment as a result. A good example of this may be your part-time employees. So, in the event you receive a claim for what appears to be an active employee, don’t automatically assume the claim was fraudulently made before investigating it. Secondly, you’ll want to make sure your agency isn’t “on the hook” for costs as a result of a claim related to a different employer.

Many government agencies have asked if there is a way to interact more directly (i.e., at an agency level) with ESD on this issue. At this point, we are unaware of a method to contact ESD about fraudulent claims other than through the “traditional” method (by reviewing the list referred to above and responding as you always have). Again, you will want to check in with those staff members who have this responsibility and ensure that they can manage the volume of claims in a timely manner.

Providing Advice to Your Employees

We have seen a variety of notices to employees about this issue and wanted to share some of what we’ve learned. These steps are to be recommended to any employee who knows, or believes, they are a victim of unemployment fraud.

Contact HR

Unless the employee has been informed of the fraudulent claim by the employer, they should contact their organization’s human resources (HR) staff to report the incident and coordinate on any necessary follow up.

Contact the Washington State ESD

The employee should complete ESD's online form for reporting imposter fraud. They should have the following information on hand to verify their identity.

  • Last four (4) digits of their Social Security Number (SSN)
  • Date of birth
  • Address
  • Current phone number
  • Information on how they learned a fraudulent claim was filed

The employee can also report the fraud to ESD via phone at 1-855-682-0785 or by email at: esdfraud@esd.wa.gov. However the online report form is currently ESD’s preferred method because of the high volume of fraudulent claims it is processing. Additionally, if the fraud is reported via email, an employee may also be asked to provide a scanned copy of their driver’s license so ESD can verify their identity. Given the sensitivity of a driver’s license number, we do not recommend sending this document via email unless the employee has secure means (i.e. encrypted email).

Regardless of which method an employee uses to file a report, they will also need to give ESD permission to deny or cancel the fraudulent claim. Crucially, victims of unemployment imposter fraud will not have to repay the money and will still be able to apply for unemployment benefits if needed at some future date. Thus, it is critical that employees complete this step, and that it is done through ESD’s official website: ESD.WA.GOV

File a police report

An online or non-emergency report can be filed with the agency whose jurisdiction the employee lives in. Employees should also be encouraged to keep a file folder or journal with the information from this incident, including any case numbers. Some government services and accommodations are available to victims of identity theft that are not available to the general public, such as getting certain public records sealed.

Contact the three major credit bureaus

Free credit reports can be obtained from Equifax, Experian, and TransUnion at AnnualCreditReport.com or by calling 1-877-322-8228. The employee should report that a fraudulent claim was made using their identity to the credit bureaus and should provide the bureaus with the case number from any police reports that were filed. If desired, the employee can arrange to set up a fraud alert or have their credit frozen. Doing either is free by law. 

A fraud alert will make it harder for someone to open new accounts using the employee’s name. To place a fraud alert, the employee should contact one of the three credit bureaus listed below. That bureau must then tell the other two credit bureaus.

  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289
  • Equifax: 1-888-766-0008 

As a victim of identity theft, your employee will have the right to check their credit activity monthly, if desired (experts recommended everyone check their credit annually). Your employee may also freeze their credit, which is free and offers additional protection. This webpage from the Federal Trade Commission (FTC) provides links for employees to set up a credit freeze with each of the three major credit bureaus.

Contact the FTC and the IRS

The employee may also file a short report with the FTC and should provide the FTC with the case number of any police reports they filed.

The employee may also set up an IRS account with their social security number, which will prevent criminals from creating an account using the employee’s identity. The IRS can also be contacted by phone at 1-800-908-4490 to report suspected identity theft, but there may be a wait time. Another option for locking a social security number is at the Department of Homeland Security’s E-Verify website.

All of this reporting may seem redundant, but it helps ensure the employee is identified as a victim by the local, state, and federal government.

Keep Notes

The employee should maintain any notes, copies of emails, etc. This paper trail can be referenced in the future for possible identity issues or inaccuracies on a credit history report. We empathize with how upsetting and time consuming this is to deal with, especially in this current COVID-19 environment.

Contact the Post Office (Bonus tip)

The employee can also check with their post office to make sure mail has not been redirected to a different address without their permission.

Establish a SAW account to preempt one from being set up on your behalf (another bonus tip)

Using a personal email address, an employee can create a SAW user account with ESD. A SAW account is used by multiple Washington State agencies to conduct business with the state (such as a specialty license, business license, etc.) After creating an account, SAW will send an email to verify the email address entered. This email will include a link directing the user back to the ESD SAW website. At that point, the user will enter a social security number to verify user identity and this will pair the SAW account with the email address. This will not initiate an unemployment claim, but it will associate a social security number with the secure username and password that can let a user set up an account.

Once a social security number is associated with an account created by a user, it cannot be associated with another fraudulent account. This will prevent a bad actor from using a person's name and social security number to create a fraudulent account and associate it with a different email address. If all goes well the user will not need to take any further action. The process to create an account is straightforward and the website is easy to use.

However, the user may receive an error message stating: “The social security number (SSN) you entered already exists and is linked to this partly hidden email address: xxx@xxx.” If the email address provided is not recognizable to the user, then they should assume their identity has been compromised and should follow the guidance above for reporting identity theft/security breach.

Conclusion

We know everyone is very busy and we don’t need another thing to have to manage and track. However, the above advice may prevent even more complications arising during this unusual time.


MRSC is a private nonprofit organization serving local governments in Washington State. Eligible government agencies in Washington State may use our free, one-on-one Ask MRSC service to get answers to legal, policy, or financial questions.

About Mike Bailey

Mike Bailey writes for MRSC as a Council/ Commission Advisor. Prior to this, Mike served as a Finance Consultant for MRSC for several years before retiring in 2020.

Mike writes about local government financial management, local government budgeting, financial leadership, and strategic planning processes.

The views expressed in Advisor columns represent the opinions of the author and do not necessarily reflect those of MRSC.

VIEW ALL POSTS BY Mike Bailey

 more

Blog Archives

GO

Follow Our Blog