Fraudsters’ latest target? UI benefits

Photo by Klaus Vedfelt/Getty Images

Criminals have stolen more than half a billion dollars by taking advantage of the surge in unemployment claims during the pandemic. Luckily, most of this money has been recovered. Here’s what you should know about this scheme.

By Katie Kuehner-Hebert


Community banks should be on the lookout for scams involving fraudulent state and federal unemployment insurance claims—even from states thousands of miles away.

The U.S. Secret Service Global Investigative Operations Center has identified criminal actors targeting state unemployment insurance program funds. Criminals will use stolen personally identifiable information to file fraudulent state unemployment claims. They will then use social engineering techniques to recruit unsuspecting individuals to launder illicitly obtained funds in order to conceal the identity, source and destination. The Secret Service’s primary investigative priorities are to mitigate any attempts by criminals that target citizens for identity theft and cyber-enabled crimes as it relates to COVID-19. In these scams, people who live outside of the state being targeted receive multiple ACH deposits from the target state’s UI program. The deposits are all in different names, with no connection to the accountholder. The people who receive the deposits are then unwittingly recruited to be money mules to complete fraudulent transactions.

“Perpetrators apply online with the stolen identifying information and direct payment of the benefits to a financial institution or debit account of their choosing,” says Peter Brown, a special agent with the U.S. Secret Service Criminal Investigative Division’s Global Investigative Operations Center.

“After funds are deposited in the identified account,” Brown adds, “they are then withdrawn at locations around the country and transferred to other accounts, including accounts overseas.”

Kathy Swenson, vice president of the Community Bankers of Washington, says that one of her company’s member banks told them that they had received UI claims for bank employees who are still employed and didn’t make the claim themselves.

A “perfect storm” of factors

Suzi LeVine, commissioner for Washington’s Employment Security Department, says the UI fraud is the result of a “perfect storm” that takes advantage of “a tremendous amount of money that was needed to get out quickly” to people who lost their jobs due to the pandemic.

States are losing money on the attack, LeVine says. As of mid-October, however, her department has been able to recover a good deal of the $576 million lost and is now trying to recoup more of the funds from financial institutions with the FBI’s help. Banks that receive deposits from Washington state that look suspicious should email ESDGPFraudbank@esd.wa.gov and include the full name of the claimant or accountholder and the bank account number for deposit.

“We are also hoping to learn more from the banks that have been dealing with this fraud [about] how they are verifying identities and doing other things to combat this,” LeVine says, “so we can be better at adopting best practices.”

FNBC Bank in Ash Flat, Ark., had customers who were solicited to be money mules for the UI fraud scam described by the Secret Service, says Tara Allen, the $565 million-asset bank’s Bank Secrecy Act (BSA) security officer.

Fraudsters send money from a state’s UI program to FNBC customers, Allen says. The fraudsters then contact the customers, posing as officials from state UI departments, telling them the state’s system had been hacked and asking the customers to send the money back to the state.

“The majority of customers have come into the branch wanting to withdraw the funds and go to Walmart to send out a MoneyGram, depending on what the scammer directed them to do,” she says, “but we were fortunate to identify the scam and shut it down before the customer sent the funds out. It really comes down to educating customers, too.”

“During times like this, we double down on education, not only internally with our staff, but externally with our customers. That’s where we can really add value by helping people avoid these scams.”
—Jeff Newgard, Bank of Idaho

Getting help to customers

Customers of $551 million-asset Bank of Idaho in Idaho Falls, Idaho, have also been used as money mules, says president and CEO Jeff Newgard. Fraudsters have tried to steal a total of $228,000 from 13 Bank of Idaho accounts, but the community bank caught it before any funds were lost, Newgard says. The first line of defense is following know your customer (KYC) procedures.

“We’re getting a transaction from a customer in Virginia, but we’re in Idaho. Does that make sense? Then we take a look at why we’re getting that transaction,” Newgard says, “and we also have good systems in place for identity checks and reviewing a pending transaction before any ACH funds leave the bank.”

UI fraud is not the only scam the bank’s customers are being subjected to because of the pandemic. Others are targeting customers who are out of work and in need of financial help.

Whether it’s a UI scam or another type, community banks are poised to help. “We have a pull-up-a-chair policy anytime a customer has a problem, encouraging them to tell us their needs,” Allen says. “If it’s a person who has been laid off but hasn’t received their unemployment insurance check for a couple of months, we might do a small personal loan using paid-off vehicles as collateral.”

“During times like this, we double down on education, not only internally with our staff, but externally with our customers,” Newgard adds. “That’s where we can really add value by helping people avoid these scams.”

8 unemployment fraud red flags

Criminal actors and other perpetrators are siphoning unemployment benefits. According to the U.S. Secret Service, here’s what receiving depository financial institutions (RDFIs) should look out for:

  1. Accountholder name and ACH “remit to” name do not match
  2. Total unemployment deposits are more than $5,000 per month
  3. Unemployment deposits are paid to an accountholder residing outside of the issuing state
  4. The customer’s account(s) receives both deposits of unemployment insurance (UI) and regular work-related earnings, such as paycheck deposits
  5. Multiple UI payments deposited into one account from the same issuing state or from multiple issuing states
  6. Unemployment deposits into one account intended for multiple unemployment benefit recipients
  7. Deposited funds are quickly diverted via wire transaction to foreign accounts, particularly to accounts located in countries with poor anti-money laundering (AML) controls
  8. The customer’s account behavior seems atypical for someone receiving unemployment benefits

Financial institutions that receive ACH transactions from fraudulent unemployment insurance benefit applications should preserve and return these funds in accordance with AML obligations and relevant banking laws and procedures. RDFIs should work with the originating depository financial institution and NACHA to preserve and return funds from fraudulent unemployment insurance applications.


Katie Kuehner-Hebert is a writer in California.

Top