This story was originally published on ProPublica by Brooke Stephenson.
When the federal government enacted the CARES Act in March 2020, it boosted jobless aid and expanded the benefits to include people who werenât typically covered, like gig workers.
The legislation was designed to cushion workers against the massive blow of a partial economic shutdown during the pandemic.
But if you havenât already buried your memories of last year, you probably remember how difficult it was to get those unemployment benefits.
Horror stories circulated about people waiting on hold for weeks, trying to get the money they needed to stay afloat. Maybe you remember spending long hours on the phone or the computer yourself.
Delays in unemployment benefits heightened feelings of uncertainty that characterized much of 2020, and made the experience of losing your job even more frightening.
But as Cezary Podkul reported for ProPublica this week, this expansion of benefits also attracted fraudsters from all over the world who sought to cash in on the CARES Act.
In hindsight, the millions of phony unemployment insurance claims were a large part of what clogged statesâ overtaxed computer systems, delaying payments to unemployed Americans filing legitimate claims.
We donât have a full accounting yet of how much the fraud will end up costing taxpayers. The federal government says it will be at least tens of billions of dollars, but some experts fear it may end up in the hundreds of billions.
And on the micro level, every stolen identity fraudsters use to cash in belongs to a real person. If that person tried to file for unemployment themselves, it could take months for them to convince state agencies they were a real person and receive necessary support.
We talked with Cezary about how he discovered the alternate universe of stolen identities and pseudonymous fraudsters selling how-to kits for scamming state unemployment agencies on the dark web. Hereâs an inside look at a massive fraud wave.
I was really curious how you went about finding these online forums where scammers were swapping their trade secrets.
So I started off by reaching out to cybersecurity firms and asking them, âHey, where are fraudsters trading tips and advice and talking about how to do this?â That pointed me to Telegram [an online messaging app].
I got the names of a few Telegram channels where this was happening, and I started looking at those. And then from there I did my own research and found lots and lots of additional ones; it certainly wasnât hard, because thereâs just so many of them.
Did you have a strategy worked out for how you would reach out to scammers?
To be honest, I didnât know what to expect, because I have never been to any of these forums. I realized that theyâre open, public forums. Iâm sure thereâs some that are private, or invitation-only.
But the ones that we wrote about in our story, anyone who wants to view them or access them can enter them as if you were entering a public square in a city.
There was a big learning experience involved in this in the sense that there was a lot of unfamiliar language to me. It wasnât as if you could just jump in and know exactly whatâs being said.
You had to see a lot of the traffic and read a lot of messages before you learned what certain acronyms were.
For example, what does it mean for a state to be âlitâ? Itâs paying out state claims.
At one point, I came across a message in one of the forums that actually had a dictionary, which was super helpful. That was kind of like the Rosetta Stone, and once I came across the dictionary I could translate a lot of this stuff into plain language.
You quote one scammerâs response in the article thatâs just two eye roll emojis. I was so curious what question you asked that prompted that response.
Yeah, the eye roll emoji! So that was the user who we cite in the story named âVerifiedFraud.â He was the admin for one of these channels where there was something like 1,300 participants, and he posted whatâs called a âsauce.â
Sauce, in the language of these forums, is the secret sauce for filing fake unemployment insurance claims in a particular state. He gave away a free sauce to his channel participants.
And I asked him about that: Hey, tell me about the sauce. I noticed that you put it on your forum for participants along with the ânew month prayerâ wishing them luck.
When I messaged him about that I got the eye roll.
And I guess you told him you were a journalist?
Oh, yeah, absolutely. With all the people that I was contacting, I made it abundantly clear: âHey, Iâm a reporter, I'm writing a story about this. I noticed you said this or that and I wanted to talk to you more about it.â You know, âTell me more about your âFraud Bible.â Does it work?â
Did you ever try a sauce to see if it worked? Or send it to a state agency?
No. As a journalist, I wanted to make sure I wasnât doing anything illegal.
I did send a bunch of these sauces â the ones that name specific states that were publicly available â to the states. I sent them to Pennsylvania, New York and California, and I asked them for comments. The states declined to comment on the specifics of whether they worked or anything like that. But they did say generally that theyâre aware of them, that theyâre monitoring these types of messages with their law enforcement partners.
You have this quote from a scammer in the article: âVirtually all these wealthy entrepreneurs you see around 90% of them started with something illegal to make enough money to run their business.â It seems like some of these people consider themselves businesspeople, and they put some work into this. How different is what theyâre doing from working an actual job?
Thereâs probably some people for whom this has become a full-time endeavor, where this is the main way theyâre trying to make money right now because of the opportunity that has been opened up.
But thereâs certainly people for whom they might have a day job doing something else. For example, one case involved a Nigerian national who ran an online shoe store. He was also accused of participating in a scheme to defraud states of unemployment insurance funds.
And I think the total in that case was something like $489,000 across 15 states. [Heâs pleaded not guilty to charges in the case.]
So thereâs certainly people who do other things, but thereâs others who Iâm sure have made this sort of their full-time path. I think it does kind of run the gamut.
Did you get a sense of what percentage of people were working from outside the United States?
Thereâs no way to tell what percentage. But in reading the messages in these Telegram channels, I definitely got the feel that this was a very international crowd, because you do see messages from people, for example, looking to meet up to do deals in Lagos, Nigeria.
The statistic that really put a period on this for me came from one of the cybersecurity firms that we talked with. They said that one state they work with saw unemployment insurance applications coming from nearly 170 countries around the world.
So these are supposedly state residents applying for unemployment insurance, but when you trace the internet traffic, you see this application is coming from ⌠gosh, they had countries all over the world. It was like the United Nations.
Normal people trying to get unemployment checks in the middle of the pandemic were really struggling, waiting on the line for days at a time and getting disconnected when they were trying to get their unemployment checks. Did you get any sense of if and how fraudsters were better at getting unemployment checks than real humans?
One of the things that I think maybe hasnât been talked about as much is the interplay between this huge wave of fraudulent claims that we saw and legitimate claimants.
Because the information technology on which states are running their unemployment insurance systems is, in many cases, very dated.
Like with North Dakota, they had to actually bring in computer programmers from Latvia ââto help them run their unemployment insurance computer system last year, because itâs so hard to find anyone who can service the technology. Itâs been around for decades.
When youâre dealing with very dated technology, it doesnât scale well. It canât handle such huge volumes that we were seeing there during the pandemic. So when you had this huge influx of fraudulent claims, I think it did a few things.
One is it definitely slowed down processing of legitimate claims, because you just end up with backlogs of applications that the states are still struggling to get through because thereâs so many people who have applied.
There are legitimate claimants mixed in with fraudulent claimants and you have to kind of triage those, and figure out which ones are high-risk, which ones look like they're very likely to be fraudulent, versus which ones are medium-risk and which ones are low-risk â and you put those through.
The other thing that it spikes is the call volumes. When I asked [Texas officials], why was it so hard for an individual that we profiled in the story to get through to Texas, it was just because they had such a massive call volume.
Thereâs so many people calling the fraud line reporting fraud, thereâs so many people calling for help, so many people seeking statesâ attention, they just become overwhelmed. That has an impact on legitimate claims.
And then finally, you have legitimate claimants who are collecting unemployment insurance payments, and those payments either stop or are frozen because of suspected fraud.
So someone else just stole your identity and used it to file a claim in another state, and all of a sudden you might see your benefits stop, which is what happened to Philip Payton, the individual we profiled in our story.
By flooding the system with so many fake claims, not only did fraudsters, in some cases, get away with pocketing those fraudulent payments, it really caused a lot of hardship for legitimate claimants.
The fraudsters are also probably working with the advantage of being able to send out 40 applications to 40 different states, and if they only get paid by 18 and get stuck in backlogs in the others, it doesnât cost them very much.
Exactly. It basically comes down to a game of numbers.
Letâs say you go onto a dark web forum and you purchase some stolen identities. You pay $50, $70 for a stolen profile of someone.
If youâve got it, then it makes sense for you to file in all the different states where you think it might pay off, to all the different programs, to all the different government benefits you think that individual might be entitled to. If you donât, you might be leaving money on the table.
One of the most shocking statistics that I came across, just on a micro level, was in one of the Department of Laborâs Office of Inspector General reports.
They mentioned that one person used a single Social Security number to file fake unemployment insurance claims in 40 states, and 29 states paid up. They got something like $222,000.
I think weâre now at that point where weâre starting to realize that this has been a huge problem. And to be fair, it wasnât just unemployment insurance. Youâve seen our coverage of people creating fake farms in places that wouldnât even have a farm, like farms on beaches or people claiming they had an orange farm in Minnesota, to apply for PPP loans.
Iâll be curious to see if cybersecurity surrounding these leaks that led to IDs and social security numbers getting out are wrapped up in reform bills too.
If I can put in a plug: If anyone knows where all of the leaked data came from, I would love to talk with anyone whoâs got information on that.
One of the terms that you see being used on these telegram chat rooms is the word âfullz.â Fullz is slang for the full suite of personally identifiable information like someoneâs name, address, Social Security, driverâs license, the whole thing.
If youâre going to be filling out an unemployment insurance claim form in someoneâs name, if you just know their name and their address â okay, thatâs one thing.
But if you have a full suite of information on a person it just makes it so much easier for you to file a claim that has a significantly higher chance of getting through the system.
So one of the questions that I was asking is: Where did all the fullz come from? This is a question that I became obsessed with in the reporting of this project, and I just couldnât get a good answer to it.
So if anyone reading this has a good answer for that, or a good theory, reach out to me and Iâll be more than happy to talk to you.
Photo by Towfiqu barbhuiya on Unsplash