SEATTLE — On its face, the unemployment claim filed in my name with the Washington Employment Security Department (ESD) should have been quickly spotted as a fake.
“Company closed temporarily,” reads the application for unemployment benefits that ESD received in mid-May. The reporter listed in the documents – me – was “laid off.”
Anyone with a TV set has been able to switch the dial to channel 5 and see that the Pacific Northwest’s first television station is still on the air, as it has been just about every day since 1948.
When I was notified in May that a claim was filed in my name, I did what so many other Washingtonians have been forced to do since the start of the COVID-19 pandemic. I scrambled to clean the mess up by contesting the claim with ESD, taking out credit alerts, contacting local and federal law enforcement agencies and wondering who in the world stole my identity.
I also did one other thing: I filed a public records request with ESD for my complete file.
Three months later, when my 126-page ESD file arrived I took it to a digital security expert to see if he could determine who filed the claim and how it got past ESD’s security system.
The first question I asked Crane Hassold, senior director of threat research for the cybersecurity firm Agari, was, “Why didn’t ESD spot this as a fake?”
“It was likely an automated system at that point,” said Hassold, explaining that ESD computer software reviewed claims in the early days of the pandemic.
Human eyes did not review the application. A computer isn’t at all suspicious that a 70-year-old television station had suddenly shut down.
“The amount of claims that were being filed, legitimately or illegitimately, I would imagine the resources to review every single claim that went in were actually pretty limited," said Hassold. "So, right off the bat, it’s likely that it wasn’t reviewed (by an actual human being)."
An official at ESD, who was not authorized to speak on the record, confirmed my case was first evaluated by a computer system. Before the pandemic struck, the number of unemployment claims were low, so ESD had only a few hundred employees to evaluate claims.
After the wave of unemployment claims hit, the agency started hiring and even brought in the National Guard to help put human eyes on more applications.
ESD also ratcheted up the security features on its automated software. The computerized security programs had been dialed back at the start of the pandemic to process claims more quickly, so that claimants wouldn’t have to wait weeks or months for their unemployment checks.
Hassold said one of the key security features – waiting to approve a claim until after ESD has confirmed with the employer that the claimant has been laid off – was waived early in the pandemic.
“A lot of states essentially postponed some of that validation right away and essentially took claims at face value,” said Hassold.
That gave fraudsters a wide berth to file claims using identities stolen in large scale hacking and identity theft cases.
“I think I that perhaps I was the victim of the (2017) Equifax breach. Could that be where they got my information?” I asked Hassold.
“Absolutely, you and so many other people were victims of that breach,” he answered.
Hassold said the crooks really only needed a name, address, employer and social security number to file a claim.
So, who are the criminals who filed my claim?
Hassold’s company, Agari, first identified the Nigerian fraud ring that is suspected of filing a large number of fraudulent claims with ESD, well before it wreaked havoc on the Washington agency. Agari named the ring “Scattered Canary” and tracked its growth from a one-man shop into a sophisticated international crime ring.
However, Hassold said there was no clear calling card from the criminals in my claim that allowed him to specifically identify the group involved.
“It doesn’t seem that Scattered Canary was the group involved with your case specifically, which isn't surprising, because we know while Scattered Canary is certainly one of the main ones that we've seen across the country, we know that there are a number of cyber-criminal groups just like them,” said Hassold.
However, there is evidence that some of the bad guys are in the United States – perhaps even in the Seattle-area. The fraudsters used a Bank of America account and a fake email address that contained my name to handle transactions with ESD.
“In order to make that happen they can’t be in Nigeria or some other country and start interacting with an (overseas) bank account because red flags will, of course, go out,” said Hassold.
So, they use local bank accounts and “money mules” – people in the U.S. – to establish bank accounts and withdraw the funds once the unemployment claim is paid.
The ESD official, who spoke on background, said that my claim was not paid.
The fraudsters lost in my case. But in many of the nearly 90,000 fraudulent claims filed in Washington, ESD did cut checks. This week, ESD Commissioner Suzi LeVine said investigators are making strong progress in recovering some of the $650 million in payments. She said approximately $230 million has not been recovered.
They’re doing that by freezing bank accounts, like the one that my claim would have been paid to at Bank of America.
Hassold said the reason that my claim wasn’t paid was likely because it was filed late in the game. By mid-May, when ESD received the claim with my stolen ID, it had accepted that large scale fraud was occurring. It bumped up security measures.
Records don’t indicate exactly when, but at some point ESD determined “we could not verify your identity” and sent the claim to further review. By then, the agency had heard from me.
Something I reported on KING 5 a short time ago is even more surprising than the facts in my own case. The KING 5 Investigators confirmed that fraudsters filed unemployment claims in the stolen identities of ESD’s own employees, and the agency paid at least some of those claims.
In the words of one longtime ESD employee with knowledge of those payments, “How does our own agency not know that we’re not unemployed…? What a mess.”
ALSO SEE: Your Money, Your Future