What You Need to Know About Hackers and Unemployment Fraud in 2021
Earlier this year, the New York State Department of Labor reported over 425,000 fraudulent unemployment benefit claims during the COVID-19 pandemic totaling more than 5.5 billion dollars. With a new round of benefits being approved, we can expect the trend to continue in 2021.
Who is Behind the Scams?
Criminals are using real New Yorkers’ identities, likely stolen during previous data breaches involving government agencies, banks, insurance companies, to file fraudulent claims and illegally collect benefits. (i.e. In 2017, Equifax revealed a security breach that may have resulted in up to 143 million people having their Social Security numbers and other data stolen.)
But cybercriminals are not just using the data for themselves. They have found another lucrative avenue by selling personal information and hacker “how to” services on underground forums. A report recently published by the The Recorded Future, stated over the past six months, cybercriminals have demonstrated a preference to advertise unemployment fraud tutorials or services via messaging platforms over criminal forums, shops, or marketplaces, specifically telegram.
How Can I Protect Company Sensitive Data?
While you may not be able to control identity breaches outside your organization, you can take measures to protect your employee and client data on your corporate networks.
- Consolidate, protect, and monitor access to sensitive data.
Make sure to identify and restrict the locations where sensitive data is stored on the network. Those locations should be given the highest level of security and most limited access. The use of data loss prevention (DLP) solutions is highly recommended to track and prevent the use and transfer or sensitive data.
- Implement Multi-Factor Authentication (MFA)
Multifactor Authentication is one of the most crucial ways to inhibit access to a network as passwords (even if complex) are not sufficient to protect from modern hacking methods.
- Replace legacy Anti-Virus programs with Next Generation AV
- Incorporate Dark Web Monitoring for employee passwords and data.
- Educate your staff through phishing simulations and security training
Next Generation AV is key to help identify and prevent modern complex hacker attacks that circumvent legacy designed Anti-Virus programs.
Dark Web Monitoring is an excellent way to alert you and your employees if their information is available or for sale on underground sites or forums.
Continual training regarding phishing and other hacker scams are vital to ensure that users are not tricked into giving out sensitive data to hackers.
Responding to Unemployment Fraud
Anyone who receives a monetary determination letter from the Department of Labor, but did not apply for unemployment benefits should immediately report it to the DOL.
In addition, these New Yorkers should take steps to proactively protect themselves, including those listed at IdentityTheft.gov, such as:
- Changing passwords, logins, and pins for online accounts, especially banks
- Placing a free fraud alert on their accounts with the three credit bureaus (Experian, TransUnion, and Equifax)
- Getting a free credit report from AnnualCreditReport.com
- Reporting the identity theft to the FTC
- Filing a report with their local police department, if they wish
- Reporting a misused Social Security number