New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fraud Overwhelms Pandemic-Related Unemployment Programs

States are scrambling to update security systems as another round of unemployment aid is on the horizon. Identity theft and unemployment fraud has risen to record highs, and often times the fraudulent payments cause a delay for those with legitimate requests. Threat actors purchase stolen identify on dark web marketplaces in order to apply for the pandemic relief and unemployment. The U.S. Justice Department is investigating fraud by transnational criminal groups as well as sophisticated domestic threat actors. Labor Department officials estimate that over $63 billion USD has been improperly paid, the sum of which is more than the entire budget for the Department of Homeland Security. Despite the huge increase in fraudulent payments, State agencies are still are not taking the necessary precautions to prevent fraud.  In a report from the Department of Labor, 22 of the 54 state and territorial workforce agencies are not using the data  from the recommended data exchange run by the National Association of State Workforce Agencies which prevents the same Social Security number from being used in multiple state unemployment applications. The Department of Justice has made several unemployment fraud arrests and has set aside money in order to hire more prosecutors aimed at fighting back against fraud.

Analyst Notes

Threat actors leverage stolen personal and sensitive data to impersonate individuals to commit various forms of unemployment fraud. This could not only delay new legitimate requests but also stop an individual from receiving current unemployment relief. Anyone who may have been a victim of a data breach should change and strengthen any online logins and implement multi-factor authentication. Financial and credit accounts should be monitored closely. Placing a credit freeze on file with the credit bureaus and notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected. Some states allow you to create an online unemployment account without requesting any unemployment aid. By doing this, you can prevent anyone else making an account on the same site with your information.