Unemployment insurance programs in Colorado and around the country are struggling with an unprecedented wave of fraudulent claims, something cybersecurity experts say numerous data breaches the past decade have made possible.
Self-employed workers seeking assistance have found their applications stalled or payments delayed because of tighter security. Already stretched thin, the Colorado Department of Labor and Employment has redirected its limited resources. And thousands of unsuspecting Colorado residents have had to spend hours trying to rectify the fallout from the scam after claims were made in their names.
“The issue is that anyone can fill out these applications and get paid in a couple of days. All the personal identifiable information they need is readily available on the dark web as a result of countless breaches,” said Tyler Moffitt, a security analyst at Webroot, a Broomfield-based cybersecurity company.
Software that spoofs Internet Protocol addresses allows scammers to hide their digital location and operate across state and national borders. Emails are easy to obtain and disposable. And although banks are supposed to know their customers, it remains too easy to set up an account and accept deposits under a stolen identity, experts say.
“This situation highlights how weak the verification process is, considering all the requirements can be bought. There isn’t a thorough enough process to verify people are who they say they are in an online form,” Moffitt said.
Since mid-July, the CDLE estimates it has blocked somewhere around 73,000 fraudulent claims seeking between $750 million to $1.25 billion in payments under Pandemic Unemployment Assistance, a new federal program designed to help self-employed and contract workers. As of Thursday, the labor department reported 162,454 Coloradans have applied for the PUA program files claims that have not been flagged fraudulent since the COVID-19 pandemic began. Just over 2,400 new PUA claims