Phishing Scams Targeting D.C. Unemployment Recipients

September 13, 2021 | 6 minutes read
Phishing Scams Targeting D.C. Unemployment Recipients

The rise of COVID-19 around the world during the past year has had a disastrous impact on every industry or business imaginable, in both the public and private sectors. As a result of quarantine restrictions, social distancing, and mask mandates in the midst of a spreading deadly virus, many American citizens lost their jobs in the process. As a result, unemployment throughout America has risen to a level that had not been seen in the country since the Great Depression. While this unemployment aid has provided much-needed relief to American citizens during hard times, it has also given rise to an alternative problem.

As the number of unemployment claims throughout the country has risen so steeply in the past year, fraud and cybercrime has risen as well. Notably, many residents in the Washington D.C. area have been dealing with phishing scams that are designed to steal personal information from individuals legitimately receiving unemployment benefits. By posing as legitimate members of the Department of Employment Services or DOES, these scammers send out fake emails to individuals who have either applied or are receiving unemployment benefits. The spread and destruction of COVID-19 on exacerbate the potential damage of these phishing scams, as many people around the country have been struggling to make ends meet and are willing to listen to anyone who is offering assistance.

How do phishing scams work?

Phishing is defined as the fraudulent “practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”. Cybercriminals can access personal information from victims directly, or have them click on links embedded within emails that will provide them with this information indirectly. Like many other forms of criminality throughout history, phishing scams work by attempting to mislead the victim into believing they are engaging in a conversation or interaction with a legitimate person. Once the cybercriminal who is operating a phishing scam has retrieved the personal information they were seeking from their victim, they can then use said information to withdraw money from their bank account, open a credit account in their name, as well as various other forms of identity theft.

In the context of unemployment benefits, many cybercriminals in recent months have been posing as government workers or officials, civil servants, or employees of the DOES. To provide an example of this, Shanta Suggs, who works at DOES as a compliance investigator, had phishing emails sent from her account in late August of this year. The person behind the phishing attempt then asked the recipient to text their personal information to a New York State phone number, under the guise of collecting additional unemployment payments. After gaining wind of this story, public radio station DCist/WAMU also sent a text message to this number to gain a deeper insight into the alleged scam attempt that had taken place.

Once again, the person behind the phishing attempt responded, and requested copies of “supporting documentation such as front and back of your driver’s license along with your Social Security number or SSN card to process your claim.” To provide another example, Darrick Ross, a scuba diver sergeant at the Metropolitan Police Department, also had phishing emails sent from his email account without his knowledge. Furthermore, Alesia Henry, an education compliance specialist at the Office of the State Superintendent for Education, had a phishing email sent from account earlier this year as well. Many of the emails sent from these professionals’ accounts promised recipients anywhere from $15,000 to $22,000 in additional unemployment benefits. While D.C. officials have not disclosed the exact number of email accounts that have been compromised, or the number of emails that have been sent, they have stated that they have taken the steps necessary to freeze all email accounts that have sent fraudulent messages, while also contacting the people who received these emails.

While phishing attempts on their own can be a serious problem for ill-informed consumers, the status of unemployment filings and the systems that handle these filings has made potential phishing scams that much more dangerous. To illustrate this point, it was reported in May of this year that The District of Columbia’s Inspector General planned to audit the DOES in response to complaints concerning technical glitches, missing payments, and poor communication. As these factors lead to some people going weeks and sometimes months without any unemployment income, the level of desperation that such a situation can create a breeding ground for cyberattacks and cybercrime.

What can consumers do to avoid phishing scams?

The primary method that consumers can take to avoid being taken advantage of in terms of phishing scams is to ensure that they only send their personal information to verified sources. In the case of Washington D.C. unemployment, the DOES communicates to recipients of unemployment through their own message portal system. An employee of the DOES would never ask a person receiving unemployment to send their personal information through a text message or email address. Additionally, consumers can take the following steps to avoid being taken advantage of in a phishing scam:

While phishing scams have become an unfortunate reality during the age of online communication, there are steps that consumers can take to avoid fraudsters. As many people are struggling financially amidst the rise of the COVID-19 virus, many people who may have not fallen for scams in the past are particularly vulnerable and susceptible to such schemes. Nevertheless, consumers can greatly reduce their risk of falling prey to scams by doing their due diligence at all times and ensuring that they do not share any forms of personal information without first confirming the identity of the party of the individual who is requesting said information. With everything going on in the world, the last thing consumers need is someone trying to steal their personal information from them.

Related Reads

What is the Payment Card Industry Data Security Standard?
January 06, 2023 | 4 minutes read
What is the Payment Card Industry Data Security Standard?

The PCI-DSS is the primary financial and IT privacy standard that regulates the collection and processing of cardholder data around the world.

Learn More »
The Payment Application Data Security Standard (PA-DSS)
November 08, 2022 | 4 minutes read
The Payment Application Data Security Standard (PA-DSS)

The PA-DSS refers to a set of requirements that are geared toward aiding software vendors in maintaining secure payment applications.

Learn More »
How to Mute Names Within Audio Content, a Quick Guide
May 11, 2022 | 5 minutes read
How to Mute Names Within Audio Content, a Quick Guide

Follow the steps in this guide to redact personally identifiable information within audio files through the use of automatic redaction software.

Learn More »
The CCRRA, Establishing a New Standard for Credit Reporting
November 17, 2021 | 4 minutes read
The CCRRA, Establishing a New Standard for Credit Reporting

The CCRRA for short is a federal law passed by the U.S. Congress in 1996 for the purposes of amending the Fair Credit Reporting Act.

Learn More »
The EFTA, Innovative Financial Regulations
October 27, 2021 | 5 minutes read
The EFTA, Innovative Financial Regulations

The Electronic Funds Transfer Act EFTA or the EFTA for short is a federal law that was passed in 1978 to reduce electronic financial errors.

Learn More »
FACTA, Regulations for Businesses in The Financial Sector
October 25, 2021 | 5 minutes read
FACTA, Regulations for Businesses in The Financial Sector

The Fair and Accurate Credit Transactions Act of 2003 or the Credit Transactions Act of 2003 or the FACTA for short is a federal law that was passed in 2003.

Learn More »