Phishing Scams Targeting D.C. Unemployment Recipients
The rise of COVID-19 around the world during the past year has had a disastrous impact on every industry or business imaginable, in both the public and private sectors. As a result of quarantine restrictions, social distancing, and mask mandates in the midst of a spreading deadly virus, many American citizens lost their jobs in the process. As a result, unemployment throughout America has risen to a level that had not been seen in the country since the Great Depression. While this unemployment aid has provided much-needed relief to American citizens during hard times, it has also given rise to an alternative problem.
As the number of unemployment claims throughout the country has risen so steeply in the past year, fraud and cybercrime has risen as well. Notably, many residents in the Washington D.C. area have been dealing with phishing scams that are designed to steal personal information from individuals legitimately receiving unemployment benefits. By posing as legitimate members of the Department of Employment Services or DOES, these scammers send out fake emails to individuals who have either applied or are receiving unemployment benefits. The spread and destruction of COVID-19 on exacerbate the potential damage of these phishing scams, as many people around the country have been struggling to make ends meet and are willing to listen to anyone who is offering assistance.
How do phishing scams work?
Phishing is defined as the fraudulent “practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”. Cybercriminals can access personal information from victims directly, or have them click on links embedded within emails that will provide them with this information indirectly. Like many other forms of criminality throughout history, phishing scams work by attempting to mislead the victim into believing they are engaging in a conversation or interaction with a legitimate person. Once the cybercriminal who is operating a phishing scam has retrieved the personal information they were seeking from their victim, they can then use said information to withdraw money from their bank account, open a credit account in their name, as well as various other forms of identity theft.
In the context of unemployment benefits, many cybercriminals in recent months have been posing as government workers or officials, civil servants, or employees of the DOES. To provide an example of this, Shanta Suggs, who works at DOES as a compliance investigator, had phishing emails sent from her account in late August of this year. The person behind the phishing attempt then asked the recipient to text their personal information to a New York State phone number, under the guise of collecting additional unemployment payments. After gaining wind of this story, public radio station DCist/WAMU also sent a text message to this number to gain a deeper insight into the alleged scam attempt that had taken place.
Once again, the person behind the phishing attempt responded, and requested copies of “supporting documentation such as front and back of your driver’s license along with your Social Security number or SSN card to process your claim.” To provide another example, Darrick Ross, a scuba diver sergeant at the Metropolitan Police Department, also had phishing emails sent from his email account without his knowledge. Furthermore, Alesia Henry, an education compliance specialist at the Office of the State Superintendent for Education, had a phishing email sent from account earlier this year as well. Many of the emails sent from these professionals’ accounts promised recipients anywhere from $15,000 to $22,000 in additional unemployment benefits. While D.C. officials have not disclosed the exact number of email accounts that have been compromised, or the number of emails that have been sent, they have stated that they have taken the steps necessary to freeze all email accounts that have sent fraudulent messages, while also contacting the people who received these emails.
While phishing attempts on their own can be a serious problem for ill-informed consumers, the status of unemployment filings and the systems that handle these filings has made potential phishing scams that much more dangerous. To illustrate this point, it was reported in May of this year that The District of Columbia’s Inspector General planned to audit the DOES in response to complaints concerning technical glitches, missing payments, and poor communication. As these factors lead to some people going weeks and sometimes months without any unemployment income, the level of desperation that such a situation can create a breeding ground for cyberattacks and cybercrime.
What can consumers do to avoid phishing scams?
The primary method that consumers can take to avoid being taken advantage of in terms of phishing scams is to ensure that they only send their personal information to verified sources. In the case of Washington D.C. unemployment, the DOES communicates to recipients of unemployment through their own message portal system. An employee of the DOES would never ask a person receiving unemployment to send their personal information through a text message or email address. Additionally, consumers can take the following steps to avoid being taken advantage of in a phishing scam:
- Don’t click on any links within an email message or provide an email sender with any personal information unless you can confirm the validity of the said sender.
- Use your mouse or trackpad to hover over a link before clicking on or accessing said link. If the URL of the link is not in accordance with the description of the link, the link may be leading you to a phishing site.
- Check if the email address and sender names match.
- Check the email message header to ensure that the “from” section of the email isn’t showing an incorrect name.
- Report any suspicious emails you receive to your email service provider.
- Be aware of the types of personal information that you share via the internet.
- Protect your accounts by enabling multi-factor identification.
- Ensure that the software on your phone and computer is up to date at all times.
While phishing scams have become an unfortunate reality during the age of online communication, there are steps that consumers can take to avoid fraudsters. As many people are struggling financially amidst the rise of the COVID-19 virus, many people who may have not fallen for scams in the past are particularly vulnerable and susceptible to such schemes. Nevertheless, consumers can greatly reduce their risk of falling prey to scams by doing their due diligence at all times and ensuring that they do not share any forms of personal information without first confirming the identity of the party of the individual who is requesting said information. With everything going on in the world, the last thing consumers need is someone trying to steal their personal information from them.