Pa. updated its unemployment compensation system. Then cyber fraud spiked

Unemployment benefits fraud is on the rise after Pennsylvania unveiled a new online filing system.

Web pages used to show information for collecting unemployment insurance in Virginia, right, and reporting fraud and identity theft in Pennsylvania, are displayed on the respective state web pages, Friday, Feb. 26, 2021, in Zelienople, Pa. (AP Photo/Keith Srakocic)

Web pages used to show information for collecting unemployment insurance in Virginia, right, and reporting fraud and identity theft in Pennsylvania, are displayed on the respective state web pages, Friday, Feb. 26, 2021, in Zelienople, Pa. (AP Photo/Keith Srakocic)

When Pennsylvania made it easier to apply for unemployment benefits last month, it also gave scammers a new opportunity.

Unemployment benefits fraud “appears to have really exploded,” said Alex Halper, Director of Government Affairs with the Pennsylvania Chamber of Business and Industry.

“It has gotten worse almost week by week,” said Geoff Moomaw, president of Interstate Tax Service, Inc., which works with 1,900 employers around the commonwealth to handle their unemployment compensation claims.

On June 8, Pennsylvania unveiled a new, online filing system for unemployment claims. The web portal replaced decades-old mainframe technology with the aim of making the process more user-friendly and accessible all around. But that change, which was not accompanied with enhanced identification verification, appears to be inviting a flood of fake claims.

  • WHYY thanks our sponsors — become a WHYY sponsor

Before the switch, Moomaw said his group received reports of around 100 fraudulent claims filed per week. The week ending July 10, the number was more than 1,800. The previous week, it topped 2,000. Around 75% of those turn out to be fraudulent after following up with the employee, said Moomaw.

Since that switch, the Pennsylvania Department of Labor and Industry’s own numbers support unusual activity. Unemployment has been steadily trending downward, according to the US Department of Labor. However, after the new system came online in Pennsylvania, new unemployment claims surged, from ​​31,317 the week ending May 29, to 71,695 the week ending July 10, a level not seen since May of last year.

“L&I has always monitored fraud attempts within Pennsylvania and across the nation and acted swiftly to put new antifraud mechanisms in place to deter and catch new methods of fraud,” said Sarah DeSantis, a spokesperson for DLI. She noted that not all of those initial claims filed were paid, but the state does “not yet have an estimate on the amount or percentage of fraudulent claims that were filed recently.”

Employers often catch wind of the fraud because the state reaches out to verify the employment of each person who applies for traditional unemployment compensation. That process is creating more work to vet and report bad claims.

“Last week, one county called us about 90 fraudulent claims,” said Moomaw, whose company counts local governments among its clients. To verify them requires contacting employees individually and filing paperwork for each to show they did not submit a claim.

No one is immune. At the PA Chamber of Business and Industry, five employees were targeted in the last few months, said Halper.

“I’ve had a school superintendent, I’ve had a business manager, I’ve had [a] director of human resources, school teachers galore. I’ve had a CEO for a nonprofit corporation … he’s only making $750,000 a year, but he allegedly filed a claim,” said Moomaw.

  • WHYY thanks our sponsors — become a WHYY sponsor

He theorized that scammers could be targeting high wage-earners to pull in the maximum benefit amount allowed under state law.

During a recent meeting of the state advisory committee overseeing benefits modernization, the IT Director for the state senate of Pennsylvania, Shawn Eyster, said that his information had also been used to fill out a false claim.

“My employer just told me I filled it out and I obviously did not,” he said.

Threats on the dark web

Such scams depend on personal information that was stolen long ago, and readily for sale on the dark web.

“What Pennsylvania is seeing is very common across the country,” said James Lee, COO of the Identity Theft Resource Center. In 2020, scammers funneled at least $36 billion out of unemployment coffers and away from actual recipients in the United States, according to the US Department of Labor.

The older systems, which several states still use, made it much more difficult to commit fraud, because so much work had to be done by hand on the back end. Now, Pennsylvania has joined the states which have “some of the highest levels of fraud” because of the type of system they adopted, called a “single sign-on,” said Lee.

Pennsylvania’s new portal uses a universal log-in, called the Keystone ID, which is accepted to sign up for a variety of government benefits across different departments. While this is a much simpler tool for users, it also means if the information becomes compromised, a hacker can use it much more broadly.

“They go in, they apply for benefits of various departments and then they move on,” said Lee.

Unemployment attorney Julia Simon-Mishel, supervising attorney with Philadelphia Legal Assistance, said actual claimants are also being targeted directly, and having their log-in information stolen.

“We are seeing current claims hacked, with their log-in information changed and payment redirected to the hacker,” she said. “We never saw that happen in the [old] UC mainframe.”

DeSantis with DLI said that is not occurring because of a data breach at the state, but because claimants are being “phished,” or otherwise tricked into sharing their log-in information with a fraudster. “L&I never asks for an individual’s username and password over email, the phone, text, or social media,” she said.

The best way an individual can prevent getting scammed is to regularly change your passwords if you are notified of a breach, and to use unique passwords for each log-in, according to Lee.

Other prevention measures can only be taken at the government level. Pennsylvania is working on incorporating a virtual identity verification process into the filing process, but does not have an implementation date yet, said DeSantis. Individuals can also report fraud directly to the state here.

Moomaw called that lag “a serious oversight,” but the balance between security and ease-of-use has trade-offs. Each new verification step can become a barrier to someone who is eligible.

That happened when Pennsylvania’s system for Pandemic Unemployment Assistance, or PUA, began using an identity verification program called after it was hit with major fraud, said Simon-Mishel.

“We have had many claimants struggle to complete the identity confirmation process through on the PUA side, especially claimants with language barriers or minimal technology literacy,” she said. “While it’s important to ensure Pennsylvania workers are not the victims of criminal syndicates filing in their names using stolen information, we must make sure that any fraud prevention tools do not create new barriers for our most vulnerable workers.”

Even these steps may not be enough to stamp out fraud, according to Lee, who advocated for a more varied approach, using biometric information or multiple layers of security.

Reports of benefits fraud this year are outpacing the previous year, and identity theft is at an all-time high, according to the Identity Theft Resource Center.

Broke in PhillyWHYY is one of over 20 news organizations producing Broke in Philly, a collaborative reporting project on solutions to poverty and the city’s push towards economic justice. Follow us at @BrokeInPhilly.

Get daily updates from WHYY News!

WHYY is your source for fact-based, in-depth journalism and information. As a nonprofit organization, we rely on financial support from readers like you. Please give today.

Want a digest of WHYY’s programs, events & stories? Sign up for our weekly newsletter.

Together we can reach 100% of WHYY’s fiscal year goal