EverSafe Scam Watch

Protecting Your Financial Health

A Wave of Fraud: Imposters Claim Jobless Benefits

In an unusually widespread scam, criminals are using fake identities to target a pandemic relief program that helps unemployed workers in the gig economy. Computer-savvy crooks, who are linked to large, well-organized operations, are stealing benefits from the Pandemic Unemployment Assistance program (PUA), which was hastily put together to help independent contractors, freelancers, and others who cannot claim traditional jobless benefits.

Criminals get hold of an innocent person’s identification, such as their Social Security or driver’s license numbers, and then make illicit claims for the benefit. State labor departments, which have been overwhelmed this year by real claims for unemployment, have been caught off guard.

Unemployment benefits fraudThey also have been startled by the vast scope of the crime, with reports from all over the country. According to the New York Times, Washington State alone has identified 87,000 fake claims since the spring. Many of those cases were linked to a Nigerian enterprise known as Scattered Canary, suspected of fraud in Florida, North Carolina, Massachusetts, Rhode Island, Wyoming and Oklahoma.

Colorado officials have said that 77 percent of PUA claims during a six-week period this summer were phony. California recently suspended processing claims for two weeks to get a handle on the problem. The Kansas Department of Labor said it has blocked 45,000 bogus claims.

Victims of the scam run all the risks that come with identity theft, as well as potential hold-ups if they seek PUA benefits for themselves. “Be aware that your personal information may be used fraudulently without your permission,” the Department of Labor’s (DOL) Office of Inspector General said in an alert. The DOL is now spending $100 million to address the scam. The PUA program was launched rapidly and has lacked the security of established unemployment benefits. Swindlers have used various means of obtaining personal ID, including phishing emails that try to pry personal information out of their targets.

Anyone with knowledge about this scam is asked to call the DOL’s Office of Inspector General’s Hotline at 202-693-6999 or 1-800-347-3756 or go online to https://www.oig.dol.gov/hotline.htm.

Keep Cyber Crooks Out of Your Remote Meetings

For many of us, the idea of “remote” meetings has taken on new meaning in this unusual year. We’ve gone to birthday parties, met friends for drinks, checked on our relatives, and attended professional conferences—without stepping outside our own homes. Services like Zoom, Microsoft Teams and Cisco’s WebEx have become a routine part of life.

Hacker on a laptopAnd scammers have noticed. In past months, they have crashed and disrupted meetings—and sent meeting invitations that lure victims onto websites where their log-in credentials can be stolen. It doesn’t have to be that way. You should be able to enjoy the benefits of video-conferencing without worrying about schemers.

Here are 6 tips from law enforcement to make sure your meetings are safe and worry free:

  1. Keep your meeting private. If you are in charge, be sure to control who gets in, such as by using the waiting-room feature that restricts entry.
  2. Safeguard the link. Never put a meeting link on social media. Make sure the invitation goes only to folks you want to share it with. (And make that clear to invitees, if they need reminding.)
  3. Restrict screensharing. In Zoom, for example, you can limit screensharing to “Host Only.”
  4. Use the latest updates. If practical, ask that users rely on updated applications for remote access.
  5. Take advantage of the security tools. Protections and procedures may vary among the different services. Whether you’re the host or a participant, it makes sense to use the tools that are available.
  6. Don’t open unexpected invitations. Avoid clicking on invitations and links that seem odd in any way. When in doubt, first find out if the invitation is real.

Anthem Settles Data Breach for $39.5 million

Anthem Inc. the nation’s second largest health insurance company, has agreed to a $39.5 million settlement, arising from a 2014 cyber attack that captured personal data of almost 80 million Americans. The Indianapolis-based insurance giant reached the agreement with attorneys from 43 states, including California, New York and Florida. (Previously, it said it would pay $115 million, in a separate, class-action settlement.)

Anthem building signIn the new deal, Anthem agreed to several provisions, including strengthening its protections of personal data and improving training of employees to safeguard the data. The breach affected Anthem Blue Cross, Anthem Blue Cross and Blue Shield and other Anthem companies.

In the hack, cyber attackers captured names, dates of birth, Social Security numbers, health care ID numbers and phone numbers. The Justice Department last year charged two members of what it called “a brazen, China-based computer hacking group” with that crime, as well as attacks on three other, unidentified U.S. businesses. According to the indictment, hackers used emails to invade Anthem’s internal systems. When Anthem employees clicked on a link in the email, hackers were able to gain access to the trove of personal data.

In the separate, earlier class-action settlement, Anthem agreed to pay $115 million for credit monitoring, cash payments and reimbursements for affected parties.

US Consumer Agency Targeted by Scammers

The Federal Trade Commission was created over 100 years ago to protect consumers from deceptive business practices that harm the economy. These days, much of its work goes to warning the public about a never-ending stream of fraud. The FTC’s home page, for example, features links on how to file a consumer complaint and how to report identity theft.

FTC logoBut even the FTC is not immune from would-be cyber-scammers.

It recently warned that crooks, posing as the agency’s chairman, are trying to gain private, personal information about Americans. “If you saw an email from FTC Chairman Joseph Simons, it wasn’t from him, that is,” the FTC warned on its website. “Scammers pretending to be him are emailing, though. They’re trying to trick you into turning over personal information, like your birth date and home address, which could help them scam you.

The official posting advises that “if you get an email from the Chairman of the Federal Trade Commission about getting money because of an inheritance or relief funds related to the impact of the COVID-19 pandemic—or anything else—do not respond. Do not give out your personal information. But do hit “delete.”

That’s good advice. Hitting the delete button is the right answer for any unusual email that promises you money in return for personal information.

If you receive the fake FTC email, the agency asks that you let them know by going to ftc.gov/complaint.