The New York Times reports that FBI investigators have found that Nigerian fraud rings are attacking unemployment offices around the country and siphoning hundreds of millions in fraudulent claims from state offices.

Investigators characterize the attack as “immense” and “sophisticated” and report that the ring has already extracted millions in fraudulent claims. The attackers are launching their attacks as millions of American’s rush to file for unemployment and are able to “fly under the radar” since the offices are dealing with a crush of volume.

Since March, more than 36 million people have filed for unemployment as businesses have shuttered across the nation.

Unemployment benefits became a more attractive target for these fraudsters since the additional $600 in weekly payments were added to the program from the federal stimulus program.

Stolen Personal Information from Breaches Is The Fuel to the Fire

The fraud rings appear to be using detailed information such as Social Security Numbers, Addresses, and other personal information from prior data breaches to file fraudulent unemployment claims.

After filing a false unemployment claim they have the funds direct deposited into accounts owned by a vast network of money mules. It is unclear from the FBI if the money mules are complicit in the fraudulent activity or victims themselves of a scam. The FBI issued a warning that people should be wary of quick-money job offers or other suspicious financial arrangements.

The fraud pattern is very similar in nature to the massive tax return fraud schemes that have plagued the IRS for the last 7 years. The Treasury Department recently posted that $135 million in fraudulent refunds were identified for the first two months of 2020, compared to $15 million in the same period for 2019. That’s a whopping increase of 760% over 2019.

Washington State Was The First Targeted State With A 700% Increase in Fraud Claims

The alert from the secret service came on the heels of an announcement earlier this week that Washington State was forced to suspend unemployment claims for 2 days while they tried to resolve substantial fraud attacks.

According to the Seattle Times, the fraudulent claim rate began to spike in early May.

“Between March and April, the number of fraudulent claims for unemployment benefits jumped 27-fold to 700,” the state Employment Security Department (ESD) told The Seattle Times. The story noted that the ESD’s fraud hotline has been inundated with calls, and received so many emails last weekend that it temporarily shut down.

Those fraudulent unemployment claims in Washington have another very distinct pattern that tipped off secret service investigators. Individuals residing out-of-state are receiving multiple ACH deposits from the State of Washington Unemployment Benefits Program, all in different individuals’ names with no connection to the account holder.

Bankers in Oklahoma say that they have seen a surge in unemployment claims from Washington sent to suspected mules in their state.

‘It’s been unbelievable to see the huge number of bogus filings here, and in such large amounts,’ Elaine Dodd, executive vice president of the fraud division at the Oklahoma Bankers Association, told Krebs. 

‘I’m proud of our bankers because they’ve managed to stop a lot of these transfers, but some are already gone. Most mules seem to have [been involved in] romance scams.’ 

To get a better handle on the fraud, state officials announced they would be increasing the number of agents on the fraud hotline, hiring more fraud investigators, cross-matching data with other state agencies and across the country to detect fraud activity, as well as working with the U.S. Department of Labor to both detect and prevent fraud cases.

While Washington was the most heavily attacked state, the secret service has warned that other states appear to be targeted as well including; North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming , and Florida.

400 Employees From Western Washington University Have Been Targeted

In another indication that breached information is probably being used, the Secret Service has found that victims of the fraud are in highly concentrated groups.

The New York Times reports that at Western Washington University in Bellingham, Wash., more than 400 out of about 2,500 total employees have been targeted with fraudulent claims.

Most of those victims were clued into the fraud when they began receiving mail from the ESD office advising them that their unemployment claim had been approved and funds were dispersed.

The ESD in Washington was inundated with calls into their hotline as victims began to receive those notifications.

It is worth noting that Washington State has some of the highest weekly unemployment benefits in the nation and that could be part of the reason they were targeted by the fraud rings

Hundreds of OSU employees In Oklahoma Impacted As Well

In Oklahoma, there have been 5,500 reports collected concerning unemployment fraud since the pandemic began.

There have been more than 200 OSU employees that have had fraudulent claims filed with their information alone. While Western Washington University employees were victims of a data breach, the problem at OSU is a bit different. In their case, it appears that a cyberattack may be responsible for their information being compromised.

Officials in Oklahoma believe the problem of unemployment fraud is more widespread than many believe.

Brook Arbeitman, PIO for the Oklahoma State Bureau of Investigation, said the problem is rampant across the state. The OSBI formed a task force last week of state and federal agencies to investigate these false claims.

“It doesn’t matter if it’s a major metropolitan area, rural area, elected officials, state employees,” Arbeitman said. “It seems to be targeting everybody.”