Guy Mendt grew alarmed when he checked his mailbox on Monday. Two 1099 tax forms had arrived from the Colorado Department of Labor and Employment letting him know he and his wife owed taxes on about $7,200 of unemployment benefits.
The Mendts, both retired, found themselves fighting unemployment fraud. Again.
The Windsor couple thought they had taken care of everything in August, after two U.S. Bank ReliaCards showed up in the same mailbox. Like other Coloradans getting unexpected debit cards in the mail, the Mendts learned their identities had been stolen and used to make unemployment claims. They filed fraud reports with the state labor department and local police, called U.S. Bank to cancel the cards and checked their credit reports.
“They tell you, ‘Oh, file a fraud claim, do all these steps.’ You kind of have to trust the system that everything’s going to shut off and it’ll be OK,” said Mendt, who spent the past few days unsuccessfully trying to reach a human at the unemployment office. “(Now) I’ve got an extra $7,200 in income between my wife and I. I’m not really too excited about paying both state and federal tax on that.”
The Mendts were swept up into a frenzy of fraud that engulfed the state’s unemployment system for most of 2020. Tens of thousands of Coloradans notified authorities about the fraud and then had to guard their personal data more closely. It also left thousands of legitimate gigless workers with no benefits as their claims were deemed suspicious and payments were withheld.
Fraudsters using stolen bits of real identities targeted unemployment systems for a piece of the billions of dollars available. While the Colorado Department of Labor and Employment said that it stopped nearly $1 billion in payments back in September, an unknown sum was paid. The state reported recovering $40 million by working with law enforcement in the fall.
On Thursday, labor officials said that their anti-fraud system stopped $7 billion in payments from going to fraudulent claimants. Approximately $10 million was paid.
But most victims don’t find out about the fraud until some peculiar event. Cynthia Manjarrez, an independent contractor in Pueblo, found out that her name was hijacked in June — but only after she tried to file for unemployment in September.
Julie Morris said she only learned that her identity was used when her employer told her someone had filed for unemployment in her name. She and her employer contested the claim last month.
“(On Jan. 7) my employer was notified that the claim was approved, after I had reported it as fraud and my employer contested it,” Morris said in an email. “My employer also learned that I now live in Yucca Valley, California, which of course I do not and never have.”
A new wave of fraud began after Christmas when the federal programs ended. Criminals now are going after the state system, which paid benefits to those eligible for regular unemployment. On Sunday as the upgraded computer system called MyUI+ went online, 20% of the claims made that day were flagged as fraudulent.
“When we deployed the new system Sunday morning at 6:30, we watched,” said Cher Haavind, deputy director of the state Department of Labor. “We were all on a dashboard and we could see where people were hitting the system. They were coming from outside of the United States. They were coming from Nigeria. And they were, within five minutes of deploying the system, trying to access MyUI+.”
How did this happen? The 10-day rule
Last summer, victims who discovered a stranger had filed for unemployment in their name were told to fill out a Department of Labor online fraud form, a Google form that was then checked by labor staff updating suspect accounts manually.
Tens of thousands of forms were filled out by victims and the backlog grew. The tedious, manual process took up staff time in a period when unemployment was exploding.
Back in normal times, circa 2019, the labor department handled an average of 1,900 new claims a week. Since mid-March 2020, new claims averaged 17,600 a week — and that excluded those eligible for federal programs.
Adding to the frenzy was Executive Order D 2020-012. Back in March, Gov. Jared Polis ordered the labor department to expedite payments to displaced workers. Specifically, he ordered the labor department to pay claims no more than 10 days after applications were complete.
“We had to get benefits out and it made sense. There was a historic level of unemployment and as part of that, we saw criminals take advantage of our process,” Haavind said. “Now we’re trying to do our due diligence on fraud. We’re just trying to find balance.”
Some employers made mistakes too. When notified by the state that an employee filed for unemployment, employers were supposed to also file a fraud report. But if the employer checked “other” in response to the claim, the labor department treated it as a job separation, which needed a ruling on whether the worker qualified for benefits. Payments would be held until the decision was made. The governor’s 10-day order changed that process.
“Those issues were auto-resolved and automatically cleared to allow payment to go out, per the executive order,” said Phil Spesshardt, the state labor department’s benefits services manager. “If we had not done that, there would be people who filed a claim, effective March 15, who still would not have … received one dime yet. There was a balancing act (to prevent) a further cascading effect related to our unemployment in this state and drag on the economy.”
By the end of July, the labor department had distributed $4.28 billion in unemployment benefits, which helped hundreds of thousands of Coloradans pay rent and other bills. But by July, thousands of legitimate people on unemployment found their accounts on hold because they had triggered one of more than 20 fraud alerts set by the state.
On Thursday, labor officials said that 800,000 claims by Pandemic Unemployment Assistance users had fraud holds, plus another 150,000 accounts in the regular unemployment system.
The dark side
State officials began acknowledging the fraud in June. It intensified over the summer and the state’s new anti-fraud controls took effect. By late summer, thousands of people legitimately on unemployment stopped receiving benefits. Their accounts had been flagged for fraud.
It wasn’t just Colorado.
An organized crime ring in Nigeria was one of the early groups of identified attackers on state unemployment systems. Security news researcher Brian Krebs reported in late May that the Secret Service learned criminals were recruiting people with no jobs “to receive direct deposits from the fraudulent transactions, and then forward the bulk of the illicit funds to the perpetrators.”
The U.S. Department of Labor’s Inspector General Scott S. Dahl told a Congressional committee on June 1 that unemployment fraud could reach $26 billion, “pocketed by fraudsters instead of going to legitimate workers.”
Pushing out benefits fast without some security controls was a detriment to everyone, said Richard Bird, the chief customer information officer for Denver security firm Ping Identity.
“The scale and the breadth of this and the unintended consequences of choosing fast over secure, has resulted in a cascading wave of damages, issues and problems,” he said, “not the least of which is going to be Colorado citizens having to waste their time proving that they didn’t file for unemployment. It wasn’t their fault, but they’re going to be forced to fix it.”
But the anti-fraud controls froze thousands of legitimate accounts. Many people couldn’t get benefits for weeks and months and told The Colorado Sun they were near homeless or living in a car because of it. They couldn’t get through to customer service to find out what happened. The agency decided to lift some of the holds in September based on reasonable assumptions, such two or three people on unemployment may actually live at the same address.
Bird said the issue could resolve itself when the pandemic subsides and people go back to work and the state returns to full employment. When claims diminish, it’ll also be easier to spot fraud. But local governments could address the issue today by investing in security and protecting citizen data.
“It’s a vicious circle, one that was never tooled for security,” Bird said. “The feds coughed up funds without expecting security. We advertised all this availability of hundreds of millions of dollars to the public. The bad guys watch the news and stole the money. And it just kept going.”
The federal government has increased funding for state systems to combat unemployment fraud. But there are just so many other factors, Haavind said.
“This is the result of a pandemic where criminals are preying on innocent victims and using their stolen identities,” she said. “Soon they will be filing fraudulent tax returns and that will be the next story. We’re responding to a lot of questions like, ‘How could you let this happen?’ Sure, modern technology will help us, like MyUI+, but also, it’s … criminals who wait for this opportunity to prey on those who never knew that their ID was compromised in the past.”
Next steps for victims
The state labor department — they know. They know about the thousands of workers with fraud holds. They know there’s a backlog fraud reports filed by victims and employers. They know about the 1099s.
For its part, officials from U.S. Bank said that once they learn a card was improperly requested, they disable it.
By having victims file its fraud-report form, the state labor department planned to stop any 1099 tax forms from being mailed. But, again, there were too many — more than 20,000 fraud reports were filed since Christmas. Officials estimate that there are 30,000 pending fraud reports filed by victims.
Next week, another verification tool called ID.me will be implemented to continue cracking down on claims based on false identities. The lag to flag accounts reported fraudulent by victims should subside thanks to the new computer system that rolled out Sunday since part of the process will now be automated.
Tax forms were mailed Jan. 7. A new form will soon be available for people to notify the state if they receive unexpected 1099 forms in the mail.
And for folks like Guy Mendt, who documented every call and message in the process of clearing his name but got 1099 tax forms anyway, “ultimately, he’s not responsible for those,” Spesshardt said.
“We’ll be able to automate portions on that so that we can ultimately review and make sure we get the fraudulent claims shut down,” Spesshardt said. “And then we would send out a corrected amended 1099 to those individuals. And to the extent that we would have to change any files going to Social Security or the IRS, we would also be looking to do that, so they know what to anticipate.”
This story was updated on at 3:45 p.m. on Jan. 14, 2020 with additional information on unemployment fraud from the state labor department.
Victim of unemployment fraud?
If you received a U.S. Bank ReliaCard for unemployment benefits but didn’t file a claim, the state recommends:
- Submit a fraud report to the labor department.
- File a fraud report with U.S. Bank, a bank used by more than a dozen states to distribute unemployment benefits. Or call 1-855-282-6161 to deactivate the card.
- Contact the three consumer credit bureaus and put a fraud and identity theft alert on your name and Social Security number: Equifax: 1-800-525-6285; Experian: 1-888-397-3742; TransUnion: 1-800-680-7289 or annualcreditreport.com
- File a “counter report” with the local police department to create a record
- Report identity theft to the Federal Trade Commission at identitytheft.gov.
- Guy Mendt keeps a freeze on his credit after he experienced ID theft years ago. He just lifts it when he needs to.
- Richard Bird recommends contacting your local and state representatives and ask them to support better security of personal data in all departments.
- Phil Spesshardt said scammers are having cards delivered to for-sale or for-rent homes where no one checks the mail. Landlords and sellers should make regular mail checks.
- Use U.S. Postal Service’s Informed Delivery service to get a preview of mail to be delivered every day