“hundreds of millions of dollars” down the drain
Listen to this article
It seems that Democrats are constantly trying to outdo each other on the most ludicrous points—relaxing some laws (opening borders and prisons) and tightening enforcement of their own orders (locking up surfers and hair stylists).
In Washington state, Gov. Jay Inslee (D) rushed to hand out the extra $600/week to anyone and everyone who applied for unemployment, up to and including a Nigerian crime network that funneled out of the state “hundreds of millions of dollars” before Washington officials finally got a clue.
The @SeattleTimes is ON IT! Great reporting, right up on top of the Website!
This is one to share with your friends. @JayInslee's arrogance and incompetence combined allowed a sloppy, Nigerian scam crew to steal a couple hundred million dollars from you https://t.co/iyjseYmrsM
— PRESIDENT-ELECT Todd Ξ Herman (Parler ToddEHerman) (@toddeherman) May 24, 2020
While other states were also targeted, including some red ones, it appears that Washington was the favored piggy bank of a Nigerian crime ring dubbed “Scattered Canary.”
A Secret Service spokesperson confirmed to Business Insider on Monday that the agency’s electronic crimes task force had identified “criminal actors targeting state unemployment insurance program funds” using stolen personal information.
“Criminals will use stolen personally identifiable information … to file fraudulent state unemployment claims. Crooks will then use social engineering techniques to recruit unsuspecting individuals to launder illicitly obtained funds in order to conceal the identity, source and destination,” the spokesperson told Business Insider.
The Secret Service circulated a memo last week warning that the criminals appear to be connected to a Nigerian crime ring and may have already stolen hundreds of millions of dollars, security researcher Brian Krebs first reported. The memo said the fraudsters were primarily targeting the state of Washington, as well as North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming, and Florida.
So why Washington as the primary target? Well, they were sending out benefits before verifying them with employers, they were depositing in out of state banks (including all the way across the country), they were sending money on the same claim to numerous people who were literally using numerous different names, they ignored other red flags like disposable email addresses, and so on. It’s mind-boggling.
Earlier this spring, as Washington began to pay out enhanced unemployment benefits to tens of thousands of laid-off and furloughed workers, a criminal organization halfway around the world spied an enormous opportunity.
A Nigerian fraud ring, dubbed “Scattered Canary” by security researchers, would soon begin siphoning off the benefits, notably the extra $600 a week Congress had added to unemployment checks.
Hiding behind a tsunami of legitimate claims, and using personal information likely stolen in past consumer data breaches, the ring and other criminals filed thousands of bogus applications with the state’s Employment Security Department (ESD). By the time the fraud was recognized, scammers had made off with “hundreds of millions of dollars,” ESD Commissioner Suzi LeVine acknowledged Thursday.
Exactly how much was carted off by Scattered Canary, as well as other bad actors, hasn’t been determined. But federal and state officials have pointed to sophisticated Nigerian cyber-fraudsters as key players who exploited a once-in-a-generation opportunity, abetted by a chaotic economic crisis and political pressure to swiftly payout checks to distressed workers without the usual scrutiny. Since the start of the pandemic, the state has paid out nearly $3.8 billion in benefits.
It was the “political pressure” that resulted in Washington’s “Employment Security Department” distributing, apparently willy nilly, hundreds of millions of taxpayer dollars to Nigerian fraudsters.
The Seattle Times continues:
Washington’s unemployment system also missed potential red flags, including payments to out-of-state banks and the use of suspicious email accounts, according to security experts. All of that happened despite a $44 million software upgrade at ESD that was supposed to help detect such fraud.
. . . . officials at ESD and at WaTech, the agency that manages the system the state uses to authenticate users for ESD and other state agencies, have repeatedly insisted that when thieves have enough personal information, it’s difficult to stop people from filing fraudulent claims without also obstructing legitimate filers.
The state considered a more stringent authentication system that was included with the upgraded software, but discovered it created headaches for people trying to file claims, and even a less stringent gateway caused “an increased number of phone calls to the agency,” according to a 2017 assessment of the new Unemployment Tax and Benefit system (UTAB).
The net result, it now seems, was an unemployment system that was easier for legitimate users — but also for bad actors, who, once inside, could both file bogus claims and set preferences for how they wanted to be contacted and paid.
. . . . Washington and other states dropped the usual waiting period between when a claim is filed and paid, so ESD didn’t always have enough time to verify claims before sending payment.
But wait, it gets better.
But experts say that, even before then, there were some clues that should’ve raised alarms about fraud. Some Washingtonians said they found their ESD accounts redirected to an email service called Yopmail, which provides “disposable” email addresses that require no password. Scattered Canary also used so-called “google.dot” accounts, that is, variations of the same Gmail address that can be used to set up a separate ESD account but, which all deliver to a single Gmail email address, according to Agari.
Then there was the payment system. In order to actually receive the fraudulent benefits, Scattered Canary and other groups often use “mules” — people who knowingly or unknowingly help launder money by opening bank accounts or online debit card accounts.
The Secret Service, in its May 14 bulletin, noted Washington had sent automated payments to persons outside the state “all in different individuals’ names with no connection to the account holder.”
The out-of-state bank accounts should have been “a huge red flag” for ESD to scrutinize payments, said the senior fraud officer at an East Coast bank that received at least five electronic deposits from “UI Benefit WA ST.”
“Given our location, we don’t have a lot of people who are employed in the state of Washington,” said the banker, speaking on condition of anonymity to avoid disclosing his bank’s fraud prevention measures.
. . . . Washington made security choices with its own policy objectives in mind: getting money into the hands of desperate Washingtonians reeling from the sudden loss of jobs and income. To that end, the state erred on the side of distributing benefits first, and asked for employer verification that applicants qualified for unemployment benefits later.
In a statement, Fast Enterprises spokeswoman Megan Mooney said, “Our commercial off-the-shelf software has been implemented as the basis of the UTAB System and it does have fraud detection capabilities. Each agency decides the degree to which those capabilities should be used.”
The numbers are staggering, and you really should read the whole report. Additionally, legitimate Washington recipients who followed Inslee’s rules are being harassed and threatened as the state scrambles to stem the bleeding.
Employers were receiving notifications from ESD of claims filed in the names of workers still very much employed. Laid-off workers trying to file for unemployment insurance for the first time in their lives found ESD accounts already opened with their Social Security numbers.
. . . . As more employers and workers began receiving notifications of bogus claims, many tried to contact the ESD. Many could not, and began contacting local police.
Between May 13 and May 18, the King County Sheriff’s Office received 1,668 reports of unemployment fraud — 541 of them on May 18 alone, according to Sgt. Ryan Abbott. In Snohomish County, 911 dispatchers received 1,248 complaints of unemployment fraud last week — compared to three complaints during the first three weeks of April. On the ESD’s online portal for submitting fraud complaints, the numbers were ballooning. Between May 15 and May 20, the number of fraud claims jumped from around 7,000 to nearly 75,000.
. . . . But the biggest victims may be the innumerable Washingtonians who now have had their legitimate and urgently needed claims for jobless benefits delayed as the state tries belatedly to halt the fraud. Others who have already received money say their claims are being investigated for “possible overpayment.”
Seattle resident Silvia Muhammad and her husband were both receiving unemployment benefits when they got ESD notices demanding more verification, or else “he’s going to have to pay back all the money that they’ve given him.”
For his part Inslee points out, quite rightly, that other states were also targeted by unscrupulous scammers, though Washington state Republicans note Inslee’s role in making Washington such an attractive hunting ground.
“It is clear this is not just a Washington state problem,” said a statement from Gov. Jay Inslee’s office Thursday. “This is a national and international criminal conspiracy. We were among the first states hit by these fraudsters but we will not be the last.”
But Caleb Heimlich, chairman of the Washington State Republican Party, said responsibility for the massive swindle rests with Inslee. “No other state was susceptible to this level of fraud. Inslee and his hand-picked department heads continually mismanage our state. All of these failures are Inslee’s to own,” he said in a statement Friday.
[Featured image via YouTube]DONATE
Donations tax deductible
to the full extent allowed by law.