GARFIELD HEIGHTS, Ohio — News 5 has uncovered a new way cybercriminals are targeting Ohio unemployment funds and stealing benefits meant for struggling workers.
Cybersecurity experts say it is called an Account Takeover (ATO) when hackers take control of an individual's account, then change the banking account information to redirect the funds.
In an email to News 5, Ohio Jobs and Family Services spokesperson Bret Crow wrote, "We have been notified of about 100 instances where claimants report being affected by this scheme."
How it happened
It appears the crimes happened when the victims clicked on links in texts or emails that allowed cybercriminals access to their personal information, according to Crow.
"We are assisting claimants who indicate that their bank account information was changed by someone else in what appears to be a phishing scheme," he wrote. "When notified about this type of situation, we work with the claimant to verify their identity, recommend that they change their Personal Identification Number (PIN) attached to their unemployment benefits, as well as their PIN security question, and advise them to file a complaint with the FBI's Internet Crime Complaint Center (IC3). We also notify the U.S. Dept. of Labor’s Office of Inspector General, whom we understand is working with the FBI’s Cybercrimes unit to shut down these sites and identify and apprehend the perpetrators."
Account Takeovers are also happening to unemployed workers across the country, according to Jon Coss, founder of Pondera Solutions, a cybersecurity company focused on waste, fraud and abuse in government programs, and vice president of Risk, Fraud, and Compliance at Thomson Reuters.
"An email will come in and it will typically use time pressure and say, 'You are going to lose benefits unless you click this link.' And maybe change your password or give us some additional information. And, of course, what the criminals are really doing is asking you to click the link so you go to either a malicious website or you enter data that they then use to go into the state system and redirect the payments," he said.
Coss also said it's easy for cybercriminals to buy your workers' personal information on the dark web, where criminals buy goods and services.
“I don’t want to say everybody, but pretty much everybody’s personal information is available now on the dark web for sale and most of it is a couple times," Coss said.
Coss said state unemployment systems' failure to invest in cybersecurity has made them easy prey for fraudsters.
"Once the pandemic hit, it was pretty obvious that this was a target-rich environment for the criminals," Coss said.
A News 5 investigation found Ohio's unemployment system was overwhelmed, understaffed, and using an outdated computer system when the pandemic began in March 2020.
"Shame on us if this happens to us again," Coss said. "And there will be another again. I don’t know what it will be, but if we’re not ready, you can bet that the criminals will be."
'I can't take anymore'
“There should have been security measures in place before, not after this happened," said Denise Williams, a Garfield Heights resident, who said she is the victim of an Account Takeover.
When the Garfield Heights resident checked her bank account earlier this month, her benefits were missing.
"I checked Monday, Tuesday, Wednesday," she said. "When [the funds] still hadn’t posted, I called to find out what was going on.”
Williams said ODJFS told her someone accessed her Ohio unemployment account and switched the banking information from her account to a Green Dot Bank account.
ODJFS shut down the hacked account and created a new one, said Williams. However, she said representatives told her Ohio won't help her get the money back. Williams said more than $4,000 was stolen from her.
Williams said the theft couldn't have occurred at a worse time. She is still grieving the loss of her oldest son, Derrick, who died in January.
“It’s very close to the straw that broke the camel’s back," she said. “This is, just, I can’t take anymore."
Crow said ODJFS is still looking into how to address the theft of funds from Account Takeovers.
Prevent an ATO
Coss and Anderson said there are simple steps you can take to avoid becoming the victim of an Account Takeover.
- Never click on a suspicious link in an email or text
- Use complex and different passwords for your accounts
- Closely monitor bank and credit accounts
If you are a victim of an ATO:
- If your unemployment benefits are stolen, call ODJFS and immediately report the fraud
- Notify your bank
- Alert the three credit bureaus: Equifax, Experian, TransUnion
- Report the fraud to the FBI Internet Crime Complaint Center IC3
In an email, FBI spokesperson Vicki Anderson said it is critical to file a report with the FBI because the agency only investigates when they identify a pattern among their complaints.
"The FBI cannot investigate each individual personal fraud," Anderson wrote. "Unfortunately, it is unlikely this money will be recovered."