FeaturedLatest NewsNews

Arrest made in $650 million ESD unemployment fraud case

By Erin Freeman | Lynnwood Times Staff

Washington has been at the forefront of massive fraudulent activity since the onset of the Coronavirus pandemic, an extensive network of cybercriminals claiming hundreds of millions of dollars in unemployment through the names of tens of thousands in the state alone. 

On May 14, Washington’s Employment Security Department (ESD) Commissioner Suzi LeVine announced that the state has been the target of unemployment scammers, with individuals using stolen personal information to fraudulently apply for unemployment benefits. 

“Since the start of May… the Employment Security Department has seen a significant rise in reports of imposter fraud, said LeVine. ‘This is where bad actors have stolen Washingtonians’ personal information from sources outside of the agency and are using it to apply for unemployment benefits.” 

In response to the fraud, the ESD immediately flagged nearly 200,000 initial claims for further review and has since implemented changes in their system by requesting increased verification measures, in an attempt to detect further fraudulent activity. The ESD reports they have hired more fraud investigators and stationed ESD staff to the call center to address increased inquiries on the fraud hotline.

“We do have definitive proof that the countermeasures we have put in place are working,” said LeVine May 21, stating that they have “prevented thousands of fraudulent claims from being filed.” 

Suzi LeVine
ESD Commissioner Suzi LeVine at her June 18, 2020 ESD Presser.

In a June 18 press conference, ESD Commissioner Suzi LeVine announced that 50 National Guard Members started training that morning to assist the department to resolve new and existing claims. They will be joining more than 400 ESD staff members to assist with ID verification. An additional 50 more guards are expected to arrive in the following weeks.

An additional 81,508 individuals, who filed for an initial claim between March 8 and June 15, continue to wait for their claims to be resolved due to ID verification and other account issues. The target date for these cases is expected to be released at the end of June, said LeVine.

“We’re still doing that analysis and will provide a target date for that by next week.”

LeVine said that staffers are prioritizing the oldest applications first and that 33,000 individuals, a subset of the 81,000, who filed between March 8 and May 1 can expect to have their claims resolved by July 13.

While the ESD has reported having paid out over $5.4 billion in benefits since March 7tens of thousands of Washingtonians, waiting for weeks and months, continue to wait for their claims to be resolved. 

Mukilteo Resident Brent learned firsthand that he couldn’t apply for unemployment benefits until fraudulent claims in his name were cleared from the ESD system. 

Two months ago, Brent received notice from his employer’s Human Resources Office that they had received a letter asserting he had filed for unemployment. Brent then filled out the fraud reporting form as instructed on the ESD website to alert the department that an imposter had claimed benefits under his name.

Since then, he has been placed on furlough, and when attempting to create an account to file an unemployment claim he received an error notice stating there was another account under his name assigned to an outlook account that he has no relations to. 

“That was the email the fraudulent person filed with,” said Brent. 

Calling the ESD’s call center, Brent said that he faced difficulty several times getting through, and when he did, he was directed to send the department the necessary documentation and steps to verify his identity, receiving confirmation the department had received his information. Unable to still get into an account, he was told by the call center that the verification had not been processed yet due to the agency’s backlog of claims.  

Now, he continues to wait for the ESD to verify his identity to unlock his account, where he will then be able to file a claim for unemployment benefits, to be queued behind tens of thousands of others. 

And Brent is just one of many in Washington, and just a fragment across the nation, affected by the pandemic unemployment fraud. 

On May 14, a U.S. Secret service bulletin stated that at least seven states have fallen victim to the unemployment fraud, identifying Washington as the primary target, carried out through a network of potentially hundreds to thousands of people connected to a Nigerian cybercriminal organization called “Scattered Canary.”  

“It is likely that every state is vulnerable to this scheme and will be targeted if they have not been already,” warned the Secret Service memo. 

Commissioner LeVine said that Washington’s jumpstart in granting residents federal coronavirus relief funding and compensation, as well as its high unemployment benefit payment maximum, may have factored into the state being a primary victim in the scheme. 

“Washington State is the second most generous in terms of our maximum weekly benefit amount in the United States which does make us a more attractive target,” said LeVine.

Email security researcher Agari Cyber Intelligence Division released a report last year, detailing that Scattered Canary has been involved in several fraudulent activities against government services for nearly 12 years, tracing back to October of 2008. 

Scattered Canary’s collection of cybercrimes against government agencies has involved email fraud through creating various Gmail “dot variant” accounts on each target website.  This is feasible as Google overlooks periods when evaluating Gmail addresses, says Agari. In the instance of the recent pandemic unemployment benefits fraud, this allowed the group to create countless accounts on state unemployment websites. 

Agari uncovered that since April 29, Scattered Canary filed at least 174 fraudulent claims for unemployment with the state of Washington, as of May 19. They proclaimed that this equates to a potential loss of up to $4.7 million- a number the ESD Commissioner Levine recently stated to be hundreds of millions higher. 

As of June 18, the ESD is estimating between $550 and $650 million in fraudulent claims due to the scheme, filed in the names of tens of thousands; $350 million has been recovered.

The recent fraudulent pandemic unemployment insurance activity has also been traced to payment into out-of-state bank accounts by the Secret Service and the Federal Bureau of Investigation (FBI). 

“In the state of Washington, individuals residing out-of-state are receiving multiple ACH deposits from the State of Washington Unemployment Benefits Program, all in different individuals’ names with no connection to the account holder,” said the Secret Service bulletin. 

A Special Agent with the FBI noted in an Affidavit, filed June 11, that they had probable cause to believe that since approximately 2016, a Nigerian man, 27, named Esogie Osawaru, among others, have been participating in a series of online scams, including ESD’s unemployment insurance fraud through opening numerous bank accounts and directing victims’ money to be sent to the accounts. 

TD Bank ATM Surveillance Image of Feb. 7,2019 Withdrawal from Edward Account. Courtesy of the Federal Bureau of Investigation.

On or about April 10, 2020, Osawaru opened an account in his name at the Eastern Bank Branch located in Massachusetts. Then, on May 19, the account received $10,710 from Washington State unemployment insurance in the name of Victim-11. 

“Victim-11 lives in Washington State, has never applied for unemployment benefits, and reports that he has no knowledge of Osawaru,” the case stated.  

Osawaru was arrested on June 15 and faces up to 20 years in prison if convicted, according to the United States Attorney’s Office District of Massachusetts. His association with Scattered Canary has not been confirmed. 

Osawaru’s Massachusetts Driver’s License Photo. Courtesy of the Federal Bureau of Investigation.

U.S. Attorney Brian Moran of the Western District of Washington announced that his office has been working with the state and federal agencies to identify and prosecute individuals filing fraudulent claims, while also recovering funds. 

“I commend the Social Security Administration Office of the Inspector General, the Secret Service, the FBI, and the Department of Labor Office of the Inspector General for their quick and urgent work to reclaim these funds and other criminal proceeds that we are working to identify,” said Moran. 

U.S. Attorney Moran expressed doubt in the ESD system on May 15, saying that it may have been vulnerable to attacks of imposter fraud. 

“Chasing these reprehensible criminals is just one part of the equation,” said Moran said in a statement. “The other part is for the state to address and fix the vulnerabilities in their system, and I am advised that they are working to address that part of the problem.”

A federal fraud investigator, remaining anonymous, told security news and investigation site KrebsonSecurity, that fraudsters likely experience ease in filing for others unemployment benefits using false identities, as they need to only submit someone’s Social Security number and basic information for claims to be processed, all information that can and has been stolen during previous data breaches. 

Commissioner LeVine has stated that the ESD did not experience a data breach itself, and the personal information required to apply for unemployment benefits insurance was obtained through other circumstances, such as through external data breaches. She also noted that many people were unaware that their personal information, required to apply for unemployment benefit insurance, had been stolen in the past. 

The fraud investigator who spoke with KrebsonSecurity also said that the massive fraud could potentially be in response to several state systems lacking sufficient measures in place to detect suspicious patterns, to potentially identify invalid applications, “such as multiple applications including the same internet addresses and/or bank accounts.”

In 2017, the ESD did receive a $44 million replacement system software update called the Unemployment Tax Benefit System (UTAB) to support the detection of unemployment fraud. The Seattle Times reported the UTAB project details, identifying the ESD having difficulty with its old computer system that was “increasingly unsuited to supporting the needs of a modern Unemployment Insurance program.”  

The Seattle Times’ Jim Brunner reported that in a 2017 assessment of the UTAB, the state considered a more powerful authentication system to be included in ESD’s upgraded system, but found it to be problematic and difficult for people attempting to file claims. 

Washington State Auditor Pat McCarthy has announced that her office is leading an investigation on the ESD fraud, examining potential weaknesses in the software system, and working to identify additional factors leading to fraudulent and delayed payments.

LeVine responded to the announced audit, saying that the ESD welcomes it.  “Our goal in this unprecedented crisis has been and continues to be getting benefits out to eligible Washingtonians as quickly as possible, said LeVine. “We look forward to working with Auditor McCarthy and her team to accelerate the work that will meet that goal.

14 thoughts on “Arrest made in $650 million ESD unemployment fraud case

Leave a Reply

Your email address will not be published. Required fields are marked *