This year's tax season comes with an extra source of stress: Will you find out that scammers claimed government money in your name?
Unemployment benefits fraud was rampant in 2020 as the government rushed to send out COVID-19 relief. The U.S. Department of Labor's Office of Inspector General has estimated the amount of benefits stolen was at least $63 billion, based on earlier patterns of unemployment fraud. But a lot of the fraud is coming to light only now, during tax time.
"People are getting letters from the IRS or different state agencies about the unemployment benefits that they supposedly received last year, when in fact they didn't," says Crane Hassold, senior director of threat research for the email security company Agari.
The passage of the Biden administration's American Rescue Plan means billions of dollars more for unemployment benefits, extending supplemental pandemic aid through the summer.
It's welcome news for people still out of work, but it also raises the stakes for an unemployment system that continues to be targeted by scammers.
Federal law enforcement has a special task force trying to track all of the unemployment benefits fraud, and the IRS has posted guidance for taxpayers who receive 1099-G forms showing taxable unemployment benefits they never received. The first step: Contact the state unemployment agency and ask for corrected forms.
But that may be easier said than done, as state workforce agencies are still struggling to cope with all the new demand. Some reported a tenfold increase in claims during the first months of the pandemic, and aid applicants continue to be frustrated by busy call centers and long waits for benefits.
Meanwhile, the fraudsters are still at it. Just a few days ago, teacher Louis Rhodes says his Maryland college notified him that the state had reported he'd applied for unemployment benefits.
"And I said, 'That clearly wasn't me, because I work!' " he says. "I just worked today!" Rhodes hopes there's still time to stop the fraudulent payments.
"The email that [the college] sent gave me instructions on how to contact the state office to let them know that someone had attempted to use my name. So I'm just a little confused why the state wouldn't know this, since they contacted the college," Rhodes says.
At Agari, Hassold has been monitoring international cybercrime gangs as they share "cheat sheets" for conning the various state workforce agencies. He says scammers also share intelligence on which agencies are most vulnerable at the moment.
"Unfortunately, most of the states are shown as paying out, at least some of the time," he says. "A lot of the chatter in the scamming communities today is about the new round of stimulus coming out and how that's going to be another free-for-all."
Many state workforce agencies are still trying to get a handle on how much money was stolen from them last year.
California says that $11 billion in benefits last year were fraudulent and that another $19 billion is under investigation. Washington state, which authorized about $600 million in questionable payments during the first weeks of last spring's pandemic response, has been trying to claw that money back from banks and individuals. At last report, it was still short about $233 million, according to testimony to a state Senate committee on March 4.
Even as they continue to calculate the damage, states are trying to improve their defenses.
According to a recent report by the Department of Labor's Office of Inspector General, the system has been too vulnerable to fraud in recent years, and "improper payments" are often 10% or more of total benefits paid out. The report cites "significant concerns" about the system's ability to distribute money quickly and securely, "particularly in response to national emergencies and disasters."
Former Labor Department official Dale Ziegler blames Congress for allowing staffing to get too low to deal with potential fraud effectively. He says when the pandemic hit, there was no way for states to rebuild that staffing fast enough.
"You don't pull a person off the street and hire him and put him in a chair and expect him to do this work, overnight," Ziegler says. "They have to be trained. They've got to get some experience."
After the first big wave of fraud last year, Congress allocated extra money to improve security. More states are now exchanging data and flagging names and Social Security numbers used by identity thieves. Several have also adopted new identity-verification services, such as ID.me. It allows unemployment benefits applicants to upload "video selfies" that are compared with their photo IDs.
But technological fixes have their own drawbacks. ID.me says it has been targeted by "major attacks to take down our service," and the CEO apologized for the wait times for those applying for aid.
The Justice Department is also warning about fake unemployment benefits websites that scammers have set up to intercept just the kind of personal data that allow them to steal benefits.
All this has raised questions about the decentralization of America's unemployment system. Traditionally, states have preferred to run their own systems, partly to keep control over how easy — or difficult — it is for constituents to get benefits.
But as the federal government continues to pump hundreds of billions of dollars of its money through state workforce agencies, the Biden administration is pushing for a more united front.
"We've seen the criminals go state to state, testing the fences, identifying where there might be an opportunity," says Suzi LeVine, principal deputy assistant secretary for employment and training at the Labor Department. It's a new job for her; she used to run Washington state's workforce agency and was there when it realized it had been bilked on a massive scale.
"What we have had for this past year has been leaving the states individually to fight [fraud] on their own, with 53 different solutions across states and territories," LeVine says. "I do think each of those is more prepared now. However, it's time now to have a more national approach."