The Ohio Department of Job and Family Services says that half of the 1.4 million unemployment claims filed since May of 2020 were flagged as potentially fraudulent. In December alone, more than 100,000 fraudulent Pandemic Unemployment Assistance claims were stopped before payments were processed. For a system already stretched thin due to the volume of legitimate claims, this is a huge challenge.
Hundreds of thousands of people have had their names and Social Security numbers used by others to claim unemployment benefits. Ohio Governor Mike DeWine and his wife, Fran, were two of the victims. Many people are just learning that they may have been identity theft victims as the Ohio Department of Job and Family Services (ODJFS) has begun mailing out the 1099-G tax forms to report unemployment compensation. This 1099 form may be the first indication to a victim that anything is wrong since unemployment claims are usually sent by direct deposit or debit card directly to the person committing the fraud. This is exacerbated by email-only correspondence during the pandemic.
ODJFS estimates the cost of fraudulent unemployment claims to be in the hundreds of millions of dollars. Other states are experiencing the same thing, as criminals take advantage of expanded federal unemployment benefits during the COVID-19 pandemic without the normal confirmation processes in place.
Action Steps For Individuals
If you receive a 1099 tax form from the state that includes unemployment compensation that you did not receive, or if you get a notice that an unemployment claim has been attempted in your name:
- Go to unemployment.ohio.gov to report the fraud. Other information about identity theft and resources to protect your identity is available here as well. If you don’t have access to a computer, you can call the ODJFS fraud hotline at (833) 658-0394, but it is difficult to get through.
- Taxpayers who receive an incorrect Form 1099-G for unemployment benefits they did not receive should contact the issuing state agency to request a revised Form 1099-G showing they did not receive these benefits. Taxpayers who are unable to obtain a timely, corrected form from states should still file an accurate tax return, reporting only the income they received. A corrected Form 1099-G showing zero unemployment benefits in cases of identity theft will help taxpayers avoid being hit with an unexpected federal tax bill for unreported income. For more information, go to tax.ohio.gov/wps/portal/gov/tax/.
- Take steps to protect your identity, including contacting the local police to file a fraudulent identity claim and attorney general. The state also suggests placing fraud alerts on your accounts and credit freezes on your name and social security number with all three consumer credit bureaus. Continue to monitor your credit reports, credit card statements, and bank accounts for any suspicious activity.
- Do not file a Form 14039, Identity Theft Affidavit, with the IRS regarding an incorrect Form 1099-G. The identity theft affidavit should be filed only if the taxpayer’s e-filed return is rejected because a return using the same Social Security number already has been filed. Similarly, do not file an Ohio ID theft affidavit with your state tax return unless a fraudulent tax return was filed using your Social Security number. See additional IRS resources at www.irs.gov/identity-theft-central.
With a Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN), individuals may enroll in the IRS Identity Protection PIN program, adding an extra level of protection to prevent fraud.
Action Steps For Employers – Focus on Your Employees
- If you are an employer, consider the impact on your business if a large number of employees are exposed.
- Be sure to instruct your customers and employees to report identity theft as soon as they have knowledge of it, and to get a recovery plan in action by following the steps above. The FTC operates IdentityTheft.gov where an individual can report an identity theft of any type and get some help building a recovery plan.
- If you have an ongoing security awareness program (and these days you should), consider including safe personal protection content as a part of your training program. An employee who has their identity stolen often is less productive and sometimes an avenue for bad actors into a firm’s information systems.
- Consider offering identity theft protection as an added benefit. One GBQ client made the decision to offer this new benefit as part of their effort to respond to a large number of employees caught up in the false claims. Talk to your benefits provider or look to firms like Lifelock.
Action Steps For Employers – Focus on Your Information Risk Management Program
- When faced with possible user identity fraud, an employer should consult with their IT or cybersecurity teams to determine whether their systems have been breached. A series of fraudulent unemployment claims may be a leading indicator of a data breach compromising employee personal information, particularly when there is a series of claims in close proximity.
- In most cases of unemployment claim fraud, bad actors are turning to databases of hacked information on the dark web to gain the information needed to file a claim. That information is generally coming from public sources and not your network, but jumping to that assumption without a look at company systems may result in missing an active security issue on the company network.
- Unemployment fraud’s universal impact – no one is immune – proves that no business is too small or too uninteresting for bad actors looking to monetize personal information. If they can take it from you, they will. Now is a good time to either revisit your cyber risk management program or, if you operate without one, consider implementing a formal program. Having a program in 2021 is imperative to your business’ resiliency in a world filled with cybercrime.
|www.michigan.gov/uia or Customer Service Hotline at 1-866-500-0017
For more information, or to discuss this matter in more detail, contact your GBQ advisor today.
Article written by:
Darci Congrove, CPA
Doug Davidson, CISA
Director of Information Technology Services