Unemployment fraud is a continuing concern across the country. Criminals are using stolen personal information of employees from all types of organizations — higher ed, companies and government — to file fraudulent unemployment claims. This activity goes far beyond KU: From March 15 to October 23, 2020, the Kansas Department of Labor (KDOL) received and denied more than 100,000 fraudulent unemployment claims. Kansas may be a targeted in particular because it has a higher unemployment benefit amount than many other states. KDOL is working with local, state and federal law enforcement, including the FBI, to investigate the fraud.
How does unemployment fraud work?
Criminals file unemployment claims on behalf of individuals using their stolen personal information. Because states are working to make payments to unemployed individuals as quickly as possible — especially during the pandemic — payments may be sent before the state has completed the process of confirming the claim. Criminals have payments sent to bank accounts or mailboxes they control. The first indication of a fraudulent claim may be when the individual whose identity was stolen receives an "Unemployment Insurance Determination" statement in the mail from the Kansas Department of Labor.
Where do criminals obtain personal information?
Neither KU nor the state of Kansas have found any evidence of a breach of their systems. It appears criminals are using personal information — names, addresses, social security numbers — from previous nationwide data breaches (perhaps as long as 15-20 years ago). For example, one of the three major credit agencies reported a massive data breach in 2017. Personal information from past breaches is posted and readily available on the dark web.
Employment data for state employees, including salary information, is available to the public, which makes our information more accessible. Criminals may be harvesting information through these public sites and mapping them with other personal data they have collected separately from the dark web. According to KDOL, filing a fraudulent unemployment claim only requires: a stolen name, Social Security Number and date of birth. However, the date of birth can be faked.
What should you do if you receive a fraudulent unemployment claim letter from KDOL?
If you receive a fraudulent unemployment claim from KDOL, please report it to KDOL immediately. We also ask that you notify KU Human Resource Management at firstname.lastname@example.org. KU affiliate employees should check with their Human Resources staff for guidance.
In addition, you should consider other steps to monitor and/or secure your credit report and prevent further identity theft. The Federal Trade Commission provides information for getting started. These steps can include placing a fraud alert on accounts and freezing your credit report.
How can you protect yourself?
Even if you have not been targeted in unemployment or other fraudulent activity, the Federal Trade Commission (FTC) recommends steps to protect yourself from identity theft:
- Review your credit reports from the credit agencies for free.
- Freeze your credit reports to prevent someone from applying for and getting approval for a credit in your name.
- Consider subscribing to credit and/or identity theft monitoring services.
Experts also recommend these simple steps:
- Collect and open your mail every day, and place a mail hold if you will be away for several days.
- Review your credit card and financial account statements and look for unauthorized transactions. Compare receipts with account statements.
- Shred receipts, credit offers, account statements and expired credit cards.
- Use strong, unique passwords for each online account.
- Use multifactor authentication (e.g., Duo) wherever it is an option.
- Do not give personal information or account numbers to anyone via phone, mail, or over the internet unless you initiated the contact.
Be on guard for phishing and other cyber-attacks. Criminals are exploiting the uncertainty and fear surrounding the COVID-19 pandemic and you can protect yourself by:
- Being vigilant: If you receive a notification you didn’t expect — from the university, a government agency, a bank, etc. — contact the organization immediately using a phone number or email listed on their website. Don’t reply or use contact information in the email, as it may be fake. If you get suspicious emails to your KU address, send them to email@example.com. Contact KU IT Customer Service center at 785-864-8080 or firstname.lastname@example.org if you have security concerns related to KU systems or data.
- Being proactive: Change passwords for your online accounts on a regular basis, or if you get unusual notifications or see suspicious activity. Use complex passwords. Use multifactor authentication whenever possible on personal accounts. KU requires Duo multifactor authentication for access to campus systems.
The National Cybersecurity Alliance provides additional information and tips for protecting yourself.
Contact the IT Security Office at email@example.com if you have questions or concerns about the security of our systems or the protection of your personal information. Contact Human Resource Management at firstname.lastname@example.org if you have questions or concerns about fraudulent unemployment claims.
KU communications about unemployment fraud:
Unemployment fraud memo
June 17, 2020 | from Julie Thornton, Director of Employee Relations
ALERT: Be aware of fraudulent unemployment claims
Sept. 16, 2020 | from Mike Rounds, Vice Provost for Operations
Protecting against unemployment fraud
Oct. 26, 2020 | from Mary Walsh, Chief Information Officer and Mike Rounds, Vice Provost for Operations