Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits.
This is according to the Federal Trade Commission (FTC), which received about 1.4 million reports of identity theft last year, according to a blog post published Monday, when the commission kicked off its annual “Identity Theft Awareness Week.”
“Repeatedly, identity thieves targeted government funds earmarked to help people hard hit financially by the pandemic,” according to the post by Seena Gressin, an attorney with the Division of Consumer and Business Education at the FTC.
In 2020, there were 394,280 reports about government benefits fraud compared with 12,900 reports in 2019. Most of these involved people filing for unemployment benefits, which experienced a sharp rise in 2020 due to the pandemic, Gressin noted.
In 2020, the U.S. government expanded unemployment benefits to people left jobless by the pandemic, something cybercriminals took as an opportunity to file unemployment claims using other people’s personal information, she wrote.
In one such high-profile case, Rapper Fontrell Antonio Baines. who goes by the stage name “Nuke Bizzle,” boasted about perpetrating exactly this crime in his music video “EDD”—a reference to the California Employment Development Department.
The video shows Nuke Bizzle and his cohorts collecting EDD envelopes from various mailboxes, filing fraudulent claims on a laptop and spending wads of cash. Bizzle was subsequently arrested and ordered to stand trial in a U.S. District Court in Los Angeles.
Seasoned cybercriminals also aimed to cash in on COVID-19-related unemployment claims, with more success than the ill-fated rapper. The highly organized Nigerian cybergang Scattered Canary for instance walked off with millions in business e-mail compromise (BEC)-related fraudulent claims made on the online unemployment websites of eight U.S. states, according to a report released in May.
Small Business COVID-19 Fraud
People aiming to receive funds from government-sponsored small-business loan programs also experienced a rise in identity-theft crimes, according to the FTC. People reported 99,650 cases of fraud involving business or personal loans, compared with 43,920 reports in 2019.
Indeed, small businesses were some of the organizations most dramatically affected by COVID-19 economic shutdowns in 2020, and many business owners filed for federal relief. While “not all of the new reports related to the government-relief effort,” Gressin acknowledged, “they were a big share of the increase.”
Taxpayer Data and Stimulus Checks
Cybercriminals also used identity theft to target stimulus checks that the U.S. government paid out to the taxpayers, boosting the number of tax-related cases of this type of cybercrime, according to the FTC. In 2020, the FTC got 89,390 reports of tax-identity theft, compared with 27,450 reports in 2019.
Tax-based identity theft has traditionally been a popular tactic by cybercriminals to pilfer people’s yearly tax-return payments; however, in 2020 the numbers of online tax fraud “began to swell when distribution of the stimulus payments began” according to Gressin.
Indeed, hacker forums saw an increase in buying and selling taxpayer data around the time the COVID-19 relief package was announced, alongside the usual phishing and other campaigns typically used to steal annual tax payouts, according to a report released in May.
The FTC and its partners are co-hosting a series of free events this week around identity theft to help inform consumers. More info is available on the FTC’s website.
Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!