Unemployment Fraud Sweeps Nevada
If you’re a business owner, and you receive a claim from unemployment, you better take a closer look at that notice, because it might be fraud!
How do I know if it is Fraud?
A lot of my clients, including myself, received a letter from DETR labeled, “Notice of Claim Filed” and attached to it, an “Employer Response” form. If the employee mentioned in the letter did not apply for unemployment, it is mostly likely fraud.
In my case, DETR sent me a letter asking if I requested unemployment for myself. I hadn’t, and that’s what led to me find out about all the UI fraud going on in Nevada.
How did this happen?
Recently the DETR’s unemployment system was hacked allowing for thousands, if not more, employees that have worked in Nevada to have their identities compromised.
Taking a closer look at DETR’s online system, someone well versed in computer science can see the obvious vulnerabilities of their system.
For one, they are on an antiquated system of Cisco (their login and interface reminds me of my days of programming in UNLV back in 2003.)
Secondly, their website does not have an SSL Certificate when you arrive at the home page, nor throughout other areas of their website. This is likely how the hackers got in (see below).
The Reno Gazette and RJ have both reported on this, but DETR seems to be staying quiet for now.
Additionally, it doesn’t seem like this is germane to only Nevada. According to the Review Journal, Nevada has lost close to $200M in fraudulent claims but Washington and Maryland have lost $650M and $500M, respectively.
What is an SSL Certificate?
SSL Certificates are used to encrypt communication, between your web browser and a web server. It’s primary function being to decrease the risk of sensitive information (e.g. credit card numbers, socials, passwords, etc.) from being stolen or tampered with by hackers.
Everytime you purchase a domain and try to set it up, your domain registrar (e.g. NameCheap, Godaddy, SquareSpace, etc.) will ask you if you would like an SSL when you are setting up your website.
They are fairly inexpensive. For instance, you may purchase an SSL from NameCheap for as low as $8.88 / year.
So basically thousands and thousands of people in Nevada potentially had their identities stolen, and it may be because the State didn’t spend $8.88 / year on an SSL certificate.
What to do if I got hit with UI Fraud?
As mentioned above, you should’ve received Employer Response Form with the fraudulent claim you received in the mail. Mark the word “FRAUD” on it, REALLY BIG! Then fax it to the DETR fax number provided as soon as possible.
Additionally, DETR is asking that you file a police report with the city you reside in and to start monitoring your credit more closely.
In other words, the UI Fraud may be just the beginning.