I'm always a little suspicious of claims of benefit fraud that aren't backed up by court cases. They're very easy to inflate. Someone loses their job, fills in a form incorrectly, gets paid, the error is discovered a year later: was there really fraudulent intent, or is it just the combination of means-testing and the difficulty of discovering someone's true circumstances?
On the other hand, 10-20% of successful claims being fraudulent sounds plausible: I could easily see there being one successful scammer for every ten genuine applicants, and the scammer claiming 1-2x as much on average.
The number is mostly so large because it's 10% of an even bigger number, the amount CA pays in unemployment claims, which is not in dispute.
The more restrictions and rules you place on benefits the higher the "fraud" rate will be since any mistake in following those becomes "fraud." The US tends to put in many rules and restrictions then increases them if a news articles talks about fraud.
here in California, this EDD unemployment payments fraud is being discussed: it was special to covid-19; really, really out of control; very damaging with the cost of living here, especially rent for working people; in a place that defines high-tech, getting scammed so badly; it is not publicly known exactly all the ways that the EDD scams happened, and there is lying by a lot of people about it right now, in govt and outside govt.
It is not at all comparable to Finland, and it is completely comparable to Finland
Finland via Nokia is quite high-tech in places; many people are poor; Finland unemployment system is not at all like California EDD; high-tech is available to the unemployment benefits people to implement payments, but do they use it?
Personally I care a lot about the Scandinavian lands even though I live in California. It is really interesting to me to hear comparisons of California to Finland. Both systems of government are complex and unique, so superficial comparisons certainly have a lot of hidden detail. People on YNews are uniquely capable with high tech so real inquiry here might lead to something interesting.
Most people use their online banking credentials to prove their identity online. The system has been around since the late 90s, and it works well enough in practice. There have been some attempts at creating a national electronic id (like in Estonia), but they have never become popular.
There are just so many factors between two different countries with different healthcare systems and other factors I don't see why a comparison is useful
I always wonder how this works? My HR office contacted me and told me unemployment application was rejected because I was still employed (someone submitted one on my behalf). Maybe states differ a lot but the unemployment office seems to check with an employer here before paying (I'm in massachusetts, you don't get unemployment if you are fired with cause). Also a unemployed friend indicated you had to stay in contact with the unemployment office showing that you were searching to get the benefit.
The police officer handling fraud I talked to said he was getting a lot of a calls about this kind of fraud.
It seems to be getting more popular. A number of people (6 and counting, so far) on my current project only learned about fraudulent unemployment claims made under their name when they received a tax document stating they received so much in unemployment benefits, which was quite perplexing to them considering they've been employed the whole time.
This guy[0] got caught because he made a song about it, but not before he got $1.2M in fraudulent claims. If a single person can net $1.2M, the $31B number starts to seem plausible.
I'd bet that at least a significant part of that fraud went not simply to criminals but to some state-level activity. $31 B is so huge that it is meaningful at very high levels (e.g. it's much larger than all the assistance, goods, weapons and financing provided to support Ukraine in the ongoing war), and for places like North Korea fraud and hacking is a large part of their foreign currency income (technically speaking, that would probably count as "export of services").
I had never heard of this, and I'm a WA state taxpayer...
so admittedly having only read the article, I'm familiar with the theory that there's a number of fraud organizations out there that were in possession of the most vital personal data (name/DOB/SSN) that submitted false claims in 2020 during the earliest stages of the covid19 response, and got payments redirected to money mule ACH deposit accounts.
this happened in more locations than just WA.
one of the sketchiest things you can find on the internet, if you take time to research it, is the number of scammers posting "job openings" for things like a "accounts processing executive" for full WFH jobs. a certain percentage of gullible or entry level people who are too naive to know better fall for it. the general concept is to create a legit US domestic bank account that can receive ACH transfers and then forward the money onward somewhere else. usually ending up in some form of overseas account or cryptocurrency from which it cannot be retrieved.
I was furious when I heard of this back in 2020, and I'm a WA state taxpayer.
The ESD Commissioner job was handed out as a political patronage gift. The person who was running the show has "failed upward" and is now in Washington DC.
One-party government sucks. "Yeah but the other party is worse" is irrelevant.
Voting in Washington is really abhorrent. I read the last Republican Governor Nominee's bio and platform in the voting guide and was just surprised that he thought he was qualified to be Governor in a state with 7 million people. I don't really see why solid blue states or solid red states can not be an opportunity to innovate on platform and see what works, instead it seems qualified candidates just don't exist or give up
It's absolutely relevant how much worse the other party is. If they weren't so hostile to government[0] and thus the people they might serve as a check on the party in power. I sincerely wish I had a choice in all elections, but sadly most of them are between someone that will probably be OK and someone that I fear will shoot up the capital if they don't get what they want.
I too had my unemployment record hijacked and money transferred in the WA state attack
The state sent out a letter pretty quick, and I filed to stop this within a few weeks. I have no idea how much was stolen with my name, or how much was recovered later
At the time, I would prefer the state to err on the side of paying quickly for those suddenly out of work in a pandemic, but if the state paid almost $50m for a system to stop fraud that just didn’t work right, then perhaps a refund and legal recourse is in order.
I think the only (and easiest) way to fix this is with centralized government identity infrastructure. Right now every agency has to spend some of their budget to verify identity instead of relying on someone whose main job is that.
But I think a lot of the US, myself included, opposes central identity.
We can fix this in decentralized manner, but we won't. Require signed application in front of notary. Lie to notary while presenting fake ID can bring real charges.
There will be a few edge cases (disabled), though after a few prosecutions the fraud will mostly stop.
The statement above left leaves out some important details when level-setting the just how bad it was in WA state:
> All told, the imposter and fraud claims represented $646.8 million in misappropriated benefits. (Not all the imposter claims were paid; many were stopped by ESD before funds went out.) Of that, the state has recovered $370 million, the audit stated.
reminds me a little bit of when ubiquiti networks got phished to redirect a SWIFT wire transfer to a different location, and had to report it on their 10Q
at least the SEC requirements for publicly traded companies requires them to disclose it. it's kind of funny that a for profit corporation has more transparency going on in its disclosure of getting scammed than a municipal government entity.
You find it funny, but this is by design. Governments are not benevolent parties, gifts of the gods to society.
Companies aren't either, but at least we can choose which companies we deal (not for everything, but still for many things) and companies can't use violence against us. We can't choose governments (if you live in a "democratic" state, you can choose a politician, which is another thing) and if you don't subscribe to what they impose, they have an excuse to use violence against you and your family.
EDIT: private bodies in theory can use violence, but then we also can fight back in legitimate defense. This doesn't apply to governmental violence.
This is very circular. You prefer companies to the state, because we can chose which companies we deal with and companies can’t use violence. But it’s the state that says companies can’t use violence.
A monopoly on violence is a necessary condition for being a state. It is something that is true for states but not other things, and it isn't circular to say they are potentially more dangerous for having that attribute.
I think the parent poster’s idea is that a state is a necessary condition for a nonviolent company. In the absence of a state enforcing trade laws you’d just have companies running their own navies and armies to keep the peace, as was the case at times in the past.
As anyone who's ever spent more than a few nanoseconds caring about things like civil liberties or government accountability knows, the courts tend to give people who are on the "same team" a lot more leeway.
A valid reason not to disclose it at first, perhaps. By the time that the Fresno Bee formally requested it, that probably wasn't a valid reason not to disclose it anymore.
Im surprised that this attack on a govt entity was successful. In such entities, every vendor record is a database entry in some legacy custom CRUD system, which require 5 different people to approve X record update.
Each of those people also have their own checklist of things to do prior to approval, one of which is literally pick up phone and confirm with vendor the X update.
Govt has a reputation for not being agile - but maybe the scammers have identified a niche in city agencies?
Now im wondering how many of these have never been reported on...
The episode 111 of "Darknet Diaries" describes how Bullitt County, KY was hacked. 25 people were added to their payroll system and paid! They did it with a "man in the browser" attack so the transactions didn't raise red flags:
I know of multiple municipalities (Illinois in this case) where there's a single point of failure for these kind of attacks. I am sure there are quite a few of these cases that never get reported to the public, especially after my experience with the quality of many of the audits that smaller and mid-size communities go through.
I am an ex municipal employee. Procedures are often just blindly checked through. The paperwork for the procedure often exists and is filled out, but the procedure itself is often not conducted.
Those 5 different people don't understand the big picture and even if they do they likely don't care (and probably have been burned from caring in the past).
Getting comically insane stuff (like a 400k transfer to a scammer) to actually happen is way easier when everyone exists in "I just stamp the form if all the fields are filled out, checking what's in the fields is the next guy's job" type silos.
And there's a good chance that many of them think "Oh, the other 4 will catch it if I don't, so it's not a big deal." Adding a committee to something doesn't make it automatically smarter.
Good job reporting on this. Now the question is whether the voters will care at the ballot box.
We shouldn’t go after the person who fell for the scam - they’re just doing their job the best they can. Or even the person who should have disclosed. We have to all the way up to an elected official that needs to be held accountable, whether they knew about it or not.
> Or even the person who should have disclosed. We have to all the way up to an elected official that needs to be held accountable, whether they knew about it or not.
How does this really make sense? The biggest wrong here is that it wasnt disclosed in my opinion. It sounds like it was the mayor's wrong there, but I dont see how you would "go all the way up to an elected official.. whether they knew about it or not". That part doesnt really make any sense to me
You can focus on both the “how” and the “who”. I work in an engineering organization where when something sufficiently complicated goes wrong, we do a proper root cause analysis, ask 5 Why’s, propose process improvements, etc.
But sometimes, people just screw up, and preventing every unique screw up, would mean the creation of an absurd amount of process.
For example, one time, excited by the performance results of a colleague, I tried to immediately apply his performance optimization in a different context serving production traffic; we had a team culture of don’t test in prod, etc; but my hubris/excitement meant I powered ahead, which ended up driving up latency, failing requests, and causing a small outage.
The solution in this case isn’t to invent a new process to prevent my mistake, but rather to make sure the engineer knows they screwed up. A bit of shame/guilt leads to self improvement.
If you focus solely on process, and avoid personal responsibility, you may end up missing opportunities for personal growth.
You know, like how when an employee embezzles from a company you fire the CEO? It's just common sense. Punishing wrongdoing instead of ritually sacrificing a figurehead is just so barbaric.
Yeah the dollar amount is pretty much meaningless, it’s like the cost of employing 4 cops in a city that has 850. But the failure to disclose is a pretty big problem.
Reportable as in the city answering the public records request or reportable as in this news article? The former the amount shouldn't really matter, that's what public records are after all, the latter seems more subjective but I think the article is popular because of the denial of the records request and being found out not necessarily the amount being crazy high.
the netsec/infosec industry term now is "whaling" or "spearphishing" where a specifically crafted fake email from a vendor to a payor is send to redirect the wire transfer to a another account, typically an ACH money mule or ignorant/clueles patsy that then forwards the bulk of the funds onwards to a location where it cannot be retrieved.
