BROOKLYN — A single mom from Brooklyn got her pandemic-related unemployment benefits for nearly a year without a problem, but then, one day, she couldn’t get into her account on the New York State Department of Labor website.
When the bank had no record of Lisa Sclar receiving $805 in benefits during her check on Feb. 7, she started to panic, especially when the DOL reported it had released the funds. Sclar kept checking with the state agency and a worker told Sclar her address was listed in Manhattan.
“Everything was different,” Sclar told PIX11. “My e-mail was different, my phone number was different, my address was different.”
“Somebody hacked into my account,” she said.
The hacker gave an address at West 57th Street and Sixth Avenue in Manhattan, “Apartment 5-R,” Sclar said.
“It was an apartment that was for sale and had been on the market for 100 days,” Sclar said. “I tried to call the phone number, and it seemed like it was just a ‘throwaway’ phone.”
The unemployment money was important to Sclar, who was only able to return to her job at Manhattan restaurant Oceana during the periods when it was safe to open.
When the DOL’s fraud unit launched an investigation, Sclar’s unemployment benefits stopped for two weeks in March.
Sclar reached out to PIX11 investigative producer, Allen Levine, who called DOL and was able to get Sclar’s March benefits released.
But she was still trying to get her payment from the original breach on Feb. 7.
Michael McAndrews, chief technology officer for PacketWatch, said states around the country have been burned by cybercriminals, since the pandemic began.
“We’ve seen a tremendous increase in fraud,” McAndrews said, “particularly unemployment claims, typically targeting the government agencies.”
The New York State Department of Labor told PIX11 it’s paid more than $74 billion to 4.4 million out-of-work residents since the COVID-19 crisis started. It said it’s also been able to identify 521,000 fraudulent claims in that time and prevent another $6.4 billion in payments.
But many more fake claims likely get through.
“Since so many state agencies have been overwhelmed by unemployment claims, they haven’t been able to audit them,” McAndrews noted. “So, many times, the claims are simply being paid, and therefore, the money is being sent to the criminals.”
McAndrews said he doesn’t believe the fraud comes from “inside jobs.”He said cybercriminals troll the web and look for passwords.
“It’s very common that people will use the same password on a dozen or more websites,” the former FBI agent noted.
“The best way to mitigate that is through a password manager,” McAndrews said.
Sclar said the state asked her to use a new program to authenticate her identity, called Id.me.
“They scan your face, and they scan your driver’s license,” Sclar said.
But on Monday, Sclar told PIX11 she’s had some problems getting payments again, despite her use of ID.me.
Around the state–and the country–the millions lost to unemployment hackers is gone for good.