LOS ANGELES (CBSLA) – More than $11 billion has been stolen from the state of California through Employment Development Department fraud.
Experts say a large portion of that fraud has been perpetrated by a very sophisticated and organized fraud ring based out of Nigeria. Documents acquired by CBS2 show how easily scammers are able to cheat the unemployment system using how-to manuals they find on the dark web.
“I was like, ‘Oh God, here we go, they hacked me,’” Michelle Turner told CBS2’s Kristine Lazar.
Turner wasn’t surprised when her EDD account was drained. She’d seen the fraud plaguing California all over the news. But that doesn’t mean she was prepared to lose more than $6,000.
“To think that it’s just that easy,” she said. “In one second, they can take everything from you, in one second,” Turner said.
Someone spent the money on three separate transactions in Florida. Michelle lives in San Bernardino. Fraud experts say thieves from all over the world have dipped into the California’s unemployment fund.
“A vast majority of them are in places like West Africa, primarily Nigeria,” said Crane Hassold, Agari Director of Threat Research. “That’s where the focal point of this fraud is coming from.”
Hassold founded the FBI’s Cyber Behavioral Analysis Center. He says the majority of EDD fraud is being committed by a crime ring out of Nigeria called Scattered Canary.
“A lot of these scammers are younger, and a lot of them are actually quite well educated,” Hassold said. “They have degrees and are coming out of college, and the problem is that there aren’t a lot of job opportunities in Nigeria.”
Hassold showed CBSLA a document he found in a chat on WhatsApp, which scammers use to communicate. The 39-page manual has step-by-step instructions on how to file a fraudulent EDD claim.
“And file in a way that raises the fewest red flags,” Hassold said.
All that is needed? A “fullz,” a slang term used by scammers which means a stolen identity name, date of birth, address, phone number and social security number.
“A lot of these individuals will just buy full identities on the dark web or underground forums for very, very cheap,” Hassold said.
For as little as a dollar, and the payoff is very lucrative.
“I think that we are going to get into the high 10s if not 100s of billions of dollars when all is said and done here,” Hassold said.
Stopping this fraud is no easy feat.
“We have always said in my team that you can arrest dozens, if not hundreds of these guys and you’re really not going to make a dent,” Hassold said. “You have to go about this in a different way and identify the accounts used to receive these funds and shut those down as quickly as possible.”
The problem with that is that EDD has some very old technology. A 30-year-old computer system that uses technology that was created 60 years ago, called COBOL.
“It is inconceivable that they’re expected to distribute billions and billions of dollars using technology that you can’t even find people to program on anymore,” said Haywood Talcove, CEO of Lexis Nexis Special Services, which helps stop online fraud. “Imposter fraud is really easy to stop, and it’s being stopped by the banks, the financial institutions and the e-retailers.”
But with EDD’s technology, Talcove said stopped fraud is a slow as tedious process.
“This morning, I was up on the dark web, and I was looking around in anticipation of this interview, and there had to be over 850 people on the dark web talking about trying to crack in the state of California’s current system,” he said.
As for Turner, she said Bank of America said it would be at least 60 to 90 days before she would get her money back, but within one day of CBSLA contacting the bank, more than half of the money stolen was put back into her account.
CBSLA reached out to EDD, but did not immediately hear back.