IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hackers Search for New Ways to Divert Colorado UI Checks

Cyber criminals are finding workarounds to steal unemployment checks after the state increased security. The scam involves official-looking emails and phone calls to steal user login information.

A hand hovering over the trackpad of a laptop. A blue warning symbol is superimposed over the image.
Shutterstock
(TNS) — The Colorado Department of Labor and Employment has made big strides in reducing fraudulent claims filed using stolen or fabricated identities. But that has pushed scammers in a new and more conventional direction: trying to steal the log-in information of claimants who have successfully passed the ID.me screen.

The phishing ploy involves sending out emails or making robocalls that claim to be from the CDLE or another official source. Some emails look like they're directly from MyUI, the official unemployment insurance site, and are providing an easier way to sign in.

Their intent is to snag the credentials needed to get into a legitimate account. Once inside, the criminals stealthily change the unemployed worker's direct deposit information to a bank or deposit account they control and pocket the weekly payment.

"They are trying to update as little as possible. They hope you don't notice it," said Phil Spesshardt, director of the state's division of unemployment insurance during a news call on Friday.

It isn't a scam that lasts long. People usually notice right away when the unemployment insurance payment doesn't show up, although some people take two weeks to catch on.

Rather than calling in and asking where the missing payment is, victims need to immediately check their bank routing information to make sure it wasn't changed. If it was changed, they need to file a fraud report on the CDLE's website. The problem is happening enough that the state has added a section for it.

Anyone who clicked on an email link or answered a robotic telephone call regarding their unemployment account should change their passwords immediately and also check to make sure the banking information hasn't changed, even if a payment hasn't gone missing yet, Spesshardt said.

So are the people who had their weekly payments swiped out of luck? Spesshardt said no. When a fraud report is filed, CDLE investigators will take up the case and do the work needed to make sure victims receive their payments. But that takes time, meaning the payments many people rely on to pay rent or buy groceries won't be there when needed.

"It becomes a laborious and time-consuming process. The work that has to be done there takes away resources from processing other claims," he said.

Hours of work are required to make up for the few seconds of indiscretion in handing over vital information. Spesshardt urges people to go directly to their MyUI page to sign in and never click on any links or other shortcuts offered.

©2021 The Denver Post, Distributed by Tribune Content Agency, LLC.