Like residents of many other states, Ohioans were victimized by fraudulent unemployment claims in 2020, and some of them are just finding out now as the state sends out tax statements for the benefits. Unemployment benefit fraud is the latest wrinkle in the growing incidence of cybercrime, with perpetrators using phishing emails, “smishing” texts, and “vishing” voicemails to steal victims’ passwords and data.

Fraudulent unemployment is considered a “social engineering attack,” where the fraudsters trick or manipulate victims into divulging their passwords and data. It began last year when scammers used the dramatic rise in job losses due to COVID-19 to file fraudulent claims with state unemployment agencies, using names and Social Security numbers of real people but diverting the payments to their own bank accounts. In December, Ohio identified more than $330 million in fraudulent unemployment benefit payments.

As a result, many Ohio taxpayers will receive 1099-G forms from the Ohio Department of Job and Family Services (ODJFS) for unemployment benefits they never applied for and never received. The 1099-G states the amount of any benefits paid.

In Ohio, unemployment benefits are taxable income, but taxpayers who find they are victims of unemployment fraud will not be liable for any taxes on the condition that they report the fraud to the state.

IRS Guidance and Steps to Follow

  • The IRS has told taxpayers who receive an incorrect Form 1099-G for unemployment benefits they did not receive, to contact the issuing state agency to request a revised Form 1099-G showing they did not receive these benefits. If you are unable to obtain a timely, corrected form from states, you should file a tax return reporting only the income you received.
  • A corrected Form 1099-G showing zero unemployment benefits in cases of identity theft will help taxpayers avoid being hit with an unexpected federal tax bill for unreported income.
  • Taxpayers do not need to file a Form 14039, Identity Theft Affidavit, with IRS regarding an incorrect Form 1099-G.

Other Support and Solutions for Fraudulent Unemployment

  • Report the fraud online at unemployment.ohio.gov.
  • Ohio has established a toll-free hotline 833-658-0394 which is open from 8 a.m. to 5 p.m. Monday through Friday.
  • Discuss the fraud and resulting 1099-G tax statement with your tax advisor. You should not include the benefits in your income on either your state or federal tax return.
  • Place a fraud alert on your credit reports with the three major credit reporting agencies – Equifax, TransUnion, and Experian. Fraud alerts are free and remain on your report for one year.
  • Check your credit reports for signs of fraud such as new accounts opened, hard inquiries, and unfamiliar personal information.
  • Notify your banks and credit card providers.
  • Freeze your credit. This also is done by contacting Equifax, TransUnion, and Experian.
  • Change all your affected passwords. This is another good reason never to use the same password for multiple sites.

General Protection from Cybercrime

The continuing increase in cybercrime requires vigilance and an understanding of how you may be vulnerable. Here are some general rules according to IT Senior Manager Ryan Bidlack:

Use strong passwords and consider using passphrases. Never share passwords with others or write passwords down.

  • Before clicking on any link in an email:
    • Check the sender’s email address to verify that you recognize it or it’s a trusted account. Watch for spellings and characters that may be transposed or inappropriate (such as a lowercase l [letter L] to replace a capital I [eye]).
    • Carefully hover over the link, but do not click on it. The website address should appear on the screen. Try to verify that the link matches the address.
    • It’s always better to err on the side of caution. If in doubt, pick up a phone and call the sender to verify the email is legit. Do not reply and ask the sender if the email is legitimate as the sender’s mailbox could be compromised and the malicious user could reply to the response saying the email is legitimate.
  • Secure your devices with antivirus, firewalls, and spam filters for email.
  • Patch your computers at least monthly (install Windows updates).
  • Backup your computer hard drive to an external source at least weekly (physical external hard drive or cloud-based solution). If you are the victim of a social engineering attack, you could restore your computer’s hard drive to the latest safe backup.

If you believe you were a victim of fraudulent unemployment, Contact your Barnes Wendling advisor for further guidance.

Related Insights