A combination of massive federal spending and lax local oversight resulted in a flood of unemployment insurance fraud during the height of the COVID-19 pandemic. U.S. Department of Labor Inspector General Larry Turner says he believes American taxpayers may have lost as much as $163 billion to fraud, $20 billion in California alone.

But here in the Granite State, taxpayers got out largely unscathed.

Since the beginning of the pandemic, 32,230 fraudulent claims have been filed in the New Hampshire unemployment office. But only 169 were paid, at a cost of $562,818 — a tiny fraction of the fraud experienced nationwide.

According to fraud prevention experts, the problem wasn’t local workers scamming the system, but rather international criminal organizations using ID theft and the internet to commit fraud on a massive scale.

Approximately 70 percent of fraudulent unemployment claims are made overseas, mostly in places like  Russia, Ukraine, and Brazil according to Brett Johnson, a former cybercriminal who now serves as the Chief Criminal Officer of Arkose Labs. Known as the “original internet Godfather,” Johnson said the passage of the federal CARES Act both expanded unemployment eligibility and decreased barriers to fraud.

“There was no security in place for 6 months,” Johnson said. “State unemployment offices had never really seen any fraud before. There was some fraud, but not at scale, and not with the type of attackers that had been hitting them.”

New Hampshire, however, was prepared. According to Deputy Commissioner of Employment Security Richard Lavers, the office blocked 99.5 percent of attempted ID theft claims at the door.

“I  think New Hampshire’s experience in preventing payment to identity theft claims really bucked the national trend,” Lavers said. “New Hampshire experienced an explosion of identity theft just like every other state in the country but we were effective at detecting claims and shutting them down prior to payment.”

Woody Talcove, CEO of LexisNexis Risk Solutions – Government, says the Granite State’s relatively small population (1.4 million) helped prevent the levels of fraud seen elsewhere. Not that small states got off unscathed.

But with a population of 1 million, Rhode Island has had more than $70 million in fraudulent claims since the beginning of the pandemic, according to the Rhode Island Department of Labor and Training.

In Nebraska, with a population of just under 2 million, “an early review at all statewide payments through June 2021, found roughly 66 percent of unemployment money was misspent,” NBC News reported.

In December, Oluwaseyi Akinyemi, a Nigerian national operating out of Maryland, pleaded guilty to multiple charges of stealing COVID-19 unemployment fraud. Akinyemi was ripping off senior citizens, then used their personal information to also file fraudulent unemployment claims during the pandemic emergency.

“In total, Akinyemi and his co-conspirators used the identities of 19 real individuals to file fraudulent unemployment insurance and [other] claims,” according to the Maryland U.S. Attorney’s office, with an “intended loss of $250,000 in state and federal benefits.”

Known as the “original internet Godfather”, Brett Johnson now serves as the Chief Criminal Officer of Arkose Labs. According to Johnson, the passage of the CARES Act not only expanded unemployment eligibility but it also decreased barriers.

Matt Albence is former acting director of U.S. Immigration and Customs Enforcement (ICE), and he sees it as part of the ongoing evolution of international criminals seizing opportunities created inside the U.S.

“This is another example of the need for public-private partnerships,” said Albence, who is now the spokesperson for the anti-fraud organization “United to Safeguard America from Illegal Trade (USA-IT).

“Criminals are smart and rapidly change their operations to exploit situations for their own profit. It happened when COVID-19 swept across the country and criminals flooded the market with counterfeit PPE, and it happened again when criminals found they could take advantage of government relief. If industry and government are siloed in their efforts, criminals will continue adapting and evolving—and we will continue to pay the price.”

Of the $163 billion and counting lost, only $800 million has been recovered, Talcove said.

Safeguards such as looking at an applicant’s history within the state, checking a device’s location, and whether or not the site was accessed from TOR— a dark web browser — were not taken into consideration, according to Johnson.

According to Lavers, the New Hampshire unemployment office followed the standard practices that are customary across states which focus on wage and SSN verifications. However, the office expanded its measure by including a physical review of each claim prior to payment, Lavers said.

“We kept a good handle on the suspicious markers,” Lavers said. “Not fun work but it was effective.”

The New Hampshire office has since developed its own identity verification procedures and multi-factor authentication system.

But not every state had the manpower to physically review every unemployment claim, according to Talcove.

Since the start of the pandemic, the Pennsylvania unemployment office has paid out $10 billion to fraud. The office is severely understaffed,  Talcove said. The backlog in unemployment claims in Pennsylvania is currently under 47,000, according to the Pennsylvania Department of Labor and Industry.

All this could have been avoided, Johnson said, if states had utilized security measures found in the private sector from the jump.

“There were all types of ways you could have defeated this. It’s not rocket science, it’s never rocket science with this stuff.”