Identity thieves callously target victims in EBT food assistance programs

Law enforcement is seeing a brazen and insidious form of fraud that is impacting some of the most vulnerable groups in America, including senior citizens, individuals in low-income households, and disabled persons.

In what is known as electronic benefit transfer (EBT) fraud, criminal actors target food assistance or Supplemental Nutrition Assistance Program (SNAP) benefits (formerly known as the Food Stamp Program). An account takeover occurs when a criminal gains unauthorized access to a legitimate recipient’s account and changes the banking information where the victim’s benefits are being routed or requests a new EBT card and then routes it to an address that the criminal controls in order to reroute benefits away from the victim. While not a new phenomenon, there has been a clear uptick in cases.

“We’re seeing large scale phishing attacks and account takeovers in the government sector by cybercriminals,” says Amanda D’Amico, Vice President of Government Solutions at Thomson Reuters. “Bad actors continue to innovate and look for opportunities to exploit vulnerabilities in government programs.” Yet, how does this SNAP benefits fraud happen and how can consumers protect themselves?

Pandemic, new claims lead to an increase in fraud

Food benefits via SNAP are a crucial lifeline for individuals who are struggling financially. More than 42 million Americans receive benefits through the SNAP program, which is administered by state and local governments. A beneficiary receives an EBT card that essentially acts as a debit card that can be used to buy food at authorized grocery stores. “These are people who depend on SNAP benefits to support their family’s nutritional needs,” D’Amico says. “They go to use their EBT card to purchase groceries and the money is simply gone.”

There has been a tremendous increase in applications for government benefits throughout the pandemic. With workforce shortages and lockdown restrictions, states had to modify how they process applications and determine benefits eligibility, with many agencies canceling in-person interviews and verification of eligibility data, says Bill Strong, a Thomson Reuters fraud expert with more than 30 years of experience in state and local government fraud detection and prevention.

With these emergency changes, bad actors swooped in to take advantage through account takeovers and also started filing fraudulent applications, most often through identity theft fraud. “Identity theft is the hardest to recoup benefits because oftentimes the person who committed the fraud is either working with a foreign fraud ring or there isn’t any information on the person who committed the fraud to being with,” explains D’Amico.

How account takeover fraud occurs

Where are bad actors getting all this information to facilitate unauthorized access to government benefit accounts? Mostly through phishing schemes and social engineering. It works like this: A victim gets a text message or email from a person claiming to work for a government agency, claiming that fraudulent activity occurred on the victim’s account and that he or she needs to click on a link to reset their password.

“The victim enters their account information to change the password and it’s all over,” warns D’Amico. “The criminal actor is now able to use that information, access the victim’s account, and change the banking information where the victim’s benefits are being routed or request a new EBT card and route it to an address that they control.”

Another mechanism criminals utilize for to gain access to personal identifying information is by utilizing large-scale data breaches such as with Equifax or at major retailers such as Target, Home Depot, and more, Strong says. In this case, a criminal would hack into large data bases, steal personal identifying information, and then sell it on the dark web or other illicit marketplaces. The stolen information is then used to commit fraud by applying for benefits in the victim’s name.

“Most of the time victims are unaware of these benefits being paid in their name,” says Strong.

How governments can prevent benefits fraud

Both D’Amico and Strong agree that the prevention is key to government agencies stopping fraud at the front end. For example, government agencies can:

• • • Conduct an upfront ID verification process — This allows the state to confirm the individual’s identity, and issue benefits with confidence. Without this type of prevention, states’ chance of success in recouping lost benefits is limited.
    • Utilize technology and analytics — By using software applications, the state can quickly process applications and identify those in need of additional screening because of higher risk of ID theft or fake accounts. This technology solution improves and expedites the process for most applicants and puts critical checks in place to prevent people from being victims.
    • Use fraud detection solutions — These solutions can help to identify account takeovers and stop benefit loss quickly once it does happen. Agencies should share red-flag indicators of a potential account takeover with other agencies.
    • Educate citizens about fraud — Once benefits have been issued, governments can educate beneficiaries on how to be on the lookout for account takeover.

How citizens can help

D’Amico and Strong also advise that citizens can protect themselves as well and should take proactive action, including:

• • • Don’t click on any links in emails or texts from unknown sources. Always contact the state to verify the authenticity of communications and never provide personal identifying information in emails or texts.
    • Use complex passwords.
    • Closely monitor your accounts and transactions.

And if you suspect you have been a victim of fraud or if your benefits have been stolen, there are several steps you can take, including: i) calling the issuing agency and immediately reporting the fraud; ii) notifying your bank; iii) alerting the three credit bureaus — Equifax, Experian, and TransUnion; and iv) reporting the fraud to the FBI Internet Crime Complaint Center.

Not a victimless crime

Unfortunately, a lot of people see fraud in these programs as kind of a victimless crime, but that is far from the truth, D’Amico says. “The victims are real people with real families that are legitimately entitled to these benefits, and they’re being stolen from them.”

Fraud is something that both citizens and prosecutors should care about, and we should be doing everything we can to prevent these people from being victimized, D’Amico adds.