Feds: State employee got unemployment while still working, hacked accounts

Detroit Free Press (MI)

She was supposed to help struggling people get unemployment benefits during the pandemic. Instead she scammed them and the system to enrich herself, federal officials say.

In what prosecutors describe as an inside job at the Michigan Unemployment Insurance Agency, a contract employee is facing federal charges for allegedly hacking legitimate unemployment accounts and creating new bogus claims that steered money into her pockets. She even filed unemployment claims in her own name, despite the fact that she was actively working for the agency.

"This case is about a corrupt contract employee working for the State of Michigan's Unemployment Insurance Agency," an FBI agent wrote in a criminal complaint filed in U.S. District Court.

According to the complaint, 28-year-old Autumn Mims, of Birmingham, hacked the accounts of at least two Michiganders who had filed for unemployment, and created fraudulent additional claims that bilked the government out of thousands of dollars in pandemic-related unemployment funds.

Mims did this, authorities said, by changing people's method of contact with the unemployment agency, including switching their authentication email addresses, passwords and bank account information. She then certified additional claims under the hacked unemployment accounts and diverted payments to a new bank account that she had access to, investigators said.

"In other words," the FBI agent wrote, "Mims is using her access to facilitate the fraudulent 'take over' of legitimate UI (unemployment insurance) accounts."

More: Answer our damn calls: Theft victims go off on Michigan's unemployment agency

More: Whitmer: Michigan to use federal $300 unemployment bonus as back-to-work incentive

According to court records, Mims collected nearly $15,000 in bogus unemployment claims using her own name, and another $40,000 using the names of two other — unsuspecting individuals who had filed legitimate unemployment claims, but got their accounts hacked.

Mims, one of a dozen Michiganders charged with unemployment fraud tied to the pandemic, could not be reached for comment Thursday. Her lawyer, Kirsten Irey, also was not readily available for comment. Mims, who is free on bond, is charged with wire fraud, wire fraud conspiracy and aggravated identity theft.

According to the complaint, Mims was hired in August 2020 as a contract employee for the state of Michigan Unemployment Insurance Agency, working as an unemployment examiner. Her duties included reviewing, processing and verifying the legitimacy of unemployment insurance claims.

Prosecutors said that shortly after Mims was hired she began using her insider access to fraudulently process claims in the names of third parties without their knowledge or authorization.

To pull off the scam, they said, Mims fraudulently opened unauthorized bank accounts in the names of third parties, had bogus unemployment claims deposited into those illegitimate accounts, and then pocketed a portion of the stolen money. Mims also was collecting unemployment insurance benefits for herself by pretending she was unemployed.

"These charges show our continued commitment to prosecuting those who attempt to use the COVID-19 crisis to steal taxpayer funds and fraudulently enrich themselves," Acting U,S. Attorney Saima Mohsin stated in announcing the charges.

Added Detroit's FBI chief Timothy Waters: "Autumn Mims was hired as a Michigan Unemployment Insurance examiner to protect taxpayer money. Instead, she is charged with misusing her position to steal funds intended for Michiganders in need."

Mims is no longer employed with the unemployment agency.

According to court records, here is what led to the charges against Mims:

In June, federal and state investigators began investigating Mims after the unemployment agency noticed several anomalies in Mims' work activity, including that many of the claims she was accessing were not assigned work items. Furthermore, Mims was using her access to make changes to claimants' unemployment accounts with no evidence that she had spoken with that person, or that the claimant had contacted the agency.

Investigators linked the activity to Mims through her unique unemployment user name, "mimsa" in the state computer system. Mims did not report to the office daily, but rather worked virtually from home.

According to state unemployment records, in approximately August 2020, an unemployment claim was filed in the name of an individual identified in charging documents as S.M. It was a legitimate claim, and two payments were made into the account provided by S.M.

Then, in December 2020 and again in January 2021, S.M. was paid unemployment benefits for a single week ending April 18, 2020.

But state records show that S.M. did not certify for any additional weeks of unemployment benefits. Meanwhile, an audit found that in February, Mims used her employee access to search for unemployment claims that were associated with a specific address in Detroit. This was an apartment building where S.M. lived.

State audit records show that Mims accessed multiple claims associated with this apartment building, including S.M.'s claim, though S.M.'s unemployment claim had never been assigned by the state to be reviewed by Mims.

Still, authorities allege, Mims accessed S.M.'s claims and stole her personal information to help create new claims and get through the two-factor authentication system that the state uses to prevent fraud.

For example, when setting up an unemployment claim, the claimant designates the way they wish to receive the authentication code from the state in order to access their account. When accessing their account, a claimant inputs their username and password, receives the authentication code from the state in the preferred manner, enters this authentication code, and is then granted access to their account.

Mims used her insider-status to change the authentication email associated with S.M.'s account, which allowed her to access the account and open certifications for more unemployment benefits.

In order to get benefits, a person has to certify weeks that they are eligible for benefits. If this process is completed online, as happened in this case, the claimant accesses their unemployment account and electronically "certifies" their claim in the system.

But S.M. never requested additional benefits, authorities said, noting this was confirmed during interviews with S.M.

According to state records, on March 3, Mims changed S.M.'s account password, allowing someone other than S.M. to access the account. Mims then logged into the account and completed three weeks of additional benefits.

Two days later, records show, Mims accessed S.M.'s unemployment account and changed the bank account to which the agency was to deposit the unemployment benefits.

Red flags went up. That same day, the state's fraud detection system triggered an investigation and identity verification request on S.M.'s unemployment claim.

Mims caught on.

Three days latter, Mims accessed S.M.'s account again and dismissed the fraud investigation and identity verification request, which made her fraudulent claims eligible for more benefits.

The next day, three weeks of unemployment benefits certified by Mims herself were deposited into a Bancorp account. The total amount paid was $2,195.10.

This happened several more times, with different IP addresses being used to access S.M.'s account.

According to court records, S.M. contacted the unemployment agency on April 30 and May 3, noting she couldn't access her account. Mims had added an email address to the account, records show, and S.M. did not recognize it.

On June 30, federal agents and task force officers raided Mims' Birmingham residence and seized multiple items, including handwritten personal identifying information for third parties, pre-paid debit cards in the names of individuals suspected of being victims in this case, bank account information listing suspected victims in this case as account holders, and receipts for transactions that are suspected to have been made using proceeds of the unemployment scheme.

Agents also discovered a receipt that showed the debit card associated with the Bancorp account in S.M.'s name. It had been used to make a retail purchase, though not by S.M.

Anyone with information about allegations of attempted fraud involving COVID-19 can report it by calling the Department of Justice's National Center for Disaster Fraud (NCDF) Hotline at 866-720-5721 or via the NCDF Web Complaint Form at: https://www.justice.gov/disaster-fraud/ncdf-disaster-complaint-form.