Scam within a Scam: When the News Puts You in Harm’s Way
When news breaks of any major event, scammers go to work in an attempt to steal money or personal identifiable information from their victims. Literally within hours of the attacks on the World Trade Center on September 11th, scammers were out soliciting donations to help the relief effort. The same is true of the earthquake that hit Haiti in 2010, the tsunami that hit Japan in 2011, and so on.
But when the headlines are about yet another data breach—an all-too-common occurrence in this climate of record-setting numbers of breaches—there’s still the threat of a scammer stepping in and stealing our money or our information.
How? In an event like a widely publicized data breach, scammers know there may be millions or even tens of millions of victims. It doesn’t even matter if your information wasn’t specifically stolen in the breach. If you’ve ever shopped or dined at the store or restaurant that was breached, all the scammer has to do is tell you that your name is on their list of victims.
The scam within a scam works like this: a store (let’s call it Joe’s) suffers a major data breach. It makes headline news, and consumers begin receiving notification letters. From there, scammers simply start auto-dialing their potential victims, claiming to work for Joe’s or claiming to work for the credit monitoring service that’s been contracted to help the victims. He’ll offer the victim credit monitoring, money as compensation, or any other enticing offer to make you stay on the phone.
The only person who can truly claim to be safe from this scam is someone who has honestly never stepped foot into a Joe’s location in his life. Even if you know you don’t live in a location that was affected by the breach, the scammer just has to tell you that the data breach is bigger than they’d first thought, or that they don’t know how it happened but your card information was found online. He’ll tell you anything to make you believe you’re somehow in danger of having your identity stolen.
There are a few things to look for if you receive a phone call or message that may be part of this kind of scam within a scam. First, if you’re asked to verify all of your sensitive information, don’t do it. The person calling you claims your information was stolen…shouldn’t he already have your information? Your address or phone number should be safe, but why would he need to ask for your complete personal details?
Next, if he asks for your Social Security number, don’t hand it over. Even your birthdate is pretty sensitive, so be mindful of giving that to people who call you. Obviously, a genuine credit monitoring service can’t protect you without knowing your Social Security number and your birthdate, among other pieces of information, but that data is typically gathered via mailed forms that you’ll have to fill out and send back. It’s not collected over the phone from someone who calls you out of the blue.
Finally, watch for the hard sell. Are you being pressured to act now, or told that you only have 24 hours to sign up before the offer is void? Are you being told that your identity has already been stolen and if you don’t do something immediately you could be in danger? Has the caller even hinted that you could be held legally or criminally responsible for something that happens as a result of not signing up? All of those are pressure tactics that scammers use in order to keep you from thinking it through. They want your information and your money, and if they give you time to process what you heard, there’s a good chance you’ll realize it’s a scam.
If you’re ever contacted by letter, phone, or email about a data breach, there will be instructions for you to follow in order to take action. Verify those instructions with the company if you feel like something is amiss, and remember to guard your information against people who are just taking advantage of the latest headline news.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.