• The list for the most common passwords in 2020 is out, released by cybersecurity firm NordPass. The three most common passwords of 2020 are 12345, 123456789 and picture1.  
  • Weak passwords continue to be a security issue. According to Verizon, compromised passwords are responsible for 81 percent of hacking-related data breaches
  • To strengthen password security, consumers should change their password to a passphrase, never reuse a password (consider a password manager), use two-factor authentication when possible and never use work passwords at home (and vice versa). 
  • For information about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) new data breach tracking tool, notifiedTM
  • For more information on how to upgrade your password, contact the ITRC toll-free at 888.400.5530 or by live-chat on the company website.  

Subscribe to the Weekly Breach Breakdown Podcast  

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our  Weekly Breach Breakdown Podcast. This week, we will look at one of the behaviors that are increasingly at the foundation of many, if not most, data compromises in 2020: weak passwords

Why Passwords are Important 

As ITRC Chief Operating Officer James Lee mentions in the podcast, like the Porter outside Macbeth’s castle, passwords are designed to allow entry to our personal and work castles. Passwords protect the devices that are home to the applications and data we use and create.  

Passwords in the 1980s and 1990s 

People have been protecting passwords since the 1980s. The first passwords were simple, and most people only needed one. Maybe the password was assigned to someone at work, so they used the same one at home; that is if there was a computer at home. People were told never to write down their password.  

Then came the internet in the mid-1990s, and suddenly there was a need for more passwords. People needed a password for their AOL or Earthlink account. Eventually, people had to add passwords to the handful of other online accounts they created. However, most people probably just used the same word or set of numbers that was their device login password. 

Passwords Today 

Fast forward to today, according to cybersecurity firm NordPass, the average person now has to manage a staggering 100 passwords, up 25 percent from 2019. The rise is due, in part, to the increase in online transactions during 2020 related to COVID-19.  

Most Common Passwords 

NordPass also publishes an annual list of the most common passwords, which also corresponds with the passwords cracked most often by professional data thieves. Here are the top 10 most common passwords of 2020 and how long it takes a cybercriminal to crack the password: 

  1. 12345 (takes less than one second to break) 
  1. 123456789 (takes less than one second to break) 
  1. picture1 (takes up to three hours to crack) 
  1. password ( takes less than one second to break) 
  1. 12345678 (takes less than one second to break) 
  1. 111111 (takes less than one second to break) 
  1. 123123 (takes less than one second to break) 
  1. 12345 (takes less than one second to break) 
  1. 1234567890 (takes less than a second to break) 
  1. Senha (the Portuguese word for password; takes 10 seconds to break) 

The Dangers of Weak Passwords 

Weak passwords allow cybercriminals to access systems and accounts easily. People use weak passwords because there are so many to remember, which also prompts people to use the same weak passwords on multiple accounts and use them at work and home. 

Here are a few statistics from earlier in 2020: 

What You Can Do to Avoid Weak Passwords 

The good news is that people can do many things to make sure they have strong passwords that will keep their accounts secure. Here are some tips: 

  • Change your password to a passphrase. Use a passphrase like a movie quote, a song lyric, or a favorite book title that is easy to remember and at least 12 characters long. It would take a cybercriminal 300 years to crack a 12-character passphrase with upper and lower case letters. If you add a number, the passphrase will last 2,000 years.  
  • Never reuse your passwords, or passphrases since you just upgraded, right? If you have too many passwords to remember, use a password manager. If you want a free solution, many browsers offer a form of a built-in password manager. Safari and Firefox are two examples. 
  • Use two-factor authentication when it’s available. An authentication app like those offered by Microsoft and Google is best. However, even the two-factor authentication version that sends a code to you by text is better than no multi-factor authentication. 
  • Never use your work password at home, or vice versa. Stolen work credentials are one way cybercriminals use to get the access they need to launch ransomware attacks against companies.  

notifiedTM   

For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC  

If you have questions about how to upgrade your password to protect your information from data breaches and exposures, visit www.idtheftcenter.org, where you will find helpful tips on this and many other topics. If you think you have already been the victim of an identity crime or a data breach and you need help figuring out what to do next, contact us. You can speak with an expert advisor at no-cost by calling 888.400.5530 or chat live on the web. Just visit www.idtheftcenter.org to get started. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.  

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.

  • The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  


COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19

  • Quick Response Codes, or QR Codes, continue to generally grow in popularity, especially due to COVID-19. Hackers are aware and are looking to possibly attack consumers with the digital barcodes. 
  • There have been attacks in India and Brussels in 2020. Malwarebytes reports the U.S. saw QR Code scams and attacks in 2019.   
  • To reduce their chance of a compromise, QR Code users should be somewhat skeptical when using one of the digital cubes. Look for things that might seem out of the ordinary – like asking for logins, passwords or payment information. Ask an employee if you encounter something you think is odd.  
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

Quick Response Codes, also known as QR Codes, have generally grown in popularity over the years. COVID-19 has sped the use, with an increasing number of businesses using QR Codes for contactless encounters and transactions. However, hackers are aware of the rise, which could mean QR Code security threats to consumers who use them. 

Waitress providing menu for restaurant goer through contactless QR code

What is a QR Code? 

QR Codes are digital barcodes often used for electronic tickets for travel or events, to view a restaurant’s menu, or to share product information at a retailer. They are a quick way to get people to websites, promotional codes and mobile payments.  

QR Code Security Threats 

The convenience of QR Codes comes with security risks too. According to a survey of consumers conducted by MobileIron, 71 percent of respondents could not tell the difference between a malicious QR Code and a legitimate one. Also, more than 51 percent of respondents did not have mobile security on their devices (or did not know if they did) to provide QR Code security in case of a QR Code-related attack.  

Attackers can take advantage of people’s trust in QR Codes by embedding malicious software into the digital cubes. MobileIron says they expect QR Code attacks to increase in the near future. The attacks would steal data from mobile devices or lead to phishing websites that could harvest credentials and other personal information.  

What You Can Do 

Attacks can lead to many different actions that range from inconvenient to malicious. This includes risky texts, emails, initiating a phone call, or adding a contact listing. However, there is one thing consumers can do to protect themselves: be skeptical.  

  • If you see what seems to be a QR Code physically pasted on top of another, ask an employee. The restaurant or retailer may have just updated their QR Code, but it could also be a sign of a malicious code. 
  • Before scanning the QR Code, check the website address of the code. Many phones will allow you to view the web address before you scan it. If you are unsure about the website, you can safely view the site by searching it by adding a “+” sign after the URL. You can also ask an employee about any suspicious website addresses. 
  • Only scan codes from trusted entities. The Identity Theft Resource Center (ITRC) always tells consumers to use trusted entities when donating to a charity or shopping online because there is less risk. The same advice applies to QR Codes. A trusted entity will be less likely to have a malicious QR code on a restaurant menu, plane ticket or promotional code. 

Contact the ITRC 

Consumers need to be aware of QR Code security threats. The more people protect themselves, the harder it will be for identity thieves to succeed in hacking people using QR Codes. If you would like to learn more or believe you have been a victim of a QR Code attack, contact the ITRC toll-free at 888.400.5530 or on the company website via live-chat.  


Read more of our latest information & educational resources below

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

Reports Show Consumer Privacy and Cybersecurity Views Have Evolved

  • Two new research papers from OpSec Security and Consumer Reports shows how consumer privacy and cybersecurity views are evolving across the U.S. 
  • Findings in the OpSec Security report show that cyberattacks and data breaches are pervasive, and consumers are concerned and desensitized by the volume of information compromises. 
  • The Consumer Reports report concludes that consumers believe companies are primarily responsible for protecting the personal information businesses collect, store and use. 
  • For more information on the latest data breaches, visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notifiedTM. It is updated daily and free to consumers.  
  • For cybersecurity, privacy or data breach advice, contact the ITRC toll-free at 888.400.5530 or by live-chat on the company website. 

Privacy and cybersecurity impact consumers. Two new research papers show how consumer privacy and cybersecurity views are evolving across the U.S. The reports validate a central concern among consumers that there is not enough done to protect their most precious possession; their name. 

Subscribe to the Weekly Breach Breakdown Podcast 

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we will look at two new research reports. The first focuses on recent changes in consumer attitudes. The second takes a longer-term look at how consumer privacy and cybersecurity views are different now compared to 25 years ago when the modern commercial internet was born.

The Importance of Reputation 

Reputations are important to individuals, companies and organizations. That’s why OpSec Security, a global cybersecurity firm, recently surveyed 2,600 consumers throughout the U.S. and four European countries. Researchers asked consumers whether they have been affected by cybercrime, their perceptions of brands, and if their role – or the role they should play – in keeping consumers safe has changed over time. 

The findings show that cyberattacks and data breaches are pervasive and consumers are both concerned and desensitized by the volume of information compromises. Some of the key findings in the last year include the following: 

  • 40 percent of respondents were a victim of an email or phishing scam
  • 51 percent of respondents say they receive more phishing attempts now than before the COVID-19 pandemic. 
  • 35 percent of respondents experienced credit or debit card fraud. 
  • 21 percent of respondents were a victim of identity theft at some point.  

Meanwhile, 30 percent of respondents were impacted by a data compromise, which did not surprise nearly one-third of the people who received a data breach notice. Of those who had their data compromised, 46 percent were contacted more than five times. Almost half of those who haven’t received a data breach notice, 48 percent, are worried they will soon.  

Those 30 percent of consumers in the OpSec survey who say they had their data compromised in a data breach equal the same percentage of people who responded to a similar question from Consumer Reports.  

Consumers Think Businesses are Responsible for Protecting Personal Information 

Both surveys came to a similar conclusion: consumers believe companies are primarily responsible for protecting the personal information businesses collect, store and use. Consumer Reports surveyed more than 5,000 U.S. residents about privacy and security. They also reviewed past research to show how consumer attitudes changed over time. 

  • In 1995, 44 percent of consumers were worried “a lot” or “some” about losing privacy due to the internet. 
  • By 2002, 76 percent of survey respondents were uncomfortable about companies collecting data about them. However, 94 percent thought they had a legal right to see what data the company collected about them from a website. 
  • Fast forward to 2019; 65 percent of consumers said they do not believe their personal information is kept private. 

In the Consumer Reports research published in October, 96 percent of consumers surveyed agreed that more could be done to ensure companies protect consumer information. Other findings include the following: 

  • 68 percent of consumers surveyed believe companies should be required to delete the data they have about someone upon the consumer’s request. 
  • 67 percent of respondents think there should be tougher penalties, like high fines, for companies that don’t protect someone’s privacy. 
  • 63 percent say companies should be required to give consumers access to the data companies have about them. 
  • 63 percent also believe there should be a national law that says companies must get a person’s permission before sharing their information. 

There are now laws, passed in multiple states, that include one or more of the items from the consumers’ privacy wish list above, but a national privacy law remains elusive. 

Built-In Privacy Features 

One finding that did not emerge from either survey on consumer privacy and cybersecurity views was a consensus around what consumers want to happen next to protect their information. Consumer Reports notes that companies are beginning to build products with built-in privacy features. More than 40 percent of consumers say they may be willing to pay companies to stop collecting, sharing and selling their personal information. Right now, that practice is prohibited in California, the state with the toughest privacy law in the U.S.  

notifiedTM  

For more information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.   

Contact the ITRC 

If you receive a breach notice and would like to know how to protect yourself, contact the ITRC at no-cost by calling 888.400.5530 to speak with an expert advisor. You can also live-chat with an advisor on the company website. Also, download the free ID Theft Help App to access advisors, data breach resources, a case log and much more.  

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.   


Read more of our latest information & educational resources below

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

Phishing Attack Report Reveals Microsoft is the Top Spoofed Brand and Other Data Breach News

  • The Federal Trade Commission reports that people who lost money to scams that started on social media has more than tripled in 2020, with a significant increase in the second quarter of the year. 
  • The increase in social media scams fits the overall 2020 trend of more phishing scams on channels besides email. 
  • Some recent social media scams include romance scamsfake advertisements, and social media messages offering grant money or giveaways. 
  • To reduce the risk of falling for a social media scam, don’t click on any links from unknown messages, do research on any ad seen on social media, and never send money to someone you’ve never met in person. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530, or speak with an expert advisor via live-chat on the company website. 

There is an increase of social media scams in 2020, fitting the overall trend of the year of more phishing scams on channels besides email. Scams strike people in many different ways, ranging from robocalls to phishing attacks. While social media websites are another platform scammers use for their attacks, it’s not always the first place people think to monitor when they hear the phrase “phishing scams.” 

Scammers Take Advantage of More People Online During COVID-19 

However, 2020 is different. Social media is already a great place to connect, but especially right now due to COVID-19. More people are using social media, and scammers are aware. In fact, more scammers are hanging out on the sites, posing a greater threat for scams to users. Scammers know COVID-19 changes the way people live, and they try to take advantage in any way possible. 

New Report on Increase in Social Media Scams 

The Federal Trade Commission (FTC) reports that people who lost money to scams that started on social media has more than tripled in 2020, with a significant increase in the second quarter of the year. The FTC says the growth has been happening for years, reporting social media scam fraud losses of $134 million in 2019.  

However, the first half of 2020 had $117 million in fraud losses from social media scams alone. Some recent social media scams include romance scamsfake advertisements, and social media messages offering grant money or giveaways. Often, scammers create fake profiles of people victims may know to take advantage of them. In some cases, scammers will even take over a real person’s account. 

How to Avoid a Social Media Scam 

Consumers can do a handful of things to reduce their risk of falling victim to a social media scam.  

  1. Check the validity of any ad you see on social media. Do a quick Google search of the supposed business followed by “complaints,” “reviews” or “scam.” This will help you determine whether or not the company has been reported or accused of any suspicious activity. Also, directly search for the company website. Any legitimate company will most likely have contact information on their webpage. 
  1. Never click on a link or open an attachment without verifying the validity of the message or ad. You can do this by directly reaching out to the company to see if they sent the message or posted the ad. If not, it is probably a scam. If you cannot find any contact information for the company, it is probably a scam. 
  1. Reach out directly by phone or email to the friend or family member asking for money or personal information. If they did not send the message, the sender’s account was probably hacked. 
  1. Never send money or personal information to someone you have never met in person. Imposter scams, where scammers try to trick people into giving up personal information or money by posing as someone fake, continue to rise throughout the country.  
  1. Regularly check your privacy settings on all of your social media platforms. Make it more challenging for scammers to target you by limiting what you share online. 

Contact the Identity Theft Resource Center 

Consumers should be aware of the 2020 trend around scams and that scammers will continue to hang out in the social media space. However, if everyone does their part, they can still enjoy the platforms with minimal risk of falling for a social media scam.  

To learn more, or if you believe you are the victim of a social media scam, reach out to the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 or by live-chat on the company website. Also, download the ITRC’s free ID Theft Help app for access to additional resources. 


Read more of our latest articles below

Phishing Attack Report Reveals Microsoft is the Top Spoofed Brand and Other Data Breach News

New VPN Security Vulnerability Could Affect Businesses and Consumers

Election Scams Begin to Surface with the General Election Less than One Month Away

  • A new VPN security vulnerability could affect as many as 800,000 internet-accessible SonicWall VPN appliances. 
  • According to researchers, the bug can allow a denial of service cyberattack and crash services, creating widespread damage. 
  • SonicWall VPN users should install the recently released SonicWall patches to eliminate their risk of attackers gaining access. 
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an advisor on the company website. 

A virtual private network (VPN) is a tool used by many businesses and consumers and is more important now than ever with so many people working from home. It is a digital tool that helps keep hackers, identity thieves, spammers and even advertisers from seeing someone’s online activity. According to ZDNet, a recently discovered VPN security vulnerability could affect as many as 800,000 internet-accessible SonicWall VPN appliances. 

What Happened 

Infosecurity Magazine says researchers found a vulnerability in the SonicWall’s Network Security Appliance (NSA). An NSA is used as a firewall and VPN portal to filter, control and allow employees to access internal and private networks.  

How It Can Impact You 

Researchers claim the bug can allow a denial of service attack and crash services, creating widespread damage. SonicWall says the CVSS risk score of the VPN vulnerability is 9.4 out of 10, and the bug can be remotely executed without requiring the attacker to have the credentials needed to access the VPN. VPN systems continue to be targeted by attackers looking to take advantage of the large number of remote workers who rely on them.  

What You Need to Do 

SonicWall says, right now, they are not aware of an exploited bug or if the VPN security vulnerability has impacted any customers. However, SonicWall recently released patches for the vulnerability. Customers affected should patch their VPNs to eliminate the risk of attackers gaining access. Employees should check with their IT administrators to ensure the proper steps are taken to keep them and their remote worker peers safe.  

A VPN is a great way for people to stay safe online. It protects all sensitive activities conducted online. However, it is essential to keep VPN software up-to-date by applying security patches and software updates as quickly as possible.  

Need More Help?

Anyone who wants to learn more can call the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 to speak with an expert advisor. They can also live-chat with an advisor on the company website. For on-the-go assistance, consumers are encouraged to check out the free ID Theft Help App from ITRC. 


Read more of our latest articles below

Identity Theft Resource Center® Reports 30 Percent Decrease in Data Breaches so Far in 2020

Election Scams Begin to Surface with the General Election Less than One Month Away

Recent Insider Attacks Stress the Importance of Smart Business Practices

  • Data breaches are down 30 percent in Q3 of 2020 compared to Q3 of 2019 when you look at the Blackbaud ransomware attack as a single event. 
  • Data breaches are down 10 percent in Q3 of 2020 compared to Q3 of 2019 when you look at the Blackbaud ransomware attack as a series of data breaches.  
  • Regardless of how the Blackbaud ransomware attack is viewed, the number of individuals impacted by a data breach is down nearly two-thirds.  
  • Anyone who believes they are a victim of a data breach is encouraged to contact the Identity Theft Resource Center to learn more about the next step to take. Victims can call toll-free at 888.400.5530 or live-chat with an expert-advisor on the company website. 

2020 has seen many different data breach trends. In the first half of 2020, the Identity Theft Resource Center (ITRC) reported a 33 percent decrease in data breaches and a 66 percent decrease in individuals impacted. The ITRC has compiled the Q3 2020 data breach statistics, and the number of compromises has dropped. However, there is one data breach that skews all the data. 

Two Ways to Look at the Numbers 

With the ongoing global pandemic and one particularly nasty ransomware attack against IT service provider, Blackbaud, reported in the third quarter, the Q3 numbers can be interpreted in two ways. 

Data Breaches Down 30 Percent Treating Blackbaud as a Single Event 

If we treat the Blackbaud attack as a single event, the number of data compromises reported so far in 2020 remains well below the 2019 trend line, with nearly a 30 percent decrease year-over-year. Looking at the rest of 2020, absent a significant data breach, 2020 could end with just over 1,000 data breaches. That would be the lowest number of breaches in five years, dating back to 2015. 

Data Breaches Down 10 Percent Treating Blackbaud as a Series of Breaches 

If the Blackbaud ransomware attack is treated as a series of data breaches, the year-over-year trend line changes significantly. However, the number of data breaches is still down in comparison to 2019. There have been 247 data breaches reported as a result of the Blackbaud ransomware attack. Once you add those to the overall number of data compromises, we go into Q4 with a 10 percent decrease in data breaches compared to this time last year.  

Individuals Impacted by Data Breaches Down Two-Thirds 

No matter how Blackbaud is categorized, one data point remains the same: the number of individuals who have been impacted in 2020 by an information breach. So far in 2020, roughly 292 million people have had their personal information compromised, nearly two-thirds fewer people than in 2019. The ITRC will have more information to share on our Q3 Data Breach Trends Report, which will be released later in October. We will also discuss the details on our sister podcast, The Fraudian Slip, in two weeks. 

Subscribe to the Weekly Breach Breakdown Podcast 

Every week, the ITRC looks at some of the top data compromises from the previous week, and other relevant cybersecurity news in our Weekly Breach Breakdown podcast. This week, we are looking at the Q3 data breach trends and the latest numbers.  

notifiedTM 

For more information about recent data breaches, or any of the data breaches discussed in Q3, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free. 

Contact the ITRC 

If you receive a breach notice due to the Blackbaud ransomware attack or any other data compromise and want to know what steps to take to protect yourself, contact one of the ITRC expert advisors by phone toll-free 888.400.5530, or by live-chat on the company website. Victims of a data breach can also download the free ID Theft Help App to access advisors, resources, a case log and much more. 

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform. 


Read more of our latest news below

Shopify Data Exposure Affects Hundreds of Online Businesses

Dunkin Donuts Data Breach Settlement Highlights Busy Week of Data Compromise Updates

50,000+ Fake Login Pages for Top Brands from Credential Theft

  • Scammers are taking advantage of Apple users eager to purchase the iPhone 12 with a chatbot scam offering “a free trial” of the new device.
  • Threat actors are looking to steal people’s credit card information and other identity information. They can use the information to commit financial identity theft.
  • Consumers are urged to ignore any suspicious text messages and verify their validity by going directly to the source.
  • Anyone who believes they are a victim of the phishing scam, or wants to learn more, can call the Identity Theft Resource Center toll-free at 888.400.5530, or live-chat with an expert advisor on our website.

The iPhone 12 is expected to be released in October, and many are restlessly awaiting the anticipated launch. Scammers are aware and are sending iPhone 12 chatbot scams via text message, hoping to steal people’s personal information like names, addresses, and financial information like credit card numbers and security codes. While the scam tries to convince people they have won a free trial of the iPhone 12, the only ones winning with the iPhone 12 chatbot scam are the scammers.

Who It Is Targeting

Apple product users

What It Is

It’s a mobile phishing campaign that is spreading through text messages. The text messages from the iPhone 12 chatbot scam appear to come from an Apple chatbot offering free trials for the iPhone 12 before its release. When people click on the link in the text message, it triggers multiple text messages, ending with one saying the user qualifies for a test group before taking them to a “payment” screen for shipping charges.

What They Are After

The iPhone 12 chatbot scam is ultimately after people’s credit card information. After people click through the questions and learn they are “eligible,” they are taken to the “payment” screen where they are asked to enter their credit card information because there is a “courier delivery charge.” Once victims give out their personally identifiable information (PII), scammers can then use it to commit identity theft.

What You Can Do

  • If you receive a text message you are not expecting that requires you to act, ignore it. Instead, go directly to the source to verify the validity of the message.
  • Look for grammatical errors and stylistic issues in the text message to spot the phishing scam.
  • Remember, if the offer seems too good to be true, it probably is. Do not enter any personal information or click on any links for an offer unless you confirm it is legitimate.

If you believe you have fallen victim to the iPhone 12 chatbot scam or have additional questions, you can call the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest blogs below

50,000+ Fake Login Pages for Top Brands from Credential Theft

Cyber-Hygiene Tips to Keep Consumers Safe

SCAM ALERT: Is this an Amazon Brushing Scam?