Ransomware is something no one wants to end up with. It is a type of malicious software that is designed to deny access to data or a computer system until the hacker is paid. Ransomware is just one of many forms of malware, code that is developed by cyberattackers to cause damage to data and systems or gain unauthorized access. While there are many different types of ransomware, the operators behind the Maze ransomware attacks are some of the bad-actors at the core of many of these types of data compromises or phishing emails.

Maze is considered a sophisticated Windows ransomware type with the threat actors using it to ambush many organizations with demands of cryptocurrency payments in exchange for the stolen data. The impact of the Maze group and other similar ransomware exploits has led to a growing problem.

According to healthitsecurity.com, in May, the Maze operators published two plastic surgeons’ stolen data for sale on the dark web after a successful ransomware attack. A little over a month earlier Maze operators hit Chubb, a cybersecurity insurance provider for businesses that fall for data breaches. According to CRN, the Maze group just recently stole 100 GB of files from Xerox.

However, there are actions that consumers and businesses can take to reduce their chances of an attack:

  • Consumers should use reputable antivirus software and a firewall
  • People should consider using a virtual private network (VPN) when accessing public Wi-Fi or untrusted Wi-Fi
  • Consumers and businesses are both encouraged to make sure all systems and software are up-to-date and have the relevant patches
  • People should not provide any personal information in an email, phone call or text message they are not expecting
  • It is important that consumers do not click on any links from emails, text messages or instant messages they are not expecting; instead, they should go directly to the source

The Maze ransomware has impacted many; businesses and consumers should do what they can to protect themselves and their data.

Anyone who has questions or believes they are a victim of a Maze ransomware attack, or any sort of malware attack, can live-chat with an Identity Theft Resource Center expert advisor for tips.

They can also call toll-free at 888.400.5530. Finally, victims can download the free ID Theft Help App for instant access to advisors and resources.

You might also like…

Stalker Data Breach Leads to Sale of Users’ Credentials

Non-Traditional Data Compromises Make Up the Latest Week of Breaches

Mystery Shopper Scams Surface During COVID-19

This post will be updated as more information becomes available

Contact tracing scams have begun to pick up steam with the evolving technology coming closer to becoming a reality. Some of those scams include hackers and fraudsters posing as contact tracers – both online and in person – trying to steal personally identifiable information (PII), personal health information (PHI) and other personal data.

The United States began the re-opening process after the COVID-19 pandemic closed many aspects of daily life. That is expected to include many precautions to keep people safe, including contact tracing – a method used to find the people who may have come into contact with someone infected with COVID-19. In fact, many people anticipate contact tracing will play a large part in keeping people informed of their risk of exposure until a vaccine is available.

Apple and Google are cooperating to ensure the different phone operating systems are compatible for contact tracing purposes. Apple and Google are also working with health departments across the country to figure out how to roll-out an effective contact tracing Bluetooth-based system that would allow public health departments to create their own contact tracing apps. Despite doubts from some health officials on how useful Apple and Google’s optional systems will be, the two tech companies have developed the digital contact tracing system, and have included it in their latest software updates. Contact tracing apps have already rolled out in other countries. According to MIT Technology Review, so far, there are 25 contact tracing efforts globally. However, none of those apps work in the U.S. Consumers should beware of any attempt to entice them or someone else to download and register for an app.

While app development efforts continue, scammers are tricking people into contact tracing scams using fake apps that steal their personal information. The Better Business Bureau of Connecticut warns people about text messages in their area that appear to be linked to COVID-19 contact tracing, alerting people that they were near someone who tested positive for coronavirus. Police in Washington state are alerting residents of contact tracing scams going around trying to steal sensitive information, including credit card information and Social Security numbers. The Champaign-Urbana Public Health District urges residents not to fall for contact tracing scams, adding that they will never alert people of a positive test via text.

In all of these scams, fraudsters are trying to steal people’s personal information, whether it is by trying to get them to click on unknown malicious links or simply asking for them to provide it. Hackers then have the ability to turn right around and sell the information, which could lead to identity theft. Even when legitimate apps are available, users should check to see if the data they share will be used for marketing purposes without their permission or sold for other purposes.

To avoid a contact tracing scam, people should stay informed on the latest contact tracing details, as well as the most up-to-date COVID-19 information from their state and local health departments. Local health departments will inform people of what a legitimate contact tracer will ask and any protocols they will follow. If anyone gets a text or notification they are not expecting that they were in contact with someone who tested positive for COVID-19, they should ignore it and call their local health department to confirm the validity of the message. They should not provide any information they are asked for, nor should they click any links, open any attachments or download any files.

If anyone believes they have fallen victim to a contact tracing scam or is a victim of identity theft, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. An advisor can help victims create an action plan on the steps they need to take that are customized to their needs.

You might also like…

Online Shopping Safety a Priority During Coronavirus Pandemic

Five State Unemployment Department Data Exposures Uncover System Flaws

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Unemployment identity theft, also known as unemployment fraud, continues to skyrocket across the United States during the COVID-19 pandemic; particularly hard-hit is Washington state. A possible Nigerian fraud ring could be to blame for many of the cases involved in the uptick. According to the New York Times, a group of international fraudsters from Nigeria are believed to be behind a sophisticated attack on the U.S. employment systems, an attack that has already led to millions of dollars being stolen. While the U.S. Secret Service is still working to identify everyone involved, Special Agent Roy Dotson believes the unemployment identity theft is being aided by mules (people who transfer illegally acquired money on behalf of or at the direction of another) being used for money laundering after making connections with fraudsters online.

According to a memo from the U.S. Secret Service in the New York Times article, investigators received information that suggested the scheme was coming from a Nigerian fraud ring, and that hundreds of millions of dollars could be lost. Washington state is believed to be the primary target for the unemployment identity theft and unemployment fraud attacks. However, there has also been evidence of similar attacks in Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Maryland and Wyoming.

The Identity Theft Resource Center (ITRC) believes many fraudsters are trying to take advantage of more people, money and activity running through state employment offices due to the unusual lengths that government has gone to support Americans in light of the COVID-19 pandemic financial impacts. The ITRC has received reports from victims where workers have received notifications that their unemployment application was approved, even though they did not apply or are still working.

There are things consumers can do to prevent the likelihood of becoming a victim of identity theft as a result of an unemployment identity theft attack. If someone has an account with a government agency, they should upgrade to a passphrase and check to see if their information has been changed. If it has been changed, it should be reported to the state agency. It is also important for people affected to update all of their accounts to passphrases, to make sure their passphrases are not reused, or that a work passphrase is shared at home and vice versa. It is important to update passphrases and not use them across multiple accounts because identity thieves use stolen login information from data breaches to commit other crimes like unemployment benefits identity theft.

It is also a good idea for people to freeze their credit because it prevents new accounts and new obligations from being created that require a credit report. However, it will not stop the creation of an account with a state agency. To help protect personal information from being used in a cyberattack, it is a good idea for people to keep all of their software up-to-date, including their anti-virus software.

If someone believes they are a victim of unemployment identity theft or unemployment fraud, they are urged to live-chat with an ITRC expert advisor. Victims can also call toll-free at 888.400.5530 to leave a message for an advisor to return the call. Advisors will help guide victims and walk them through the process by creating an action plan that is tailored to their needs.

You might also like…

Five State Unemployment Department Data Exposures Uncover System Flaws

Key Ring Data Leak Exposes 14 Million Users Sensitive Information

Online Shopping Safety a Priority During COVID-19 Pandemic

Password security has been a hot topic for a long time. That is because passwords stand as the most commonly used tool to keep unauthorized individuals out of accounts and files. However, as technology changes and hackers adapt their methods to keep up, what was once considered best practices can change as well. That is why users need to keep up with the latest password advice. Today’s recommendations may evolve again in the near future, so staying up-to-date with the latest best practices is key to ensuring data is safe.

New password advice from top experts in cybersecurity updates how individuals should manage their password practices. For example, the “password” has fallen out of favor with some major corporations, like Microsoft, and law enforcement agencies, like the FBI. Instead, using the more descriptive and secure “passphrase” is recommended. Also, the once “golden rule” of changing passwords frequently—and requiring routine forced resets—has now been updated to reflect why this is not necessarily the best security habit.

First, a passphrase is a much longer security tool. Studies have found that a password’s “guessability” by hacking software decreases exponentially with every additional character. The six-to-eight characters guideline for passwords has been replaced with the recommendation of a nine-to-ten character passphrase. A passphrase, unlike a single word or acronym, is a short combination of words that mean something to the user. It can make the user more likely to create unique logins for every account they own instead of reusing a single password on multiple accounts. Common, strong passphrases could be things like the name of a favorite song, a movie quote or a favorite team cheer, such as “BoddaGettaBoddaGetta” or “HookEmHorns.”

Replacing a password/passphrase routinely has also been shown to have a downside. When users are forced to change a password/passphrase, they often simply alter just one character. For example, passwords such as “doghouse1” become “doghouse2,” which makes it easier to guess during attacks like credential stuffing.

Experts warn that passwords/passphrases should contain a combination of uppercase and lowercase letters, numbers and symbols. However, that password advice has also been re-examined. The likelihood of a user establishing and remembering a complex combination for every single account is not very high. However, creating a unique passphrase for every account is both more secure and a more likely practice.

Some of the password/passphrase advice has not changed. It is still important to create different passphrases for every account—meaning a separate phrase for every account—and to enable multi-factor authentication when possible. It is also important to avoid any passphrase similarities between work and personal accounts and not share login credentials with any unauthorized users.

As with all technology-related practices, the most important thing for users is being adaptable and able to evolve as the ecosystems change to address exploits. Microsoft, for example, has introduced three different methods for a no-password logon and has reported a lot of success. Keeping up with security findings and fitting them into daily use is a valuable way to protect valuable data and users’ identities.

If anyone has questions related to cybersecurity or password best practices, they can talk to one of our advisors via LiveChat by visiting our website, www.idtheftcenter.org.

You might also like…




During the COVID-19 pandemic, people are not traveling much – if at all. As a result, people could be more susceptible to travel loyalty account takeover (accounts that may include large amounts of personally identifiable information like driver’s license and passport numbers). They could also be more vulnerable to attacks because of past breaches and exposures like MGM, Marriott, Choice Hotels and Carnival Cruise Line, to name a few. Many experts are predicting a long, slow recovery to reach a sense of normalcy, while others believe “normal” will never be quite the same. One of the most impacted areas where that is expected is the travel industry.

With a 95 percent drop in passenger travel and most air passengers flying only in emergency situations, it could be hard for some to envision a speedy recovery for the travel and hospitality industries. For that reason, there is another precaution that consumers need to take in this time of quarantine: monitoring their travel loyalty accounts.

COVID-19 could make it easier for fraudsters to steal consumers’ credit card information, passport information, names, dates of birth, along with any other information included in a travel loyalty account. It could also allow scammers to steal credits and travel funds. In fact, one source cited an estimated fourteen trillion flight and hotel miles already go unused each year. That means a lot of travelers are saving up their bonuses or banking credits for unused trips but not cashing them in at the moment, which could attract hackers to travel loyalty accounts as a means to get their hands on PII as well as cash equivalent benefits.

Travel loyalty account takeover has been a problem for a long time. However, with people putting a halt to their travel plans for the immediate future, identity theft advocates like the Identity Theft Resource Center worry that those unmonitored accounts could be vulnerable to an attack due to lack of use or oversight. Account-holders need to protect themselves, and their accounts, in a variety of ways.

Fortunately, the steps that can help people protect their travel loyalty accounts are identical to the actions that users can take to secure any account type. First, people should monitor their account routinely for any signs of suspicious activity and report the activity immediately. Next, people need to be very cautious about clicking any links in emails, even ones that appear to pertain to travel loyalty credits or funds. Finally, people should secure their account with a strong, unique passphrase—one that is not easily guessed by hacking software and that is not reused on other accounts. It is also advised to change the account passphrase from time to time to prevent credential stuffing.

Anyone who believes they have fallen victim to travel loyalty account takeover is encouraged to live-chat with an expert advisor from the Identity Theft Resource Center. Victims can also call toll-free at 888.400.5530.

You might also be interested in…

COVID-19 Catfishing Scams Make a Rebound Amid Pandemic

CashApp Scams See a Rise Due to COVID-19

A Shift in 2020 Identity Theft Trends as a Result of COVID-19

Each year, the Identity Theft Resource Center (ITRC) reflects on the previous year’s exploits and anticipates trends for the next. When we first published our thoughts on 2020 back in December, it was stated that we anticipated the identity theft trends for 2020 would include 2020 being the year for privacy. While privacy remains an important topic, the recent changes in the landscape with other cyber issues have changed the conversation.

Data Breaches in Overdrive

Data breaches have continued to occur and the ITRC believes hackers and scammers will shift things into overdrive due to the amount of money that is about to flow through the economy, creating a redistribution of assets.

The coronavirus has forced most companies and their employees to work remotely. While that used to be a luxury, it is the new normal for many who previously haven’t had the experience. That has created a whole new challenge for companies, platforms, service providers and each individual employee.

In this post-COVID-19 shift, the ITRC anticipates breaches will continue to occur at an increased rate, both the number of breaches and the number of records exposed in a single incident. Given that there are a lot of new users that are creating an increase in user-data being housed in databases, it’s easy to see why this will be a potential outcome as a result of shifting workforces.

Increase in User Vulnerabilities Exposed

Security deficiencies are exposed daily, and more rapidly, because of the sheer volume of use of platforms. No one anticipated all of the vulnerabilities that would have to be fixed due to the increase in use. The ITRC has seen a massive shift in those priorities.

Now, issues that might have been well down the road to update need immediate attention because of how organizations have had to shift their use of products and services. Also, those providing those products and services must address the issues now to maintain the integrity of their users’ data.

There are other vulnerabilities with the new remote workforce that will be exploited as they become apparent over the course of the coming weeks and months.

Cybersecurity Issues Exacerbated by Remote Work

The previous 2020 identity theft trends that the ITRC predicted, in all likelihood, will happen. What is now new are the challenges that shifting to remote work as the primary method of working due to COVID-19 entail. All of the problems like ransomware, phishing attacks and patching are still going to be issues. However, they will be exacerbated by this shift in business being done by remote individuals. People who are not accustomed to working from home will be easy prey for hackers and scammers to exploit because of their lack of familiarity with platforms and processes.

Adding to that, companies that moved to stand up a remote workforce quickly may not have the proper policies, processes and employee training in place to guide their workers.

ITRC Is Here For You

Predictions like the 2020 identity theft trends are only educated guesses, based on previous events and information. Businesses, policymakers and the public will have to wait and see how the 2020 trends for identity theft, cybercrime and data privacy play out. Regardless of what happens the rest of 2020, the ITRC will be available, working to teach each person how to fight back against the techniques scammers will use to commit identity theft and support victims through the process of regaining their identities.

For a complete look at the ITRC’s 2019 Data Breach Report, click here.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also be interested in…

UPDATED 12/8/2020- With so many people working and socializing from home, more than just businesses – employees, families and friends – are trying to find a place to gather (hold virtual meetings, religious services, game nights, birthday parties and happy hours). Zoom has become “that meeting place” for most. According to the Chief Executive of Zoom, in December the video platform had approximately 10 million users, to currently over 200 million users.

While Zoom has become popular rather quickly, some of its security vulnerabilities have taken the spotlight too. Some of the recent Zoom privacy issues have included user data being sent to Facebook and a flaw leaving Mac users vulnerable to their microphones and webcams being accessed. Another Zoom privacy issue has included a lack of password protection. That has led to some meetings being “Zoom-bombed,” like an AA meeting where trolls harassed those participating in the recovery process.

Zoom executives have come out and said they are working to address the Zoom security problems, including enabling passwords by default in all future meetings, clarifying its encryption practices, releasing fixes for Mac-related issues and more.

In the meantime, there are few things users can do to make sure their Zoom meetings are secure.

Protecting Meetings

Zoom now offers its users multiple ways to protect their meetings. Users can secure a meeting with end-to-end encryption, create waiting rooms for attendees, require a host to be present before the meeting begins, lock a meeting and more. These features can be found in the host settings. These Zoom privacy measures can also help reduce the risk of someone getting into a meeting that does not belong and “Zoom-bombing” the meeting.

Protecting Data

According to Zoom’s website, recordings can be stored locally on the host’s device with the local recording option or on the Zoom Cloud with the Cloud Recording option that is available for customers who are paying for Zoom’s services. The meeting host can manage their recording through a secured interface and the recording can either be shared, downloaded or deleted. Zoom phone voicemail recordings are also processed and stored in the Zoom Cloud and can be managed through Zoom Client. Meeting hosts can manage the Zoom data settings in the settings tab.

Protecting Privacy

Zoom currently stores user email addresses, passwords, names, company names, phone numbers and profile pictures. Company names, phone numbers and adding a profile picture are optional for users. If a user is concerned about their Zoom security, they can elect to only provide their name, email address and password. Users will not be asked to provide any personally identifiable information and should report any message asking them to do so directly to Zoom because it could be a scam.


While Zoom has taken responsibility for its security issues, it is important users do their part. Oversharing their meeting information on social media can lead to some scary consequences, making it easier for others to join what was intended to be a private Zoom meeting. It could also lead to information in someone’s profile settings being stolen. To prevent oversharing, users should not post meeting information on any of their social media platforms. Instead, send the invitation directly to the person they would like to invite. Also, consider revisiting what level social media privacy and security settings are set – otherwise, users may be sharing more information than they intended with people they shouldn’t.

Avoiding Zoom Scams

Security issues are not the only problem Zoom is running into. Zoom phishing attacks are making the rounds threatening employees that their contracts will be terminated, and then asking recipients to input their login credentials in a fake Zoom login page. According to Check Point Research, scammers registered more than 2,449 Zoom-related domains from late April to early May.

There are also Zoom phishing scams saying people received a video conference invitation, like the one the Identity Theft Resource Center received that is pictured below. The email looks real because it is sent with “High Priority” as indicated by the red exclamation point. It is generically from “Zoom” and there is no name of the sender. However, if you hover over the email address with your mouse, it shows a full address that is gibberish. Do not click on links you are not expecting. Rather, go directly to your Zoom account to manage any invitations. At the bottom, there is also no contact information or business logo verifying it is the company.

Image provided by Identity Theft Resource Center

In a statement to NBC 7 San Diego, a Zoom representative said that there are three web addresses that may appear in a legitimate invitation.

  • Zoom.us
  • Zoom.com
  • Zoom.com.cn

The rest of the statement said:
Users across all services and technology platforms should be cautious with e-mails or links received from unknown senders, and they should take care to only click on authentic links to known and trusted service providers. Zoom users should be aware that links to our platform will only ever have a zoom.uszoom.com or zoom.com.cn domain name. Prior to clicking on a link, users should carefully review the URL, being mindful of lookalike domain names and spelling errors.

If anyone ever comes across a Zoom email they are not expecting, they should ignore it and go to their work manager to verify whether or not it is real.

The current times are unprecedented and people are doing what they can to stay connected. Zoom and other video conferencing platforms will continue to play a large role during these times – and beyond. However, being aware of some of the Zoom privacy pitfalls, and can be done to keep themselves and their information safe while they are on their next virtual meeting, game night or happy hour should be the first priority.

The current times are unprecedented and people are doing what they can to stay connected. Zoom and other video conferencing platforms will continue to play a large role during these times – and beyond. However, being aware of some of the Zoom privacy pitfalls, and can be done to keep themselves and their information safe while they are on their next virtual meeting, game night or happy hour should be the first priority.

If people have questions regarding their privacy settings, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor toll-free.

For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.

You might also be interested in…

Due to concerns over COVID-19, more people than ever are working remotely or are furloughed temporarily. With World Backup Day coming up on March 31st, it is more important now than ever to talk about data security and backing up important systems. Usually, this is just a day set aside to understand more about personal privacy, cybersecurity and identity protection. This year, there is an additional focus on some of the lesser-known reasons for backing up those files.

Start with Strong Passwords

For many newcomers to the world of telecommuting, the tools that make it possible can be a little confusing. For World Backup Day this year, people can start by making a lockdown of their information a priority. Now is the best time to change the passwords on sensitive online accounts and to make sure that they are all strong and unique. This will help prevent data loss if a hacker takes over any accounts.

When thinking of a strong password, it’s okay for someone to make a fun passphrase. For example, the letters that spell out a favorite song or movie + the name of the account or service it provides (such as “Gmail” or just “email”) + a number that might mean something only to the person, like the first year their team won a championship or the year they got their driver’s license. Consumers can then repeat the process, changing portions for every unique account. Throw in a symbol or two, it will be virtually unguessable to a thief while giving the consumer an easy way to remember it.

Conduct a Privacy Checkup

Next, on to security settings. People should go through their apps and favorite websites, especially social media sites, and make sure their privacy settings are set to a comfortable level. If that was last done when the account was first established, it’s long past due time for a checkup. While people are at it, they can also back up all of their pictures and videos, any game information or recipes and anything else that they might have tucked away in an app but do not want to lose.

People should also back-up their smartphone or mobile device. By backing up all of their special photos – from their phone, their camera’s memory stick and their laptop – and securing them on an external storage solution, they will be protecting them from harm. Bonus: pass the time reminiscing while sifting through pics while saving them.

The Final Round

Finally, it’s time for people to look at their important documents like tax records, scanned images of paperwork they might need, any medical records that might have been emailed to them, and more. By saving all of those critical files to an external source, consumers will be better prepared to stop a ransomware attack. If a consumer is ever infected with ransomware, rather than paying the hackers money, they can put it towards safeguards knowing that all of their important content is safe.

Good Identity Hygiene Means People Can Relax a Bit

Even if people are not leaving their homes these days, they still need time to relax. So, kick back, settle in on the couch with a snack and favorite binge show and clear out the DVR if they have one. They can save anything they want to keep for later but can get rid of the rest and make room for more great content. While settled in, people can also pick up their phone and get to work backing up their stored data. They will be glad they did if something happens to their phone.

For more tips, hints, stats and other important points, consumers can check out this link to World Backup Day.

If you think you may be a victim of identity theft or need tips to help protect yourself, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with one of our expert advisors. Find more information about current scams and alerts here. 

You might also like…

As the COVID-19 pandemic continues to grow and seriously impacts everyone across the country, so do the number of COVID-19 scams that will pop-up trying to get access to personally identifiable information (PII) and finances. It can be difficult to decipher which emails, phone calls, social media posts or text messages are scams versus legitimate ones. Scammers will always take advantage of new opportunities in a time of crisis like evictions and foreclosures assistance, unemployment benefits, stimulus payments, etc. Here are some tips to help navigate those emails, text messages and voicemails:

Go to the source

Unsure if something is legitimate? Go to the source of the potential assistance. That means if the offer of unemployment benefits seems to be uncharacteristic, go directly to the employment development department and check their website. If it has to do with housing – whether that’s eviction or foreclosure assistance – head to that source (local housing commission, banking institution, etc.). Don’t trust an inbound message that isn’t verifiable.

Unsure of how a fraudster might try to get consumers to self-compromise?

Based on experience, the ITRC anticipates that they will give these a go:

1. Government Checks: Consumers receiving an email or phone call from someone that claims they can ensure a check from the government for an individual right now; it is likely a COVID-19 scam. The government is still working on the details of how these funds will be made available as of the original date of this post. For specific details, consumers can always visit local, state or federal government websites to get the most accurate information.

2. Asking for Verification of PII: If someone calls asking for a Social Security number, driver’s license number, credit card number or bank account information, it is a high probability that it is a scam. Say “K, Bye”, hang up and call the company directly to see if the offer is legitimate. If it is real, they will have a record of the calls and offers that were made.

3. Pay Upfront for Government Assistance: The government will not ask consumers to pay upfront to get any of the relief money. Scammers have attempted this before with the “Federal Government Empowerment Money Program” scam.

4. Social Media: If consumers receive messages on a social media platform claiming to be the government for anything regarding COVID-19, anticipate that this is a COVID-19 scam, too. Report it to the social media platform and block the sender. The government does not contact individuals through social media. Additionally, posts or messages enticing individuals to “sign-up” to receive more information on how to get access to more information or funds should be considered gateways to compromising PII.

5. Emails: There are loads of phishing emails under the guise as COVID-19 help. If an email arrives that wasn’t expected, ignore it and go directly to the source to determine whether or not it is legitimate. Under no circumstances should consumers click on any links or open any attachments from unanticipated emails or texts. COVID-19 scams via phishing emails are going around right now attacking both businesses and consumers.

6. Phone Calls: COVID-19 phone scams are beginning to gain steam and something else consumers should be aware of. The advice for phone scams is pretty similar to email scams. Don’t answer calls from numbers you do not recognize and do not return calls from voicemails if you aren’t completely sure from whom the call originated. Should a call regarding COVID-19 assistance inadvertently get answered, say “K, Bye!,” hang up and directly call the source. Verify the legitimacy of the call.

7. Grandparent Scams: Grandparent scams have been around for a long time and play on the fear of loved ones. Recently, scammers have been posing as family members that are sick and need money to pay their medical bills. It is important for people to resist the urge to act, no matter how dramatic the story is. People should also never make a payment over email or the phone to someone they were not expecting to hear from. Instead, they should hang up and reach out to the mentioned loved one directly to see if they are okay.

Scammers Take Advantage of Public Events

Every time there is a crisis, natural disaster or newsworthy event, expect scammers to come out in full force looking to take advantage and play on the public’s fear of the unknown. It is important to not let scammers take advantage of us while scared and unsure of what to do. These tips should help reduce the risk of falling victim to a COVID-19 scam.

Contact ITRC For Free Assistance

You can call the Identity Theft Resource Center toll-free if you think you may have been a victim of any type of scam at 888.400.5530. You can also live chat with one of our expert advisors for assistance.

Don’t forget to download the ITRC’s ID Theft Help App to help in managing your identity crime case should you find that you are a victim of a scam.

Read more: