• The proper disposal of e-waste – old electronic devices that are no longer used – is a priority, particularly for protecting personal data. The Identity Theft Resource Center (ITRC) reported 78 data compromises in 2020 around “physical attacks”; 52 percent of them from device theft and improper disposal.
  • E-waste puts personal information at risk and can have environmental impacts, too. It is why individuals need to adopt good e-waste solutions by educating themselves on the issue, re-evaluating their needs for more electronics and safeguarding their information.
  • Most people do not know how to recycle e-waste. Individuals should reuse electronics, if possible, and donate their old devices to be recycled if not. When people get rid of old electronics, they should put all of the data on a backup system and then wipe the device clean of personal information.
  • For more information, or if you believe you are a victim of identity theft, contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

According to the Identity Theft Resource Center’s (ITRC) 2020 Data Breach Report, there were 78 “physical attacks” in 2020. Device theft and improper disposal (which includes electronic devices) made up 52 percent of the attacks. The Verizon 2020 Data Breach Investigations Report finds more than one thousand cases of loss involving mobile devices in 2019.

As technology continues to evolve, users and manufacturers are finding more ways to keep safety, environmental impact and security measures in mind – which revolve around how to recycle e-waste. Issues range from the risk of fire from batteries, devices being sent to landfills, and disposal of information that could lead back to a user’s account and put them at risk of identity theft.

What Are E-Waste Solutions?

There are a handful of e-waste solutions consumers should keep in mind.

  1. Education: People should learn about the dangers of e-waste and what they can do about it.
  2. Re-evaluating the need: One e-waste solution is to minimize e-waste itself. Do you need that extra device? What are you doing with your devices once you are done with them? Are you reusing electronics? Re-evaluating your need for electronics can help cut down on how many devices end up in a landfill.
  3. Safeguarding information: Before you dispose of any electronics, you should make sure you save your data on a backup system or hard drive and then wipe the device clean. That way, no one can access your files if the device is improperly recycled or ends up in the wrong hands. If you are getting rid of a phone, do a factory reset to restore the phone to “empty status.” By taking these steps, you are protecting your personal information.

How to Recycle E-Waste

Instead of discarding electronics, the best e-waste solution is to reuse or recycle devices. Local governments are increasingly hosting e-cycling initiatives. These programs keep electronics out of landfills and ensure devices are wiped clean of all user data. You can search online for e-cycling centers near you before disposing of electronics, including IoT devices and medical devices.

Many device manufacturers also accept old devices to be refurbished or recycled and provide credit toward a new device. Some will take a device from any manufacturer for recycling. Check with your device maker to see if they offer a recycling program.

Contact the ITRC

It is vital everyone does their part to help address e-waste to protect the environment and people’s personal information. If you have questions about how to recycle e-waste, other e-waste solutions, or you believe you are the victim of identity theft, contact us. You can speak with one of our expert advisors toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started. 

  • When doing your spring cleaning, consider making a digital spring-cleaning checklist. It is more important than ever in today’s digital-first society.
  • Digital spring-cleaning tips include backing up your information, deleting unused apps, reviewing all of your passwords (and making changes if needed), and checking your social media privacy settings.
  • It is also a good idea to delete or archive old emails, especially with sensitive information.
  • If you would like to learn more or believe you are a victim of identity theft, contact the Identity Theft Resource Center. You can check out our latest resources or speak to an expert advisor toll-free by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.

Everyone looks forward to the spring! The weather changes, the flowers and landscape start to bloom, and people clean out clutter they don’t need before the summer arrives. While spring cleaning may make you feel good and productive, it is also a great way to minimize the risk of identity theft. With the move to a digital-first society, digital spring cleaning and having a digital spring-cleaning checklist is more important than ever. A few basic digital spring-cleaning steps could help keep one’s identity information out of a criminal’s hands.

Before You Begin

There are digital spring-cleaning steps to take before you have to deal with clutter. One possible vulnerability is your email inbox. Adopt the habit of not just deleting unwanted emails, but actively unsubscribing from them. To do that, open the email, scroll down and click “unsubscribe.” Do not follow these steps for emails that appear to be scam attempts. If you click on a malicious link, it can redirect you to harmful websites or install malicious software on your computer. Instead, you should avoid links or attachments in unsolicited messages and block the sender.

One other thing you can do is update your contact information. Review all of your contact information to ensure it is up-to-date and you are not missing any essential information. Once you take these steps, you can begin on your digital spring-cleaning checklist.

Digital Spring-Cleaning Checklist

Your digital identity becomes more important every day as the world moves to a digital-first model. However, the same principles behind decluttering your physical world can help you in the virtual space. Here are some digital spring-cleaning checklist tips to digitally declutter:

  1. Backup your information– No matter how safe and secure you are, you might need to recover old data in the future. Creating automatic backups is a good idea. Consider investing in an external hard drive or cloud-based storage subscription to store and protect the things you want to keep.
  2. Delete unused programs and apps– Take a look at all of the apps on your devices and figure out which ones you are not using. Delete unused apps or programs on the devices. This step is a good idea because some apps require large amounts of storage, can slow the device down, and most importantly, can introduce new vulnerabilities. The fewer apps and programs you have, the more secure your device and personal information will be.
  3. Review your passwords– Check the passwords for all of your accounts to ensure there are no duplicates (especially between work accounts and personal accounts). Also, make sure you use a strong and unique 12+ character passphrase for each account. They are easier to remember and harder to crack. If you cannot remember all of your passwords, consider investing in a password manager to store all of your passwords. Finally, if possible, enable multifactor authentication (MFA) on all of your accounts. The app version is better than the SMS version because scammers can create fake MFA SMS text messages.
  4. Update all of your apps and settings– When going through your digital spring-cleaning checklist, it is important to keep apps, programs and devices up-to-date on all software. The device will run faster, and it will lead to increased privacy, which will make it more difficult for someone to hack into them. It is also a good idea to enable automatic updates when possible.
  5. Look at the permissions you allow– Pay attention to the permissions you allow the mobile apps on your device because third-parties could be tracking information about you that you might not realize. If they aren’t actively using the collected data, they may still be storing it, leaving your personal information vulnerable to cyberattacks should the third-party fall victim to a data compromise.
  6. Review plugins and add-ons in your browser- Review the permission settings of the plugins and add-ons to make sure you are not sharing too much information. If you are not using a particular plugin or add-on anymore, delete it.
  7. Review your social media privacy settings– Check your privacy settings on all of your social media accounts to ensure you are not oversharing information with people you do not know. If criminals get a hold of enough information about you, your family and your friends, they can connect enough dots to commit scams based around social engineering.
  8. Clean out your email– Get rid of any unnecessary emails in your inbox, especially emails that contain personal information.

Other Digital Spring-Cleaning Tips

There are a few more spring-cleaning tips for people to follow:

  • While doing your spring cleaning, if there are important documents you might need later, you can photograph or scan them, and then store the originals in a secure space like a safe or bank safety deposit box.  
  • While you’re cleaning your email inbox, take a moment to destroy any paper documents you no longer need, especially those records with personal information.
  • It is also a good idea to organize your digital files. While it is time-consuming, it will make more space available for the most important things that need to be stored on your devices.

Contact the ITRC

If you have more questions about digital spring cleaning, a digital spring-cleaning checklist, or if you believe you are a victim of identity theft, contact us. You can chat with an expert advisor toll-free by phone (888.400.5530) or live-chat. You can also check out our latest resources. Just go to www.idtheftcenter.org to get started.

The IDSA shares with the ITRC in the newest Fraudian Slip podcast exploring identity management & the future of identity

  • This week, the Identity Theft Resource Center (ITRC) celebrated Identity Management Day, hosted by the Identity Defined Security Alliance (IDSA). The day raised awareness on the importance of identity management, securing digital identities and sharing best practices to help organizations and consumers.
  • The ITRC sat down with the IDSA to discuss how identity management has changed, the future of identity, how identity crimes are changing and much more.
  • To learn more, listen to this week’s episode of The Fraudian Slip
  • You can also learn more about the identity-related crimes discussed in the podcast and how to protect yourself from identity fraud and compromises by visiting the ITRC’s website.
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started.

Below is a transcript of our podcast with special guest Julie Smith, Executive Director of the Identity Defined Security Alliance

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. 

This month, April, we’re going to talk about one of the hottest topics in the world of cybersecurity, privacy and identity. Namely, the shift from what we think of as traditional identity theft to what is increasingly more common today – identity-based fraud.

As more organizations analyze their 2020 data and information from the first three months of 2021, there is a common theme. Cybercriminals are less interested in mass attacks seeking to scoop up as much information as possible about consumers. Instead, data thieves are focusing on attacking organizations where they can hold data for ransom, or where an attack against a single company can yield information from all the customers who rely on the breached business.

At the core of many of these attacks are identity credentials, little pieces of information that once upon a time was pretty much limited to your driver’s license, Social Security number and occasionally your mother’s maiden name. Today, identity credentials are everything from your login and password, which is more valuable than your credit card information to a cybercriminal, to the location where you use your smartphone.

The complexity of identity today makes it simultaneously more difficult to protect your identity while also making it easier to prove you are who you say you are.

This week we celebrated Identity Management Day to raise awareness of the importance of identity management, securing digital identities and sharing best practices to help organizations and consumers. Be Identity Smart. 

Identity Defined Security Alliance (IDSA) hosted the day.

We talked with Executive Director of IDSA Julie Smith about the following:

  • The IDSA, its members, and issues
  • How identity management has changed
  • A businesses role in managing and protecting consumer identities; the most important actions to take
  • The future of identity

We also talked with ITRC CEO Eva Velasquez about the following: 

  • How identity crimes are changing
  • Consumer self-management and protection; the most important actions to take
  • The future of identity

For answers to all of these questions, listen to this week’s episode of The Fraudian Slip Podcast

Contact the ITRC or IDSA

You can learn more about data privacy, cybersecurity, the future of identity and other identity-related issues by visiting the ITRC’s website www.idtheftcenter.org. If you want to learn more about the IDSA and its work, you can visit www.idsalliance.org.

If you have questions about how to protect your personal information, or if you believe you have been the victim of an identity crime or compromise, talk to one of our expert advisers on the phone (888.400.5530), by live-chat or by email during normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Be sure and join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip.

  • Identity Management Day 2021 is about informing people of the dangers of improperly managing and securing digital identities. It is also designated to share best practices. 
  • The biggest threat to individual identities is the significant shift away from traditional identity theft fueled by personal information acquired in mass attacks and towards credential theft used to commit identity fraud, according to the Identity Theft Resource Center.  
  • Targeted attacks against businesses are easier for threat actors to execute and result in a larger payout. The average ransomware payment from companies has grown from less than $10,000 in Q3 2018 to more than $312,000 per event today.  
  • To protect themselves, businesses and consumers should follow cyber-hygiene best practices, especially good password management. To learn more or participate in Identity Management Day 2021, visit https://www.idsalliance.org/identity-management-day-overview/

Save the date for the first-ever Identity Management Day! Identity Management Day 2021, hosted by the Identity Defined Security Alliance (IDSA) and the National Cybersecurity Alliance (NCSA), is a day to inform people about the dangers of improperly managing and securing digital identities. It raises awareness, shares best practices and leverages the support of vendors in the identity security space.  

Identity Management Day 2021 is important for both businesses and individuals. According to IDSA, 79 percent of organizations have experienced an identity-related breach in the last two years, and 99 percent believe their identity-related breaches were preventable. A report from the Federal Trade Commission (FTC) shows that identity theft reports have tripled since 2018.  

Technology grows in importance every day as the world moves towards a digital-first model. With the emphasis on technology, it is more vital that people’s digital identities and the systems that protect them work properly. 

The Biggest Identity Management Challenge Facing Businesses & Consumers  

The biggest threat the Identity Theft Resource Center (ITRC) sees to identities is the dramatic shift to credential theft and away from traditional attacks fueled by personally identifiable information (PII) acquired in mass attacks. Today, threat actors are more interested in collecting personal and business logins and passwords that can be used in credential stuffing, phishing (including business email compromises or BECs) and supply chain attacks.  

  • Statistics show that cybercriminals are spending more time and effort on attacks that rely on personal credentials to commit cybercrimes like identity-related fraud. According to the ITRC’s Q1 2021 Data Breach Report, the number of individuals impacted by a data compromise was up 564 percent in Q1 2021 compared to Q4 2020. The rise is in large part to an increase in supply chain attacks. There have been supply chain attacks at 27 third-party vendors and 19 supply chain attack-related data compromises in Q4 2020.  
  • According to the FBI, BEC scams cost businesses more than $1.8 billion in 2020. The ITRC’s 2020 Data Breach Report shows 382 phishing/smishing/BEC attacks, making up 44 percent of all publicly-reported U.S. data breaches in 2020.  
  • The trend toward supply chain attacks shows that cybercriminals are concentrating their efforts by attacking single organizations that give them access to the data of multiple businesses. Instead of attacking 1,000 consumers to gain $300,000, threat actors attack one company and walk away with the same amount or more money with less effort and risk. 

What You Can Do 

The ITRC’s advice is simple and revolves around good password and cyber-hygiene practices.  

  • A long and memorable password (12+ characters) is a great way to keep people out of your account. They are easier to remember and harder for a criminal to use an automated tool to crack. 
  • It is essential to have a unique password for each account. If your credentials for one account are stolen, threat actors will not be able to access any of your other accounts.  
  • Do not use a password from one of your personal accounts on a work account. It puts consumers and businesses at an increased risk. 
  • Multifactor authentication (MFA) is always a good idea because it creates an added layer of security for the account. It is better to use MFA with an app than SMS because hackers can create scams with fake SMS MFA messages.  
  • Never click on a link in an unsolicited email, text or social media direct message. You should directly contact the sender to see if the message is legitimate if there is any doubt.  

The ITRC is honored to participate in Identity Management Day 2021 and hopes to educate business leaders, IT decision-makers and the general public about the importance of managing and securing digital identities. To learn more or participate in Identity Management Day 2021, visit https://www.idsalliance.org/identity-management-day-overview/.  

  • According to a report from Javelin Strategies, traditional identity theft is declining. However, what one might think of as identity theft is being replaced by identity fraud.
  • trend identified by the Identity Theft Resource Center (ITRC) in 2020. Cybercriminals continue to move away from mass data breaches of consumer information to more targeted attacks like phishing, ransomware and supply chain attacks.
  • There is no reason for consumers to panic. One record exposed is one too many, but one can’t determine the risk represented by a data breach based on the size of the breach. Knowing what records are exposed is far more important than how many records are compromised.
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified. 
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

The Path is Smooth That Leadeth on to Danger

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for April 2, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. Last week we talked about the FBI’s most recent cybercrime report that shows an exponential increase in cybercrime and the losses associate with it. This week we look at how people can assess what that really means for them or their business.

In his poem, Adonis and Venus, Shakespeare wrote, “The path is smooth that leadeth on to danger.” That is the title of this week’s episode, reflecting how our desire for convenience often leads to risky behaviors.

Traditional Identity Theft is on the Decline

Let’s start with a good and bad news trend. A report from Javelin Strategies is the latest to show that “traditional identity theft” is declining. That’s good news. However, here is the “but” people may be expecting: what we think of as identity theft is being replaced by identity fraud.

Identity Fraud Cases Are on the Rise

What does that mean? It’s part of the general trend we’ve discussed where cybercriminals move away from mass data breaches of consumer information to more targeted attacks. Phishing, ransomware and supply chain attacks are good examples of the kinds of exploits that allow criminals to hit a company. The criminals reap hundreds of thousands of dollars from a single organization instead of the old-school way of attacking thousands of consumers.

However, less risk to individuals is not the same as low or no risk. In fact, the whole concept of identity fraud is based on using consumer behaviors to lure people into a scam. Maybe it’s a text that says someone’s Amazon account has been frozen, and the user needs to click on a link to verify their password to unlock it – and they do. They have just given them their login and password, which regulars of the podcast know are 10x more valuable to a data thief than a consumer’s credit card information.

Maybe someone gets an email from Google or Microsoft claiming their payment card is about to expire. All the user needs to click on is a link to log in and update their information. However, the email and login webpage are deep fakes, and the user just shared their login, password and credit card information with criminals.

All of these phishing techniques are predicated on our behaviors as humans, the need to instantly address any issue that appears by text or email in the most convenient way possible.

While different research reports come up with different identity fraud case totals, they all agree it is on the rise, and the dollar value starts with a B, as in billions. Right now, one might be thinking, “Well, that’s just great. Do I panic now or panic later?”

No Reason for Consumers to Panic

First, there is no reason to panic at all. People may have seen a media headline that talked about more records being exposed in data breaches in 2020 than in the past 15 years combined. While that is attention-grabbing, it’s not particularly meaningful.

One record exposed is one too many, but the reality is one can’t determine the risk represented by a data breach based on the size of the breach. Someone’s date of birth and Social Security number are two records. They may have been exposed thousands of times over the past 15 years, but they are still only two data points, and they don’t change.  However, the risk associated with each data point is very different.

Knowing what records are exposed is far more important than how many records are compromised. Knowing how to protect your own information is the most important information, and that’s where the ITRC can help.

Contact the ITRC

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. 

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.  

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.  

  • According to ID.me Founder and CEO Blake Hall, the ultimate unemployment benefits fraud totals could be between $200-$300 billion for the last year.  
  • Hall also says that over 50 percent of the claims being paid on are fraudulent, individuals are applying with their own identity in multiple states, and that eligibility fraud is at 30 percent.  
  • To learn more, listen to this week’s episode of The Fraudian Slip.  
  • You can learn more about the identity-related crimes discussed in the podcast and how to protect yourself from identity fraud and compromises by visiting the ITRC’s website www.idtheftcenter.org
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started. 

Below is a transcript of our podcast with special guest Blake Hall, CEO of ID.me 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. 

This month, March, we will explore one of the key issues at the root of the tsunami of fraudulent unemployment benefit claims prompted by the COVID-19 pandemic. The level of benefit fraud has gone from truly unprecedented to staggering. 

In mid-2020, the Inspector General for the U.S. Department of Labor told Congress that stolen unemployment benefits could reach $26 billion. That was before the state of California warned benefit fraud had already exceeded $11 billion just in that state. This past weekend, officials now estimate the amount of fraud to be more than $60 billion.  

Our guest on this month’s podcast, ID.me Founder and CEO Blake Hall, predicts the ultimate unemployment benefits fraud totals will be between $200-$300 billion. He also says over 50 percent of the claims being paid on are fraudulent, individuals are applying with their own identity in multiple states, and that eligibility fraud is at 30 percent.  

This is just one piece of a bigger identity-related fraud puzzle. Complaints to the Federal Trade Commission (FTC) about identity-related fraud more than doubled in 2020, with government credential and benefit fraud topping the list. 

What is the common denominator here? Automated and manual processes are used to prove we are who we say we are. I.D. verification and validation is a bedrock principle of our technology-driven world. Professional cybercriminals have largely figured out how to get around common identity proofing techniques.  

In some cases, well-meaning state officials even “pulled the goalie” last year by relaxing verification standards to help speed benefits to people impacted by the pandemic who desperately needed the help.  

There is good news to be found when it comes to identity verification. Private companies and government agencies are rapidly moving away from traditional I.D. proofing and to more modern, secure, and accurate ways of proving you are who you claim to be. 

We talked with ID.me CEO Blake Hall about the following: 

  • Traditional ways to verify identities, and how they failed in 2020 
  • State of the Art in I.D. verification 
  • What is next for I.D. verification in the age of privacy 

We also talked with ITRC CEO Eva Velasquez about the following: 

  • What happened in 2020 with identity-related fraud  
  • What individuals can do to protect themselves against identity-related fraud 
  • Resources available to help consumers protect themselves from identity-related fraud 

For answers to all of these questions, listen to this week’s episode of  The Fraudian Slip Podcast

  • In 2020, the Federal Trade Commission (FTC) received nearly 100,000 business or personal loan fraud reports, many of them related to Small Business Administration (SBA) loan identity fraud.
  • That’s more than double the number of loan fraud reports from a year earlier. The Identity Theft Resource Center (ITRC) has also seen a spike in SBA loan identity crime reports since the COVID-19 pandemic.
  • Identity thieves apply for SBA loans (primarily Economic Injury Disaster (EIDL) and Paycheck Protection Program (PPP) loans) using stolen Social Security numbers and business Employer Identification numbers (EINs).
  • Scammers are also targeting consumers through phishing schemes in an attempt to steal their Social Security Numbers and other personal information needed to commit SBA loan identity fraud.
  • If anyone believes they are the victim of an SBA loan identity crime or would like to learn how to protect themselves from becoming a victim, they can contact the ITRC to speak with an advisor toll-free at 888.400.5530 or via live-chat. Just go to www.idtheftcenter.org to get started.

Small Business Administration (SBA) loan identity fraud spiked in 2020 due to COVID-19, and it continues to be a growing issue in 2021. The Federal Trade Commission (FTC) says in 2019, they received 43,920 reports of fraud involving business or personal loans; the number more than doubled in 2020 as the FTC had 99,650 reports. The FTC acknowledges that not all of the reports are related to SBA loan identity fraud, but also notes many of them are.

The Identity Theft Resource Center (ITRC) has seen a spike in calls and live-chats around SBA loan-related identity theft. The contacts continue today as contact center advisors work to help victims. Here is a testimonial from one victim who turned to the ITRC regarding their SBA loan identity crime case:

“I want to thank you for all your suggestions. You are the third (organization) I have contacted and by far the most helpful. I received a form from the Small Business Administration, and after returning it with the police report and the Identity Theft Report, I was informed that my debt with them would be canceled. It is such a huge weight off me. I did everything you suggested, and our credit is frozen with all the CRA’s. Thank you again.”

There are different forms of SBA loan-related identity theft of which  businesses and consumers should be aware:

Economic Injury Disaster Loans (EIDLs)

Economic Injury Disaster (EIDL) loans, loans for businesses that suffer substantial economic injury located within a disaster area, have always been available through the SBA. However, they have been expanded as part of the CARES Act to provide relief to businesses experiencing financial loss due to COVID-19. Identity fraud from an EIDL loan occurs when a threat actor applies for an EIDL loan using either a consumer’s Social Security Number (SSN) or a business’s Employer Identification Number (EIN).

Paycheck Protection Program Loans (PPPs)

Paycheck Protection Program (PPP) loans were designed to help businesses maintain their payroll and keep their workforce during COVID-19, and they are available through a lender. Identity fraud from a PPP loan occurs when an identity thief applies for a PPP loan using a stolen SSN, a business EIN or other stolen personal information needed to obtain a loan.

What to do if You Are a Victim of SBA Loan Identity Fraud

If a consumer or a business is the victim of an SBA loan identity crime (whether it’s from either an EIDL or PPP loan), they should take the following steps:

  1. Go back to the source of the loan to notify them of the identity fraud. If the identity fraud is from an EIDL loan, the victim should contact the SBA. If the fraud involves a PPP loan, the affected party should contact the lender that issued the loan. See below for more information on what the SBA requires people to submit, where to submit it, and details on their process.
  2. File an Identity Theft Report with the FTC at www.IdentityTheft.gov. An Identity Theft Report is one of the required documents by the SBA to cancel the loan debt as quickly as possible. Other documents needed include photo identification issued by a federal or state agency and a completed and signed Declaration of Identity Theft. For more information on the steps required by the SBA, click here.
  3. Place a credit freeze to lock credit files until they are needed.A credit freeze is the most effective way to ensure new loans or accounts are not opened.
  4. A less effective option is to place a fraud alert on credit files to alert potential creditors to take extra precautions before extending credit.
  5. Verify with the Secretary of State’s Office or another government agency where the business is registered to ensure the company’s ownership and registration status have not been changed.

Contact the ITRC

Anyone who believes they are a victim of SBA loan identity fraud should contact the ITRC for more information. People can speak to an advisor by phone (888.400.5530) or by live-chat to develop a resolution plan. Anyone who wants to document their steps can use the ITRC’s ID Theft Help app’s case log feature. Consumers who want to learn more can also check out our latest education resources at www.idtheftcenter.org.

  • According to the Federal Trade Commission (FTC), imposter scams were the top reported fraud in 2020. The FTC had approximately 500,000 reports of the scam, leading to an estimated $1.2 billion in lost funds.  
  • The Identity Theft Resource Center (ITRC) saw many different forms of identity-related imposter scams in 2020, including scammers pretending to be healthcare workers with COVID-19 tests or vaccinesfamily members that needed help, and government officials so they could steal stimulus payments
  • Online shopping and negative reviews were the second most reported fraud to the FTC in 2020, and phone calls and text messages continued to be the top method for scammers to attack consumers. 
  • The ITRC also saw online shopping scams spike, particularly during the holiday season, and saw an array of phone scams, including utility scamsvoice cloning scams, and coronavirus testing scams linked to consumers’ identities. 
  • For more information on 2020 fraud trends or if someone believes they are a victim of fraud, they can visit www.idtheftcenter.org for resources or speak with an advisor toll-free by phone (888.400.5530) or live-chat. 

2020 has come and gone, and scammers have left their mark. As Identity Theft Resource Center (ITRC) COO James E. Lee cited many times over the last year, 2020 was the Super Bowl, World Series, World Cup and NBA Finals all rolled into one for scammers. In April, ITRC CEO Eva Velasquez said she had never seen anything that would create a more massive scale of fraud than COVID-19. A recent report from the Federal Trade Commission (FTC) confirms that 2020 was a banner year for the bad guys. 2020 fraud trends reported by the FTC show 2.2 million people reported fraud, and $3.3 billion was lost to that fraud.  

Slide from the ITRC and FTC’s Identity Theft Awareness Week 2020

Watch now: Ripple Effects of COVID-19 Related Identity Theft & Tips to Protect Yourself in 2021

Imposter Scams Were the Top Reported Fraud in 2020 

Scammers acted as many different groups of people in 2020. Some of the threat actors pretended to be government officials to steal stimulus payments or Small Business Administration (SBA) loans. Others pretended to be healthcare workers with COVID-19 tests or vaccines, or family members that needed help. Some even acted as fake charities.  

The FTC reports that they received nearly 500,000 reports of imposter scams that cost people  $1.2 billion, with a median loss of $850. Government and business imposter scams were among the top categories of COVID-19 and stimulus-related reports. 

Online shopping and negative reviews were the second most reported fraud category of 2020, according to the FTC. The ITRC saw a spike in online shopping, particularly during the holiday season. Adobe Analytics reports U.S. consumers spent $188 billion shopping online during the holiday season, a 32 percent year-over-year increase. The U.S. Department of Commerce also validates the significance of the spike, showing online sales traditionally rise between one to two percent per year. 

COVID-19 brought an increase in online shopping and then a wave of reports about sellers failing to deliver on promises, or just failing to deliver. The FTC says they got more than 350,000 reports, with people claiming they lost a total of more than $245 million, with a median loss of approximately $100. 

Scams from phone calls and text messages continued to be the top method for scammers to target consumers. The ITRC saw numerous phone scams involving the misuse of personal information in 2020, like the utility scamvoice cloning scam and the coronavirus testing scam.  

The FTC says there was an increase in the number of reports saying that scammers contacted them by text message. The ITRC saw numerous text message scams in 2020, including COVID-19 contamination scamsstimulus checks scams and election scams. The FTC had reports of many of the same text message scams, including stimulus relief, economic relief or loans for small businesses or “waiting packages.”  

What Consumers Should Do  

While every scam is different, consumers should: 

  • Never respond to any unknown or unsolicited messages they receive. Instead, people should reach out directly to the company or person the message claims to be from to verify the message’s validity. 
  • Never voluntarily give out any personally identifiable information (PII). People should only provide PII when necessary and confirm the company or organization asking for it is legitimate. 
  • Never click on any links, attachments or files in an unexpected or unsolicited message. Many times, the links, attachments and files lead to malware. 

Anyone who wants more information on 2020 fraud trends, or believes they were a victim of fraud, can visit the ITRC website for additional resources. They can also contact an advisor toll-free by phone (888.400.5530) or by live-chat. All people have to do is visit www.idtheftcenter.org to get started.. 

  • The Internal Revenue Service (IRS) and the Identity Theft Resource Center (ITRC) expect to see an increased number of Americans who are victims of 1099-G form fraud due to unemployment benefits obtained in their name. In fact, the ITRC has already received calls and like-chats about the fraud. 
  • Unemployment benefits fraud has led to a large spike in identity-related fraud cases recorded at the ITRC. Also, the Department of Labor Inspector General estimates that as much as $26 billion in pandemic-related unemployment benefits were obtained by fraud. 
  • The IRS says anyone who receives a 1099-G form related to unemployment benefits that were not received should contact the state (or states) that paid the benefits to request an amended 1099-G form that can be sent to the IRS as proof they did not receive the funds.  
  • The IRS also encourages people to file their taxes early and use direct deposit for the quickest refunds. The IRS will begin accepting and processing 2020 tax returns on February 12. 
  • Anyone who believes they are a victim of 1099-G form fraud or unemployment benefits fraud should contact the ITRC toll-free by phone (888.400.5530) or live-chat on the ITRC’s website 

Tax season is right around the corner. On February 12, the Internal Revenue Service (IRS) will begin accepting and processing 2020 tax returns. While consumers look for their W-2 forms for wages and 1099 forms for non-wage income, some consumers may find themselves victims of 1099-G form fraud from an identity crime that started to spike in the spring of 2020.  

The Identity Theft Resource Center (ITRC) has already begun to receive phone calls and live-chats from victims stating they received a 1099-G form, wondering what to do next. According to The Vermont Labor Commissioner Mike Harrington, in Vermont, 1099-G forms for nearly 44,000 people were sent to the wrong address after a likely mix-up. 

These are issues the ITRC and IRS recently discussed on the Fraudian Slip, the ITRC’s podcast, where we talk about all-things identity compromise, crime and fraud, including the impact identity issues have on people and businesses. 

Unemployment Benefits Fraud 

People have been falling victim to unemployment benefits fraud since the COVID-19 pandemic began, leading to a rise in unemployment. In an average year, the Identity Theft Resource Center (ITRC) is contacted by fewer than 20 unemployment benefit fraud victims. However, in 2020, more than 700 victims of unemployment benefits fraud reached out to the ITRC, and more than 6,000 consumers visited the company website idtheftcenter.org to find information about unemployment benefits fraud.  

Also, the Department of Labor Inspector Generalhas informed Congress that as much as $26 billion or more in fraudulent pandemic-related unemployment benefits have been paid. California officials say the amount of fraud in the state is at least $11 billion.   

1099-G Form Fraud due to Unemployment Benefits Fraud 

As staggering as the numbers for unemployment benefits fraud were in 2020, the number of people who found out they were impacted by the fraud could rise even more once tax season begins. More Americans than ever are likely to receive 1099-G forms that report how much government benefit income a taxpayer received. If an identity criminal used someone else’s information to file for unemployment benefits, the benefits are considered taxable income that will be reported to the IRS by the state paying the benefit. While states are aware of many fraudulent payments, some fraudulent unemployment benefits may have gone undetected. The IRS expects to see a rise in taxpayers that contest their 1099-G forms claiming they did not receive any unreported income from government benefits 

What Consumers Should Do 

There are several steps that consumers should take if they receive an inaccurate 1099-G form. 

  • Contact the state(s) that issued the 1099-G The IRS advises taxpayers who receive an incorrect Form 1099-G for unemployment benefits they did not receive to contact the issuing state agency and request a revised Form 1099-G showing they did not receive these benefits. Taxpayers who cannot obtain a timely, corrected form from states should still file an accurate tax return, reporting only the income they actually received. A corrected Form 1099-G showing zero unemployment benefits in cases of identity theft will help taxpayers avoid being hit with an unexpected federal tax bill for unreported income. Taxpayers do not need to file a Form 14039, Identity Theft Affidavit, with the IRS regarding an incorrect Form 1099-G. The identity theft affidavit should be filed only if the taxpayer’s e-filed return is rejected because a return using the same Social Security number already has been filed. 
  • Apply for the IP PIN– The IRS now allows any taxpayer who can verify their identity to seek an “Identity Protection PIN.” The IP PIN can be used when filing an income tax return to help prevent cybercriminals from filing fake tax returns.Consumers can visit IRS.gov and click on the Identity Theft Protection link at the bottom of the home page to apply for the IP PIN. While it does not prevent unemployment benefits fraud that already occurred from impacting their tax return, it can still protect them from tax identity theft. 
  • File taxes early While this tip does not apply to unemployment benefits fraud, it is always a good idea for people to file their taxes as soon as possible to reduce the likelihood of a criminal beating them to it. The IRS says consumers should file electronically and use direct deposit for the quickest refunds.  

If anyone believes they are the victim of 1099-G form fraud, unemployment benefits fraud or both, they can contact the ITRC toll-free for help. Victims can call to speak with an advisor (888.400.5530), live-chat with an expert or send an email during business hours. All people have to do is visit idtheftcenter.org to get started.  

By Eva Velasquez, president and CEO, Identity Theft Resource Center 

  • The Identity Theft Resource Center (ITRC) expects to see the number of victims of COVID-19 identity crimes continue to rise in 2021. The ITRC’s new data shows an increase in identity crime victims being targeted multiple times (28 percent in 2019 versus 21 percent in 2018) before pandemic-related identity crimes. The ITRC expects to see victims targeted multiple times continue to rise. 
  • Right now, victim resources are not top of mind for many people. Since 2018, U.S. Department of Justice funds allocated for all crime victim services has fallen from a high of $3.7 billion to $1.9 billion. 
  • Focusing on just the dollar losses of identity fraud paints an incomplete picture because it does not consider long-term impacts or each victim’s unique situation. 
  • Additional pandemic-related benefits and stimulus payments due in early 2021 will also result in more identity crime victims linked to new benefit fraud cases.  
  • Join experts from the ITRC and the Federal Trade Commission (FTC) on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. 

The last year has been a difficult one for many people. Some have lost their jobs, others have had to close their businesses and many people have gotten sick or lost loved ones from the coronavirus. Another segment of people affected has not gotten as much attention: victims of COVID-19 identity crimes.  

The Impacts of COVID-19 Identity Crimes in 2020 

Millions of state unemployment benefit-related identity theft cases have been detected across the country since March 2020. On average, the Identity Theft Resource Center (ITRC) receives less than 20 inquiries regarding unemployment benefits a year. In 2020, the ITRC had more than 700 unemployment benefits fraud victims reach out for help. 2020 also saw a sharp increase in scams. Criminals had countless opportunities to trick people with phishing scams, charity scams, healthcare scams, disaster scams and work-from-home scams.  

What to Expect in 2021 

The ITRC believes COVID-19 identity crimes will impact victims well into 2021. Many victims may not be aware that their identity credentials were misused until they receive an IRS Form 1099 for non-wage income. The ITRC’s research also shows a significant increase in identity crime victims being victimized a second time, even before the rise in fraud, scams and identity crimes in 2020. The post-pandemic analysis should show an even greater spike.  

The Ripple Effects of the Pandemic-Related Identity Crimes 

Resources for identity crimes are not keeping pace with the criminals. Trends identified by the ITRC and many private-sector researchers show that profit-motivated cybercriminals are using consumer’s and employee’s bad security habits, as well as the changing work environment, to attack businesses more often. Yet, resources for cybersecurity training and education along with identity-related crime victim assistants are moving in the opposite direction. 

Since 2018, U.S. Department of Justice (DOJ) funds allocated for all crime victim services has dropped from a high of $3.7 billion to $1.9 billion. Discretionary DOJ grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020. Funds to programs that support victims of identity crimes and compromises, cybercrime, scams and fraud have been reduced to $0. 

Meanwhile, the average ransomware payment has grown from less than $10,000 per incident in late 2018 to $233,000 as of Q3 2020, with some large enterprises reportedly paying ransoms over $1 million, according to cybersecurity firm Coveware. The most common root cause (55 percent) of ransomware attacks is stolen credentials to access a business system or network remotely. 

Measuring just the dollar amount paints an incomplete picture. A dollar sign does not take into account the trauma, downstream effects and lost opportunity costs for each of the victims whose identity credentials were misused. New ITRC research that will be published in May 2021 reveals an increase in identity crime victims being targeted multiple times. Nearly 28 percent of victims reported a second identity crime in 2019 versus 21 percent in 2018. At the ITRC, we expect to see that number continue to go up, especially after the rise in COVID-19 identity crimes.  

What It Means Moving Forward 

The data shows that COVID-19 identity crimes will continue in 2021, and more victims will suffer from the trauma of a second and even third identity crime. Someone that does not trust an infrastructure that has failed them will continue to disengage. Some victims cannot meet their basic needs or find a job because they cannot pass a background check until they get the fraud resolved. How long does that take? How does someone explain that to an employer? They are simply the victim of a crime that is not acknowledged to have the devasting life impacts that it does.  

The statistics show we are not winning the battle to protect ourselves from cybercriminals. Winning will require us to devote more resources toward assisting victims and devote more time and attention to educating consumers and employees of their need to be cyber-aware and vigilant. 

What to Do If You’re a Victim of Identity Theft 

If anyone believes their information may have been compromised, we suggest contacting us toll-free. Consumers can call (888.400.5530) or live-chat with an identity theft advisor to start their remediation process. Our experts will help advise victims on the best next steps for them to take.  

Learn more  

People can learn more about identity theft and COVID-19. Join experts from the ITRC and the FTC on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. We’ll explore topics including identity theft involving unemployment benefits, federal stimulus payments, Small Business Administration loans and more. Register here

The webinar is being held as part of the FTC’s Identity Theft Awareness Week, February 1-5, 2021. To find out more about the week’s events and the FTC’s free identity theft resources, please visit the FTC’s website