The Merchant Risk Council talks with the Identity Theft Resource Center in the newest Fraudian Slip podcast about holiday identity theft and what people can do to protect themselves

  • We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season.
  • 2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Most of the fraud and scams is due to cybercriminals using good, old-fashioned scams.
  • The Identity Theft Resource Center (ITRC) sat down with the Merchant Risk Council (MRC) to discuss holiday identity theft, triangulation fraud and steps to protect yourself while shopping during the holiday season.
  • You can learn more about holiday identity theft, retail fraud, what you can do to stay safe and other topics discussed in this podcast by visiting the ITRC’s website www.idtheftcenter.org.
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor.

Below is a transcript of our podcast with special guest Julie Fergerson, CEO of the Merchant Risk Council

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon now.   

We are days away from what will be one of the most unusual holiday shopping seasons in our lifetimes, coming off of an unusual holiday season. Or, if you have headed the warnings from retail experts, you already know we are in the midst of a second holiday season when supply and demand are not in sync. That means more people than ever are turning to online marketplaces to help Santa deliver the goods this year. However, it also means holiday identity theft.

2020 and 2021 have seen record levels of identity fraud, a lot of it related to shopping online. Before you throw your laptop or mobile phone out the window and vow to never shop the internet again, know that very little of that fraud is cybersecurity-related. Most of the fraud and scams are related to cybercriminals using good, old-fashioned scams (and maybe a few bad habits) to trick you into buying something that is too good to be true – because it isn’t.

Joining us to talk about how you can protect yourself and your holiday from holiday identity theft, and the haul from the Grinches that want to steal little Cindy Lou Who’s gifts and roast beast, is Julie Fergerson, the CEO of the Merchant Risk Council (MRC) and the ITRC’s own CEO Eva Velasquez.

We talked with Julie Fergerson about the following:

  • What’s the MRC?
  • Retailers that you do not recognize with deals that sound too good to be true; a quick Google search can show you complaints against a retailer or if they are fake.
  • Triangulation fraud (auction sites).
  • What to do if you don’t recognize a charge on your credit card statement.
  • Alternative payment methods, like buy now and pay later (BNPL) or peer-to-peer (P2P). Payments like those may not have the same consumer protections, which regulators are discussing now.
  • The importance that you trust your instincts to protect yourself from holiday identity theft.

We talked with Eva Velasquez about the following:

You can learn more about the identity scams that involve your identity, privacy or security, or get help if you have been the victim of holiday identity theft by visiting the ITRC’s website www.idtheftcenter.org.

Be sure to join us next week for our Weekly Breach Breakdown podcast. Next month we will look back to see how well we did with our 2021 predictions. We will also look ahead at what to expect in 2022 – on the December episode of The Fraudian Slip.

  • Identity criminals can compromise people’s phones and devices through weaknesses in the device operating software, applications and SIM swaps.
  • To protect your device from a tablet or phone hack, automatically download patches and software updates as soon as they are available, set up your lock screen to use biometrics or a password/passcode/PIN, enable “Find My…” device features, only download apps from the device manufacturer’s app stores, and avoid public Wi-Fi if possible.
  • You will know if you suffered a tablet or phone hack if you can’t make or receive calls, access your device, or there are calls and text messages that you did not initiate. Certain kinds of malware can also slow your device and result in your battery draining faster.
  • If you believe you’ve been compromised, pull out your SIM card, contact your carrier and be prepared to reset your phone or tablet.
  • To learn more, contact the Identity Theft Resource Center. You can speak with an advisor toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

As phones and tablets become more and more like portable mini-computers and the world moves towards digital versions of paper documents and currency, more personal data is stored on our devices. This makes them attractive targets for thieves who want to steal or sell your information or impersonate you, which could lead to you having your tablet or phone hacked. Many people are afraid of being hacked, but does being “hacked” truly mean?

People think of being hacked as a third-party gaining access to a device through some highly specialized technology where they’re able to crack passwords and get around device security. When it comes to tablet and phone hacks, that usually isn’t the case. Unfortunately, it can be much simpler than that for a thief to gain access to a device because of our own behaviors.

How They Access Your Device (While You Still Have It)

  • Through known weaknesses in the device software – those software update notices you get are to patch those weaknesses and add new features. If the device doesn’t have the latest update, it’s open to known vulnerabilities.
  • Through downloads – app downloads or clicking on links that download software.
  • SIM swap – a criminal calls your carrier pretending to be you and moves your phone number and backup data to another device.

How to Protect Yourself or Your Mobile Device

  • Download patches and software updates as they become available.
  • Only download apps from approved app stores from the maker of your device (Google, Samsung, Apple, Microsoft, for example). These apps have been through a review process to help ensure your safety and security. Some devices and applications are more security and privacy respectful than others. Be sure to do your research first.
    • Look at the data collection notice – the more data they want to collect from you, the less legitimate the app developer may be.
    • Look for apps that have high ratings from a large number of people.
    • Watch out for apps that tell you to download directly from their site instead of through a manufacturer’s app store.
  • Don’t download apps directly from a website. Cybercriminals create legitimate-looking websites with malware-filled applications for download. The only way to reduce your risk of a tablet or phone hack is to avoid direct downloads and rely on your device maker’s app store.
  • Don’t use public Wi-Fi for your mobile devices or laptop.

How to Protect Your Device If It’s Lost or Stolen

  • Report your mobile phone or SIM card-enabled tablet as stolen to your mobile carrier. The carrier can disable the service and recognize the device if someone tries to connect it to a new or different account.
  • Make sure you have the “Find My…” device enabled for your phone, tablet and smartwatch. If your device is lost or stolen and the SIM card has not been removed, you can locate the device or disable it so it cannot be used until returned. If the SIM card has been removed, that defeats the “Find My” feature.
  • Set up your lock screen to use biometrics, a password, or passcode (PIN). This will make your device difficult, if not virtually impossible, to compromise depending on the device maker.

How to Know if Your Device Was Compromised

  • You can’t make outbound calls or receive inbound calls.
  • You can’t open your device or access your apps.
  • There are outbound calls or texts not initiated by you.
  • You’re using more data than usual.
  • Your battery is draining faster than normal, but you’re still using the device the same amount of time, performing the same tasks as usual.

What to Do if You’ve Been “Hacked”

  • Pull your SIM card.
  • Contact your carrier for a mobile phone or tablet with a SIM card.
  • Be prepared to reset your phone or tablet if asked by your carrier. You can usually do this through your phone account or restore your device to the factory settings.
  • If your tablet is Wi-Fi only, contact your device maker’s support department.
  • Be careful if using a backup to restore your settings. Your backup may include malware, so consider only restoring your data and not your applications. You can reload the latest versions of your applications from the original app store.

Contact the ITRC

If you believe you have suffered a tablet or phone hack and want to learn more, contact the Identity Theft Resource Center. You can speak with an expert advisor toll-free by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

  • The trendline continues to point to a record-breaking year for data compromises.  Phishing is far and away the primary way criminals attack businesses & individuals. 
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.  
  • If you believe you are the victim of an identity crime or a data breach, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.   

The ITRC Goes to Washington 

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for October 8th, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we’re going to look at the data breach trends for the third quarter of 2021 and we’re going to talk about a congressional hearing this week. That’s why we’re calling this episode – The ITRC Goes to Washington. Listen to the full episode on your preferred podcast platform.

On Wednesday, the U.S. Senate Committee on Commerce, Science, & Transportation met to hear from a panel of experts on how to enhance data privacy & security. The ITRC was invited to share the latest data breach trends and offer suggestions on how to reduce the cyberattacks that lead to data breaches that ultimately may lead to an identity crime. 

2021 Data Breach Trends & Q3 Analysis 

Committee Chair Maria Cantwell of Washington started the hearing by sharing the latest stats on data breaches, pulled directly from the ITRC’s Q3 Data Breach Analysis that had been issued just about two hours earlier. And here’s what the report concluded: 

• The number of data compromises publicly-reported this year have already exceeded the total number of events in 2021 by 17 percent.  

• The trendline continues to point to a record-breaking year for data compromises. We are only 238 data events away from the all-time high set in 2017. It’s highly likely we will see a new high-water mark between a combined 1700 to 1800 data breaches, data exposures, and data leaks compared to 15.  

• The number of victims increased in Q3 by ~160M individuals. That’s more than all victims in Q1 & Q2 combined. That’s a huge jump and it means a lot of people are at risk of an identity crime, but about 100M of those people are victims of a data exposure related to 20 organizations that did not secure their cloud databases.  Those are lower-risk events since the data had not been copied or removed from the database where it was stored. 

Phishing is far and away the primary way criminals attack businesses & individuals. Ransomware is so pervasive, though, that the total number of data breaches related to a ransomware attack against an organization so far this year exceeds the total number of ALL types of data compromises last year. 

• There is a disturbing trend developing where organizations and state agencies are not sharing specifics about data compromises or reporting them on a timely basis. One state has not posted a data breach notice in the past 12 months.  

• There is some good news in the latest data breach numbers: There have been no publicly reported data compromises in 2021 attributed to payment card skimming devices. If this trend continues, this will be the first year since chip & PIN payment cards were first introduced where they have been no reported data breaches caused by skimmers.  

3 Actions To Address Identity Crimes

The Senate also asked the ITRC for recommendations on how to address the interrelated issues of cyberattacks, data breaches, and identity crimes. We offered three actions that we believe will be helpful: 

• Better cybersecurity standards and practices that are enforceable 

• Better enforcement of laws and regulations 

• And, a better victim notification system  

We also suggested there also needs to be discussion around how to better support victims of identity crimes. 

October is Cybersecurity Awareness Month 

It’s Cybersecurity Awareness Month and the ITRC encourages you to take this time to learn how to protect yourself, your family, and friends from cyber and identity criminals. You’ll find a wealth of information on our website – idtheftcenter.org. Later this month we’ll release our first report on what happens to small businesses and solopreneurs when they suffer a cyber or identity crime. And in November, the ITRC will unveil a new website with new tools and ways to communicate with or team of identity advisors. 

On October 27, we’ll issue our very first Business Aftermath Report. As a companion to our longtime report on the impact of identity crimes on consumers, the Business Aftermath Report will look at what happens to small businesses and solopreneurs after a security breach, a data breach or both.  

Contact the ITRC 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Be sure to join us next week for another episode of the Weekly Breach Breakdown. 

  • While the evolution of passwords has been happening for years, Microsoft is taking things a step further by allowing users to go passwordless.  
  • Now, instead of entering a password, you can sign in to your Microsoft accounts using the Microsoft Authenticator app, Windows Hello biometric access tool, a security key, or a verification code sent by text message or email. 
  • While the Identity Theft Resource Center (ITRC) expects this trend to continue, we recommend people wait a little bit longer before going with no passwords.  
  • The ITRC believes fewer passwords is a good thing. However, going passwordless on one account or a series of accounts is more likely to lead to a false sense of security for those accounts that still require traditional passcodes. 
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified.  
  • If you believe you are the victim of an identity crime or a data breach, contact the ITRC. Call toll-free at 888.400.5530 or live-chat on the company website www.idtheftcenter.org.   

A Password by Any Other Name 

Welcome to the Identity Theft Resource Center’s (ITRC’s)Weekly Breach Breakdown for September 24, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we revisit a favorite topic that’s been in the news lately – passwords and a passwordless future.  

In Shakespeare’s Romeo & Juliet, our tragic heroine claims she would love her beau no matter who he was by saying, “A rose by any other name would smell as sweet.”  The same cannot be said in our modern times of something with which we all have a love-hate relationship: the password. 

The Evolution of Passwords 

Designed to keep our innermost secrets and personal information safe from prying eyes, passwords have become the holy grail for identity thieves. More valuable than a Social Security number, more sought after than a credit card number.  

Passwords started as simple six or seven-letter codes and have grown into a jumble of letters, symbols and numbers that can span up to 32 characters. For decades, Password123 has been the most popular password in the world until being passed over by Password123456. 

Microsoft Transitions Towards World with No Passwords 

Now comes news that Microsoft has started down the passwordless path, killing passwords as we know them. You can now remove passwords from your Microsoft accounts to embrace a world with no passwords. However, like in Star Trek: The Undiscovered Country, “just because you can do a thing does not mean you must do that thing.”  

Microsoft has been working toward a passwordless future for years. In fact, nearly 100 percent of Microsoft employees have no passwords. Since Microsoft rolled out passwordless authentication for commercial users in March, more than 200 million people worldwide have switched to one of the alternate ways of logging in.  

Users Can Now Use Different Tools to Sign in to Their Accounts  

Now, instead of entering a password, you can sign in to your Microsoft accounts using the Microsoft Authenticator app, Windows Hello biometric access tool, a security key, or a verification code sent by text message or email.  

Should You Go Passwordless? 

For most people, the answer is not yet. Make no mistake, reducing the use of passwords is a very good thing. Cybersecurity researchers estimate there are more than 575 password attacks every second – that’s 18 billion attacks in a year. However, having no passwords on one account or a series of accounts is more likely to lead to a false sense of security for those accounts that still require traditional passcodes.  

Unless you are extremely tech-savvy and very comfortable with a multi-layered cyber security scheme, the ITRC recommends you follow this trend, not lead it. With that said, if you do want to jump into the deep end of the passwordless pool, Microsoft has made it relatively easy to do – and undo later if you change your mind. First: 

  1. Download the Microsoft Authenticator mobile app to your phone and link it to your personal Microsoft Account. Then; 
  1. Visit account.microsoft.com and choose advanced security options. Finally; 
  1. Enable passwordless accounts and approve the change from your Authenticator app. You now have no passwords when it comes to Microsoft.  

Once you have linked your accounts to the Authenticator app, you will be asked to enter a PIN or a time-based code to unlock your account each time you log in.  

If you go passwordless using the Microsoft Authenticator app, your mobile device will be an even more vital part of your daily routine. Be extra careful not to lose your phone and keep it locked in case it’s stolen. That way, thieves can’t easily access your personal information stored on the phone. 

For non-Microsoft users, Google and Apple are also working on technology that will allow you to eliminate or reduce the use of passwords. 

Contact the ITRC 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.  

Thanks again to Experian for supporting the ITRC and this podcast. Check out our latest episode from our sister podcast, The Fraudian Slip, where we talk about credit freezes with the founder of Frozen Pii. We will be back next week with another episode of the Weekly Breach Breakdown.  

Frozen Pii talks with the ITRC in the newest Fraudian Slip podcast about credit freezes, one of the most important tools in fighting identity crimes 

  • In 2002 California passed the first state law requiring the three credit bureaus to allow people to freeze their credit so no one else could access it. There used to be fees to freeze and thaw your credit. However, it is now free for everyone.  
  • Despite it being free, more than two-thirds of Americans do not take advantage of one of the most powerful weapons to fight identity crimes. Why? Also, why should you freeze your credit? 
  • The Identity Theft Resource Center (ITRC) sat down with Frozen Pii to discuss new ITRC data on credit freezes, the importance of freezing your credit, how it protects you and why people don’t freeze their credit. 
  • You can learn more about credit freezes and other topics discussed in this podcast, as well as how to protect yourself from identity crimes, by visiting the ITRC’s website www.idtheftcenter.org.  
  • If you think you are the victim of an identity crime, you can call the ITRC (888.400.5530) or live-chat on the company website to speak with an expert advisor. You can freeze your credit by visiting www.frozenpii.org.  

Below is a transcript of our podcast with special guest Tom O’Malley, former federal prosecutor and Founder of Frozen Pii 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. Listen on Apple, Google, Spotify, SoundCloud, Audible, Amazon or Podsite now.  

Why should you freeze your credit? This month, September, we look at one of the most powerful weapons we have in the fight against identity crimes (one of the most under-utilized tools in our arsenal) and why it’s so important. We are talking about credit freezes.  

In 2002 California passed the first state law requiring the three primary credit bureaus – Equifax, Experian and TransUnion – to allow consumers to “freeze” access to their credit reports so no one could open a new account without the person’s knowledge or permission. Eventually, all state’s adopted credit freeze laws.  

In the beginning, there were fees attached to freezing, thawing and re-freezing your credit, which took several days. In fact, 20 percent of Americans spent an estimated $1.4 billion on credit freezes in 2018 before Congress stepped in to require the credit bureaus to make freezing and thawing your credit free of charge.   

Today, what once took days now takes minutes, and no fees are involved. Yet, more than two-thirds of Americans do not take advantage of this tool to keep their credit and identity information safe and secure, according to new ITRC research. Why? Also, why should you freeze your credit? 

Helping us explore the conundrum of credit freezes is the ITRC’s CEO Eva Velasquez and Tom O’Malley, a former federal prosecutor who has taken his experience as a victim of identity theft and turned it into Frozen Pii, a service devoted to making it easy to protect yourself with a credit freeze.  

We talked with Tom O’Malley about the following: 

  • His personal story of identity theft and his idea for Frozen Pii. 
  • How credit freezes protect consumers and why people don’t freeze their credit. 
  • Why should you freeze your credit? 
  • New ITRC data about credit freezes. 
  • The ITRC’s partnership with Frozen Pii, beginning in October. 

We talked with Eva Velasquez about the following: 

  • The history of credit freezes and consumer attitudes. 
  • Why should you freeze your credit? 
  • New ITRC data about credit freezes. 
  • The ITRC’s partnership with Frozen Pii, beginning in October. 

You can learn more about how to protect your personal privacy, as well as get help if you have been the victim of an identity crime by visiting the ITRC’s website www.idtheftcenter.org. While you are there, sign up for our emails that alert you to the latest scams, monthly data breach updates and tips to protect your identity. You can freeze your credit by visiting www.frozenpii.org. Beginning in late October, you will be able to access Frozen Pii directly through the ITRC website.  

Be sure and join us next week for our Weekly Breach Breakdown podcast and next month for another episode of The Fraudian Slip

Right now is a very difficult time for a lot of individuals as concerns around the COVID-19 pandemic continue to be at the top of people’s minds. In addition to the inconvenience of social distancing and isolation and the very real fears for personal health and safety, many people are also facing the stress of reduced hours at work, being furloughed or losing their jobs due to quarantine and business closures.

There is another equally upsetting issue at hand: unemployment benefits identity theft. A record-setting 57+ million people in the U.S. filed for unemployment due to COVID-19 between March and September of 2020.

Unemployment benefits identity theft has hit states hard all over the country

While the California Employment Development Department (EDD) reports that employers added 114,400 nonfarm payroll jobs in July 2021, the unemployment rate for the state remains at 7.6 percent. In September 2020, the California EDD put out an alert asking California residents to keep an eye out for fraudulent activity in regards to unemployment benefits in the state.

According to the Los Angeles Times, as of January 26, 2021, California officials say unemployment fraud has totals of more than $11 billion. California has paid out $114 billion in unemployment benefits since March 2020, and the state EDD has processed 19 million claims.

Some residents of West Virginia are receiving unemployment benefit cards they never requested.

The Colorado Department of Labor and Employment says the state has seen nearly 10,000 fake claims. The identity thieves are believed to be just as busy with the filing, too. Many victims have contacted the Identity Theft Resource Center (ITRC) over complaints of unemployment benefits identity theft.

Unemployment benefits identity theft is nothing new

Unemployment benefits identity theft is nothing new. In fact, it is one of many types of government identity theft that can occur when a scammer uses stolen personally identifiable information to apply for benefits through the government. However, with so many consumers filing at the same time, an unfortunate number of people have already reported that a scammer beat them to it. Their claims have been rejected for being duplicate applications while someone else is now set up to receive their benefits.

Like many forms of identity theft, unemployment benefits identity theft is one that victims may not discover until the damage is done. If a claim is turned down for unemployment benefits due to a duplicate application, it is important for people to contact the unemployment agency immediately; the ITRC is another resource to guide victims in this challenge (888.400.5530). In the meantime, there are other ways consumers should take action if their claims are rejected:

Place a freeze on your credit report if it’s feasible

Victims might need to open a new line of credit while they are out of work, but that shouldn’t stop them from placing a freeze. Thawing a credit freeze is extremely simple and quick. This can help block an identity thief who may have their personally identifiable information (since they applied for unemployment benefits in their name) from using it for other purposes.

Monitor accounts carefully

Once again, if a thief has enough information to apply for benefits, they could have access to other information or accounts. Consumers should keep a careful watch on all of their accounts, including their credit reports, and change any online passwords.

Be aware that applying for unemployment is only one step

An identity thief may also fraudulently apply for nutrition assistance, WIC, medical coverage or other benefits. If there are any issues involving those services and someone’s identity, people should contact those agencies immediately.

It is a stressful time for many, and scammers are looking to add to it in many different ways, including unemployment benefits identity theft. It’s also exceptionally difficult given the volume of calls and reduction in services from organizations that a victim needs to contact.

However, the ITRC is here for anyone who falls victim to government identity theft. Victims can also live-chat with an expert advisor or download the ID Theft Help App that will allow them to track their steps in a case log, and get on-the-go assistance.

The post was originally published on 4/10/2020 and was updated on 9/15/2021

When a disaster strikes, there’s often a heart-tugging sadness that comes from the powerless feeling to do something useful. As distanced bystanders, we’re left reeling from the news footage of the horrific events, both human-made and natural. Often, we think to ourselves, “If only there were something I could do to help.” Unfortunately, identity criminals use it as an opportunity to prey on people while they are vulnerable and commit disaster relief scams.

Technology has empowered us to support people in their time of need. Charitable giving websites, crowdfunding campaigns, and even the ability to text a donation for a specific cause and then pay it on the following month’s bill have enabled us to lend a hand when needed.

Disasters Strike Everywhere

In the instance of the 7.0 magnitude earthquake that struck Haiti in 2010, nearly three million people were killed, injured or left homeless. Relief efforts were mobilized within mere minutes. The Red Cross immediately set up a text-to-donate option, and more than $43 million came in via text.

Flooding in Louisiana in 2016 left tens of thousands of people to take up residence in emergency shelters due to severe flooding. Sixty people died, and more than 40,000 people lost their homes. Many were rescued by boat with nothing more than their clothes, and citizens outside the flooded area were ready to respond in a big way. Celebrities also vowed to help in fundraising efforts.

In 2021 Haiti was hit with another earthquake, this one a 7.2 magnitude earthquake. Over 2,000 people died, and nearly 53,000 houses were destroyed. Volunteers and others at the Haitian-American Community Coalition of SW Florida in Fort Myers shipped hundreds of pounds of food, medical supplies and other items for victims.

Hurricane Ida struck Louisiana, leaving many people stranded and over one million people without power. U.S. Coast Guard members and National Guard units from Alabama, Louisiana, Mississippi and Texas conducted search-and-rescue operations. The Red Cross also set up different ways for people to donate to those in need.

Scammers Take Advantage of the Vulnerable

Sadly, the same technology that lets kind-hearted people participate in helping out has also made it possible for scammers to commit disaster relief scams and bill innocent, well-intentioned people out of their money. They can also steal your personally identifiable information (PII), something that’s far more valuable than a donation of a few dollars.

In 2016, Louisiana authorities warned the public to watch disaster relief scams that crop up online. Only a matter of hours after the attack on the World Trade Center on 9/11, scammers were already soliciting donations for relief efforts, but pocketing the money. It’s the same with nearly every high-profile incident that affects large numbers of victims. Scammers take advantage of people when they are most vulnerable and commit disaster relief scams.

How to Avoid Disaster Relief Scams

  • Only work with trusted sources and legitimate agencies. Many times, people will hit the streets claiming to be with an agency offering help. However, they take off with your PII or money.
  • Only use trusted and known charities to donate. If you do not recognize the name of a charity soliciting funds, or if it’s a name that’s too “sudden” to be believed, be cautious. Trustworthy charities will have long-standing reputations of meeting the government’s guidelines for a charitable organization. Other new sites should be treated as suspect and possible disaster relief scams.
  • Verify all phone numbers for charities. If you need to contact a charity by phone, check the charity’s official website to see if the number you have is legitimate. If you’re using text-to-donate, check with the charity to ensure the number is legitimate before donating.
  • Verify the information in social media posts. Double-check any solicitation for charitable donations before you donate. Crowdfunding websites may host individual requests for help. However, they are not always vetted by the site or other sources.
  • Ignore suspicious emails and messages. If you receive a suspicious email or message requesting donations or other assistance, ignore it because it is probably a disaster relief scam. Do not click on any links or open any attachments. Scammers regularly use email and messaging platforms for phishing attacks and to spread malware.
  • Report any fraud. To report suspected fraud or disaster relief scams, call the Federal Emergency Management Agency (FEMA) Disaster Fraud Hotline toll-free at 866.720.5721. You can also file a complaint with the Federal Communications Commission (FCC) about phone scams or the Federal Trade Commission (FTC) about fraud.

Contact the ITRC

If you believe you were the victim of any disaster relief scams, or want to learn more, contact the Identity Theft Resource Center (ITRC). You can speak with an expert advisor toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

The post was originally published on 8/16/16 and was updated on 8/31/21.  

It can happen to anyone, anywhere. You’re going about your business when suddenly you’ve found a lost wallet on the ground. You look around to see if you can spot the person who lost the found wallet, but they don’t seem to be nearby. You pick it up, open it carefully and are shocked by what you see inside.

This scenario happens every day, and some of the best, most responsible people can be either the wallet loser or the wallet finder. Unfortunately, picking up someone’s personal—and possibly even valuable—property can come with both risks and benefits.

Steps to Take If You Found a Lost Wallet

The very first benefit of a found wallet is the opportunity to be a Good Samaritan, to be a bright spot in someone’s day. After all, they’ve just lost something essential. The consequences for them can range from aggravating to terrible. Returning the found wallet to them in the condition in which they lost it can make you feel good.

At the same time, if you found a lost wallet, you could be opening yourself up to a few risks. What if the owner claims there was a lot of money in it, money that was long gone before you ever found it? What if the owner later accuses you—either innocently or maliciously—of identity theft or financial account takeover? Maybe this chance to help someone is just too big of a burden after all.

Your next steps in a situation like this can vary depending on where you located the wallet.

If you’re in a store or business, your gym, a doctor’s office, or any other location that has a surveillance camera, you’re probably in the clear from accusations.

  • Remain visible while picking the found wallet up, and turn it in at the front desk immediately. If you feel it’s necessary, you can wait while the attendant tries to locate the owner. The driver’s license, credit cards and any retail rewards cards can help. Just call the number on the credit cards or rewards cards and provide the name or account number. They should have a contact number for the owner and can pass along the location of the wallet.

What if you’re out in the open?

A wallet can easily fall out of someone’s pocket, briefcase or handbag. There might not be security cameras to help you prove that you had every innocent intention.

  • It’s best in this case to dial the local police department’s non-emergency number—don’t tie up the 911 dispatch system for something like this—and tell them that you found a lost wallet and are standing near it. Ask for a patrol vehicle in the area to come and take over, and wait with the found wallet if you can.

What should you do if someone comes up and claims to be the owner?

  • Let it go. Whether or not they are the owner is not in your wheelhouse. You are not responsible for someone who may or may not have criminal intentions. Getting into an argument over the property is not worth it in the end.

Should you post it on social media?

  • It’s very tempting to post about the found wallet on social media sites like Facebook in order to track down the owner, but that is not a good idea. You have no way of identifying the real owner. You could risk compromising that person’s identity if you post a photo containing part of the driver’s license, a credit card, a checking account number or other details.

Contact the ITRC

If you found a lost wallet, it is important to take the proper steps to protect it and what is inside it. If you have additional questions, contact the Identity Theft Resource Center. You can get toll-free, no-cost assistance by phone (888.400) or live-chat on the company website www.idtheftcenter.org.

This post was originally published on 7/9/18 and was updated on 8/24/21