• In 2020, the Federal Trade Commission (FTC) received nearly 100,000 business or personal loan fraud reports, many of them related to Small Business Administration (SBA) loan identity fraud.
  • That’s more than double the number of loan fraud reports from a year earlier. The Identity Theft Resource Center (ITRC) has also seen a spike in SBA loan identity crime reports since the COVID-19 pandemic.
  • Identity thieves apply for SBA loans (primarily Economic Injury Disaster (EIDL) and Paycheck Protection Program (PPP) loans) using stolen Social Security numbers and business Employer Identification numbers (EINs).
  • Scammers are also targeting consumers through phishing schemes in an attempt to steal their Social Security Numbers and other personal information needed to commit SBA loan identity fraud.
  • If anyone believes they are the victim of an SBA loan identity crime or would like to learn how to protect themselves from becoming a victim, they can contact the ITRC to speak with an advisor toll-free at 888.400.5530 or via live-chat. Just go to www.idtheftcenter.org to get started.

Small Business Administration (SBA) loan identity fraud spiked in 2020 due to COVID-19, and it continues to be a growing issue in 2021. The Federal Trade Commission (FTC) says in 2019, they received 43,920 reports of fraud involving business or personal loans; the number more than doubled in 2020 as the FTC had 99,650 reports. The FTC acknowledges that not all of the reports are related to SBA loan identity fraud, but also notes many of them are.

The Identity Theft Resource Center (ITRC) has seen a spike in calls and live-chats around SBA loan-related identity theft. The contacts continue today as contact center advisors work to help victims. Here is a testimonial from one victim who turned to the ITRC regarding their SBA loan identity crime case:

“I want to thank you for all your suggestions. You are the third (organization) I have contacted and by far the most helpful. I received a form from the Small Business Administration, and after returning it with the police report and the Identity Theft Report, I was informed that my debt with them would be canceled. It is such a huge weight off me. I did everything you suggested, and our credit is frozen with all the CRA’s. Thank you again.”

There are different forms of SBA loan-related identity theft of which  businesses and consumers should be aware:

Economic Injury Disaster Loans (EIDLs)

Economic Injury Disaster (EIDL) loans, loans for businesses that suffer substantial economic injury located within a disaster area, have always been available through the SBA. However, they have been expanded as part of the CARES Act to provide relief to businesses experiencing financial loss due to COVID-19. Identity fraud from an EIDL loan occurs when a threat actor applies for an EIDL loan using either a consumer’s Social Security Number (SSN) or a business’s Employer Identification Number (EIN).

Paycheck Protection Program Loans (PPPs)

Paycheck Protection Program (PPP) loans were designed to help businesses maintain their payroll and keep their workforce during COVID-19, and they are available through a lender. Identity fraud from a PPP loan occurs when an identity thief applies for a PPP loan using a stolen SSN, a business EIN or other stolen personal information needed to obtain a loan.

What to do if You Are a Victim of SBA Loan Identity Fraud

If a consumer or a business is the victim of an SBA loan identity crime (whether it’s from either an EIDL or PPP loan), they should take the following steps:

  1. Go back to the source of the loan to notify them of the identity fraud. If the identity fraud is from an EIDL loan, the victim should contact the SBA. If the fraud involves a PPP loan, the affected party should contact the lender that issued the loan. See below for more information on what the SBA requires people to submit, where to submit it, and details on their process.
  2. File an Identity Theft Report with the FTC at www.IdentityTheft.gov. An Identity Theft Report is one of the required documents by the SBA to cancel the loan debt as quickly as possible. Other documents needed include photo identification issued by a federal or state agency and a completed and signed Declaration of Identity Theft. For more information on the steps required by the SBA, click here.
  3. Place a credit freeze to lock credit files until they are needed.A credit freeze is the most effective way to ensure new loans or accounts are not opened.
  4. A less effective option is to place a fraud alert on credit files to alert potential creditors to take extra precautions before extending credit.
  5. Verify with the Secretary of State’s Office or another government agency where the business is registered to ensure the company’s ownership and registration status have not been changed.

Contact the ITRC

Anyone who believes they are a victim of SBA loan identity fraud should contact the ITRC for more information. People can speak to an advisor by phone (888.400.5530) or by live-chat to develop a resolution plan. Anyone who wants to document their steps can use the ITRC’s ID Theft Help app’s case log feature. Consumers who want to learn more can also check out our latest education resources at www.idtheftcenter.org.

  • According to the Federal Trade Commission (FTC), imposter scams were the top reported fraud in 2020. The FTC had approximately 500,000 reports of the scam, leading to an estimated $1.2 billion in lost funds.  
  • The Identity Theft Resource Center (ITRC) saw many different forms of identity-related imposter scams in 2020, including scammers pretending to be healthcare workers with COVID-19 tests or vaccinesfamily members that needed help, and government officials so they could steal stimulus payments
  • Online shopping and negative reviews were the second most reported fraud to the FTC in 2020, and phone calls and text messages continued to be the top method for scammers to attack consumers. 
  • The ITRC also saw online shopping scams spike, particularly during the holiday season, and saw an array of phone scams, including utility scamsvoice cloning scams, and coronavirus testing scams linked to consumers’ identities. 
  • For more information on 2020 fraud trends or if someone believes they are a victim of fraud, they can visit www.idtheftcenter.org for resources or speak with an advisor toll-free by phone (888.400.5530) or live-chat. 

2020 has come and gone, and scammers have left their mark. As Identity Theft Resource Center (ITRC) COO James E. Lee cited many times over the last year, 2020 was the Super Bowl, World Series, World Cup and NBA Finals all rolled into one for scammers. In April, ITRC CEO Eva Velasquez said she had never seen anything that would create a more massive scale of fraud than COVID-19. A recent report from the Federal Trade Commission (FTC) confirms that 2020 was a banner year for the bad guys. 2020 fraud trends reported by the FTC show 2.2 million people reported fraud, and $3.3 billion was lost to that fraud.  

Slide from the ITRC and FTC’s Identity Theft Awareness Week 2020

Watch now: Ripple Effects of COVID-19 Related Identity Theft & Tips to Protect Yourself in 2021

Imposter Scams Were the Top Reported Fraud in 2020 

Scammers acted as many different groups of people in 2020. Some of the threat actors pretended to be government officials to steal stimulus payments or Small Business Administration (SBA) loans. Others pretended to be healthcare workers with COVID-19 tests or vaccines, or family members that needed help. Some even acted as fake charities.  

The FTC reports that they received nearly 500,000 reports of imposter scams that cost people  $1.2 billion, with a median loss of $850. Government and business imposter scams were among the top categories of COVID-19 and stimulus-related reports. 

Online shopping and negative reviews were the second most reported fraud category of 2020, according to the FTC. The ITRC saw a spike in online shopping, particularly during the holiday season. Adobe Analytics reports U.S. consumers spent $188 billion shopping online during the holiday season, a 32 percent year-over-year increase. The U.S. Department of Commerce also validates the significance of the spike, showing online sales traditionally rise between one to two percent per year. 

COVID-19 brought an increase in online shopping and then a wave of reports about sellers failing to deliver on promises, or just failing to deliver. The FTC says they got more than 350,000 reports, with people claiming they lost a total of more than $245 million, with a median loss of approximately $100. 

Scams from phone calls and text messages continued to be the top method for scammers to target consumers. The ITRC saw numerous phone scams involving the misuse of personal information in 2020, like the utility scamvoice cloning scam and the coronavirus testing scam.  

The FTC says there was an increase in the number of reports saying that scammers contacted them by text message. The ITRC saw numerous text message scams in 2020, including COVID-19 contamination scamsstimulus checks scams and election scams. The FTC had reports of many of the same text message scams, including stimulus relief, economic relief or loans for small businesses or “waiting packages.”  

What Consumers Should Do  

While every scam is different, consumers should: 

  • Never respond to any unknown or unsolicited messages they receive. Instead, people should reach out directly to the company or person the message claims to be from to verify the message’s validity. 
  • Never voluntarily give out any personally identifiable information (PII). People should only provide PII when necessary and confirm the company or organization asking for it is legitimate. 
  • Never click on any links, attachments or files in an unexpected or unsolicited message. Many times, the links, attachments and files lead to malware. 

Anyone who wants more information on 2020 fraud trends, or believes they were a victim of fraud, can visit the ITRC website for additional resources. They can also contact an advisor toll-free by phone (888.400.5530) or by live-chat. All people have to do is visit www.idtheftcenter.org to get started.. 

  • The Internal Revenue Service (IRS) and the Identity Theft Resource Center (ITRC) expect to see an increased number of Americans who are victims of 1099-G form fraud due to unemployment benefits obtained in their name. In fact, the ITRC has already received calls and like-chats about the fraud. 
  • Unemployment benefits fraud has led to a large spike in identity-related fraud cases recorded at the ITRC. Also, the Department of Labor Inspector General estimates that as much as $26 billion in pandemic-related unemployment benefits were obtained by fraud. 
  • The IRS says anyone who receives a 1099-G form related to unemployment benefits that were not received should contact the state (or states) that paid the benefits to request an amended 1099-G form that can be sent to the IRS as proof they did not receive the funds.  
  • The IRS also encourages people to file their taxes early and use direct deposit for the quickest refunds. The IRS will begin accepting and processing 2020 tax returns on February 12. 
  • Anyone who believes they are a victim of 1099-G form fraud or unemployment benefits fraud should contact the ITRC toll-free by phone (888.400.5530) or live-chat on the ITRC’s website 

Tax season is right around the corner. On February 12, the Internal Revenue Service (IRS) will begin accepting and processing 2020 tax returns. While consumers look for their W-2 forms for wages and 1099 forms for non-wage income, some consumers may find themselves victims of 1099-G form fraud from an identity crime that started to spike in the spring of 2020.  

The Identity Theft Resource Center (ITRC) has already begun to receive phone calls and live-chats from victims stating they received a 1099-G form, wondering what to do next. According to The Vermont Labor Commissioner Mike Harrington, in Vermont, 1099-G forms for nearly 44,000 people were sent to the wrong address after a likely mix-up. 

These are issues the ITRC and IRS recently discussed on the Fraudian Slip, the ITRC’s podcast, where we talk about all-things identity compromise, crime and fraud, including the impact identity issues have on people and businesses. 

Unemployment Benefits Fraud 

People have been falling victim to unemployment benefits fraud since the COVID-19 pandemic began, leading to a rise in unemployment. In an average year, the Identity Theft Resource Center (ITRC) is contacted by fewer than 20 unemployment benefit fraud victims. However, in 2020, more than 700 victims of unemployment benefits fraud reached out to the ITRC, and more than 6,000 consumers visited the company website idtheftcenter.org to find information about unemployment benefits fraud.  

Also, the Department of Labor Inspector Generalhas informed Congress that as much as $26 billion or more in fraudulent pandemic-related unemployment benefits have been paid. California officials say the amount of fraud in the state is at least $11 billion.   

1099-G Form Fraud due to Unemployment Benefits Fraud 

As staggering as the numbers for unemployment benefits fraud were in 2020, the number of people who found out they were impacted by the fraud could rise even more once tax season begins. More Americans than ever are likely to receive 1099-G forms that report how much government benefit income a taxpayer received. If an identity criminal used someone else’s information to file for unemployment benefits, the benefits are considered taxable income that will be reported to the IRS by the state paying the benefit. While states are aware of many fraudulent payments, some fraudulent unemployment benefits may have gone undetected. The IRS expects to see a rise in taxpayers that contest their 1099-G forms claiming they did not receive any unreported income from government benefits 

What Consumers Should Do 

There are several steps that consumers should take if they receive an inaccurate 1099-G form. 

  • Contact the state(s) that issued the 1099-G The IRS advises taxpayers who receive an incorrect Form 1099-G for unemployment benefits they did not receive to contact the issuing state agency and request a revised Form 1099-G showing they did not receive these benefits. Taxpayers who cannot obtain a timely, corrected form from states should still file an accurate tax return, reporting only the income they actually received. A corrected Form 1099-G showing zero unemployment benefits in cases of identity theft will help taxpayers avoid being hit with an unexpected federal tax bill for unreported income. Taxpayers do not need to file a Form 14039, Identity Theft Affidavit, with the IRS regarding an incorrect Form 1099-G. The identity theft affidavit should be filed only if the taxpayer’s e-filed return is rejected because a return using the same Social Security number already has been filed. 
  • Apply for the IP PIN– The IRS now allows any taxpayer who can verify their identity to seek an “Identity Protection PIN.” The IP PIN can be used when filing an income tax return to help prevent cybercriminals from filing fake tax returns.Consumers can visit IRS.gov and click on the Identity Theft Protection link at the bottom of the home page to apply for the IP PIN. While it does not prevent unemployment benefits fraud that already occurred from impacting their tax return, it can still protect them from tax identity theft. 
  • File taxes early While this tip does not apply to unemployment benefits fraud, it is always a good idea for people to file their taxes as soon as possible to reduce the likelihood of a criminal beating them to it. The IRS says consumers should file electronically and use direct deposit for the quickest refunds.  

If anyone believes they are the victim of 1099-G form fraud, unemployment benefits fraud or both, they can contact the ITRC toll-free for help. Victims can call to speak with an advisor (888.400.5530), live-chat with an expert or send an email during business hours. All people have to do is visit idtheftcenter.org to get started.  

By Eva Velasquez, president and CEO, Identity Theft Resource Center 

  • The Identity Theft Resource Center (ITRC) expects to see the number of victims of COVID-19 identity crimes continue to rise in 2021. The ITRC’s new data shows an increase in identity crime victims being targeted multiple times (28 percent in 2019 versus 21 percent in 2018) before pandemic-related identity crimes. The ITRC expects to see victims targeted multiple times continue to rise. 
  • Right now, victim resources are not top of mind for many people. Since 2018, U.S. Department of Justice funds allocated for all crime victim services has fallen from a high of $3.7 billion to $1.9 billion. 
  • Focusing on just the dollar losses of identity fraud paints an incomplete picture because it does not consider long-term impacts or each victim’s unique situation. 
  • Additional pandemic-related benefits and stimulus payments due in early 2021 will also result in more identity crime victims linked to new benefit fraud cases.  
  • Join experts from the ITRC and the Federal Trade Commission (FTC) on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. 

The last year has been a difficult one for many people. Some have lost their jobs, others have had to close their businesses and many people have gotten sick or lost loved ones from the coronavirus. Another segment of people affected has not gotten as much attention: victims of COVID-19 identity crimes.  

The Impacts of COVID-19 Identity Crimes in 2020 

Millions of state unemployment benefit-related identity theft cases have been detected across the country since March 2020. On average, the Identity Theft Resource Center (ITRC) receives less than 20 inquiries regarding unemployment benefits a year. In 2020, the ITRC had more than 700 unemployment benefits fraud victims reach out for help. 2020 also saw a sharp increase in scams. Criminals had countless opportunities to trick people with phishing scams, charity scams, healthcare scams, disaster scams and work-from-home scams.  

What to Expect in 2021 

The ITRC believes COVID-19 identity crimes will impact victims well into 2021. Many victims may not be aware that their identity credentials were misused until they receive an IRS Form 1099 for non-wage income. The ITRC’s research also shows a significant increase in identity crime victims being victimized a second time, even before the rise in fraud, scams and identity crimes in 2020. The post-pandemic analysis should show an even greater spike.  

The Ripple Effects of the Pandemic-Related Identity Crimes 

Resources for identity crimes are not keeping pace with the criminals. Trends identified by the ITRC and many private-sector researchers show that profit-motivated cybercriminals are using consumer’s and employee’s bad security habits, as well as the changing work environment, to attack businesses more often. Yet, resources for cybersecurity training and education along with identity-related crime victim assistants are moving in the opposite direction. 

Since 2018, U.S. Department of Justice (DOJ) funds allocated for all crime victim services has dropped from a high of $3.7 billion to $1.9 billion. Discretionary DOJ grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020. Funds to programs that support victims of identity crimes and compromises, cybercrime, scams and fraud have been reduced to $0. 

Meanwhile, the average ransomware payment has grown from less than $10,000 per incident in late 2018 to $233,000 as of Q3 2020, with some large enterprises reportedly paying ransoms over $1 million, according to cybersecurity firm Coveware. The most common root cause (55 percent) of ransomware attacks is stolen credentials to access a business system or network remotely. 

Measuring just the dollar amount paints an incomplete picture. A dollar sign does not take into account the trauma, downstream effects and lost opportunity costs for each of the victims whose identity credentials were misused. New ITRC research that will be published in May 2021 reveals an increase in identity crime victims being targeted multiple times. Nearly 28 percent of victims reported a second identity crime in 2019 versus 21 percent in 2018. At the ITRC, we expect to see that number continue to go up, especially after the rise in COVID-19 identity crimes.  

What It Means Moving Forward 

The data shows that COVID-19 identity crimes will continue in 2021, and more victims will suffer from the trauma of a second and even third identity crime. Someone that does not trust an infrastructure that has failed them will continue to disengage. Some victims cannot meet their basic needs or find a job because they cannot pass a background check until they get the fraud resolved. How long does that take? How does someone explain that to an employer? They are simply the victim of a crime that is not acknowledged to have the devasting life impacts that it does.  

The statistics show we are not winning the battle to protect ourselves from cybercriminals. Winning will require us to devote more resources toward assisting victims and devote more time and attention to educating consumers and employees of their need to be cyber-aware and vigilant. 

What to Do If You’re a Victim of Identity Theft 

If anyone believes their information may have been compromised, we suggest contacting us toll-free. Consumers can call (888.400.5530) or live-chat with an identity theft advisor to start their remediation process. Our experts will help advise victims on the best next steps for them to take.  

Learn more  

People can learn more about identity theft and COVID-19. Join experts from the ITRC and the FTC on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. We’ll explore topics including identity theft involving unemployment benefits, federal stimulus payments, Small Business Administration loans and more. Register here

The webinar is being held as part of the FTC’s Identity Theft Awareness Week, February 1-5, 2021. To find out more about the week’s events and the FTC’s free identity theft resources, please visit the FTC’s website

  • One of the first changes in 2020 due to COVID-19 was the delay in the regular income tax filing date. Soon after that, millions of out-of-work Americans began to receive enhanced unemployment benefits and special small business loans.
  • Soon after that, cybercriminals began to steal those benefits. The Department of Labor estimates that unemployment fraud could total as much as $26 billion. California alone has seen nearly $2 billion in unemployment benefits fraud.
  • With the 2021 tax filing season quickly approaching, many people will receive a 1099 form alerting them that they must claim income they never received from the benefits they never sought.
  • To learn more, listen to this week’s episode of the Fraudian Slip.
  • People can learn about taking advantage of the Internal Revenue Service (IRS) identity protection programs or reporting identity-related issues to the IRS at IRS.gov and clicking on the Identity Theft Protection link at the bottom of the home page.
  • If anyone believes they are a victim of tax identity theft or unemployment benefits fraud, they should contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat on the company website idtheftcenter.org.

The below is a transcript of our podcast episode with special guest, IRS

Welcome to the Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud, including the impact identity issues have on people and businesses.

In a typical episode, we would focus on something that has happened or is happening that impacts consumers and businesses. Not today. We are going to talk about what’s about to happen, specifically the 2021 tax filing season.

It’s been nearly a year since the COVID-19 pandemic disrupted virtually every aspect of everyday life. One of the first changes in 2020 was the delay in the traditional income tax filing date. Soon thereafter, millions of out-of-work Americans began to receive enhanced unemployment benefits and special small business loans. Shortly after that, cybercriminals began to steal those benefits. The Department of Labor estimates that unemployment fraud could total as much as $26 billion. California alone has seen nearly $2 billion in unemployment fraud.

Fast forward to today, and the spike in benefits fraud is subsiding. However, a second round of victims may soon emerge. Benefits like unemployment payments are considered income and are taxable. Thousands of the unemployment payments made in 2020 were made in the names of people whose identities were misused – and they didn’t know it. With the 2021 tax filing season quickly approaching, many people will receive a 1099 form alerting them that they must claim income they never received from the benefits they never sought. That is on top of the usual identity-related income tax fraud the IRS sees each year.

We talked with Jim Robnett, the Deputy Chief of the IRS – Criminal Investigation Division, about the following:

Overview

  • Before 2020, the number of false income tax returns linked to identity compromises was already falling. What had the IRS done that was working so well to reduce tax-related identity theft?

Pandemic-Related Tax Issues

  • The most obvious change in terms of taxes in 2020 was moving the filing date. From the IRS perspective, what was 2020 like for you?
  • Anytime there is a mass injection of money into the economy, there is fraud. The IRS played a crucial role in delivering the stimulus checks approved by Congress. What kind of response did you expect from criminals, and what did you see? 
  • We know there has been a massive amount of unemployment fraud, and that has had tax implications for victims. Explain why that is and what taxpayers should do if they suspect or know they are the victim of benefit fraud?
  • What should taxpayers do who get a 1099 form they were not expecting?
  • What about small businesses or entrepreneurs who may discover someone took out an SBA loan or other pandemic benefit in their name?

2021 Tax Issues

  • What should taxpayers do to prepare for 2021?
  • The IRS recently announced the expansion of Identity Protection PINs. That’s going to be a great tool for preventing fraud. Explain how that works and what taxpayers need to do to take advantage of the IP PIN program?

For answers to all of these questions, listen to this week’s episode of The Fraudian Slip Podcast.

Learn More From the IRS

You can learn more about taking advantage of the IRS identity protection programs or reporting identity-related issues to the IRS at IRS.gov and clicking on the Identity Theft Protection link at the bottom of the home page.

Contact the ITRC

You can learn how to protect yourself from identity fraud, crimes and compromises – including the tax-related issues we discussed today, by visiting idtheftcenter.org, where you can also read more about the latest data breach trends.

If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit the website to get started.

  • The IRS and Treasury Department began distributing stimulus payments the last week of 2020. Direct Deposits, paper checks and debit cards will be sent out to some Americans throughout January. No action is required by anyone to receive their stimulus payment.  
  • Some Americans say they are missing their stimulus payment, while others claim their money was deposited into the wrong bank account. 
  • According to a notice shared with the Identity Theft Resource Center, Turbo Tax recently pointed to an Internal Revenue Service (IRS) error that led to millions of stimulus payments sent to the wrong bank accounts. Turbo Tax expects the issue to be resolved within days.  
  • The IRS says people should visit IRS.gov for the most current information on the second round of Economic Impact Payments rather than calling the agency or their financial institutions or tax software providers. 

Many Americans continue to wait for their stimulus payment, approved as part of the second stimulus package passed by Congress in December 2020. Others claim they are missing their stimulus payment because it was deposited into the wrong bank account. The Identity Theft Resource Center (ITRC) continues to receive calls and live-chats regarding missing stimulus payments. One person reported to the ITRC that they received a message from Turbo Tax claiming millions of stimulus payments were sent to the wrong bank accounts. 

Image provided to ITRC

The message goes on to say the IRS expects the issue will be resolved soon, and stimulus payments will be deposited into the correct bank accounts within days. The Detroit Free Press also reports some taxpayers believe their money is going into the wrong bank accounts. Others say checks are being mailed to them when they received a direct deposit during the first round of payments in April 2020.  

On January 4, the IRS issued a news release urging people to visit IRS.gov for the most current information on the second round of Economic Impact Payments rather than calling the agency or their financial institutions or tax software providers. The release says the IRS phone advisors do not have additional information beyond what’s available on IRS.gov

On January 5, the IRS issued a second news release saying they updated the “Get My Payment” tool with information around the second round of stimulus payments. The Service acknowledged issues and errors with the “Get My Payment” tool, and they encouraged people to check back later. 

On January 8, the IRS acknowledged some payments may have gone into a temporary bank account established when people’s 2019 tax return were filed, and they are taking immediate steps to redirect stimulus payments to the correct account for those affected.  

The ITRC asks consumers to visit IRS.gov and to be patient throughout the process. We will update consumers if new information arises. Anyone concerned about a missing stimulus payment can also contact the ITRC toll-free either by phone (888.400.5530) or via live-chat. All people have to do is go to idtheftcenter.org to get started.  


Stimulus Payment Scams Expected with New Relief Package

Cybercriminals Exploit Google and Microsoft Products to Attack SMBs


The FDA Issues Warning Over Potential COVID-19 Vaccine Scams

*Updated as of 3/10/2021

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.

  • The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  


COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19

This article has been updated as of November 2, 2020

Update 11/2/20 – According to the IRS, anyone who does not usually file a tax return, or did not file a tax return in 2018 or 2019, might not know if they qualify for an economic impact payment. Nearly nine million people that fall into this category will receive a letter from the IRS with information on how to register on their website to claim their payment, which has a deadline of November 21, 2020. The letter is legitimate. Anyone who receives one should either call the IRS directly at 800.919.9835 to register, or visit IRS.gov/EIP.  

However, if anyone receives a phone call, text message or email from someone claiming to be the IRS and wants to help you receive your stimulus payment, hang up, do not respond, and do not click on any links or attachments. The IRS will not text, email or call about an economic impact payment. They will also never ask anyone to pay a fee to get their money.  

The IRS and it’s partners will do a final push on November 10, National EIP Registration Day, to reach out to people who do not normally file their taxes. To learn more about stimulus payments, visit the IRS website.  

This article was originally posted, April 14, 2020

The Treasury Department and the IRS continue towards getting consumers their stimulus checks due to the COVID-19 pandemic. With the distribution of stimulus checks underway, non-filers are now able to get their stimulus payments sooner thanks in part to an online tool that was created to help consumers that aren’t required to file tax returns. However, it is important non-filers know the proper steps to take to protect their personal data and information so they don’t fall for a stimulus check scam.

First, non-filers should go directly to the IRS website, IRS.gov. Always start at the most trusted source.

Second, non-filers should click the tab that says “Non-Filers: Enter Payment Info Here.” If consumers do not see this tab on the front page, they are not on the right page.

Image of irs.gov

Consumers should proceed to click on the “Non-Filers” tab. Once they click on the tab, it should take them to a page that has information on the “Economic Impact Payment” and additional information on what consumers need to provide and what they should expect. The next step is to, once again, click on the tab titled “Non-Filers: Enter Payment Info Here” that can be found in the middle of the page.

Image of irs.gov

Once the tab is clicked on, visitors will be redirected to freefilefillableforms.com. The redirect could feel like a scam. However, if the homepage looks like the one below, consumers are at the right place. (The ITRC has verified that this is a valid redirect)

Image of freefilefillableforms.com

From there all people have to do is hit “Get Started” to begin. Once a profile is created, non-filers will be asked for personal information like their Social Security number, address, dependents and direct deposit information. In this case, it is okay for consumers to provide sensitive information.

However, if anyone receives emails, text messages or phone calls about non-filers filing for a stimulus check, they should ignore it because it is probably a stimulus check scam. People should be going directly to the source, in this case, the IRS, to complete the process.

Since the stimulus package was merely a thought, scammers have increased their efforts around stimulus check scams. It is important for people to never give out personal information over the phone or to anyone they do not know personally. Also, it is important to know the facts. The IRS will not call anyone.

If people have questions regarding non-filers or stimulus check scams, they can live chat with an expert ITRC advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


Read more of our latest educational information below

COVID-19 Pandemic Leads to Unemployment Benefits Identity Theft

IRS Stimulus Check Scams Ramp Up

Coronavirus Testing Robocalls See a Spike