As too many victims have already learned, there is something worse than just being a scammer’s prey. That something worse is being pulled into the scam yourself until you are (inadvertently) a criminal as well. There are a variety of scams, including romance scams, work-from-home scams and lottery scams, in which being snared in the scammer’s trap can leave you facing jail time. It is what is called a money mule scam.

In a money mule scam, criminals get someone else to move funds for them. It might be cashing checks and mailing the money to other people, depositing funds into your account and buying items that you send elsewhere, or any other similar kind of transaction.

First, never give money to someone you have met online, no matter what excuse they give you. However, the flip side is that you should never accept money from someone either. Ask yourself why this person is using you as their own personal ATM, or why you are the one buying iPads or smartphones and shipping them to other people. Why can’t your “friend” do it themselves?

The answer is not a good one. There is no legitimate, legal reason why someone can manage to send you money but cannot make a purchase for themselves or transfer that money to a different individual. The only reason to do it is to avoid putting their name on the paper trail, or because residents of their home country are not allowed to make the purchase or transaction. Most likely, though, is that the original funds were stolen. You are now the person who deposited that stolen money into your bank account, and you can be subject to a criminal investigation as a result.

One variation of the money mule scam includes overpayment scams. This happens when someone sends you money—often for a fake “work from home” job, an invoice to your company, or even a purchase like buying your used car—and then claims they have overpaid you. When you accept their funds and send some of it back, you are not only taking the risk that their check was bad and the refund actually came out of your own account balance. Worse, their original funds may have been stolen. You took possession of the stolen money (which can be a crime) and then turned around and moved those funds back to them from your account, which can fall under money laundering.

What do you do if you think someone is using you as part of a money mule scam?

  1. Contact the Identity Theft Resource Center and the Federal Trade Commission for help and information.
  2. Stop making any sort of transactions immediately.
  3. Monitor your accounts to ensure the scammers are not still able to access your funds.
  4. File a police report if you have lost any of your own funds in interacting with the scammers.

Money mule scams are some of the most dangerous scams because they can inadvertently turn victims into criminals. Do what you can to educate yourself to reduce your risk of falling victim.

You might also like…

There are a variety of ways that hackers can infiltrate a company’s network and steal users’ information. J. Crew Group, a clothing retailer with various online retail shopping sites and nearly 500 brick-and-mortar stores, recently announced that it had discovered a J. Crew data breach of the company’s servers in April of 2019, and has traced the breach back to a tactic known as credential stuffing.

Credential stuffing is a growing problem and has exploded since 2018, mostly because the necessary information is available for sale online and anyone with a little bit of know-how can do it. It can happen when anyone reuses their email addresses and password on multiple accounts. According to the Identity Theft Resource Center’s 2019 Data Breach Report, 83 percent of people use the same password for more than one account. If your information is ever stolen in a data breach and you have used that same username and password combination on other websites or apps, a hacker who accessed your stolen information—or someone who buys your stolen information on the Dark Web—can test out your credentials on other sites.

J. Crew’s investigation found that information such as names, billing and shipping addresses and the last four digits of stored payment cards were accessed in the J. Crew data breach by outsiders who relied on this method of breaking in. Other details were compromised, but nothing permanent like birthdates or Social Security numbers.

This is just one of many reasons why it is important to establish strong, unique passwords on all of your accounts, no matter how sensitive or inconsequential they may seem.

The company has completed a forced password reset and issued data breach notification letters. Anyone whose information was exposed in the J. Crew data breach can also contact the Identity Theft Resource Center’s toll-free number at 888.400.5530 or via the website’s live chat feature to speak with an expert advisor if they need more information. This resource can also help you come up with actionable steps if you need them.

In this or other data breaches, ITRC’s free ID Theft Help App can help you too. Simply download it from your device’s preferred app store in order to keep tabs on your specific incident and monitor what actions you have taken. You can even reach out to the ITRC for assistance directly through the app.

You might also like…

A RailWorks data breach has left many unanswered questions. When a company issues a data breach notification, it can be difficult to know what to do. RailWorks, a US-based transportation infrastructure company, reported a data breach due to a ransomware attack that may have affected an estimated 3,500 employees, former employees and their family members.

While the company knows what kinds of personal information was compromised, names, birthdates, Social Security numbers and much more, there are also many unanswered questions about the RailWorks data breach.

  1. How did the ransomware infect the system?
  2. What kind of ransomware was used in the attack?
  3. What did the hackers do with the stolen information?
  4. How did RailWorks unencrypt its system?
  5. How was the breach discovered?

What is clear is the step that RailWorks is taking to protect those who were affected. In addition to the notification letter, RailWorks is providing a year of comprehensive identity theft protection. This includes credit monitoring from all three credit reporting agencies, up to one million dollars in identity theft insurance and an anti-phishing app.

As some of the victims of this breach were minors, there are special considerations to be taken into account. For example, RailWorks recommends that the victims place a freeze on their credit reports in order to stop anyone from using their stolen information. That process is a little more involved if the person who needs this protection is a child.

If you ever receive a data breach notification letter, you might have questions too. Even if you do not understand what the impact of the RailWorks data breach could be, if you are offered identity theft protection or credit monitoring, it is suggested to take advantage of the offer.

If you need further assistance on the RailWorks data breach or any other breach event, you should also contact the Identity Theft Resource Center. Our expert advisors can help you via toll-free phone call (888.400.5530) or the website’s live chat feature, and they can answer any questions or concerns you may have.

You might also like…

A Health Share data breach has exposed the personal information of many of its members. This comes after a laptop was stolen from a company vehicle.

Advances in cybertechnology mean that a hacker can sit anywhere in the world and potentially break into a computer network. New methods and tactics have made it even easier for criminals to steal personal identifiable information (PII), medical records, complete identities and more.

However, that does not mean the threat from “old-fashioned” crimes has diminished. Health Share of Oregon has just announced a data breach of its members’ PII—including names, birthdates and Social Security numbers, but not medical records—due to a laptop being stolen from a vendor’s vehicle. The vendor, GridWorks, provides patient transportation to some Health Share members. A company vehicle was broken into and the laptop was stolen.

Health Share has not been able to determine whether or not the members’ information has been used maliciously by the thief as part of the Health Share data breach. Therefore, the company is providing a year of credit monitoring and identity monitoring to its affected members.

Health Share is already taking proactive steps to prevent this kind of incident in the future. For example, they are conducting audits of their third-party vendors and implementing tech training for any vendors who are able to access member information.

There are also steps that consumers can take both before and after an event such as the Health Share data breach:


  1. Be mindful of where you share your PII.
  2. Ask questions about how your data is stored and who can access it.
  3. Monitor your accounts closely so you can be aware of any problems as soon as you suspect something.


  1. If you are issued a notification letter, keep it for reference.
  2. Be sure to follow the steps in the letter if any credit monitoring services are offered.
  3. Watch your accounts carefully for signs of suspicious activity, and be mindful that criminals can use your PII for things like applying for benefits, seeking medical care or even getting a job.

The Identity Theft Resource Center is also available to help those affected by the Health Share data breach, or any other data breach incidents. If you have been the victim of a breach or need more information on protecting yourself, call an advisor at 888.400.5530 or live chat with one.

You might also like…

As news of a COVID-19 outbreak continues to grow, companies large and small are requiring more employees to work from home in an effort to create social distance. However, that is leading to an increase in the risk of COVID-19-related cyberattacks.

Potential Risks of Teleworking: Higher Rates of Phishing/Cyberattacks

With more than 10,000 breaches tracked since 2005, the Identity Theft Resource Center anticipates a rise in the cyberattacks on business infrastructure as more of their employees potentially work remotely from home. In 2019 alone, “hacking” accounted for 39 percent of all breaches.

Working Remotely Cybersecurity Tips

While people are working remotely, especially during an event like the COVID-19 outbreak, it is critical they follow the same security policies at home that they would at work.

1. Update all of your software including the operating system (Ex: Mac, Windows, Linux, Chrome) & applications; turn-on “auto-update” if you have not already

Hackers use known flaws that have not been fixed to break into business networks and home accounts. Keeping software updated prevents many attacks.

2. Add a stronger passphrase to your home Wi-Fi & wired networks

Many home wireless routers (and other Internet of Things or IoT devices) have easy-to-guess default passwords. Update them to stronger passwords, or use an even stronger passphrase (see below).

3. Update account passwords to a passphrase of at least 10 characters and give each account a unique passphrase you can remember

Gone are the days of changing our password every 30 days and Us1ng a C0mP1ex set of characters as your password. Current recommendations are to use a memorable phrase that you can easily remember – like a book title or movie quote.

4. Keep your work passwords and personal passwords separate to limit the potential of “credential stuffing attacks”  

Hackers use stolen passwords from data breaches to break into computer systems because they know the vast majority of people reuse the same passwords for both work and home accounts. Using the same password for your work accounts as your personal accounts could translate into fraudsters gaining access to one from the other.

5. Do not click on any email, attachment, text, social media post or weblink unless you know the source is real

Phishing attacks are not just for email anymore. And, hackers use near-flawless copies of real materials to fool people into clicking on the fake, but dangerous links or attachments.

6. Check websites and email addresses thoroughly to ensure it is the actual address of the company who sent it

The best way to avoid a phishing attempt is to verify the web or email address to make sure it comes from a legitimate company.

7. If anyone asks for personal data related to COVID-19, it is probably a scam

Scam artists take advantage of vulnerable people during times of crisis and they are using the current COVID-19 pandemic to get the attention of people online and on the phone. Never give personal information to any person or organization that contacts you unsolicited. 

ITRC is Available for Questions & Assistance

The Identity Theft Resource Center, based in San Diego, is operating at limited-capacity during the COVID-19 outbreak to ensure the health and safety of our staff, their families and the community. The ITRC will continue to assist individuals across the country who are victims of identity crime, data breaches and identity-based scams, including COVID-19-related scams. We are here for individuals and businesses who may have questions or need assistance with these scams. You can reach one of our expert advisors via our website Live Chat, toll-free phone number (888.400.5530) and email (

You might also be interested in…

Is This a Census Scam?
Fake Vendor Emails on the Rise 
Coronavirus Business Scam Targeting Employees 

A recent Whisper accidental overexposure is shedding light on the importance of online security. In 2012, the Whisper app was launched to be a completely private and anonymous chat with others. The point was that users could share their deepest, darkest secrets with other users without having to worry about anyone finding out who they were.

From the very beginning, Whisper has been plagued with privacy concerns, notably after experts discovered that “anonymous” does not mean what most users thought it did. The company and the app’s developers were tracking geographic locations and coordinates of where users posted, their devices’ unique IP addresses and more.

Now, a Whisper accidental overexposure has occurred. The newly discovered database of information that was not password protected—and therefore was visible to anyone on the internet—shows that the company was also keeping up with the content the users posted as well. Secrets, sexual orientations that had not been made public, explicit fantasies and sexual “adventures,” and other very sensitive information for about 900 million “whispers” were all stored in the database. Worse, some of the accounts belonged to users who listed their ages as young as fifteen years old. In fact, more than one million of the account entries were for that age alone.

All of the information that was harvested and collected in a single database had been shared as a “public” post on the app. However, the researchers argue that did not mean “public to anyone on the internet,” especially the posts belonging to minors or ones that were sexually explicit in nature. The database exposed in the Whisper accidental overexposure was an aggregation of all these whispers combined with usernames, genders, sexual orientations if listed and geographic locations. Although the information exposed did not include names, information such as geographic locations and coordinates, and IP addresses could be pieced together along with data from other data breaches to find the real identities of the Whisper users. As highlighted in the 2019 End-of-Year Data Breach Report, with unsecured data comes the question of whether the data was accessed by criminals, and unfortunately, the question is often answered when the user’s information is posted online for sale.

Users of this app or any other that claims to be safe, private or anonymous need to understand that in the world of technology, that is not exactly the definition you might be used to. Remember, if any app or platform is free for you to use, someone is making money off of it somehow. It might be through targeted advertising, selling your profile information or other mechanisms that allow the creators to turn a profit. It is important to find out how the app’s creators stay in business before you sign up.

If you think you may be a victim of identity crime, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For the latest scams, sign-up for our TMI (Too Much Information) Weekly newsletter.

You might also be interested in…

Did you get a letter in the mail about the census? The Identity Theft Resource Center (ITRC) has seen a rise in our contact center through calls and LiveChat messages recently about a letter from the U.S. Census that people have been getting in the mail titled “My 2020 Census.” Callers are afraid it might be a scam because of the word “my” before “2020 Census.”

The ITRC has verified the legitimacy of this letter and is not a scam. The official U.S. Census Bureau website “” will direct people to “,” where you will start your individual questionnaire. You will then be asked to log in with the 12-digit Census code provided in the materials that were mailed to you. It is safe to login with the 12-digit code and is not a scam.

The U.S. Census Bureau also has an alert on its website that individuals will receive this letter between March 12-20, 2020.

Image from

The ITRC is encouraged by all of the calls and messages to the contact center because if something seems suspicious, you should always reach out to a verifiable resource to confirm or deny the validity of the letter, email, etc. The U.S. Census Bureau also has a helpful page about how to verify a census survey, mailing or contact here:  

Update as of 3/20/20: During this time of quarantine due to COVID-19, all Census field operations have been suspended. As noted in a press release, “Beginning today, in support of guidance on what we can all do to help slow the spread of coronavirus, 2020 Census field operations will be suspended for two weeks until April 1, 2020.” This means if someone knocks at your door claiming to be from the U.S. Census Bureau, it is a scam and you do not provide them any information.

If you get a letter in the mail in the coming days titled “My Census 2020,” follow the instructions on it and take part in the survey. If you have any questions, call the ITRC toll-free at 888.400.5530 or live chat with one of our advisors.

You might also be interested in…

On March 2, 2020, Carnival Corp. announced that two of its cruise lines were impacted by a Carnival cruise line data breach. Unknown numbers of employees and customers of Princess line and Holland America line may have had their complete identities compromised, including names, addresses, Social Security numbers, government-issued travel numbers and more. The Carnival cruise line data breach appears to have occurred as a result of a targeted email attack that included deceptive communications, which are most likely part of a phishing attack.

In a phishing attack, scammers send out messages to hundreds or even thousands of email accounts, hoping to snare a few victims. In the case of these messages, the company’s statement appears to say the emails were directed at employees.

Spearphishing, as it is known, is a specific type of phishing attempt that happens when someone targets employees within a company with emails that look like real business-related messages. The goal is to trick the employee into downloading harmful software, sending over sensitive information, providing usernames and passwords or even transferring money to the scammers.

Carnival is taking steps to help those who have been affected by the Carnival cruise line data breach. While their investigators have not discovered any signs that the stolen information has been used maliciously, the company is offering free credit monitoring for the victims.

Also, anyone who is affected by a data breach can take the following steps:

  1. Update your passwords on all of your sensitive accounts.
  2. Place a freeze on your credit report by contacting the three credit reporting agencies.
  3. Monitor your accounts for any signs of unusual activity.

Anyone whose information was exposed in the Carnival cruise line data breach can also contact the Identity Theft Resource Center’s toll-free number at 888.400.5530 or via the website’s live chat feature to speak with an expert advisor. This resource can help you come up with an action plan.

The ITRC’s free ID Theft Help App will also let you keep record of your case steps and provide you with proof of what actions you have taken. This is important since some recent data breach settlements have required victims to provide proof for cash payouts.

You might also like…

First, hackers were taking advantage of the global pandemic coronavirus news coronavirus with an email scam that targeted consumers. Now, they are targeting businesses with a new coronavirus business scam.

Just like the last scam, criminals are using the concerns over the outbreak to unleash malware. They are continuing to try and find ways to make money by playing off everyone’s concerns and fears.

This coronavirus business scam is targeting professionals by sending phishing emails that look like a company’s purchase order for facemasks or other supplies that could trick employees into making payments to a fraudulent account. Scammers are also sending phishing emails about a company’s remote-work plan in hopes to get a response that provides personal details.

According to Proofpoint’s analysis cited in an article for the Wall Street Journal, attackers have sent emails containing nearly a dozen types of malware. Some of these emails even include company logos, instructions and attachments.

As long as the coronavirus stays in the headlines, so will the scams. In order to avoid these scams, it is critical that everyone adopt and develop good cybersecurity behaviors and habits. Here are a couple of tips to help you reduce your risk of falling victim to a coronavirus business scam.

  • Never click a link, open an attachment or download a file that you are not expecting. Instead, you should contact the sender to verify its authenticity. If the sender is not someone you regularly interact with, ignore the email. If it is someone you know, still verify the email before you click any links or open any attachments.
  • Do not share or forward emails about the coronavirus unless you have verified its authenticity. They are often alarmist to the point of being hoaxes or contain outdated details. In the case of the coronavirus scam, they contain dangerous links.

It is important to stay up-to-date on all major events. In order to stay on top of the news, go directly to trusted sources like the CDC or World Health Organization for updates and information.

If you believe you have fallen victim to a coronavirus scam, contact the Identity Theft Resource Center toll-free at 888.400.5530 to speak with an expert advisor. You can also live chat with us. Our advisors will help guide you through your case and provide you with the proper resources.

You might also like…

On Thursday, March 4, 2020, T-Mobile disclosed a breach that impacted employees and customers. T-Mobile posted two separate data breach notification letters on their website. The first states that there was a malicious attack against their email vendor that led to unauthorized access to certain T-Mobile employee accounts, some of which contained account information for T-Mobile customers and employees. The second breach notification letter also states there was a malicious attack against their email vendor. However, it says personal information like names, addresses, Social Security numbers, financial account information, government identification numbers, phone numbers and billing account information could have been exposed for some customers and employees.

The U.S. telco is sending out SMS notifications to all impacted users about the T-Mobile breach. Users who just had account data exposed are getting different notifications than those who had sensitive data exposed.

It is not yet known how many employees and customers were affected by the T-Mobile breach. However, the company is recommending to customers that they change their PIN numbers on their T-Mobile accounts. T-Mobile is also offering free credit monitoring and identity theft detective services that are being provided by TransUnion, for those that had sensitive information exposed. Those that have the option to have monitoring will receive a separate letter with details.

In the notification letters, T-Mobile has emphasized how seriously they take the security of every customer and employee, and that they are working to further enhance their security to stay ahead of this type of activity.

While there is nothing you can do to prevent yourself from falling victim to a data breach, there are things you can do to reduce your risk.

  • Be alert for phishing emails by a scammer that acts like they know who you are or that they are a company you do business with. Only respond to emails if you know the recipient or are expecting the email.
  • Keep an eye out for suspicious activity. You can do that by regularly reviewing and monitoring your accounts and credit history for any unauthorized transactions.
  • If you believe you have fallen victim to identity theft, file a police report. You can also contact the Federal Trade Commission or the State Attorney General to learn more about the proper steps to take.

If you believe your information was exposed as part of the T-Mobile breach, the Identity Theft Resource Center urges you to call us toll-free at 888.400.5530 to speak with an expert advisor who can help you create an action plan and tell you who to contact and what to say. You can also live chat with an advisor.

The ITRC also encourages you to download our ID Theft Help App that will allow you to track your case and provide proof of what you have completed, which is more important now than ever with recent data breach settlements requiring victims to provide proof for cash payouts.

You might also like…