The Federal Trade Commission (FTC) is the U.S. government agency tasked with protecting consumers. Whether it is issuing warnings and recalls about dangerous products, policing companies for misleading advertising or helping write regulations in regards to harmful products, the FTC is certainly the unsung hero that protects all of us on a daily basis.

The FTC has another crucial job, it is the go-to department for reporting scams, fraud, and other related crimes. As such, the FTC keeps tabs on the types of consumer reports that are filed each year and releases this comprehensive information in its annual report from the Consumer Sentinel Network.

The 2018 report has been released with a shocking new finding: for the first time since the FTC began tabulating and reporting the complaints, imposter scams topped the list of most commonly reported consumer fraud.

An imposter scam occurs when a criminal uses a false identity or persona to trap you. It might be someone pretending to be a Microsoft employee, a Google ad salesman, someone from your bank or credit company, an IRS agent, or a customer service representative from your utility company, just to name a few examples. Using this false persona, the criminal alerts you to some plausible reason why you must pay money or face a consequence of some kind.

For obvious reasons involving threats of jail time and significant penalties, government imposter scams are commonplace. Scams involving phony IRS or Social Security agents made up about half of the 535,417 imposter scam attempts that were reported to the FTC last year. The thought of a fraudulent charge on your credit can make some scam victims comply with a banking imposter scam, but thinking that they have broken the law with regards to their taxes is far scarier.

What is interesting about the increase in government imposter scams is that it is branching out from the norm. IRS scams were commonplace for a long time, as a caller would contact you and claim you have failed to pay your taxes. Now, Social Security imposters contact potential victims and frighten them into thinking their SSN has been suspended or their benefits will not be issued that month unless they verify their identities.

In either case, the goal is money or information. If a scammer can convince you to pay or provide your personally identifiable information, then they can cash in. Sometimes the scammer even manages to acquire both a payment and your data, which will then be used for identity theft.

Unfortunately, as the number of complaint reports to the FTC increased, so did the number of losses that victims reported. With nearly three million different consumer reports made to the FTC last year, the total amount of loss was $1.48 billion, a 38 percent increase compared to the previous year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

A recent data breach of Verifications.io, a company that approves or verifies email addresses for third-parties, exposed 763 million consumer records. Verifications.io ensures third-parties’ email marketing campaigns are being sent out to verified accounts, and not just fake emails. The unsecured database discovered online by two security researchers did not contain things like passwords or Social Security numbers; however, it did contain an assortment of data points like mortgage amounts, interest rates on loans and social media email logins, along with identifiers like gender and birthdate.

There have been almost 7.7 billion compromised accounts since data breach tracking began in 2013. The total number of compromised data sets listed on Have I Been Pwned?, a security website that lets users see if their identifying information has been exposed, now exceeds the total number of people on Earth.

The real question that the researchers and Troy Hunt, founder of Have I Been Pwned?, want to know is how Verifications.io got its hands on all of this information in the first place. The Estonian-based company has refused to respond to questions from different news outlets and has taken down its entire website as of March 4, 2019. In fact, Hunt has publicly asked for the data breach victims’ help via Twitter. What are you supposed to do when the company that comes under attack had your information without your direct permission? If you can identify your email address compromised in the data breach and used it uniquely (i.e. for one service), researchers are asking that you contact them so they can try to track the path of data sharing.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Of all the user-centric, social media websites on the internet, it is possible that none has faced as much intense public and government scrutiny as Facebook. Apart from various bugs, glitches, and possible hacking attempts the company has endured since its launch, governments around the world have taken the website and its founder to task for nearly abusing its users’ privacy.

The site has a long history of gathering, storing, and selling users’ information and internet habits to third-parties, some of whom users do not want to be associated with. There have even been allegations that one specific third-party, Cambridge Analytica, was using information to influence political action.

Now, after a lot of public and legislative demand, Facebook will launch a new feature this year that lets its users clear their Facebook “connection” history. No, this will not delete your posts or photographs instead, Facebook clear history will show users what apps and websites they have visited that maintained a connection to their Facebook accounts, and give users the ability to break that connection by deleting their history.

Why should you do this? First, it puts a dent in the number of websites that can see your posts or content and gather information about where you go, who you visit, what you like, and more. From there, it can stop that information from being sold to advertisers.

The purpose of Facebook clear history really comes down to removing any trace of a connection rather than just blocking a website from accessing your data. Think of this example: if you were simply to remove a baby product website from your Facebook access, that one website could no longer target you with ads. However, any other website that sells similar products may still be able to see that you were once connected and that you interacted with those ads.

Until this new feature launches, there are some things consumers can do if they want to help safeguard some of their privacy on social media. Remember, though, the entire reason you can use these platforms for free is because they are benefitting financially from third parties who pay for access to your account activity.

First, stop logging in with Facebook. It’s very convenient to simply tap “log in with Facebook” on an app or other websites, but it connects that app or website to your Facebook account. Next, stop sharing the news of your latest high score in a game; no one actually cares how well you are playing, but more importantly that game is connected to your profile information. The entire reason that game lets you play for free is because they want that access.

Finally, do your own privacy checkups from time to time, not just on social media but on all of your online accounts. Delete cookies and your browser history if you do not want that information stored, and make sure your passwords are strong and up-to-date in order to keep hackers at bay.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

St. Patrick’s Day is just around the corner, and parties and parades are already in the final planning stages around the country. But there’s another major plan in the works, one that has nothing to do with this fun festival and everything to do with separating you from your money.

A lottery scam is still an ever-present threat despite high-tech cybercrime initiatives like hacking. These far more low-tech means of stealing from innocent victims take no skill whatsoever to accomplish, meaning they may be more likely to impact you than high-tech crimes. A Greenburgh woman has been arrested in connection with a lottery scam that authorities said bilked at least 30 elderly victims out of more than $1 million.

There are many different ways a lottery scam can manifest, but they all have a few things in common. First, there’s some “story” behind why they need you to pay a small fee in order to claim your outrageously high-dollar winnings. Second, they want access to your bank account to directly transfer your winnings to you.

The fees – Different versions of lottery scams have different reasons for this phony fee. It might be taxes on your new wealth, a “transfer” fee since the lottery originates in a foreign country, a currency exchange rate fee (again, due to the different country of origin), or a processing fee to transfer the money to you. In any event, it’s all fake. There’s no reason at all—not even taxes, which are paid after you accept the money and not before—to give anyone a payment in order to claim something you have won.

The account access – Scammers who claim you’ll receive a direct deposit or electronic transfer will ask for your bank account number, your routing number, and even things like your Social Security number or birthdate. The criminals have no intention of putting money into your account, but with the information they requested they can easily remove every penny you already have.

A lottery scam, fake sweepstake, and phony contest have some other common threads, and you can spot them before they strike if you understand a few universal truths:

1. You will never, ever win a contest of any kind if you did not enter it. That means the Jamaican lottery or the Facebook sweepstakes or any other phony contest is not going to send you millions of dollars.

2. There is no such thing as a transfer fee, upfront tax costs, or any other payment required for receiving the money you have already won.

3. Online contests should be treated with caution. There are some legal web-based outlets for selling lottery tickets within the US, but even those sites are coming under fire for being too similar to known but unrelated scams.

4. You do not have to “win” to be a victim. Officials have reported a marked increase in scams in which the thief claims he is a foreigner who bought a legitimate lottery ticket within the US, but that he cannot win because he is not a citizen. He offers to split the money with you if you will go claim the winnings but asks you for a hefty fee up front to ensure you do not run off with his ticket.

5. Ticket scams are another common threat, especially for sought-after sports events or sold-out concerts and theater performances. Beware of messages that claim you have won tickets (or have the opportunity to pay for a chance to win tickets) to March Madness, “Hamilton,” or any other exclusive event.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Gear up for your next vacation with advice on how to travel safe when it comes to technology and cybersecurity.

Be honest, show of hands who is ready to put this winter weather behind them and take a nice vacation? No matter if it is a glowing sandy beach escape or a picturesque mountain retreat, a vacation can be an instant pick me up after the winter blues.

Unfortunately, as too many travelers already know heading out of town can be filled with pitfalls. Lost luggage, sudden cancellations, unexpected illnesses are just the tip of the iceberg when it comes to potential problems. However, there is a far more serious danger lurking for the would-be traveler with consequences that take years to recover from – identity theft.

Cybercriminals do not take vacations, so you cannot let your guard down where your identity, your financial data, even your gadgets are concerned. In fact, in many ways, traveling brings a whole new kind of cybersecurity threat, one that specifically targets people when they are away from home.

Once you have planned your getaway, there are a number of steps you must take to travel safe. Whether you are traveling within the country or abroad you should consider taking the below actions to protect your information.

Update and Backup all of Your Technology

If you are bringing any devices with you, now is the time to make sure they are updated to the most recent operating system. The same is true of your apps. When you continue to use an outdated piece of software or an old app, you are leaving yourself wide open to a data breach; developers often issue updates specifically because they have uncovered a security hole. While you are at it, make sure you save all of your important files, documents, or photos to a secure source at home, just in case someone does attack your device.

Disable your Wi-Fi

A simple slide with your fingertip is all it takes to prevent your mobile device from automatically connecting to unknown networks. These are the kinds of free Wi-Fi connections found in coffee shops, hotels, restaurants, airports, and more. Turning off the Wi-Fi will not only save your battery, it will stop lurkers from infiltrating your device over unsecured networks. Do not worry, you can turn it right back on whenever you are in range of a safe connection.

Power Up with Confidence

Avoid public charging stations if you can help it. Whether you use your own cord or use one that is provided, you cannot know where the cord’s connection will lead. In a scheme called “juicejacking,” criminals lure travelers into plugging in their devices for a quick charge, but the cord is actually connected to a hidden computer. The computer is downloading all of the files and information off the devices while you charge up, including usernames, passwords, account numbers, and more. If you can carry your own external charger battery or a “block” to plug into a regular power outlet, that would be much safer.

Passcodes, Passwords, and Pass it On

You might want to update your passcode lock on your mobile devices and your account passwords on sensitive accounts before you leave. That way, you are not enjoying a day out on the waves—and away from a phone or computer—when a hacker steals a database of old usernames and passwords, or steals access to your online bank account and credit card. If you can leave these passwords with a trusted family member, they can help you out if something goes wrong while you are out of pocket.

The Trip is Only Part of the Equation

Remember, your vacation basically starts (at least from a cybercriminal’s perspective) from the day you book the trip through the weeks after you have returned. Make sure you are booking your travels through a reputable company over a safe online connection, and that you are monitoring your accounts before, during, and long after your trip in order to watch out for suspicious activity.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Consumers have been warned for years about the potential danger of compromised payment card readers. Whether in a store, at a gas pump, or even an ATM, a thief simply has to tamper with the keypad and card reader a little bit, install a micro-thin skimming device, then gather up your card information.

Now, a recently uncovered threat called formjacking is basically doing the same thing, only it is happening when you enter your payment details on a website. By inserting malicious code into the site, cyberthieves can swoop in and steal your card number, security code, zip code, and much more.

According to security software developer Symantec, “The number of instances of formjacking blocked by Symantec more than doubled, jumping from just over 41,000 to almost 88,500—a percentage increase of 117 percent.” The company estimates it blocks nearly 7,000 formjacking attempts every day.

This might sound like a problem that only targets less secure websites, but that’s not who thieves are going after. With websites like Ticketmaster being a victim, formjacking targets large e-commerce companies. By gaining access and injecting the harmful code into a website payment page or form, the hackers steal your information without you realizing it and without you ever leaving the trustworthy site you visited. Hackers can gain access to these trustworthy sites through supply chain attacks or by going through a third-party integration like payments, analytics or chat. If a third-party integration is compromised by hackers that is used widely, multiple websites could be at risk from just one infiltration.

That means consumers have to protect themselves from an invisible threat. Fortunately, a comprehensive security suite can often include additional features like suspicious URL blockers which keep you from landing on unsafe websites as well as payment card protections. With options out there to meet every budget—from free to car payment-sized—you can certainly find a solution that offers you greater protection and still fits your finances. If your card information is stolen, you can find out about it immediately by launching “card not present” transaction alerts from your financial institution.

On the other side of the web, it’s up to businesses to ensure they are not putting their customers at risk. It’s important to fully vet any third-party provider that connects to your company’s website, no matter what kind of service they offer. Companies should also ensure they are taking proactive steps to prevent these attacks and perform regular security checks.

Symantec is a proud financial sponsor of the Identity Theft Resource Center


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Identity theft is not one single type of crime. There are many different ways a criminal can use your information, such as applying for government benefits, getting a job under your Social Security number, receiving medical care or prescription drugs in your name, and of course, the financial aspects. But stealing from your bank account or signing up for a new credit card in your name are just scraping the surface when it comes to the harm identity theft can cause.

Tax identity theft occurs when someone uses your compromised information to file a tax return in your name. They fudge the numbers, enter an unrelated refund dispersal option like a prepaid debit card, and make off with your money before you ever know that anything has gone wrong.

How do they get their hands on your data in the first place? There are many ways, including:

  • Imposter scams
  • Data breaches
  • Stolen mail or W-2s
  • CEO/HR phishing scams
  • Corrupt insiders/tax preparation services
  • Unsecured and public Wi-Fi hotspots
  • Social Security number that is lost, stolen or compromised

Of course, it’s just as easy for a criminal to purchase your previously stolen information online, then use it to file a fraudulent return.

How can you know if someone has filed a return with your stolen information? Again, you may find out in different ways, but one common way is for the IRS to inform you.

They don’t usually call you up and say, “Guess what? Someone stole your identity!” Instead, it’s a lot more likely that the IRS will reject your legitimate tax return because someone has already filed using your Social Security number. Another way is someone not necessarily filing the entire return in your name, but rather claiming your dependents on their return if they’ve stolen your kids’ identities; in that case, the IRS will still contact you about the duplicated dependents. Finally, the IRS might contact you if someone files a business return involving your identity as an employee and the agency wants you to answer for the unreported income you supposedly earned but didn’t list on your return.

The fact of tax identity theft is that hundreds of millions of consumers’ identities have been compromised in different data breaches over the years. That means no one is immune from the threat of having their tax refund stolen.

Fortunately, there are steps that consumers can take to minimize their risk. The Identity Theft Resource Center provides free victim remediation assistance through its call-center by dialing (888) 400-5530. The ITRC will host an informative Twitter chat with the Federal Trade Commission to provide insight into protecting yourself. The live event will take place on March 8, 2019, at 8 am PT/11 am ET, and will discuss the importance of protecting yourself against tax-related identity theft. Use #IDTheftChat to join!

If you can’t take part that day, you can still read all of the tweets later on by searching for the hashtag. For more questions and answers about tax identity theft, read our tips here.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Tidying Up For Your Identity, Mobile Device and More…

In the age of the #selfie, there are millions of apps for users to apply teeth whitening, air brushing and the perfect filter for a flawless pic to be shared on social media. Unfortunately, downloading apps can also pose a security risk, depending on the app and the platform from which is was accessed.

Four million Android users who downloaded a popular app from the Google Play store are believed to have been infected with malware that has a variety of consequences. Some of these involve stealing access to your contacts list and pictures, while others actually redirect any popups to pornography websites. Trying to get rid of the app doesn’t work since the app remains hidden after deleting it, making it impossible to drag it to the delete garbage can icon.

The Google Play store for Android users and the App Store for iOS (Apple) users are two of the biggest app sources in the world, and they have two very different structures. Google believes in a more open-source approach, meaning any developer can list an app and users have a responsibility to read the reviews before downloading. Apple, on the other hand, has a reputation for being far more secure, but that comes at a price: listing an app on the iOS store can mean a lengthy wait while the app is tested and approved and a laundry list of requirements for developers to adhere to.

For better or worse, most of the affected apps in this case were downloaded in Asia. However, that doesn’t mean there aren’t malicious apps that are targeting US users with similar harmful tactics. Logically, Android users stand to be at a somewhat higher risk than Apple users due to the open nature of the Google Play store, but that doesn’t mean iPhone and iPad users are immune to this threat.

No matter which mobile operating system you use, you’ve got to be careful with your device. Read the user reviews before you download an app, and make sure there aren’t any specific privacy concerns mentioned. Also, read the app description itself and get a good idea of what kinds of access the app needs. If an app wants too much information or access that it shouldn’t need in order to function, then it’s best to skip it.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Fortnite Bug Let Hackers Into Players Accounts