Scammers are trying out a new “cancellation request” email scam to see if anyone will fall for it, even employees at the Identity Theft Resource Center (ITRC).

There are a few hilarious videos floating around online in which scammers call an unsuspecting victim and threaten to have them arrested. Many of these scammers claim to be with the IRS or the Social Security Administration and inform the consumer that they will be arrested if they do not pay a hefty fine immediately over the phone. The hilarious part? Some of the videos, such as this one, were received by the police.

Of course, scams are not funny when the recipient cannot tell they are being scammed. One “cancellation request” email scam attempt that was received by a staff member of the ITRC claimed to be shutting down their work email address; clicking the “cancel” button would supposedly stop it. Fortunately, as an ITRC staffer, they were very aware of many of the tactics these criminals use and did not click the button.

In the case of the email shutdown message, there was a link button for the recipient to click. As the ITRC and other experts have warned for years, you should never click a link, download a file or open an attachment in any kind of message unless you were specifically expecting it. Why?

  • It can contain a virus
  • It can redirect you to a page that steals your personal information or login credentials
  • It can propagate within your computer or network to look for files that the scammers think are useful
  • It can be ransomware, which will lock up your entire computer or network until you pay the ransom to the scammers

There are things you can do to see whether or not an email is an email scam. First, hover your mouse over the sender’s email address. Do not click it. Just hover. The actual email address will show up in a small box. Next, look for grammar errors or misspellings in the message itself. If you spot any, it is probably not a real message. Finally, on the off-chance there is something to this warning, head over to your account yourself by going directly to the company’s website. Find out if there is anything wrong and handle it that way instead of clicking through. Hackers are always looking for new ways to scam consumers. However, if you implement these practices, it will reduce your risk of falling victim to the latest scam that is making the rounds, including this “cancellation request” email scam.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

There are more remote workers now than ever, either as telecommuting employees or freelancers. At the same time, more businesses than ever before are relying on these hard-working individuals to keep their companies in operation. The end result is people who don’t work in your building—or even live in your city—and who have never laid eyes on the boss may be the best line of defense when it comes to protecting your business from cybercrimes.

These remote workers can turn out to be the weakest link in the business cybersecurity chain. With their access to company servers, their connection via email to the onsite employees’ network and the fact that they are typically utilizing their own technology—whether it is virus-protected or not—these outsiders could be the avenue that savvy hackers use to deploy their malicious tactics.

Going through an outside source is nothing new for hackers. In fact, the infamous Black Friday breach of Target’s payment card system in 2013 happened because hackers sent a phishing email to a small HVAC repair company. This company had the contract to work on a number of Target locations in its area, and as such, had been connected to Target’s computer network. When hackers tricked an employee of the HVAC company into downloading malicious software on the smaller company’s network, they were able to infiltrate all of the POS systems for Target on the biggest shopping day of the year.

How can a company know that its outside freelancers or remote workers are not falling for phishing attacks? How will they know if those employees’ personally-owned computers and devices are password protected and have antivirus software installed? Without a system of checks in place, businesses are leaving a lot up to chance.

There are a lot of other hidden pitfalls these remote workers and companies face, as shown here, but fortunately, many of the same preventive measures that protect individuals can also protect businesses. Here are some tips on the employee’s end that can reduce the risk of a breach:

  • Locking down your Wi-Fi and your accounts with strong, unique passwords is crucial, and regularly changing your passwords is a good idea
  • Enabling two-factor authentication is a good idea too, as it can keep hackers out of a lost or stolen smartphone or laptop
  • Be sure that antivirus software is installed and up-to-date at all times, and consider using a VPN to hide your information when you are working online

For businesses and employees alike, the most important steps to take involve learning to spot the signs of suspicious activity. Know how to recognize a phishing email, and know what the proper steps are to avoid becoming a victim of a phishing attack. Make it a policy and all-around good habit to never click on a link, open an attachment or download a file that you were not specifically expecting. Create a workspace that rewards employees for verbally confirming even the simplest of commands and requests if there is any doubt that they are legitimate.

Companies have to work together from the top down to create a safe, effective workplace. Avoiding business cybersecurity issues can only happen when everyone works together and knows how to be safe.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

When you are on the internet in this day in age, you always have to be cautious about whether games and deals are legitimate fun or a social media hoax. There is no shortage of ways to earn money, win prizes or benefit from free goods online. Contests, giveaways and company discounts are all over, and the chance to score some savings can be very enticing. Sometimes it takes nothing more than “liking and sharing” a page. Other times, it requires you to sign up with your identifying information. Unfortunately, scammers know that as well.

From social media hoaxes and fake contests to outright phishing attempts that steal your information, there is no end to the ways that criminals will try to take advantage of you. Adopting a suspicious air of caution is important whenever you sign up for something, enter a game or contest or any other type of activity that exposes your information.

For example, a new contest has made serious waves online, mostly for its originality but also for its red flags. A group known as MSCHF has had a lot of fun—and shared that fun with a vast community of online users—with innovative and inventive offerings. Their newest project, however—Password of the Day—is no exception.

The way it works is you sign up with your phone number to receive text messages from the company. Every day, users can request the “password of the day.” The reply will include the login credentials for some kind of online account. It might be an Amazon account equipped with Prime, a PayPal account with a $1,000 balance in it, a Disney+ account or any other kind of account. Not knowing is part of the game, after all. The trick is the first person to find the online account that those credentials go to gets to keep it.

Fun, right? Except for some media coverage of this “internet treasure hunt” that failed to point out where exactly these login credentials came from. That left people to speculate as to whether these credentials had been stolen or bought from the Dark Web. Is this the latest social media hoax?

Luckily, no. Upon further research about this game, showed that the creators had established all of the accounts themselves to give away. That might not have been clear at the onset to some users since the game was very mysterious. However, it is a legitimate game that does not steal from others.

It is hard to find fault with the people who were concerned about a social media hoax, though. After all, the internet is filled with too-good-to-be-true offers, fake coupons that require you to turn over your personal data and surveys that go on for page after page and result in a flood of spam emails. Furthermore, this game requires you to submit your cellphone number—in order to receive the text messages—and that can make people stop and think, too.

This should serve as a warning to all internet users to be careful of “crazy” deals and offers. More importantly, do your own homework before signing up for or rejecting a company. Simple Google searches can tell you a lot about whether or not it is a social media hoax. If you are still unsure, contact the company directly or err on the side of caution. In the meantime, enjoy the game when a company has proven itself to be trustworthy!

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

In 2019, romance scams led to losses of over $200 million. While these scams may seem easy to avoid, scammers go out of their way to take advantage of you.

All internet scams have the potential to be cruel. After all, they are designed to trick you into handing over your money, your identity or both. However, perhaps one of the most heart-wrenching forms of online scam is the romance scam. Not only does the victim lose their money—and even potentially end up in jail—but they lose what they believed was a real chance at finding lasting love.

Romance scams occur when someone poses as a possible love interest. They reach out to you on social media, on dating apps and websites, via text message or email or through any other means. The resulting conversation is fun and interesting, and the sheer amount of personal attention can lift anyone’s spirits. Before long, you find yourself looking forward to the numerous messages this person sends each day. It does not take long before the pre-packaged lines start to flow:

  • “I have never felt like this with anyone I have chatted with before.”
  • “I know we just started talking, but I think I’m falling in love with you.”
  • “I hope this is not too forward, but I could really see us spending the rest of our lives together.”

Of course, there is always a major obstacle from this new love interest that makes it hard to chat, speak on the phone or visit in person. Perhaps they work on an offshore oil rig, or they are a deep-sea fisherman out on the water for months at a time. Often, the scenario is that they are a U.S. soldier who has been deployed to Afghanistan. The job may change, but the excuse is the same.

Before too long, the ploy begins:

  • “I am stuck here on an oil rig and my mom—who adores you already and is excited about meeting you soon—needs medicine. The money is in my account, but the bank has frozen my account while I am away. If only there was someone who could send her money so she does not end up back in the hospital.”
  • “I am away on the boat and my son at university—I mean, our son—just had his laptop stolen. He is going to fail his classes and lose his scholarship.”

What’s worse, is the victim’s response to the ploy will determine the future of the relationship. Sending money right away will earn you more messages, more talk of marriage and a future. Showing even the slightest hesitation can result in being cut off for a while. Once you come to your senses and send the money, then the lovey-dovey talk starts back up.

You would think people would not be taken in so easily, but that is not true. In fact, despite the fact that romance scams have been around for years, 2019 romance scam statistics show Americans reported losses of over $201 million in 2019 to romance scams. Those romance scam statistics are just the reports that were actually made to the Federal Trade Commission (FTC), and does not include the numbers of victims who are still embedded in these scams or were too upset and embarrassed to file a report.

Over the last two years, the money reported lost to romance scams was higher than any other reported scam according to the FTC. The FTC also says 2019 romance scams included more than 25,000 reports filed.

Avoiding a romance scam is much harder than it sounds, and recognizing that you have already been victimized is even harder than that. These scammers are good at what they do and they know exactly what to say to snare their victims. All you can do is adopt an air of caution about talking to people online, look for those red flags about long-distance relationships and far-flung jobs and remember that if anyone asks you for money for any reason, it is probably a scam.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

In what has become a frequent event, another company has fallen victim to exposing their sensitive company information to the entire internet, all because they failed to password-protect their web-based storage system. LimeLeads, a San Francisco-based company that matches individuals and businesses with potential leads, left its internal database of users unsecured. The LimeLeads overexposure was discovered by a hacker, who downloaded it and sold more than 49 million of the users’ information online.

This type of overexposure continues to happen because many of the systems that offer cloud-based or web-based storage to their customers have the password setting off by default. That might seem like a bad idea, given how many times in recent months this very scenario has happened. However, there are important reasons for not automatically locking everyone out of the system, especially when the company is transitioning to this service. As soon as the transition is underway, that default setting should be changed immediately to a password-protected setting.

Instead, too many companies leave it unprotected, never changing the default, which is what led to the LimeLeads overexposure. That means literally anyone who knows to look for it—or just gets curious and starts browsing around online—can find both the storage bucket and the contents. In this case, a security researcher who routinely looks for unsecured databases discovered it. Unfortunately, they did not discover it before someone else got to it first.

According to ZDNet, a hacker who goes by the name Omnichorus also stumbled upon the database. They then downloaded the contents and posted it for sale on the Dark Web. In many other events like the LimeLeads overexposure, the companies were lucky. They never found evidence that anyone else (before the security researcher who reported it) found or used the information.

Unfortunately, any time personal data is collected and stored, it is the responsibility of the new owner to keep it secure. The LimeLeads overexposure amounts to a data breach, despite the unintentional nature of the event, and those users’ records have now been compromised. Businesses must make comprehensive computer training and updates a priority in order to prevent issues like the LimeLeads overexposure.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

The 2020 year has kicked off with a number of high-profile data breaches that have affected a wide variety of industries. The recently announced Front Rush data breach affecting student-athletes is just another in a long line of attacks that have targeted businesses and their customers.

Front Rush, a tech company whose recruiting software connects colleges, universities and sports teams with up-and-coming student-athletes, suffered a data breach that compromised around 700,000 students’ profiles. The Front Rush data breach was the result of an unsecured Amazon Web Services online storage system, which is another in an ever-increasing number of accidental overexposures that lay out companies’ databases to anyone who looks for them on the web.

This time the exposed victim records included minors, and due to the nature of the information collected, it included SAT scores and grades, medical files and financial aid agreements.

The storage bucket has been taken offline, but there is no way of knowing if anyone accessed the information before Front Rush became aware of the issue. A security researcher discovered the exposed bucket and contacted Front Rush, but they did not receive a reply. The researcher then reached out to the media so that victims’ might be made aware.

Incidents like the Front Rush data breach may be on the rise, but they are also avoidable. By default, the web storage bucket is set to “non-password protected,” and it is up to the client to lock it down and put a password in place. Users who fail to do so are literally leaving their entire database available to anyone on the internet.

The consumers whose information goes into these unsecured storage systems do not have much they can do to prevent these things from happening. That is why it’s very important to monitor your accounts closely, change your passwords frequently (in case someone stumbles on old information online) and be on the lookout for spam email and phishing attempts that come from these kinds of breaches.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

A Golden Entertainment phishing attack is forcing the gaming company to see if any exposed information has been used in a harmful way and to look at ways to protect employees from possible attacks in the future.

There are many different ways that hackers can strike. From infiltrating entire networks to installing viruses and malware, their methods are varied and unfortunately, quite effective. A newly announced breach of one company’s employee email accounts shows how simple and effective it can be.

In what seems to be a phishing attack, hackers sent an email to an employee of Golden Entertainment, a company that manages casinos, distributed gaming venues and more. The email enticed the employee to follow through with some sort of instructions, which have not been released. Those instructions could have been to open an attachment, download a file, click a link or any other avenue that the hackers chose.

The end result was that the email contained malicious steps that gave the hackers access to email accounts for the employees. The report states that the unauthorized user(s) may have visited that account more than once throughout an eight-month period. As such, they were able to access sensitive emails, including some that had attachments. Those attachments included complete customer identities for some clients, including payment card data, Social Security numbers and much more.

The company has not found any evidence that the affected customers’ information was used in a harmful way, but they are being very cautious about their investigation and resulting steps.

The Golden Entertainment phishing attack is just another reminder that all companies, no matter how big or small and no matter what industry they are in, should have comprehensive employee training on how to respond to emails, messages and social media posts. Those trainings should include instructions on never opening an attachment or clicking a link that was unexpected, even if the email appears to come from a trusted sender. Instead, the employees should verify the instructions verbally before complying.

Failure to do so can lead to cybercrimes such as hacking, account takeover, ransomware and identity theft, as seen in the Golden Entertainment phishing attack. The high costs of the aftermath of these attacks can make anyone wish they had simply never clicked. Be sure you are doing all you can to protect yourself from attacks like the Golden Entertainment phishing attack by being able to spot a phishing attack and reporting it to your employer.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

After a couple of years away from the top of the Consumer Sentinel Network Data Book, identity theft reports have returned to the top spot.

The Federal Trade Commission (FTC) accepts agency, business and consumer-submitted reports of scams, fraud and other related crimes. They then compile those reports into a large online database called the Consumer Sentinel Network. This database is available to law enforcement around the country. When compiling the report each year, the FTC also maps the types of crimes that consumers submit and shares that data with the public.

The FTC received over 3.2 million reports of which the top three categories including identity theft, imposter scams, and telephone & mobile services. Identity theft encompasses a number of different types of crime, largely based on how the thief stole the information and what they did with it. For example, medical identity theft occurs when the thief uses stolen information and poses as a patient to receive medical care or pharmaceuticals. Government identity theft occurs when someone uses the stolen data to apply for government benefits, file a fraudulent tax return and other crimes. Child identity theft, as the name implies, happens when the victim is a child with a clean credit report or is not receiving government benefits and someone uses their Social Security number and information.

Just because other crimes eclipsed identity theft reports for a couple of years does not mean the number of incidents were insignificant. It only means that other crimes were more prevalent. Now, with identity theft reports returning to such a prominent position, it should serve as a warning to the public that all forms of identity theft, fraud and scams continue to be serious problems.

However, there are ways you can protect your identity:

  • Place a freeze on your credit report. If your data has ever been compromised in a data breach, this is an especially good idea. It is now free, but keep in mind that if you need to thaw your credit, it can take several days.
  • Enable alerts on all of your financial accounts and cards. These alerts will let you know if someone has infiltrated your existing accounts and managed to use them.
  • Practice good password hygiene. A password can only protect you if it is strong—with at least eight digits and a combination of unguessable letters, numbers and symbols—and only used on one account. It is also a good idea to change your passwords regularly to prevent anyone who discovered old login credentials from accessing your accounts.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live-chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

The Identity Theft Resource Center (ITRC) has released it’s annual End-of-Year 2019 Data Breach report, and the information is both surprising and expected. The ITRC has long been a go-to source of help and information about identity theft and fraud, data breaches and other related matters. As part of its mission to empower consumers, law enforcement and lawmakers alike with up-to-date information, the ITRC compiles a data breach report each year to present a clear picture of this type of crime.

The 2019 Data Breach Report has revealed that data breaches are on the rise once again, despite a drop the year before. The lower numbers in 2018 appear to have been an anomaly rather than a sign that businesses are getting better at the kinds of security that hackers cannot breach.

Hacking continued to be the number one method of data breaches.

However, there were some very interesting findings. In 2019 there may have been a record number of data breaches but the numbers of consumers’ personal records that were compromised were dramatically lower than before. While that is in large part to the 2018 Marriott data breach exposing over 380 million records, it could still be a sign that the data hackers are after is not as accessible.

Also, for only the second year in a row, the medical industry was not the number one target for hackers. In the past, the healthcare sector has often been a top priority for data theft due to the high-volume of personal information that doctors offices and hospitals collect on their patients.

Last year, the business sector was the number one target and medical providers were in second place.

There was another unfortunate surprise to come from the 2019 Data Breach Report and the sharing of the findings. Too many people still do not know how to better protect themselves from this kind of crime, and many are unaware of the resources like the ITRC that are here to help them.

In order to try to avoid becoming a victim, it is important to understand what preventive steps consumers can take.

Tactics like the second most common avenue of data breach last year (unauthorized access), for example, can often be thwarted with strong, unique passwords on all of your accounts.

It is also important to monitor your accounts closely for signs of unauthorized use, report any suspicious activity immediately and file a police report if you have been a victim of identity theft.

For a complete look at the ITRC’s 2019 Data Breach Report, click here.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Hackers are taking advantage of the outbreak with a new coronavirus email scam.

When anything newsworthy happens, you can guarantee that scammers will attempt to make a quick buck off of the public buzz. Sadly, the coronavirus is just the latest global event to be used as bait by these criminals.

While the number of cases continues to climb and the death toll rises, scammers are using fake emails that contain harmful links to snare their victims by playing off their concerns. These emails claim to have information on coronavirus updates, an interactive link where you can look up the numbers of cases near you and more. The links, however, redirect to web pages that steal your information instead of providing you with important updates.

Sadly, this coronavirus email scam is a classic tactic on the part of scammers. You could remove “coronavirus” and insert whatever the latest headline-grabbing issue is, and these messages would look very similar. In order to avoid the coronavirus email scam and the threat in general, you must develop good cybersecurity behaviors and habits.

  • Never click a link, open an attachment or download a file that you were not specifically expecting. Instead, contact the sender to verify its authenticity. If the sender is not someone you regularly interact with, ignore the email altogether. Even if it is someone known to you, still verify the link in case their email was hacked.
  • Do not share or forward emails or messages that claim to have the “latest” headline news. They are often alarmist to the point of being hoaxes or contain outdated details. In the case of the coronavirus email scam, they contain dangerous links.

It is important to stay up-to-date on major events. Coronavirus and the flu, for example, are two medical issues that are rampant and very problematic, even more so for certain demographics of people. In order to stay on top of the news, go directly to trusted sources—such as the CDC or World Health Organization—for updates and information.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…