There are a million excuses why someone might send you a text, email or social media message that says, “Can you do me a favor?” It might be something simple like your boss asking you to go get some gift cards for a company-wide promotion, or a more cryptic message from a friend that claims they are locked out of their phone’s account and need a gift card to get back in. No matter what excuse they offer, there is a good chance it is actually a scammer posing as someone you know in order to steal from you.

The boss gift card scam is so simple that it requires almost no tech know-how. The message claims to be from someone you know. They might have “spoofed” your boss’ work email by changing the address a little, actively hacked into someone’s account or are pretending they are using a stranger’s phone or computer since theirs is locked. A simple internet search for your place of employment would show a scammer not only the names of people within the company but usually their email addresses as well. Some scammers may even send a spam email to the boss first to see if it is auto-replied with an “out of town” message, specifically so they can reach out to you under the boss’ names since they are traveling.

In this email scam, you are given a very plausible story as to why they need a gift card. You are to buy the card, send over the numbers from the back and then then they will pay you back. But as too many victims already know, the last step is the one that does not happen.

First, it is important to remember that once a gift card is bought or its code is revealed, it is just as vulnerable as cash. There is no way to recover those funds if you lose the card or its number is given to someone else.

Also, there is no plausible reason why someone would need you to go purchase a gift card. Most major companies will sell their gift cards in stores and online, and retailers like Amazon and Walmart who sell other companies’ gift cards will even sell others’ cards on their websites.

Finally, the best way to avoid becoming the victim of a boss gift card scam is to pick up the phone and call the person who is asking. If you verify the purchase before doing it, you will know for sure if this is genuine or not. This might mean giving your boss a quick phone call to ask if the email is real. Trust your instincts and protect yourself (and your company).

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Instagram Creates New Feature That Fights Phishing Attacks

Flipping Scam on Social Media Targets Influencers and Followers

TikTok Platform Found to Be Full of Scams and Fake Accounts 

Halloween is drawing near, and all manner of monsters are waiting in the shadows. Ghosts? Werewolves? Those are just fairy tales. Do not be deceived when your eyes are playing tricks on you, though. The real monsters are more frightening and even worse, they are coming for you.

Drink Your Blood? No, Drain Your Bank Account!

Vampires may be out for a nibble and a pint, but scammers can attack by going after your money. Worse, if you do fall for a scam, numerous cases have shown that the villains might return again and again, demanding more money each time. Garlic will not help you here, though; avoiding scammers means learning how to spot their efforts and ignoring their stories, no matter how scary they might sound.

Shape-Shifting at the Full Moon? No, It Is a Romance Scam!

Romance scams are deeply troubling because the victim not only loses their money (and potentially faces criminal charges), but their adoring “soulmate” turned out to be nothing more than a con artist. If you meet someone online who cannot speak face-to-face or visit for some reason, such as working on an offshore oil rig or being deployed with the military, be very careful about interacting with them. If the talk ever turns to needing money for any reason at all, that is a sure sign of a scam.

A Ghost Rising from the Grave? No, It Is Deceased Identity Theft!

As horrible as it sounds, deceased identity theft can strike whenever we lose a loved one. Even worse, it is easy to accomplish thanks to a lot of publicly available information, like obituaries and death certificates, and it often goes unnoticed because no one is checking up on their loved one’s credit report. If you experience the pain of loss, make sure you take steps to lock down your loved one’s credit report, Social Security number and social media accounts in order to prevent anyone from abusing them.

Spider Webs? No, It Is the Dark Web!

What exactly do hackers do with information they have managed to steal? They either use it for identity theft or they sell it on the Dark Web. This nefarious internet underworld is as scary as any haunted house, only the monsters who are chasing you can actually cause you harm. Protect your information by monitoring your accounts, freezing your credit report if applicable, being mindful not to overshare and securing all of your accounts with strong and unique passwords.

Friendly Trick or Treaters? No, It’s a Phishing Attack!

The best part of Halloween, for young and old alike, is trick-or-treating. Whether you are taking in all the goodies or just enjoying all the costumes that come your way, it is a lot of fun. However, what is not fun is getting caught in the snare of a phishing attack. Much like offering Halloween candy, criminals hold out promises of wealth, free gift cards or high-dollar coupons to your favorite store or even the chance to be recognized by the “boss” for doing a favor. Sometimes the stories are a little scary, too, like a phony threat from the IRS or having your bank account shut down. Whatever you do, do not fall for it. It is not a full-size candy bar, it is a scam that will cost you money, your identity, or both.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Cyberbullying and Identity Theft Go Hand in Hand and Continue to Pose a Threat

Airport Technology Risks Can Threaten Your Identity

National Cybersecurity Awareness Month (NCSAM): Own It. Secure It. Protect It.

While a few social media platforms like Facebook and Twitter are household names, there are many more that have dedicated followings, even if they do not have the same user base. One relatively new video-based platform is TikTok, which combines the fun of longer videos and posts like Instagram with the curated video feed format of Vine. The result is a 14 million-fan platform that uploads countless fifty-second videos on a daily basis.

Unfortunately, a new study has found that scammers have also infiltrated this site and are using it to promote everything from dating apps to financial fraud. This is especially alarming considering the numbers of children and teens who use TikTok regularly.

  • Some of the scams are obvious teasers for explicit adult content. Using stolen images and video clips, scammers entice viewers to click through to a different platform and pay money for access to pornography. Other platforms, like Snapchat, do not require users’ phone numbers if they want to send messages, and are therefore a little harder to track and block
  • Other TikTok scams have been uncovered that offer users the chance to buy high numbers of followers. Since many of these followers are fake accounts, it literally serves no purpose other than to make other users think you are important or popular due to your high follower count
  • Finally, researchers uncovered bogus accounts that masquerade as other users, especially celebrities, in an effort to get more followers. Once the scammer has a lot of followers, they can monetize by posing as an “influencer” who can promote products and brands

None of these scams are inherently unique to TikTok, but at the same time, TikTok is precisely as problematic as any other platform for its potential to cause harm to unsuspecting users. It is very important that users—and users’ parents, if the account holders are underaged—know the ins and outs of how different social media sites work before engaging with other users and their content.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Cyberbullying and Identity Theft Go Hand in Hand and Continue to Pose a Threat

Airport Technology Risks Can Threaten Your Identity

National Cybersecurity Awareness Month (NCSAM): Own It. Secure It. Protect It.

 

What is it:

Fake advertisements on social media platforms

Who is it targeting:

Social media users, consumers who have searched for specific products

How does it work:

Social media platforms are filled with advertisements for different products and services. Advertising revenue is how those companies can stay in business while not charging their users a fee for the service. However, some ads are legitimate offers for great products, while others are advertisement scams. These links steal your money and never provide the product, redirect to fake websites that steal your personal data and require you to install software that turns out to be malicious.

It can be very tricky to tell the difference between an advertisement scam and a legit ad. Until you can be certain of the ad’s safety, it is best to ignore the ad and search for the product name and website on your own. If you do recognize the ad’s platform (like Amazon or Walmart, with no other names listed in the address) then it is probably safe to click.

What you can do about it:

  • Beware the “too good to be true” ads that offer innovative products for pennies on the dollar
  • Watch out for “snake oil” health remedies and weight loss solutions
  • Be mindful that these bogus ads can target children, too. Talk to your family about safe clicking and avoiding spam and viruses

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

Facebook Pyramid Scheme Leaves You at Risk

New Venmo Scam Targets Payment App Users

SCAM: Your Social Security Number Has Been Suspended

 

What is it:

“Flipping” scam that promises you big money on social media

Who is it targeting:

Social media users on Instagram, Facebook, Snapchat and more

How does it work:

A flipping scam looks a lot like a pile of cash, at least in the picture accompanying the post. A user on the same platform shows the image and promises that you, too, can earn this kind of money for sending in only a little bit of upfront payment. Their post may even have a lot of comments from people who claim to have already benefitted, thanking the person for bringing them into this kind of wealth. Be warned: those people are not real and neither is the money.

A flipping scam plays off the old concept of an illegal pyramid scheme, in which you send in $100 and get ten people to send you their $100, and so on. However, this one does not even bother going that far. You send your money to the scammer, and that is the end of it.

What you can do about it:

  • Remember that things, and people, are not always what they seem on the internet
  • It is very easy to create fake accounts, fake posts and fake followers
  • Some of these scams want prepaid debit cards or gift cards, but remember that those are just as insecure as cash

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

Facebook Pyramid Scheme Leaves You at Risk

New Venmo Scam Targets Payment App Users

SCAM: Your Social Security Number Has Been Suspended

 

A new Venmo scam is making the rounds nationally, one that can lead to massive financial losses in your Venmo account.

Payment apps are a fairly new invention, especially peer-to-peer apps that are connected to your bank account or a credit card. Unfortunately, what is not new is phishing scams.

Fraudsters are reaching out to unsuspecting victims and convincing them that something is wrong with their account. The scammer, while looking and sounding like the legitimate company, tricks the victim into handing over their account credentials, sending money or doing something else that causes them harm.

Payment apps that allow you to make retail or restaurant purchases have been in use for a long time, but these new apps like Venmo allow you to pay another individual simply by having an account. You might split the cost of dinner with a friend or pay someone back for buying your concert ticket when they bought theirs. The idea is that it is more convenient than cash and does not incur such a high fee as some online payment methods.

Law enforcement and Venmo have both issued warnings to the public about a new Venmo scam that includes phishing attempts that come through as text messages, claiming to be the payment app company.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Image courtesy of Kane County Utah Sheriff’s Office

Since the app is installed on the user’s phone, receiving a text message might not seem so strange at first. What is strange, though, is the request to verify your username and password due to a supposed problem with your account. In the Venmo scam the victim clicks the link, enters their credentials to verify or unlock their account, and the scammers log into that account from their own device, then send themselves a massive payment from the Venmo user’s account. As you can see, this Venmo scam is very effective because it looks trustworthy.

A Facebook post to warn the public of the Venmo scam was issued by the Dighton, Massachusetts police department with information on the scam. It was later confirmed by Venmo, who issued its own warning.

The company has stated that they will never text or email you for your credentials. However, avoiding any scam like this requires the ability to ignore it.

If you ever get a text, email or phone call about an account you own, ignore it and go directly to the app settings or customers service number yourself. Do not trust the contact information in the message, but rather look it up on your own. Do not click any links or open any attachments. Look into your account to see if there really is anything suspicious going on, and then contact a support agent if you need to be sure.

Image of Venmo app settings

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Robocalls and What to do About Them 

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Airport Technology Risks Can Threaten Your Identity 

 

 

The internet is a great tool in many ways, but it is also filled with privacy pitfalls. Overexposed information from data breaches are now the third certainty but background check websites are a legal, affordable and easy way for someone to collect a lot of your personal information. With the right pieces of the puzzle, a criminal could even use background check information to steal your identity. One Michigan man used the large amount of information found publicly on these sites to open bank accounts in as many as 51 people’s names to which he collected nearly $200,000 in fraudulent loans.

Background check websites are perfectly legal ways for someone to find out information about you. Usually, there is a reason for an individual to pay for the data. Perhaps they are hiring a summer babysitter and want your criminal history. They might own a small business where you have applied for employment. Maybe the person is trying to serve court documents on you and they need to know key information in order to file the with the court. Again, background check websites serve a valuable purpose, even if they can be used for harm.

It is important to know that one of the safety nets that is supposed to protect the public from people who use background check websites for identity theft is nothing more than a statement on the website that the information is not to be used for identity theft.

The FBI has already uncovered multiple victims in cases where their information was purchased from a background check website then used for identity theft. As noted by Quartz, “Online identity thieves use services that provide personal information for sales leads, real estate transactions, and credit reports to steal millions, gathering details about their victims’ lives from federal, state, and local records sold by brokers like BeenVerified, Instant Checkmate, and TruthFinder.”

Until legislation is enacted that will offer stronger protection for consumers, it is up to you to protect yourself.

Watch what you share and what you sign up for

Remember, your identity is like a puzzle. The more pieces you put out there about yourself, the higher the chance a thief can connect the pieces.

Be on the lookout for phishing attempts

A background check website will not tell a buyer everything, but it can be enough to connect the dots. The rest of the filling in can occur by sifting through your social media accounts or sending you phishing emails. Practice good online safety to prevent this kind of thing.

Put a freeze on your credit report

This free option can stop identity thieves from achieving their goal, namely to open new bank accounts and take out loans in your name. By placing a freeze on your credit report with all three of the major credit reporting agencies, lenders are not supposed to be able to issue new lines of credit under your Social Security number. Remember that it takes time to thaw your credit report if you did need to take out a loan or make a large purchase.

Monitor your accounts carefully

Some of the victims of a background check identity theft had reported small amounts of money being withdrawn from their bank accounts or as fees associated with their accounts. By not ignoring those small transactions, they were able to put a stop to a much bigger crime. Look over all bank statements, credit card bills and your credit report routinely for anything unusual.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Robocalls and What to do About Them 

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Airport Technology Risks Can Threaten Your Identity 

 

 

Unsolicited phone calls with recorded messages, known as robocalls, have been a nuisance probably since the invention of the telephone. And they’re getting worse. In fact, in a single one-month period this year, there were more than 4.7 billion robocalls placed to U.S. phone numbers. While the telemarketers of yesteryear were certainly annoying, today’s threat is far more dangerous. Robocalls, which some consumers report can occur at all hours of the day and night, may actually be decreasing in number. However, the amount of money that victims lose to phone scammers is higher than ever.

“But I am on the Do Not Call List. Why am I still getting these phone calls?”

If you have put your phone number on the Federal Trade Commission’s Do Not Call registry and you still receive robocalls, that should be your sign that the call is not real. With that said, there are exceptions to the rule. Charities and political campaigns are still permitted to contact you, as are companies you do business with.

“But my caller ID said it was the Social Security Administration!”

It’s okay to be skeptical of your caller ID screen. It is easy for the scammer to change the appearance of the number they are calling from. They can put any phone number or name on your screen in order to entice you to pick up.

“But they said I was in trouble with the police and about to lose my healthcare coverage.”

No matter what story the robocaller gives, ignore it.

The IRS does not call you to inform you about your back taxes or penalties.

The police will not call you about a warrant for your arrest.

Your granddaughter was kidnapped? Try calling them first.

If you are ever in doubt about any situation like this, hang up and contact the company directly. Take down the caller’s information first, including their name, company or agency and employee or agent number they have, the phone number they are calling from and anything else that might be helpful. Then contact that organization directly using a verified phone number. You will quickly find out that no one by that name works there, your account is perfectly fine or your nephew is not in jail. If you do discover that something was legitimately wrong, you can handle it through the proper channels.

“But the caller said that I owe money!”

You will never receive a legitimate phone call in which you must make a payment immediately. It will always be a robocall. Even something like a call from your credit card company or utility company might be a courtesy reminder that you are past due. However, you will never be required to pay over the phone. The IRS and the Social Security Administration, two common scam targets, do not accept phone payments when someone calls you.

“I think I really do have to pay them. Where do I buy an iTunes gift card?”

Never make a payment of any kind with an iTunes gift card unless you own an Apple device and you are buying an app or song. iTunes gift cards, prepaid debit cards and wire transfers are all common tools for scammers, no matter who they claim to work for. They take the information from the card you bought, drain all the money and you cannot get it back no matter what you do. There is no such thing as a legitimate transaction that must be paid for with one of these methods.

“Okay, you have convinced me. So how do I make it stop?”

Fortunately, there are steps the government is working on to crack down on robocalls. Until the miracle cure for this dangerous nuisance appears, there is one thing you can do: ignore the call. Do not answer and hang up, either, since some of the software robocallers use is to track whether or not their potential victim has a working phone number. Answering the call and hanging up will only confirm that the number is good. Also, if you do answer and discover it is a robocall or possible scam, simply hang up. You might offend the caller, but the caller is breaking the law by contacting you in the first place. Do not put yourself at risk to avoid upsetting a criminal.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Things to Consider When Using VPN

Should You Consider Credit Monitoring Services as Part of a Breach?

 

A new American Express phishing attack that specifically targeted American Express cardholders is unlike other attacks, according to security researchers. It contains a sophisticated method of harming the recipient that experts are not as familiar with.

Phishing attacks are nothing new. They arrive as emails, texts, social media messages or phone calls that appear to come from someone you know. It might look like your boss or co-worker, someone in your email contact list, your bank or your favorite retailer.

Each new phishing attack email has different goals, depending on what kind of ruse they are using. A fake email from your boss might tell you to change a password or send funds to a different account number, but an email from your bank might try to get you to hand over your username and password. Many phishing attacks only want the user to click a link in the email so they can be taken to a fake website where the thief steals their information. Or even worse, a link that downloads a virus to their computer.

In the case of the American Express phishing attack, the link embedded in the American Express phishing emails is two different parts. This way, the hacker can insert malicious code into the link while also confusing your antivirus software. Instead of warning you about a harmful link, your software does not recognize it as malicious.

The email itself was very typical of these kinds of attacks, namely in that it was filled with grammatical errors. Some reports have shown that the spelling and punctuation mistakes, like the ones seen in the American Express phishing attack, are intentional so that only more gullible recipients will interact with it.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things to keep in mind.

Never click a link or download an attachment that you are not expecting

If the email came from your boss, pick up the phone and verify it. If it appears to come from a company you do business with, ignore the email and go directly to their website. From there, you can see if there is an issue with your account.

Spelling matters

Companies do not send out emails or other messages with multiple errors. If you see any strange mistakes, that is probably a sign it is a fake.

Check the email address and URL

If you look very carefully at the sender’s address or the website address they have included in the message, you might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website is Citibank.card.shop.com, instead of the company’s actual web address, again, it is a fake.

Do not trust the caller ID

If the phishing attempt comes by phone, like the American Express phishing attack, do not go by what you saw on the caller ID. It is easy to change the phone number or screen name to say anything the scammer wants, such as “IRS” or “County Sheriff’s Dept.” If you receive a phoned attempt at getting you to verify your identity or make some kind of payment, hang up and contact the company directly using a phone number you have located yourself.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches

 

What It Is

Scammers are looking to cash in on the buzz surrounding the Equifax data breach, specifically the ability for consumers to check their data and file a claim if they were affected.

Who It Is Targeting

Any consumers who may have had their information stolen in the Equifax breach could be at risk of an Equifax settlement scam, but scammers may also seek out people who were not affected in order to sell them protection products.

What You Need To Know

Equifax is one of the three major credit reporting agencies, and they were breached in 2018. More than 147 million consumers had their complete identities stolen by hackers. Now, Equifax has launched its settlement website where you can find out if your information was stolen, file a claim for compensation and apply for credit monitoring. Equifax settlement scammers are capitalizing on the buzz surrounding this new website and have already targeted victims.

What You Should Do About It

  • Make sure you are only using legitimate websites for this process, namely the FTC’s site and EquifaxBreachSettlement.com.
  • You do not have to pay anything to file a claim, look into your data, receive credit monitoring services or otherwise participate in this settlement.
  • Never verify your information for someone who contacts you and offers to find out if you have been affected.
  • Never hand over your Social Security number to someone who contacts you in any way.

Read next…

How to File an Equifax Claim for Data Breach Settlement

SCAM: Your Social Security Number Has Been Suspended

New Tool Breach Clarity Helps Consumers Make Sense of Data Breaches