With all of the fun and frolic surrounding the Fourth of July, it’s easy to forget there can be a downside. Holidays are an especially active time for scammers, and “patriotic” scam attempts can strike in a variety of ways. They can target consumers through different methods of attack, like phishing emails or spam texts and they often include a variety of premises to lure you in.

Here are some of the more popular phishing attempts, scam tactics and frauds:

  1. Patriotic emails and social media posts – Phishing messages and fraudulent social media posts can tug at your heartstrings at any holiday, and Independence Day is no exception. In this case, it may be a more such as an active duty or veteran’s scam, political or election scam, or any other country-specific theme. Remember that wonderful charities and organizations doing great work all year long, so avoid the temptation to impulse-click on an untrustworthy source.
  2. Shopping – There are incredible retail deals advertised during the July 4th holiday, and that can also mean bogus web coupons and sales links to click. Protect yourself from online shopping scams by only doing business with trusted sources, using a secure payment method for your purchases and steering clear of “time is running out!” impulse shopping scams.
  3. Fireworks scams – If you live in a state that allows citizens to shoot their own fireworks, beware: roadside stands and temporary shops make sense when selling a product that is only popular a few times a year, but that also means you’re handing your payment information to someone who may be skipping town in a day or two. If feasible, cash may be the way to go, instead of giving a transient businessperson your payment information.
  4. Virus attacks and tech support scams – In years past, there have been reports of malicious software attacking on or around the Fourth of July, playing off of the theme of rebellion, overthrowing tyranny and more. Be very mindful both of genuine cyberattacks and fake ones that pretend to lock up your computer or inform you that you’re already infected. Beware of phony tech support scams too, trying to get your money and access to your computer in exchange for “cleaning” out a cyberthreat.

Remember, there are a variety of threats that can have a stronger impact on the holiday, both physically and from a data security standpoint. Be mindful of scams, fraud and be safe in whatever summer activities you choose to enjoy. And have a Happy Fourth!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There are a wide variety of social media platforms, many of which cater to a very specific group of users. LinkedIn, the career-minded social media site, helps users connect with each other through and across various industries. As such, it’s for messaging, finding new contacts, exploring new career opportunities and other related activity.

But LinkedIn may just be the latest platform to fall victim to a flood of “spoofing” scams. Reports to the Better Business Bureau show some LinkedIn users have been receiving personal loan offers that appear to come from legitimate site users who work for real companies. However, these loan offers are scams.

According to the BBB, “You get a LinkedIn message offering you financing for a personal loan. It comes from someone who appears to work for a legitimate company. You check out their LinkedIn profile, and it looks real. You may even have several LinkedIn connections in common. Some scammers will also set up a fake company website.”

There are several possibilities related to how this may be happening. The first is that scammers, as indicated above, make fake profiles and spend some time gathering connections in order to reach new victims. Another possibility is that someone can hack an account; the person whose account sent out the message may not even realize someone is using their account. Also, a scammer can create a whole new profile using an existing person’s name, photo and work experience in order to lure existing connections into falling for the message.

Once the message goes out, the thief is after personal information via the bogus loan application and money in the form of a “processing fee” to complete the loan application.

As with any method of social media messages, users have to be very careful about the kinds of information they share and how they respond. Scams and hoaxes are quite common on the different platforms, so using good judgment means treating every potential opportunity—whether it comes from a stranger, a connection or an account belonging to a trusted friend or colleague—with an air of caution.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you’re not a soccer fan, you might not be following the news of the upcoming World Cup spectacular.

If you are a soccer fan; you know that this single sporting series garners almost as much worldwide attention—and fan devotion—like the Olympic Games. Unfortunately, as with any high-profile event, the World Cup also draws a lot of attention from scammers.

Every four years, the World Cup tournament brings teams and spectators together in the host city, while millions more follow the action via television, the internet, live streams and news updates. All of the excitement that the tournament generates can lead to a wide variety of crimes.

Ticketing scams (for the World Cup and any other major headline event) are one of the most common pitfalls. The bait and switch aspect to online ticket fraud and the outrageous prices from ticket scalpers can easily separate a fan from their money. Phony websites that claim to sell tickets can also target users’ computers with viruses and malware. It’s important to purchase tickets for major events from reputable sources and if possible use a payment method that will afford you some sort of buyer protection.

Online viewing of key matches can help keep you connected, but trying to watch all the action for free when a major television network is not broadcasting it can leave you vulnerable to hacking. How? Shady websites that claim to have all of the events or phishing messages that pretend to let you watch for free can infect your computer with viruses and other malware. Remember to only use legitimate, legal sources to watch the matches.

Travel document scams for the events will likely be a problem, especially with the host venue in Russia. Scammers who intend to play off of confusion surrounding the necessary documentation may send out phishing emails that request mysterious fees or highly-sensitive identifying information. It’s important that fans understand the travel requirements before booking their trips in order to avoid falling victim to some form of government document scam.

Other travel scams involve getting to the event and finding a place to stay can also be a headache. Bogus websites that offer unbelievable travel deals for the World Cup could end up being nothing more than a bait-and-switch scam that steals would-be travelers’ money, so it’s important to book all of your transportation and accommodations through well-known sites that offer traveler protection.

Friend scams are usually so poorly worded that you’d think it would be easy to spot them. However, all it takes is a moment of doubt. If a scammer can convince you that a friend or relative has traveled to the World Cup and is in legal trouble, has been robbed, doesn’t have money, is hurt and in the hospital, or any other plausible story, you might be tempted to hand over some money. Instead, play along while using another contact method to reach out to your friend and confirm that they’re safe.

Knock-off event memorabilia has been a problem for major headline events for many years. The worst that usually happened, though, was the fan purchased a poorly made “fake” jersey for a decent price. Now, however, thanks to the ability to make a website and list items for sale, scammers can cut-and-paste photos of actual FIFA team products and never send the non-existent gear while stealing fans’ money. It’s important that fans only purchase team items from licensed sellers who are working with FIFA’s approval.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Travel scams have been around for quite some time, but it seems like every time word gets out about a common tactic, a new method of cheating an innocent traveler comes up.

 This isn’t to say that vacationers and business travelers don’t have to be on the lookout for older scams like bait-and-switch accommodations or “too good to be true” deals that leave you empty-handed. Instead, it means those old methods of scamming travelers are still out there, but new methods have joined their ranks.

1. Airline Miles Theft

With news of data breaches that attack retailers’ point-of-sale systems (those “swipers” where you slide your card), there’s no shortage of credit card numbers for sale on the dark web. But researchers have also found another hot commodity for sale in these seedy corners of the internet: airline miles.

Stealing airline miles from an unsuspecting consumer requires gaining access to their accounts, but criminals can combine multiple victims’ airline miles to purchase complete vacations then sell those online. Best of all, the criminal may have a long time to steal, plan, organize and sell the vacation, considering that most consumers don’t think to monitor their airline miles on a regular basis.

2. Embassy Scam

This scam is becoming so common that it’s even been reported in the US, targeting residents of other nationalities. It can take on a few different forms, such as visa scams or other document scams. In this one, you have traveled abroad and are informed that your paperwork is not in order. You failed to purchase some necessary document or certification and as such, you are in the country illegally. Unfortunately, the person who informs you of the problem is all too happy to sell you the “proper” but bogus documentation.

3. Age of Victims

While this isn’t a specific scam, it’s important to note what studies have shown about scams and identity theft. The stereotype about the senior citizen learning to work social media only to be lured in by a scammer isn’t the reality of the crime. It still happens to older adults, of course, but millennials are more likely to lose money to a scammer than senior citizens.

That can be just as true in the case of travel scams; part of the logic in why this data is true stems from an inherent comfort level about privacy. Millennials often feel like their information is already “out there,” and are quick to adopt new technology and platforms that might not have all the security kinks worked out yet. With millennials flocking to new travel platforms like ride-hailing and online marketplaces to share accommodations, they may be in as much danger from travel scams as any other type.

Of course, these are just a few of the things that smart travelers need to be mindful of. Other long-standing advice like being careful of fake travel deals, shady travel websites that steal your information, connecting over public, unsecured Wi-Fi hotspots and more, still applies just as much as ever. Staying vigilant shouldn’t ruin your vacation, but it does need to be a priority.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Ransomware, spearphishing, trustjacking, crypto jacking…every time you turn on the news, it seems like there’s a new form of cyber attack with a strange new name to go with it.

However, understanding what the term means and how it can impact you is important. Knowing what kind of threats you may encounter will help you to take as many preventive steps as possible.

Only a couple of years ago, security researchers at Proofpoint designated a new form of attack called “angler phishing” that could potentially affect anyone. Named for the far-from-adorable anglerfish that attracts its prey with a lure that grows from its head (remember Finding Nemo?), an angler phish attack occurs via social media when scammers spoof a well-known company’s customer service account. They lure in unsuspecting victims by pretending to be helpful, supportive agents of the company.

It might not sound like the most effective way to trick someone into handing over access to their personal data, money or computer, but the most recent report shows that this type of tactic is responsible for about 55 percent of the social media spoofing attacks.

These attacks are actually very simple. Scammers create a fake account on a site like Twitter, such as @AmazonHelp$, instead of the genuine customer service account. They wait for a Twitter user to send out a seemingly harmless but obviously irritated message, such as, “Ugh! Can’t believe Amazon still hasn’t delivered my package!” The scam account is set up to automatically respond to any message with “Amazon” in it.

The fake account responds with something professional sounding, like, “Sorry to hear about your package. Click the link below to talk to an agent.” The problem is the link actually installs a virus on the user’s computer.

If your tech skills are strong enough, you can spot a faked customer service account. Depending on the platform you’re using, you can look back at the account’s posts and see a pattern. A strange number of posts would also be an indication that this may not be a real account. The most important thing you can do to protect yourself is avoiding the temptation to click a link. Sure, it might be a convenient way to resolve an issue, but it’s just as likely to be a scam attempt.

To be certain that you’re only dealing with legitimate company resources, go directly to the business’ website and locate the customer service center. You can avoid copycats and scammers by only communicating with the actual site.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The world of cryptocurrency is filled with opportunity, but it can also be like wading into a pool of rip-offs and scams if you don’t know what you’re doing.

The easiest of these scams are the simple phishing emails that entice you to turn over your personal data, your money and access to your computer. But new scams have cropped up, including one that is so hard to discern because it mimics a real—albeit risky—activity around cryptocurrency.

You might have heard the term “air drop” in the past because it’s a handy feature on many smartphones. It lets you send a large file, such as an entire folder of pictures or a long video, to someone in the vicinity if you’ve both approved the connection. That’s not the case with cryptocurrency airdrops.

A cryptocurrency airdrop is a legitimate venture, but a risky one. Basically, an existing form of “internet money” launches an airdrop, which allows people to snag some of the coin or currency. This isn’t a “get rich quick” maneuver but rather is intended to be a long-term investment.

The scam comes in when someone develops and announces an airdrop of a specific currency, but it’s really just a copycat of another coin. There’s no actual air drop opportunity, but the victims just opened access to their digital stash of cryptocurrency (in order for the coins to be airdropped into their crypto wallets) to the scammers.

As with any other type of scam or fraud, criminals are coming up with new ways to steal from victims every day. With so much nuance surrounding the function and investment in cryptocurrency, scammers who are looking to steal from newcomers don’t have to work too hard. If you’re interested or already investing in cryptocurrency, it’s absolutely vital that you do thorough research on every communication, opportunity, and mechanism to come along.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

A tech support scam that was shut down a couple of years ago is back, this time masquerading as a browser locker. You’re happily going about your business on the internet when suddenly a red screen appears, telling you that your computer is infected (one Identity Theft Resource Center staffer even had audio warnings accompanying the message, to make it seem more serious) and it appears your browser is locked.

The catch is the browser isn’t locked at all, it just appears that way.  The user is generally frightened into not clicking out of it, turning off the computer, or taking other actionable steps. Instead, the message tells the user to contact tech support—sometimes listing real companies like Microsoft or the security firm Malwarebytes—who will redirect them to another external support company. The victim is coerced into paying to “clean out” the computer, then duped into purchasing an expensive “tech support” subscription.

All that money was spent on an issue that could have been undone with a few clicks.

The first thing you can do to protect yourself is to understand a few basic principles behind how your computer works. Some tech support scams are perpetrated through the phone, meaning a scammer calls you and informs you that your computer is infected. But no one hires teams of professionals to sit in a help center and monitor your network; not only would that be an incredible invasion of privacy, but how would Microsoft afford to pay people to “watch” millions or even billions of users’ computers?

Popup boxes are also familiar sources of tech support scams, but the strange thing is they’re generally harmless. They’re often just some code that was inserted in the webpage you’re viewing. It’s only when you click on the button to “clean” your infected computer that you install the virus yourself.

In this scam, though, the criminals are using a browser locker. It makes you think your browser is frozen or locked up. It’s really not. You were merely redirected to a malicious URL that looks like a warning. All you have to do is click control-alt-delete (on a Windows computer) to open the Task Manager, then highlight the browser and click “End Task.” When you relaunch your browser, it might offer to “Restore” your previous session; don’t do that since it will reopen the page with the browser locker and you’ll have to repeat this process.

It’s worth noting that many browser lockers frighten you with warnings about criminal activity. It might be a message that claims to come from the FBI, saying you were looking at pornography (not a crime, in most cases) or pirating copyrighted content (this is a crime, but that’s not what you were doing when your browser locked up). There might be warnings about how all content on your computer will be recorded by the government if you click out of the browser, or other ridiculous claims. Don’t fall for the scare tactic. Just exit your browser and make sure your popup blocker is enabled.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Older Americans may be accustomed to having their Social Security numbers used as identifiers, especially for important purposes like military service or healthcare.

But skyrocketing rates of identity theft and data breaches over the past few decades have led to a lot more caution when it comes to our personally identifiable information. Savvy consumers now know that their SSN, driver’s license number, birthdate, and other key details can be used by a thief.

Unfortunately, there are some things you just can’t get around. Any time an older adult uses their Medicare card, for example, their SSN is visible right on the card. Going to see the doctor, picking up prescriptions, and other everyday tasks mean putting their most sensitive information in the hands of a stranger and hoping no one copies it.

But that’s about to change. The Centers for Medicare and Medicaid Services (CMS) will begin mailing new cards to Medicare recipients and these cards will replace the owner’s SSN with a Medicare-specific identifier number. It will take about a year for all Medicare recipients around the US to receive their cards, and that can spell trouble for the users in the meantime.

During this transition time, your original Medicare card will still be valid. That means you still need to protect it just as you have before, and you will need to destroy it according to the mailed instructions when your new card arrives. This turnover to the new cards also means scammers may already be preparing to lure victims into giving them money or information.

If anyone contacts you and claims to be from the Social Security Administration, Centers for Medicare and Medicaid Services, a doctor’s office or hospital, a pharmacy discount program, or any other related entity, STOP. Think about what they’re saying and what they’re requesting before you take any action. Remember, no matter how plausible it sounds, don’t be fooled into turning over money or your personal information. You will not have to pay a fee for your new card, and, no, your coverage for healthcare or prescriptions will not be stopped if you fail to “register” or verify your information with the caller.

If you are contacted by anyone claiming to need access to your information, take their name, phone number, employee identification number, and the company or agency they claim to work for. Hang up, then look up the number for that agency yourself; do NOT simply call the number they provided, as you may be calling the scammer right back. Using a verified phone number, report the phone call to an agent and make sure that everything is secure with your account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Scammers have long relied on “spoofing” to lure victims into a sense of trust.

It might be an email with a cut-and-pasted logo from a well-known company, or a fake phone number that appears on your caller ID, tricking you into thinking it’s the police, the IRS, or even your neighbor on the line. But a newly reported tactic relies on two different companies’ names to convince you that it’s safe to click.

According to reports, it starts as an email from FedEx, informing you that there’s a problem delivering your package. The message includes a link, supposedly for you to download a new shipping label. Clicking on the link even takes you to a Google Drive account to print the label, so you know it’s trustworthy, right?

Of course not. Everything about it, from the original email to the shipping label, has been recreated to look like communications from FedEx and Google. Rather than resolving this mysterious shipping issue, the link installed software on your computer will mine information from your hard drive, your web browser, your search history, and more.

How do you avoid these kinds of threats when everything about them looks legitimate? It’s actually quite simple, but it involves developing a few steadfast habits.

1. Never click a link or open an attachment that you weren’t expecting – It doesn’t matter if you’re at work, at home, on your mobile device, or any other scenario: if you receive an email or a message with a link or attachment, ignore it. Contact the person who supposedly sent it, even if it’s a major company, using a phone number or email address that you looked up for yourself. Find out what the message was about, what the issue supposedly is, then take corrective action that way.

2. Install up-to-date, quality AV software – Antivirus software can go a long way towards helping you block harmful downloads, but remember, it can’t do its job if you don’t update it. Without those updates, the software only knows about threats that existed the day you installed it, not any harmful software that’s been created since then.

These good habits can create a safer internet experience for you and your family or co-workers, but can also help fight back against the spread of malicious software. Stay on top of the threat by refusing to install it.


 Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Investigators believe that third-party sellers on Amazon are buying their own products in order to leave a wonderful five-star review, then using victims’ names and addresses to appear as independent customers.

Scammers find new ways to commit fraudulent acts all the time; it seems like it happens daily. Some of their methods are so sinister they are immediately taken as a threat, while others seem a lot less alarming on the surface.

One newly reported scam looks a lot less like a potentially harmful crime and a whole lot more like a generous friend or family member, but it could be a sign of trouble.

It’s scary because victims may not even know they’re part of something underhanded.  Called a “brushing scam,” box after box of “free” goods show up on their doorsteps, causing them to feel like they just won the lottery instead of being targeted by scammers. One couple found out they were victims of a brushing scam after countless boxes began arriving from Amazon, filled with a seemingly random assortment of items.

The victims are not charged for the items in questions, but also can’t stop the items from being shipped. Scammers engage in this behavior in an effort to make the purchase look genuine and avoid violating Amazon’s terms for reviewing one’s own products.

Again, some people might not think of this as being “victims” of a scam. After all, you’re not being charged for the items, no one has touched your credit card (that you know of), and technically, these items aren’t even stolen since the seller is the one who purchased them. Wouldn’t it be neat if some of those boxes contain some new gadgets?

The reality, though, is being involved in a brushing scam means that someone has gained access to your name, mailing address, and potentially other information. What else are they doing with it? Depending on how they accessed your information, they could be privy to a lot more of your personally identifiable information than you realize.  Other crimes, such as hacking into a retail website where