• Businesses are re-hiring team members after COVID-19 lockdowns. However, the Identity Theft Resource Center (ITRC) is also seeing a rise in online job scams, particularly mystery shopper scams. The ITRC has seen a 250 percent increase in mystery shopper scams from June to July.
  • Job scams are not uncommon. According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million.
  • Law enforcement agencies across the country are also seeing the rise. The St. Martin Parish Sheriff’s Office in Louisiana is asking its citizens to be on the lookout for online job scams. The FBI wants people to watch for fake job listings.
  • To avoid a job scam, only use a reputable website for employment opportunities, be careful how much personal information you share and don’t pay upfront costs.
  • To learn more about online job scams, contact the ITRC toll-free by phone (888.400.5530) or live-chat by visiting www.idtheftcenter.org.

With many people vaccinated for COVID-19, most businesses are reopening and rehiring team members. Criminals are also looking to take advantage of the surge in hiring. The Identity Theft Resource Center (ITRC) has seen a rise in the number of online job scam reports to its contact center, particularly mystery shopper scams. In fact, the ITRC has seen a 250 percent increase in mystery shopper scams from June 2021 to July 2021.

The ITRC is not the only organization to see the job scam uptick. The St. Martin Parish Sheriff’s Office in Louisiana is urging its citizens to be on the lookout for online job scams. The FBI wants people to keep an eye out for fake job listings.

Work-From-Home Job Scams

While vaccinations are on the rise, the pandemic is still ongoing, meaning many people are still looking for jobs where they can work from their homes. According to the Federal Trade Commission (FTC), criminals are aware of this and are posting the “perfect” work-from-home jobs, claiming you can be your own boss and set your schedule. They claim you can make a lot of money in a short amount of time and with little effort.

Mystery Shopper Scams

Mystery shopping has been around for a long time. Mystery shoppers help businesses, retailers and restaurants get information on the quality of their stores in exchange for money. In the past, scammers have found ways to turn the service into a mystery shopper scam, also known as a secret shopper scam. The ITRC saw a spike in 2020, and is seeing a rise again. There are different forms of mystery shopping scams. Click here to learn more.

Tips to Avoid an Online Job Scam

According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million. While you are looking for the right job, there are a few things to remember:

  • Know the source of the job listing and only use reputable websites to find employment opportunities. This will require you to do some research. Look online for independent sources of information. While the company’s website or advertisement may show testimonials or reviews from satisfied employees, they could still be fake. Instead, you should search the name of the company or the person who’s hiring you and add a word like “scam,” “review” or “complaint.” Searching for “Acme Co Scams” will give you search results that show if the company is legitimate and if it has been associated with fraud. You will often see what other employees and customers think of the would-be employer.
  • If it seems too good to be true, it probably is. Be mindful of unsolicited emails and offers with outrageous claims, such as “Earn $3,000 a week working from home.”
  • Once you find a job posting, be careful how much personal information you share, at least during the application period. If a company claims they want to do a phone, Skype or Zoom interview due to social distancing and safety, that’s okay. However, it does not mean you should turn over sensitive personal information like your Social Security number (SSN) until you have been given a job offer contingent on passing a background check (which requires an SSN). Also, before you accept an offer or send a potential employer your personal information, run the job offer or posting by someone you trust.
  • Legitimate jobs don’t usually require any upfront fees or costs. Even things like company uniforms or specialized equipment like steel-toed shoes are often deducted from the first paycheck or purchased by the employee through an outside company. Typically, a form of payment is not requested. If an employer asks for a finder’s fee, administrative fee, background check fee or other funds, it is probably a scam. Even for legitimate actions like submitting a bank account number and routing number for direct depositing of paychecks, it’s vital to ensure the company is legitimate and the job has already been awarded before submitting the information. Also, don’t pay for the promise of a job. Only scammers will ask you to pay to get a job.
  • Don’t send money to your new boss. If a potential employer or new boss sends you a check, asks you to deposit it and then buy gift cards, it is a scam. While the check may look like it cleared and the funds look available in your account, the check is still fake and you will be responsible for any purchases.
  • Never pay to be a mystery shopper. Don’t wire money or send a “deposit” via PayPal, Venmo or Zelle. Also, to avoid a mystery shopper scam, cash the check at an issuing bank or wait until the money has not just posted but cleared the other account. If the check is not good, the victim can return the cash into their account.

Contact the ITRC

There are many different job scams, particularly online job scams. If you have questions, want to learn more or if you believe you were the victim of an online job scam, contact us. You can speak with an expert advisor by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.

The post was originally published on 6/30/21 and was updated on 7/21/21

Individuals are reporting a new Venmo scam that tries to overpay you out of the blue, but why would a scammer want to pay you? There is no limit to the creativity scammers can employ when trying to separate you from your money. Worse, as new technologies and platforms emerge, criminals come up with even more ways to take advantage of you, leaving you scammed on Venmo.

A new Venmo scam that relies on the Venmo peer-to-peer payment app has users and security experts alike scratching their heads, trying to determine how exactly scammers can benefit. Venmo, owned by PayPal, lets you send money instantly from a stored credit card, bank account or pre-loaded Venmo card to anyone with an account. It is a great way to pay your friend for your part of the rent, takeout food they brought over or concert tickets they bought to ensure the seats are located together.

What do you do if a stranger on Venmo sends you a suspiciously large amount of money? Some potential victims from the Venmo scam have received as much as $1,000 from someone they do not know, only to receive a strange message: “Sent to you by mistake, please return the money.”

It is already starting to sound fishy.

A lot of people have confused this Venmo scam with a fake check scam. In a fake check scam, someone sends you a check. You cash it, then you either return a portion according to their directions or make a purchase on their behalf, like buying them gift cards or sending them electronics. Once the bank finds out the check was fake, that money actually came out of your bank account.

In this Venmo scam, the best guess is that the scammer is only using you, and you do not actually come to any personal harm at first. The scammer uses a stolen credit card number to send you money and says, “Oops! Can you send that back?” You see the money sitting in your account and you do not know that this person is a criminal. So, you do it, leading to you getting scammed on Venmo.

Most likely, the scammer withdraws the money to their Venmo card instead of back on the original credit card. They might also delete the stolen credit card from their account and submit their own card in its place so that the money you are sending them goes to their personal card.

First, you might wonder how anyone could make such a ridiculous mistake as to send you $1,000. Sadly, it happens. With Venmo, you do not have to have any kind of approval to look up someone’s name and try to send them money. However, that is exactly what the scammers are counting on.

Second, you might be tempted to think, “It is not affecting me in any way, so I do not mind sending it back to them.” That can be a dangerous tactic, though. It is unclear whether or not this scam is actually impacting the recipient of the money, but more importantly, you would now be taking part in money laundering of stolen funds.

Third, there is that little voice that might be telling you, “You do not have to send this money back! After all, you would be stealing from a scammer. They deserve it!” Not exactly. Remember, the money still came from someone’s stolen credit card, and that person is a victim. When the victim discovers the charge on their card and sees that it is a Venmo transaction, the company may be more than happy to tell them which Venmo user it went to. In this case, that would be you.

Some users affected by this Venmo scam have reported that they tried to contact Venmo and the results were not very reassuring; they were simply told, “Sure, refund the money.” After all, accidents do legitimately happen.

If you are concerned about how this Venmo scam could affect you, reach out to law enforcement for support. Some forum users have stated they returned the money only after waiting for a reasonable amount of time, but again, that advice is more for avoiding a fake check scam. If you believe you were scammed on Venmo, you can also contact Venmo and discuss suspending your account once you return the money so that no further transactions can go through from that sender.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This post was originally published on 11/4/19 and was updated on 7/14/21


You might also like…

Venmo Scam Targets Payment App Users

Millions Of Venmo Payments Accessed Publicly

Payment App Protection: Keep Scammers Out of Your Accounts

Gift card scams are nothing new, but Google Play gift card scams provide thieves with a different avenue to go after your money. While criminals have long relied on prepaid debit cards or iTunes gift cards for everything from IRS scams to fake online buying and selling, one of the latest “currencies” is Google Play cards. As a result, Google Play gift card scams are on the rise and may already be targeting you or your loved ones.

You may have already learned about avoiding scams involving iTunes gift cards. These cards, which are only intended to be used for Apple Store purchases became a favorite tool for scammers who demanded untraceable payment in this card currency. Now with more criminals aware of the opportunity, the go-to choice for scammers is quickly becoming Google Play gift card scams. Here are some of the ways scammers target consumer finances by demanding payment through Google Play gift cards.

Impersonation Scams

Every malicious thing you have heard about iTunes gift cards, prepaid debit cards and even wire transfers is also true about Google Play gift cards. Callers pretending to be with the IRS, with law enforcement, with medical offices, bogus charities and other plausible outlets, may call and demand payment via gift cards. Remember, no credible agency or company will ask for an untraceable payment via gift card.

Reselling Gift Cards

There are multiple online platforms where users can sell unwanted, unused gift card balances. Criminals have taken advantage of this opportunity and steal the balances from unsuspecting sellers. One commonly reported Google Play gift card scam is the three-way call. The purpose of the call is to have you dial the number on the back of your card and verify the balance while the potential buyer listens. That makes a lot of sense when you think about it. However, as you are entering the card number on your phone’s keypad, the listener is recording the tones. After you end the call and before the scammer buys your card, they simply use the recorded tones to transfer all the money off your card and onto one they own. Avoid Google Play gift card scams by only using reputable sites and verifying buyer reputation when possible.

Balance Inquiry Scams

Checking the balance on your gift cards is a good idea. It helps you know how much to spend and how much you have left on a reloadable card. However, hackers have invented a tool that allows them to wipe gift cards clean by attacking the computer network that keeps up with the balances. In order to avoid that kind of theft, it is a good idea to use your gift cards shortly after receiving them. Also, remember that some types of cards can start to lose value each month if you do not spend them. You can avoid this with a Google Play card by installing the card in your mobile wallet on your Android device.

Protect Card Numbers

Google Play gift cards, just like other gift cards, are only as safe as the information on the magnetic stripe or in the assigned number on the back. If you lose your card or someone gets the number, they have access to your money. Never share your card information with someone who contacts you, and never verify your gift card number for someone.

Providing Emergency Help

One common Google Play gift card scam is for a person to claim they need a Google Play card for some reason, such as to download an app they must have for work or to buy a movie or book they need for school. The only catch is supposedly they are living in a location where they cannot buy the cards. They reach out to you on social media and offer to pay you to buy them a card, giving you the price of the card and a little something extra for your time. Once you read them the information from the back of the card, they will drain the funds off it and you will not be reimbursed. Remember, there is no valid reason why someone should need you to buy them a card, and you will be violating terms of service for gift cards if you provide one.

Google asks its users to remember two very important truths about Google Play gift card scams, and these are true of any kind of reloadable payment card. First, it can never be used for any purpose other than downloading content from the Google Play Store. Second, you must protect the number like cash. No one will ever have a genuine reason to ask you for the number from the back of a card. If you have been a victim of a gift card scam, report the instance to the Federal Trade Commission.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The post was originally published on 6/25/19 and was updated on 7/13/21


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

  • Did you recently receive a phone call claiming to be from the U.S. Department of Homeland Security (DHS)? Homeland Security phone scams are making the rounds, leaving some people in a panic.
  • In the Homeland Security scam phone calls, criminals are impersonating both Homeland Security Investigations Office agents and U.S. Customs and Border Protection (CBP) agents. One scam threatens people with warrants and investigations if they do not give up either money or personal information. Another scam claims cash and drugs were intercepted with your name on it and asks for banking information.
  • If you receive a threatening phone call from a Homeland Security Investigations agent or an unsolicited call from a CBP agent, you should hang up because it is probably a Homeland Security phone scam. DHS will never call anyone with demands or requests for sensitive information. Instead, report the call to DHS and the Federal Trade Commission.
  • If you want to learn more, believe you are the victim of a phone scam, or if you have been receiving Homeland Security scam phone calls, contact the Identity Theft Resource Center (ITRC) at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

The Department of Homeland Security (DHS) is usually the agency issuing a fraud alert informing the public about the latest scams, like DHS giving a new warning about immigration scams from the Department’s Ombudsman office. However, now criminals are trying to get your money and personal information by impersonating Homeland Security agents, particularly in the Philadelphia and Miami areas. DHS officials say the calls are part of a Homeland Security phone scam and are intended to frighten people. DHS agents will never call you unsolicited.

Who are the Targets?

Phone users; Non-U.S. citizens

What is the Scam?

Identity criminals impersonate agents from the DHS Investigations Office and the U.S. Customs and Border Protection (CBP). In one Homeland Security phone scam, criminals threaten you with arrest or an investigation if you do not provide payment in the form of “immigration bonds” or sensitive information. Other Homeland Security scam phone calls have a pre-recorded message that says, “a box of drugs and money being shipped has your (caller’s) name on it, and it has been intercepted.” They then instruct the caller to press #1 to speak with a CBP agent, attempting to get the caller’s banking information.  

What They Want

Scammers hope to steal either money or personal information. The personal information and bank account information can be used to commit an array of different identity crimes in your name.

How to Avoid Being Scammed

  • The DHS Investigations Office will never call you with demands like those included in the current scams. If you receive a threatening call, hang up because it is a Homeland Security phone scam. Do not give them any money or personal information.
  • Also, DHS Investigations and CBP do not solicit money over the phone. If you get a call like that, note the number, any other pertinent details about the call and then hang up.
  • If you receive Homeland Security scam phone calls, report them to the DHS Investigations Field Office or the CBP, even if you did not fall for the scam. Phone scams can also be reported to the Federal Trade Commission online at reportfraud.ftc.gov/.

To learn more about Homeland Security scam phone calls, or if you believe you were the victim of a phone scam, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • Multiple states including California, Florida, Colorado and more, are offering lottery & sweepstakes incentive programs for COVID-19 vaccine recipients but scammers are taking advantage of the eager consumers. 
  • Scammers are posing as government officials and informing vaccine recipients they have won a lottery and follow-through by asking for bank details and Social Security numbers. 
  • To avoid these scams, be on alert for anyone asking for banking and personal information that can lead to financial identity theft. 
  • If anyone believes they are a victim of a COVID-19 lottery or sweepstakes scam, they can contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.  

Millions of U.S. residents have already received their COVID-19 vaccine and are automatically entered into their state’s lottery or sweepstakes program, which scammers are cashing in on as well. For example, California residents are reporting  COVID-19 vaccine scams where criminals pose as government officials with fake notifications claiming they have won the lottery. The scammer then asks for personal or banking data to claim their prize. 

Who are the Targets? 

Residents of states with lotteries or other vaccination incentives; vaccine recipients 

What is the Scam? 

Criminals are posing as government officials and informing vaccine recipients they have won the lottery and ask for bank details and Social Security numbers.   

What They Want 

Scammers can use your banking information from these COVID-19 vaccine lottery scams to commit financial identity theft or sell your information to other cybercriminals. They are also looking to collect “lottery fees” upfront. Remember, you should never pay money to receive money especially in a contest, sweepstakes or lottery. 

How to Avoid Being Scammed 

  • California and Colorado state residents 18 and older who receive the vaccine are automatically entered to win based on shot registration information and do not need to enter. However, Kentucky and Oregon residents must enter through the official website. Be sure to check with your state’s program on entering rules. 
  • If you are a lottery winner, you do not need to pay money or provide your banking information to claim your prize. 
  • Always go directly to the source to verify if the information is coming from a legitimate source. In this case, check with the Department of Public Health or lottery authority in your state. 
  • If you’ve received a phishing email, text or phone call, report it. You can report it to the Federal Trade Commission at www.ftc.gov/complaint.  

If anyone believes they are a victim of a COVID-19 lottery or sweepstakes scam, they can contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

  • E-signature scams are rising as remote workers rely more on services like DocuSign, HelloSign and other similar services. Recently, some employees at the Identity Theft Resource Center (ITRC) received phishing emails that claimed to have an invoice to sign that was attached to the email.  
  • Other e-signature email scams ask people to enter their personal and financial information, claiming that they either have a notification or their account was suspended.  
  • These e-signature scams and phishing attacks can lead to malware and stolen personal and financial data used to commit different forms of identity crimes.  
  • To avoid these scams, you should ignore any emails you are not expecting, never click on any unknown links and reach out directly to the person the email claims to come from to verify the validity of the message.  
  • If anyone believes they are a victim of an e-signature scam or wants to learn more, they can contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.  

DocuSign and similar services that offer verified electronic signatures have grown in popularity since COVID-19. According to one e-signature company’s recent financial report, their total revenue has increased by more than 50 percent. It’s no surprise more people need the services of an e-signature company. It is also no surprise that e-signature scams are spiking as a result. Multiple Identity Theft Resource Center (ITRC) employees recently received emails claiming to be from DocuSign with “invoices” attached: 

While convenient, e-signature services give threat actors another way to steal identities and financial and personal data. Consumers should keep an eye out for e-signature email scams so they don’t fall victim to a phishing attack.  

Who are the Targets? 

DocuSign users; Email users; Employees 

What is the Scam? 

In the latest e-signature scams, criminals send phishing emails claiming to come from “DocuSign Electronic Service.” The subject line typically tells users they received an invoice or notification from a service – DocuSign Electronic Service – for example. The emails contain malicious attachments that could lead to malware. Other e-signature scams tell people that they have a notification or their account is suspended and to click on a link and enter their personal and financial information. 

What They Want 

Criminals commit malware attacks and steal people’s personal and financial information to execute an array of identity crimes. They use the information to access people’s bank accounts, credit card accounts and work accounts, or they sell the personal information to other criminals. 

How to Avoid Being Scammed 

  • If you have not been requested to sign any documents, be wary of an email asking you to sign something. It is probably a phishing attack. 
  • Look for misspellings in the email. Sometimes scammers will alter a letter in the sender’s email address, hoping you do not notice. For example, if it is a DocuSign email scam, the sender address may be “@docsgn.com” instead of “@docusign.com.” 
  • Always check the sender’s email. If the email comes from an address or name you do not recognize, ignore it. If it claims to be from someone you work with, contact that person directly and ask them if they sent you the document. 
  • Never click on any links in an email you are not expecting. Instead, contact the source of the email directly to verify the validity of the email. 
  • If you’ve receive a phishing email, report it. You can report it to the Federal Trade Commission at www.ftc.gov/complaint.  

To learn more about e-signature scams, or if you believe you were the victim of an e-signature email scam, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.   

  • The U.S. Attorney’s Office for the District of Maryland, working with the Homeland Security Investigations (HSI) in Baltimore, recently seized the fake COVID-19 vaccine website “Freevaccinecovax.org.”
  • The website collected personal information from people who visited it by asking them to download a PDF file to their device to apply for more information.
  • Interacting on a malicious website offering COVID-19 vaccines could lead to an array of identity crimes, including a phishing attack, malware attack and different forms of social engineering.
  • COVID-19 vaccines are not being sold online. Any link that claims to take someone to a website to purchase one is fake. To find a vaccine appointment online, people should go through their local department of health, pharmacy or health care provider.
  • For more information on fake COVID-19 vaccine websites, or if you believe you are a victim of a COVID-19 vaccine scam, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat on the website www.idtheftcenter.org.

Federal officials shut down a fake COVID-19 vaccine website after discovering the website was stealing people’s personal information for cybercriminal activity. According to Threatpost, the U.S. Attorney’s Office for the District of Maryland, working with Homeland Security Investigations (HSI) in Baltimore, seized “Freevaccinecovax.org,” “which purported to be the website of a biotechnology company developing a vaccine for the COVID-19 virus,” according to a news release on the office’s website.

Since the U.S. began administering the COVID-19 vaccines, cybercriminals have tried to take advantage of consumer’s desire for vaccinations. According to NBC 4 Washington, BrandShield, a global cybersecurity firm protecting some of the world’s largest pharmaceutical companies from cyberthreats, found a 4,200 percent increase in potentially fraudulent COVID-19 vaccine websites from January 2020 through the end of February 2021. The news of the latest malicious website highlights the importance of being cautious with COVID-19 vaccine websites and how to use them.

Who are the Targets?

People looking to receive the COVID-19 vaccine

What is the Scam?

Threat actors created “Freevaccinecovax.org” to collect personal information from people who visited the website to commit identity crimes like fraud, phishing attacks or to deploy malware. Threatpost says the fake COVID-19 vaccine website used trademarked logos for Pfizer, the World Health Organization (WHO) and the United Nations High Commissioner for Refugees (UNHCR) on its homepage to trick people into believing it was a legitimate site. The malicious website had a drop-down menu that asked users to apply for information by downloading a PDF file to their device.

What They Want

Identity criminals are after people’s personal information to commit phishing attacks, malware attacks, social engineering and other forms of identity-related fraud.

How to Avoid Being Scammed

To avoid a fake COVID-19 website:

  • Ignore websites trying to sell a vaccine. COVID-19 vaccines are not being sold online. Any link that claims to take you to a website to purchase one is fake.
  • Do not click on any posts or ads claiming to sell cures. Remember, if it seems too good to be true, it probably is.
  • If you are checking for a vaccine appointment online, make sure you do it through your local department of health, pharmacy or health care provider. Never follow a link randomly sent to you.

To learn more about COVID-19 vaccine scams, malicious websites, or if you believe you were on a fake COVID-19 vaccine website, contact the Identity Theft Resource Center toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • The Federal Emergency Management Agency (FEMA) reports that criminals are creating COVID-19 funeral scams. The announcement comes just days after the federal agency launched a new program to provide relief to the families of loved ones who died from COVID-19.
  • As part of the funeral scam, criminals contact people offering to register them for funeral assistance. Identity thieves are looking to steal money, as well as personal and financial information, to commit identity theft.
  • If you receive an unsolicited message offering to assist in registering for the program, you should contact FEMA directly. Also, you should never pay a fee or share personal information with anyone who sends an unsolicited message to obtain a government benefit on your behalf.
  • To report a funeral scam, call FEMA’s Helpline at 800.621.3362. To learn more, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at the company website www.idtheftcenter.org.

The Federal Emergency Management Agency (FEMA) is doing what it can to help the families of loved ones who died from COVID-19. However, due to criminals, everyone needs to be on the lookout for COVID-19 funeral scams.

FEMA started a program in mid-April that offers up to $9,000 in relief to help families cover the funeral expenses for those who passed after June 20, 2020, from COVID-19. However, criminals have found a way to take advantage of the newest program.

FEMA has sounded the alarm with a fraud alert. They have received reports of scammers reaching out to people by phone, email, and online, offering to register them for funeral assistance. However, FEMA says that is not how the program works.

The Identity Theft Resource Center (ITRC) has received more than 1,500 reports of identity fraud related to government benefits since the beginning of the pandemic.

Who are the Targets?

The families and friends of loved ones who died from COVID-19 who are applying for FEMA’s COVID-19 Funeral Assistance Program.

What is the Scam?

FEMA says criminals are contacting people and offering to register them for funeral assistance. However, the criminals are asking for “fees” and other options to “expedite the process” to register for funeral expenses.

According to FEMA, any efforts that charge fees to assist in the application process are scams. The application process begins when you call the agency’s Funeral Assistance Line at 844.684.6333. FEMA will not contact you about the program unless you have already contacted them.

What They Want

Scammers hope to make away with either money or you or your deceased loved one’s personal information to commit an identity crime in you or your loved one’s name.

How to Avoid Being Scammed

  • If someone contacts you about the assistance program and you did not either apply or call FEMA directly, ignore it because it is a COVID-19 funeral scam. FEMA will not reach out until you either call them or apply for assistance.
  • Do not pay a fee for quicker service because that is another sign of a funeral scam. The government will not ask you to pay anything to get the FEMA benefits.
  • Do not provide your own or your deceased loved one’s personal or financial information to anyone based on an unsolicited call, text message, or email claiming to come from FEMA or another federal agency.
  • If you received a COVID-19 funeral scam call or email, report it to the FEMA Helpline at 800.621.3362.

Contact the ITRC

If you believe you are a victim of the COVID-19 funeral scam, received a suspicious message and want to know if it is a funeral scam, or want to learn more, contact the ITRC toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.   

  • A new Google Photo sharing scam is the latest attempt to steal your credentials to hack and access your accounts.
  • You receive a message claiming to be from Google Photo that says someone is sharing a photo album with you. You’re asked to log into your account, except the message isn’t real, and the criminals take off with your Google credentials.
  • If you receive a message you are not expecting or from someone you don’t know, don’t click on any link in the message.
  • If you want to learn more about the Google Photo sharing scam or if you are a victim, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat. Just visit www.idtheftcenter.org to get started.

Scammers always try to find different ways to attack consumers. One new attempt is through a text or email that appears to come from Google Photo. The Identity Theft Resource Center (ITRC) recently received a suspicious message that appeared to be a legitimate attempt to share a Google Photo album. However, it was actually a phishing scam.

Like many phishing attacks, the Google Photo sharing scam is an attempt to steal your credentials. The tactic has become more common with cybercriminals shifting away from attacks seeking consumer information and towards attacks that target logins and passwords. 

Who is the Target?

Text message users; email users

What is the Scam?

You receive what appears to be a real attempt to share a Google Photo album. The message claims that someone has shared a photo album with you. However, there is no photo album. Once you click the “View Photo” link, you are prompted to another website to log into your Google account. Since the website captures the login information, you then provide the identity thieves with access to your credentials and account.

What They Want

It’s always easier to steal something when you have the key to a lock instead of having to break into where valuables are kept. Identity criminals want to access personal and work accounts because that’s easier and faster than trying to break into a system. The Google Photo sharing scam is a way for identity criminals to get the credentials needed to access and steal personal and company information. According to the FBI, email compromises cost U.S. businesses $1.8 billion, and phishing schemes cost individuals $54 million in 2020.

How to Avoid Being Scammed

  • Never click on a link in a suspicious or unexpected message. While the message might look legitimate, the links and attachments could still have malware. Instead, if the message comes from a “company,” reach out to the company directly to verify whether the message is real. If it comes from an unknown person, delete the message without clicking any links.
  • Check the URL link and be on the lookout for short links. Sometimes, there are signs in the link that give away it is a scam. For example, a link address might read “Goo.gle” instead of “Google.” You are more likely to see that when a link is shortened, a favorite tactic of cybercriminals. Another tactic is typing out a hyperlinked text to what looks like a legitimate website (like Google.com). However, it actually displays an unknown site when you hover over the link.
  • Use Multifactor Authentication (MFA) on important accounts. Even trained cybersecurity professionals fall for sophisticated phishing attempts that look real. That’s why it’s important to use MFA on any account that offers the feature. Use an authenticator app when possible – Microsoft and Google offer them for free – because they are more secure than just having a code texted to your mobile device. With MFA in place, having your login and password won’t help a criminal access your protected accounts.
  • Never reuse or share passwords. Criminals steal logins and passwords because they know most people use the same password on multiple accounts. Too many people also use the same passwords at home and work. Make sure each account has a unique password that is at least 12 characters long.

If you believe you are a victim of a Google Photo sharing scam or would like to learn more, contact the ITRC toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.