There’s no limit to the many ways a scammer will try to separate you from your money. One of the most common tactics is a phishing attempt, which happens when someone contacts you via phone, text, or email with a legitimate-looking request. Many of these attempts copy a well-known business’ logo, web address, email domain, and other realistic features.

Email phishing attempts are so common you may not even notice any more if you get several of them a day. Many spam filters have gotten good at catching them, but the ones that slip through into your inbox can look pretty convincing.

The goal of a phishing attempt is pretty straightforward: just click the link. That’s usually all the scammers need you to do. From there, it will either install harmful software on your computer that lets the scammer snoop around, or it will take you to a fake website where you must input your sensitive information: either way, the scammer benefits.

A new twist on these messages actually offers you money for clicking, though. The email contains a very common, official-looking receipt for a purchase you made via PayPal. When you scroll through and think to yourself, “No! I didn’t buy a virtual reality gaming headset!” you’ll quickly see the numerous links and buttons to dispute the charge.

Think about it: how many real receipts have you ever actually received that say, “You didn’t make this purchase? Click here for a refund!” What kind of company puts three or four refund offers on your receipt?

Not a real company, that’s for sure. The scammers are just after your clicks in order to move forward with their next malicious steps.

Instead of falling for it, scroll up to the top of the email and hover your mouse over the sender’s name. Their email address should pop up. Pay close attention to the letters if it still looks like a real email address, and notice subtle changes, like the letter O is actually a zero or a letter L is actually an uppercase I. Once you’ve figured out it’s a fake—or even if you’re still not convinced—exit out of the email and go to your actual PayPal.com or Amazon.com account, for example, and look into it. You’ll most likely see that you have not made a purchase.

But just in case… what if there really is a purchase for something you didn’t want? That email still can’t help you, but the customer service reps can. Use the contact information listed in the verified email to get in touch with someone who can help.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What to do When Your Passport Number is Breached”  

If you’re like many US consumers, you may already be thinking ahead to your Black Friday or Cyber Monday shopping. After all, it’s a good idea to be prepared: know what your budget is, scope out what gifts you may be looking for, have your retail shopping accounts already created and secured with a strong, unique password, even have your credit or debit cards ready so that you don’t expose your data or spend unwisely.

Now in its seventh year, there’s another holiday that follows right on the heels of the shopping extravaganza, one that is truly a remarkable kickoff to the holiday season: Giving Tuesday. When the dust settles from the flurry of early shopping, it’s a good time to spread some goodwill by contributing to a worthy cause.

Of course, your favorite charity could use your support at any time of year, so what makes #GivingTuesday so special? For starters, the social media buzz surrounding the event can help encourage donors who may not have known about the annual holiday. Also, a number of companies offer to match funds that day, helping to spread your generous donation even further.

Unfortunately, any time a newsworthy event takes place, scammers are ready to strike. That’s why it’s important to be ready for Giving Tuesday and avoid impulse donations unless you can trust the source:

1. Plan now for how your donation will be made – Will you use a crowdfunding site? A payment app? A credit card or debit card? By knowing how you’re going to give, you can avoid some of the scams that may pop up.

2. Know where your money is going – Some generous consumers like to split their donations among different causes, such as an animal advocacy group, a veterans’ organization, and a charity that provides meals for the homeless. Others might choose to rotate their donations year to year in order to give the maximum support they can afford to a much-needed organization. In any case, if you make your plans now—even if you wait to make the donation until the actual holiday—you’ll be less likely to be taken in by a phony charity request. Verify your favorite charities through Guidestar or BBB Wise Giving.

3. Be careful about oversharing – One sure sign that a donation request is a scam is if they ask for a ridiculous amount of personal data. Yes, charities do like to get contact information so they can follow up with you later, and some charities need to collect small amounts of demographic info. But anyone who wants your birth date, Social Security number, any kind of account numbers or login credentials or other sensitive info should be avoided.

It’s important that we all do what we can to help agencies and organizations who do important work, but at the same time, it’s okay to be hesitant when it comes to your security. Be on the lookout for scams and fraud, and avoid any scenario that makes you uncomfortable. Giving Tuesday is a great opportunity to offer your support but do your homework to ensure that your donation is going to the right people while protecting your privacy.

For more information on Giving Tuesday—both as an individual donor or for information on helping worthy causes get involved—visit GivingTuesday.org.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

The rise of artificial intelligence, AI-driven virtual personal assistants, digital translation, and other voice-driven technology has been life-changing for a lot of people. But there’s another alarming innovation that’s followed right on the heels of this kind of technology: voice fraud.

First, voice fraud can be technology-driven or just a typical human scammer. You may have already experienced it without putting the name to it, but it happens when someone calls on the phone and pretends to be someone other than the actual caller. Typically, using social engineering tactics, the caller tries to get the victim to provide sensitive, restricted information.

Backing up, both Google and Microsoft have developed “AI chat bots” that can make fairly convincing phone calls, interacting with the human on the other end of the line with really impressive results. Google Duplex is meant to be an assistant of sorts, changing or adding responses based on machine learning-based programming. Imagine the convenience of letting your smart home assistant call your insurance company and sit on hold, then handle renewing your policy.

There are different ways someone can use voice technology to commit fraud. A number of fraud attempts and reported data breaches have resulted from “vishing,” for example, of voice phishing. This happens when someone contacts a customer service center and changes information in a customer account, for example.

What do criminals do after using voice fraud against an individual or a business? The ability to steal and use information goes up exponentially if the victim provides that information about themselves. A recent report found that voice fraud calls increased by 350% in the past few years, a number that means one out of every 638 phone calls—whether by LAN line, cellular, VoIP services like Skype, or any other calling method—was an act of fraud.

Don’t confuse an AI voice fraud attempt with a robocall. While robocalls are intrusive and annoying, they’re usually just a recording that prompts you to take some kind of additional step. It might be to select an option from the list of choices, call an additional phone, or go to a website. A vishing call, though, can use a human or an algorithm-driven computer to actually interact with you, seeking out information.

In related news, recent research suggests that as many as 50% of all mobile calls made in the US by next year will be scams. Between that information and the threat of vishing fraud, it’s time to develop strong preventive habits:

1. If you don’t recognize the number on the caller ID, you’re under no obligation to answer. If it was a legitimate, important call, the individual will leave a voice mail which you can answer at your convenience.

2. Remember, phone number spoofing means that a scammer can use any phone number—even one they’ve managed to steal out of your contacts list—to display on your caller ID. Don’t trust the call just because it appears to come from someone you know. Feel free to answer, but be wary of any strange interactions that follow.

3. Installing a call blocking app can help stop some spam calls or fraud attempts, but it will not be foolproof. Some cellular providers also have a fee-based service that can help prevent some of these calls from getting through.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

National Grandparents’ Day, proclaimed a holiday by President Jimmy Carter in 1978, falls each year on the Sunday after Labor Day. Thanks to the tireless work of one grassroots organizer—a woman who was also a driving force in legislation that protects and supports the elderly—this holiday is a time focus on one another and on the important contributions that grandparents make in the lives of the family.

And what better present could you give than to spare your relatives the headache and heartache of falling victim to a scam? Some scams, frauds and identity theft crimes specifically target senior citizens, so Grandparents’ Day is the perfect time to spread the news.

1. Grandparent Scam – This crime is actually called a “grandparent scam” because back before cell phones were a widespread device, senior citizens were often targeted. They were believed to have no way to verify whether this was a scam or not. Now, the scam has evolved to target anyone, but grandparents are still high on the list of potential victims.

In a grandparent scam, the victim receives a phone call that says a friend or loved one (as in, a grandchild) is in some kind of trouble and needs help. Stories over the years have included someone who was in the hospital, had been arrested, was stranded with car trouble or even had been kidnapped, and the only way to help was to send money.

2. Medicare/Healthcare Scams – Our aging population is thankfully living longer, and that has meant changes to programs like Medicare. With every new change—such as the recent issuance of new Medicare cards that no longer contain the holder’s Social Security number or the enrollment in various add-on plans—scammers attempt to steal money and identifying information from Medicare users.

It can be hard to spot a Medicare scam, especially if the caller already knows some information about you. To fight back, you have to develop a habit of never giving out your sensitive information to someone who contacts you. If there’s any doubt about your coverage or your plan, take the caller’s information and hang up. Then, using a verified phone number for your local administration, contact the Medicare office and find out what’s going on.

3. Tech Support Scams – As older adults join the digital revolution, more seniors are enjoying things like smartphones, laptops and tablets, social media and many other connected resources. Scammers assume that these “digital newcomers” might be naïve enough to fall for a technology-related scam, so seniors are prime targets for tech support scams.

A tech support scam occurs when someone contacts you by phone, email, text message or even a popup box on your computer and tells you that your computer is infected with a virus. They offer to clean out the virus for a fee, but actually steal your money while installing a virus on your computer. The virus will root around and find out your account information, login credentials and more. Remember, software companies do not sit at workstations and monitor your computer; anyone who tells you otherwise is lying.

4. Untraceable Payment Scam – There is one major unifying factor in scams that steal your money: the scammers don’t want to get caught, so they rely on untraceable, non-returnable forms of payment. If you’re ever told that you owe money for an unpaid parking ticket, a court fine, back taxes to the IRS or any other bill that must be paid with a prepaid debit card, iTunes gift card, wire transfer or similar method, it’s a scam!

Any entity that you legitimately owe money to will accept your personal check, your credit card, or even cash; in rare exceptions, something like a parking ticket or court fee might have to be paid by cashier’s check, but also that will have a traceable number on it. Never make a payment to someone who claims the only accepted form are those listed above.

5. Romance Scams – There’s a perception that senior citizens might be lonely—after all, it’s what the creator of Grandparents’ Day was working to prevent—and scammers are counting on that. The frightening thing about romance scams is that they work too well and can impact any age.

However, there’s one unique thing about senior adults that makes them an especially hot target: the fear that they will lose their independence. Not only have some older victims of romance scams opted not to report the crime to anyone, some have even continued to pay their scammers after suspecting something wasn’t right. Make a firm decision to never give money to someone you only know online and never involve yourself in their crime, such as cashing a check for them.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

One of the great mysteries of social media—apart from why people need to share photos of their dinner—is what makes someone post false information without hoping to gain from it. These hoaxes sometimes end up going viral and taking on a life of their own, and the original sender only gets a little temporary boost in their visibility online.

There have been a lot of Facebook scams over the years and more than a few hoaxes, too. The key difference between the two is that scams and fraud seek to steal your identity, your money, access to your computer or account or some other criminal gain. Hoaxes, on the other hand, seem to only bring joy to the creator when they watch how many people share the misleading or false information.

A recently reported double-hoax playoff of changes to Facebook’s algorithms, while also requiring the “copy-paste” behavior to make it spread. Earlier this year, Facebook announced that it would adjust what types of posts and content showed up in your feed to make less relevant, commercially-based posts appear less frequently. It didn’t take long for people to assume Facebook was censoring posts and blocking some of your friends.

This hoax takes that fear to a new level and urges participants to “sneak” into a separate Facebook news feed, accessible only by copying and pasting their message into a new post. The message specifically states that you will be able to “bypass” Facebook’s algorithms and see posts from friends you haven’t heard from in years.

Unfortunately, it’s not true. There is no secret backdoor Facebook newsfeed hidden beneath fancy computer code, and copying the message to share with all of your friends will only highlight the fact that you  fell for a phony message. Sadly, engaging in comments to inform your friends that their post is a hoax will have the same engagement effect and cause the hoax to continue to spread.

Whenever you come across a social media hoax, it’s better left untouched. Don’t click “like” or any of the angry/frustrated emojis, don’t comment on it and don’t share it, even accompanied by a message that warns people of the hoax. Any engagement you give it simply gives it more visibility and power. If there is anything dangerous or compromising about the post that could lead to loss of money or data, try to message the person who shared it privately and explain the issue.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

Labor Day is just around the corner, and perhaps no one is looking forward to the long weekend more than scammers and identity thieves. The three-day holiday lends itself to a wide variety of ways to steal your money, your personal data or both, so it’s important to brush up on how to spot a possible scam in order to avoid it.

Travel Scams

This particular holiday is traditionally a time for families to take one last quick getaway for the season. In 2015, travel and road service organization AAA said that an expected 35.5 million Americans travel over the three-day weekend. Unfortunately, another statistic can put a damper on those plans: according to the Better Business Bureau, vacation scams cost U.S. consumers around $10 billion per year.

While the internet has grown into an excellent resource for finding steep discounts and bonus packages on travel, accommodations and meals, it’s also a snare that can lead straight to a scammer. It’s important to be on the lookout for flashy pop-up ads, awkward or incorrect wording and spelling in emails or deals that are so cheap that they’re not believable. Remember, just clicking a link and looking into some of these deals can have repercussions if the website the scammer created installs malicious software on your computer.

Play it safe and only use trusted companies to book your hotel, flight or other vacation needs.

 

Skimming

Thieves can insert skimming film into the card reader of a gas pump, point-of-sale system, even a restaurant payment card machine, and that film can nab all of the account information off your card. It’s then transferred onto a blank magnetic stripe card and used in physical locations (which will not necessarily trigger a “suspicious purchase” alert from your card since the card was present at the transaction). You need to be on the lookout for this common holiday travel pitfall, even if your travel plans don’t take you any farther than the local lakeside or park.

If a gas pump or POS payment machine looks tampered with, you might consider using a different pump, going into the store to pay or even using a different payment method. If you’re eating out and the server has to leave with the card to make payment, you could also fall victim to skimming. It’s always a good idea to look over your account statements routinely, but especially after any kind of holiday or major event.

 

Shopping Scams

Are you staying home this year? Labor Day might be a great time to take advantage of a number of sales and discount specials, but buyer beware, phishing emails that offer you massive discounts can redirect you to phony websites. Once there, you enter your personal information and payment card account, only to have it stolen by a scammer.

Fortunately, many retailers—both physical and online—advertise their upcoming holiday specials in advance. If you’re buying a high-end item, you should have plenty of time to look for the best deal and find the most reputable retailer.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

Election season is here, and there just might be unprecedented interest in various states’ midterm elections. Pride and patriotism are leading more and more people to take an interest in the political system. Unfortunately, this civic interest can also cause scammers to take advantage of the public, targeting voters for identity theft, access to their financial accounts and more.

To be a civic-minded citizen while still protecting yourself, it’s important to know how to spot a possible scam and take action:

1. Voter surveys

One of the many ways that political candidates gauge the concerns of their constituents is to ask questions about the issues. Unfortunately, this approach can also allow scammers to seek personally identifiable information. Be careful not to overshare your name, address, email address, birthdate and certainly not your Social Security number or driver’s license number. It’s also important to avoid the “confirm your status as a registered voter” phone or email scams.

2. Voter registration drives

All over the country, dedicated volunteers are helping citizens register to vote. You may see tables at outdoor festivals or farmers’ markets, on college campuses or other widely populated events. If you’re concerned about your data security—such as the filled-out forms are left where anyone can see them—take the offered form, fill it out and mail it or deliver it to your local officials instead.

3. Petitions

This is another excellent way to express concern about critical issues, but it can also lead to identity theft if the person handling the petition does not properly administer it. You might have signed a petition in high school to get more pizza on the cafeteria menu, and that didn’t require much more than your signature. A political petition, on the other hand, can request things like names, addresses or phone numbers. However, there’s no reason for more sensitive information, and you are not required to submit your entire identity. Walk away if you get the impression that too much information is required.

4. Voting “support”

Believe it or not, someone may try to make a fast buck off your desire to vote. With so much news lately about names dropping from the voter rolls, scammers can easily send out phishing messages that playoff your fear of not getting to vote. However, there is absolutely no reason to pay someone to tell you if you’re still registered to vote! That information is available for free from your local voter registration office.

5. Hoaxes on Social Media

Yes, there have been reports about some shady political ads on social media, unauthorized access to voter information via Facebook and more. Don’t let that cause you to become anyone’s victim. If you see posts online that you aren’t sure are accurate, don’t hit like or share. Check them out for yourself from reliable sources before engaging with them on social media. Remember, even if they’re not out to steal your account access or your identity, engaging with a post—even to point out that it contains false or misleading information—gives that post greater visibility and traction.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

For years, fraud experts have warned consumers about phishing attempts that try to steal money and identifying information. As people have become more aware of the threat, scammers have had to up the stakes in order to trick users into downloading malicious content to their computers or hand over their sensitive information.

One common approach is the “there’s something wrong with your account” email. These messages appear to come from a well-known company. It might claim your account has been suspended due to strange activity, an order you placed (or possibly didn’t place) is not shipping due to a problem with your credit card, or any other plausible scenario. The goal is to get you to click the link and submit personal information, such as login credentials, passwords or credit card info.

So how is a company supposed to inform you when there really is an issue with your account? A good example may be the one below:

The email informed the recipient of the need to take action on their account by exiting the message and logging in to the account themselves. Rather than the common ploy of having the victim click a button that supposedly redirects to their account, this message plays it safe: Leave this email, go to your account, login for yourself, and make sure your information is accurate.

Also, further below, there is a support number to call for help. That can be indicative of a scam, though, so beware; numerous scams have included phone numbers to call that simply redirect to the scammers, so anyone receiving this email should verify the phone number before calling. However, the information the recipient needs is laid out quite clearly in the email, and hopefully, no further support is even required.

At first glance, this email could look and sound just like any other phishing email, but the difference is in the action the recipient is to take. Instead of falling into a potential trap, the reader is only told to do the very same activity they would do if they had not received the message, namely, log into their account and make sure their profile is up-to-date.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Ah, summer! What’s better than longer days, warmer temps and maybe a quick out-of-town getaway to enjoy the season? Why, a budding romance, of course!

Unfortunately, for too many victims, that newfound romantic interest might be something other than he or she seems. Romance scams are some of the cruelest, costliest forms of fraud. Preying on people’s loneliness and hope, the perpetrators have no qualms about not just stealing your money, but also leaving you broken-hearted, embarrassed and ashamed.

With the summer months in full swing, there’s no time like the present to identify the telltale signs of a possible scam and develop some strong self-protection skills:

1. The Out-of-Towner Love Interest – It seems like many romance scammers have one unifying feature: they work out of town or in career fields that keep them isolated. It might be on an offshore oil rig, a deep-sea fisherman, a deployed active duty service member, or any other plausible excuse to not be available to talk or message all the time. If you meet someone online with one of these specific or similar job areas, proceed with caution because that’s a huge red flag

2. The Struggling Widow – Many online scammers rely on the sob story to get money out of their victims. A typical scenario is a single parent with a wonderful child, as this allows them the chance to very quickly ask their victim for money. “My son’s computer broke and I’m away at sea, he’s going to fail the school year and lose his scholarship if he doesn’t turn in this paper…” Who would refuse to help a dedicated student while his parent is out of town? Again, romance scammers often rely on the widow/widower story to snare their marks

3. The Overly Zealous Significant Other – “I’ve never felt this way before… I hope I don’t scare you off, but I think I want to spend the rest of my life with you.” Romance scammers often take a long time to groom their victims, keeping the charade going for months before starting to cheat them. During that time, scammers may even work in shifts to ply their victims with sweet talk, text messages filled with hearts and flowers and more. By escalating the relationship quickly, the victim already feels invested in it. Refusing to give money to a desperate person after they’ve professed their love and started talking about marriage? Inconceivable

4. And Finally, Show Me the Money – When a romance scammer finally does come around to asking for money, there’s ALWAYS a reason. “I hate to ask you this, please feel free to say no…” but my mother’s utilities are about to be shut off due to an error at the bank and I’m away at sea, or our son’s tuition check didn’t clear and they’re going to kick him out of school right here at exam time if it’s not paid. Other, more sophisticated tactics even involve the scammer sending the victim a check or granting them access to their bank accounts, only to end up costing the victim money when they go back on their promise. Many victims have also reported being told to send the money via untraceable methods like Western Union despite supposedly knowing this person.

Here’s the real clincher about romance scams: far too many victims keep it going rather than admit—to others or themselves—that this was all a giant lie. There have even been reports of victims becoming part of the scam, helping to launder money or bilk others for funds. Do NOT hesitate to cut off any relationship that starts to smell like a fraud.

If you are ever asked for money from someone online, stop and think: why would this person need me to help? Where are the other people this individual could turn to? Then, try this: refuse. Be firm about not paying, no matter what excuse the other party gives, and see if it leads to the end of the relationship. Any legitimate love interest would immediately backtrack and apologize, but a scammer will double down with harsh comments, pleas for help, and any other statement to get the money out of you. Don’t fall for it, and don’t let love turn into heartache and loss by giving in.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

In a large-scale data breach, hackers may be after a variety of things. It might be sensitive data like personal identifiable information, email addresses and passwords or the answers to common security questions. It can also be slightly less sensitive but still usable information like payment card credentials and home addresses.

But what do hackers actually do with this information? Sometimes they use that data themselves and in other cases, they will sell it or hold it for ransom from the company it was stolen from. Payment card data can have a narrow window of opportunity for use since financial institutions may cancel those account numbers once they discover the breach.

There’s another way that credit cards have been used following a data breach, one that steals additional benefits from the victim. The theft of airline miles or bonus points tied to the victims’ credit cards may go unnoticed because most consumers don’t think to monitor their extra perks; once the hackers have stolen the account credentials, they can use or sell the additional perks on those accounts.

One of the first steps to protecting your perks accounts is to secure it with a strong password, one that you don’t use on other accounts and that you change frequently. By protecting this account and others, you’ll help prevent a breach of your accounts as well as stop a thief who bought old information on the dark web from a database of previously hacked information.

Another key step is to take some time to monitor these accounts from time to time. Thieves get away with it because too often we happily store up those miles or bonus points for a large trip or a major purchase. Monitoring your points from time to time can help you not only keep track of how far you have to go to reach your perks goal, but also lets you stay on top of any problems that arise.

If you do find out that someone has tampered with your perks account, contact your credit card issuer immediately and change your password on this or any account that uses those same login credentials. This could actually be the first sign that someone has accessed your credit card account, so it’s a good idea to order a copy of your credit report, too.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.