A recent Google Alert scam has caught the attention of many. Google Alerts recently caught fraudsters trying to push fake data breach notifications for big-name companies in an effort to distribute malware and damage people’s computer networks. According to Bleeping Computer, fraudsters have been mixing black-hat SEO, Google sites and spam pages to direct users to dangerous locations based on data breach information.

Google Alerts is designed to send notifications to people who sign up for specific keywords monitoring and provide search results. As part of this Google Alert scam, fraudsters were able to create pages and use compromising websites to combine “data breach” with well-known brands. Bleeping Computer reports that some of those well-known brands include Chegg, Canva, EA, Dropbox, Hulu, Shein, Ceridian, PayPalTarget, Hautelook, Mojang, InterContinental Hotel Group and Houzz.

In the Google Alerts, fraudsters offer giveaways and download offers, which leads to the dangerous malware. The threat actors are also believed to have used the Google Sites tool to build webpages to host their content. Bleeping Computer says they found that the scammers were pushing unwanted search-related extensions. As part of the Google Alert scam, malicious links were also believed to be sent to people with an iPhone 11 device for a fake giveaway. It claimed to be set up by Google as part of a “Membership Rewards Program” and the offer said the gift was “exclusively and only for Verizon Fios users.” Users had to fill out a survey, allowing scammers to get their money. Browser extension scams can pose a risk to browsing privacy because malware can be used as part of this method.

Consumers who use Google Alerts should be aware of this particular scam; going directly to the source (the purported breached entity) instead of clicking on an unknown link. The Identity Theft Resource Center has been tracking publicly-notified data breaches since 2005 and has the most comprehensive and the most readily available data breach information for publicly-notified breaches. For any consumer that wants to fact check about the latest information regarding a publicly reported breach is encouraged to access our resources to confirm any new circumstances. Consumers can sign up for the monthly data breach newsletter, as well as view monthly and yearly data breach reports. They can also receive a “risk score” on what their true concerns should be by visiting Breach Clarity and entering the particular breach on which they would like information. Anyone who believes they might have fallen victim to a Google Alert scam can live-chat with an ITRC expert advisor, or can call toll-free at 888.400.5530. They can also download the free ID Theft Help App. The app will provide consumers and victims access to advisors, resources, a case log to track their steps and much more.


You might also like…

YEARS OF FORMJACKING LEADS TO BOMBAS DATA BREACH

WATCH OUT FOR 2020 SUMMER SCAMS

CREDIT REPORTING AGENCIES ANNOUNCE FREE CREDIT REPORTS EVERY WEEK THROUGH 2021

Summer has arrived, and usually that signals summer vacations, fun in the sun and time to enjoy summertime events. With the COVID-19 pandemic still impacting people in many ways, some summer plans will look different. It won’t stop scammers from targeting victims, but 2020 summer scams could have a different spin than summer scams in years past.

Employment Scams

Typically, employment scams are a hot summer scam because teachers, school transportation drivers, high school/college students and residents of resort areas look to make some extra money in the summer months. While that may end up still being the case, employment scams could be a 2020 summer scam because over 40 million people are unemployed due to COVID-19 and areas are now loosening restrictions.

Some telltale signs that a job might not be genuine include high hourly rates for minimal work, requirements to pay for supplies and materials, offers that request consumers to provide their sensitive identity credentials (driver’s license or Social Security number) to apply and offers that contain misspellings, vague information or links to click and software to download.

Loyalty Account Scams

Travel is usually at its peak in the summer months as families and friends embark on their vacation plans. However, travel is down due to the coronavirus and it is unknown how many people will be willing to take the risks associated with traveling. That is why scammers may attack loyalty accounts.

A popular 2020 summer scam could end up preying on loyalty accounts because people are not flying and staying at hotels. If anyone receives a message regarding a loyalty account, they should ignore it and reach out to the proper company directly. However, scammers could still strike with too-good-to-be-true offers or create fake websites and steal photos of real properties to lure in their victims. Travelers should avoid any high-pressure (i.e. “Book NOW to receive”) opportunities or messages about their accounts and investigate thoroughly before proceeding.

Moving Scams

Summer is a popular time to move, whether it is recent graduates or families waiting for their kids to finish the school year. Moving scams can still strike at any time. That means moving scams may make a resurgence as a popular 2020 summer scam. There are many different types of moving scams, but some of them involve taking information including PII and payment card information; hidden fees and companies that change their names to circumvent bad reviews.

Ticket Scams

Outdoor concerts, music festivals and big-name concert tours are great summer fun. Ticket scams could be a popular 2020 summer scam. Not because there will be concerts, music festivals and sporting events going on, but because sports and other outdoor activities have many unknowns regarding how ticket sales and refunds will work. Scammers can take advantage of the confusion by overcharging for an event through a fake website that steals people’s information and selling a fake ticket. Scammers have sent messages previously regarding ticket refunds with links to click or files to download. People should only purchase tickets from trusted retailers. If anyone gets a message they are not expecting about a ticket sale or refund, they should ignore it and contact the retailer directly.

Social Media Scams

People’s Facebook accounts and Instagram accounts are also a target when the weather turns warm. Everything from romance scammers and phishing attempts to burglars who scope out who is not home based on their posts can lead to harm. COVID-19 romance scams are already making the rounds and scammers could continue to use that tactic.

People should be mindful of what they post online. Also, they should beware of friend requests from accounts they do not recognize or requests from people they thought they were already connected with (i.e., hacked or spoofed accounts). Finally, people should make sure they are not oversharing or giving away too many details to anyone who can see them. Remember, there are things on social media accounts that could be used to determine the challenge questions for other more sensitive accounts (date of birth, pet’s name, mother’s maiden name, etc.).

If anyone falls for a summer scam or potentially self-compromises their identity information, they can live-chat with an Identity Theft Resource Center expert advisor that will help guide them through the next steps to take. They can also call toll-free at 888.400.5530.


You might also like…

DARK WEB DATA BREACH LEADS TO THIEVES STEALING FROM THIEVES

AERIES DATA BREACH AFFECTS SCHOOL DISTRICTS ACROSS CALIFORNIA

PURPORTED LIVEJOURNAL DATA BREACH LEADS TO 26 MILLION USER RECORDS BEING STOLEN

State and local governments around the country are working hard on plans, and in some cases, starting to execute, to carefully reopen their communities and businesses in the wake of the COVID-19 pandemic. Data is being tracked; task forces are mobilizing and planning; and the “new normal” is beginning to take shape. However, this could lead to an increase in reopening job scams.

More jobs could be a welcomed sight for over 40 million U.S. workers who have had to file for unemployment benefits since mid-March. Some consumers expect to return to their old jobs. However, many others will be looking for a new one.

According to a survey issued by FlexJobs, 19 percent of respondents reported that they have already been victimized by an employment scam. The company further stated that for every legitimate work-from-home job—a highly sought-after option during the pandemic—there are between sixty and seventy scam offers. Out of concern for consumers, as they seek employment, the FBI is warning the public about reopening job scams or fake job offers that would ordinarily raise some red flags if not for the specific changes that quarantine has required.

The FBI says they have seen an uptick in fake job and hiring scams with cybercriminals posing as legitimate employers by spoofing company websites and posting fake job openings on popular online job boards. One of the scams involves fraudsters going as far as conducting false interviews with applicants, then requesting personal information or money that could be transferred to a private location. The Better Business Bureau told FOX 13 in Memphis that fraudsters are using the COVID-19 pandemic in their employment scams to make them more believable.

Fortunately, much of the same caution that applied to job-seeking before COVID-19 still applies. Consumers should know the source of the job listing and only use reputable websites to find employment opportunities. To avoid a reopening job scam, consumers should also be mindful of unsolicited emails and offers with outrageous claims—such as, “Earn $3,000 a week working from home.”

Once a job posting is found, consumers should also be careful about how much personal data they share, at least during the application period. If a company claims they want to do a phone, Skype or Zoom interview due to social distancing and safety, that’s okay. However, it does not mean candidates should turn over information like their Social Security numbers until they have been hired.

Finally, to avoid a job reopening scam, consumers should remember that legitimate jobs don’t usually require any upfront fees or costs. Even things like company uniforms or specialized equipment such as steel-toed shoes are often deducted from the first paycheck or purchased by the employee through an outside company. Typically, they are not charged in the form of a payment. If an employer asks for a finder’s fee, administrative fee, background check fee or any other funds, it is probably a reopening job scam. Even for legitimate actions like submitting a bank account number and routing number for direct depositing of paychecks, it’s important to be sure the company is legitimate and the job has already been awarded before submitting the information. If someone believes they are victim to a COVID-19 reopening job scam, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530.


You might also like…

ShinyHunters Hacks Expose Business Vulnerabilities

Stolen Stimulus Checks Creating Concerns for Consumers

College Student Stimulus Check Scams Begin to Heat Up

This post will be updated as more information becomes available

Contact tracing scams have begun to pick up steam with the evolving technology coming closer to becoming a reality. Some of those scams include hackers and fraudsters posing as contact tracers – both online and in person – trying to steal personally identifiable information (PII), personal health information (PHI) and other personal data.

The United States began the re-opening process after the COVID-19 pandemic closed many aspects of daily life. That is expected to include many precautions to keep people safe, including contact tracing – a method used to find the people who may have come into contact with someone infected with COVID-19. In fact, many people anticipate contact tracing will play a large part in keeping people informed of their risk of exposure until a vaccine is available.

Apple and Google are cooperating to ensure the different phone operating systems are compatible for contact tracing purposes. Apple and Google are also working with health departments across the country to figure out how to roll-out an effective contact tracing Bluetooth-based system that would allow public health departments to create their own contact tracing apps. Despite doubts from some health officials on how useful Apple and Google’s optional systems will be, the two tech companies have developed the digital contact tracing system, and have included it in their latest software updates. Contact tracing apps have already rolled out in other countries. According to MIT Technology Review, so far, there are 25 contact tracing efforts globally. However, none of those apps work in the U.S. Consumers should beware of any attempt to entice them or someone else to download and register for an app.

While app development efforts continue, scammers are tricking people into contact tracing scams using fake apps that steal their personal information. The Better Business Bureau of Connecticut warns people about text messages in their area that appear to be linked to COVID-19 contact tracing, alerting people that they were near someone who tested positive for coronavirus. Police in Washington state are alerting residents of contact tracing scams going around trying to steal sensitive information, including credit card information and Social Security numbers. The Champaign-Urbana Public Health District urges residents not to fall for contact tracing scams, adding that they will never alert people of a positive test via text.

In all of these scams, fraudsters are trying to steal people’s personal information, whether it is by trying to get them to click on unknown malicious links or simply asking for them to provide it. Hackers then have the ability to turn right around and sell the information, which could lead to identity theft. Even when legitimate apps are available, users should check to see if the data they share will be used for marketing purposes without their permission or sold for other purposes.

To avoid a contact tracing scam, people should stay informed on the latest contact tracing details, as well as the most up-to-date COVID-19 information from their state and local health departments. Local health departments will inform people of what a legitimate contact tracer will ask and any protocols they will follow. If anyone gets a text or notification they are not expecting that they were in contact with someone who tested positive for COVID-19, they should ignore it and call their local health department to confirm the validity of the message. They should not provide any information they are asked for, nor should they click any links, open any attachments or download any files.

If anyone believes they have fallen victim to a contact tracing scam or is a victim of identity theft, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. An advisor can help victims create an action plan on the steps they need to take that are customized to their needs.


You might also like…

Online Shopping Safety a Priority During Coronavirus Pandemic

Five State Unemployment Department Data Exposures Uncover System Flaws

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

While people continue to take protective measures in order to avoid COVID-19, some groups are actively working harder. It’s not just the essential workers, healthcare workers or first responders. Unfortunately, scammers are also putting in overtime to take advantage of the current situation.

Recent reports of quarantine-based scams have included unemployment benefits identity theft, IRS stimulus check scams, and now dating app scams and COVID-19 romance scams. While these have always been a known threat, newsworthy events like the COVID-19 pandemic often lead to an increase in scam activity. Scammers are increasing the amount of romance scams with more people on dating apps due to isolation. Also, scammers are changing their stories to include COVID-19. Fortunately, while the other virus-related scams may be hard to spot due to the fact that they are based on actual current events, avoiding a COVID-19 romance scam might be a little bit easier.

It is important that consumers know the signs:

  1. A plausible reason why the person is reaching out to strangers. Even before the virus, the reason usually had to do with boredom and isolation, which are abundant right now.
  2. A job or location that prevents them from communicating on a regular basis. Again, before the virus, those jobs often included occupations like off-shore oil rig worker, deep-sea fishing boat captain or deployed soldier. Due to COVID-19, it is just as easy to blame the virus, especially if the person claims to be a hospital worker, medic or another essential employee.
  3. A sympathetic story. While a lonely, deployed soldier story is prone to tug at the victim’s heartstrings, an EMT, nurse or doctor who just needs someone to talk to as they attempt to process the horrors of frontline medical work could be viewed as a more sympathetic story.
  4. The request for money. The sympathy mentioned above goes directly into the request for funds. Right now there are probably a lot of people who would help a nurse or medic purchase masks and gloves, and who has not heard the reports of price gouging and scarcity. If the scammer poses as an out-of-work employee, a victim might help a single parent buy groceries for their child.
  5. The cat-and-mouse game. Romance scams are a vicious cycle of flattery and compliments combined with plausible requests for money. Following through with the money earns the victim even more of the attention they crave. Hesitating or refusing earns them the silent treatment.

In order for consumers to protect themselves from COVID-19 romance scams and other scams, consumers have to be aware of the threat and spot the telltale signs. Romance scams rely on a formulaic model, namely an individual who reaches out on social media, via text message or some other electronic method. They begin a lengthy, personal conversation, one that contains an extremely high, frequent amount of discussion. Within days, they begin making statements such as, “I’ve never felt this way about anyone,” or “I know this is sudden, but I can really see us having a future together.”

Within a short period of “grooming” the victim with promises of visits and even marriage, the story crops up. One example could be a story about a terrible incident that has occurred and the scammer even has the funds to fix it, but they cannot access their money in time to fix the issue. The scammer may ask the victim to pay the money with the promise that they will be paid back immediately. From there, more requests for money could follow, even as the scammer continues to string along victims with promises of long-term relationships.

Remember, there is no plausible excuse why someone would need to reach out for money from someone they have not met in person. People should protect themselves from these and other scams by learning to spot the warning signs and distancing themselves if any red flags appear. If anyone believes they are a victim of a COVID-19 romance scam, they can contact the Identity Theft Resource Center to live chat with an expert advisor. If they do not have internet access, they can call toll-free at 888.400.5530. They will have to leave a message due to advisors working remotely. However, advisors will work to return calls as quickly as possible


You might also like…

ARE YOU AN IRS NON-FILER? TIPS TO AVOID A STIMULUS CHECK IDENTITY SCAM

COVID-19 PANDEMIC LEADS TO UNEMPLOYMENT BENEFITS IDENTITY THEFT

LOOKING TO GIVE DURING COVID-19? DON’T FALL FOR A CHARITABLE GIVING SCAM

When any disaster or crisis – including the current global pandemic – occurs, people jump into action to help those impacted by the event. Scammers choose to take advantage of that giving spirit, which is why many people are susceptible to charitable giving scams in times of crisis. Scammers look to take advantage of other’s good deeds and turn it into a personal gain for themselves – both financially and by getting access to personally identifiable information.

That is exactly what has happened during the COVID-19 pandemic. In fact, according to Dayton Daily News, scammers have been going door-to-door in Dayton, Ohio posing as The Dayton Foundation. Scammers have been trying to sell coupon books that claim people’s donations will go towards the fight against COVID-19. It is one of many charitable giving scams.

However, there are things people can do to reduce their risk of falling for a charitable giving scam.

1. When giving to any non-profit, people should only give to trusted sources. This way they will know their donation will not fall into the hands of a scammer. If someone does not recognize the name of a charity that is soliciting funds, they should be cautious.

2. Legitimate donations can be made on a cell-phone. However, scammers can also send out texts that look real. People should find the charity they want to donate to and initiate the contact.

3. People should do their research before giving. Charities can be investigated through the BBB Wise Giving Alliance.

Independent charity evaluator, The Charity Navigator, has also compiled a list of ways to make sure people’s donations are going to a real charity.

The Federal Trade Commission has also recommended people conduct Google searches like “best charity” or “highly-rated charity” to help decipher the real ones from the fake ones.

4. People should ask the charities for information about their mission, goals and history – including requesting their 990-form. If they are unable to answer those questions, they are probably part of a charitable giving scam. Any legitimate non-profit organization should be able to answer people’s questions about their organization and their giving guidelines.

5. Donors should beware of the scammer’s tricks. They will often try to rush people to make their donations and will use names that are similar to existing charities. Fake organizations might also try to tell people their donation is tax-deductible when it is not.

If people have questions regarding charitable giving scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor.

For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will provide assistance as quickly as possible.


You might also be interested in…

This post will be updated as more information becomes available

UPDATE: 6/15/2020- According to the Wall Street Journal, Treasury Secretary Steven Mnuchin said the administration is “very seriously considering” a second round of stimulus checks. The proposed $3 trillion Health and Economic Recovery Omnibus Emergency Solutions, or HEROES Act, was passed by the U.S. Senate but has not been passed by the U.S. House of Representatives. It would authorize another round of stimulus payments for most U.S. households. For more information on what the HEROES Act would provide, click here.

UPDATE: 4/29/2020- Anyone who did not file a tax return for 2018 or 2019 and have dependent children must register with the IRS by Tuesday, May 5, at noon EST to get an additional $500 economic impact payment for their dependents. If anyone misses the deadline, they will have to wait until they file their 2020 tax return to get the money. For more information on how to fill out a non-filer form, and how to avoid a non-filer scam, click here.

UPDATE: 4/15/2020 – Stimulus check have begun being distributed and people are already seeing them show up in their bank accounts. The IRS has created a portal where people can check the status of their economic impact payment. It could take a few minutes to load the website due to overload. However, people will be able to see what day they are expected to receive their payment, as well as the payment method.

Non-filers can now also file through the IRS to get their payment sooner. To learn how to file, and how to avoid a non-filer scam click here.

UPDATE 4/13/2020 – The Treasury Department and the IRS have announced that the distribution of stimulus checks will begin this week and that most of them will be deposited directly, requiring no action. Anyone who does not typically file a tax return will need to file a simple tax return to receive their stimulus check.

If there is anyone who has not filed their 2019 tax return but did file a 2018 return, the IRS will use the information provided in the 2018 return. The Treasury also plans on creating a web-based portal where people can enter their direct-deposit information online. The stimulus checks will be available to consumers through the end of 2020. For more information, consumers can visit IRS.gov/coronavirus. To learn more about the stimulus checks, click here. For tax rules to help you fill out your 2019 taxes, click here.

ORIGINAL 3/27/2020- With the COVID-19 pandemic impacting everyone across the United States, the U.S. federal government passed the largest stimulus package ever to help minimize the financial impacts for businesses and consumers. Coronavirus stimulus checks are being mentioned in the news daily, which is leading fraudsters to come up with stimulus check scams.

While there are a lot of questions about the $2 trillion stimulus package and stimulus check payments, most consumers should not have to take any action to receive their stimulus check because the payment will be directly deposited by the IRS into their bank account from the information provided on their 2018 or 2019 tax return. Payments will begin arriving in mid-April.

If anyone receives any messages or letters regarding a government check, it is very likely a coronavirus stimulus check scam. The government will not ask anyone for their Social Security number, bank account number or credit card number; the government will also not ask anyone to pay a fee upfront to get their government check; there will not be a way to “expedite payment” through a service provider either.

If anyone did not provide their bank account information on their last tax return, the IRS will mail people their stimulus checks. There have also been discussions about the possibility of sending some payments to consumers on prepaid debit cards to speed up the process. While that is a possibility, if someone reaches out saying that they can get the stimulus payment to you on a debit/credit card, please report it to local authorities or the Internet Crime Complaint Center (IC3) to verify whether it is real or fake.

With the stimulus package passing, people can expect to see a rise in stimulus check scams. When the government ends up mailing checks and/or prepaid debit cards, people can also expect to see a rise in prepaid card scams and physical mail theft.

To avoid any of these scams, consumers should make sure they have filed their taxes and have provided their direct deposit information to the IRS in their latest tax return. Consumers should also check to see if they are qualified to receive a coronavirus stimulus check, and for how much.

Finally, if consumers receive anything that does not seem correct or something they are not expecting, they should ignore it and go directly to the source to verify its legitimacy. There is a possibility it could be a stimulus check scam.

If people have questions regarding stimulus check scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


You might also like…

Due to the coronavirus, the stock market is making headlines right now, for all the wrong reasons. Scammers see it as the perfect time to prey on consumers with investment scams.

Who Is It Targeting: Small-time, first-time, and seasoned investors

What Is It: Various scams that target novice and seasoned investors

What Are They After: When the stock market makes headlines—whether good or bad—scammers are more prone to come after unsuspecting consumers and steal their money. Some investment scams may simply tell victims to invest heavily in a certain stock, while others will actively trick investors into handing over their personally identifiable information. With news of the coronavirus growing each day, this is also a time when spoofed emails—such as those that appear to come from a financial institution or brokerage—can lure someone in and steal their account access.

How Can You Avoid It:

  • Do not act on instinct or be driven by panic
  • Remember that the stock market is a long-term prospect, not a “get rich quick” scheme
  • Always seek out professional information before you respond or take action

If you think you may be a victim of identity theft or an investment scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from TMJ4.com


Scammers have gotten creative as the COVID-19 pandemic has driven most people to spend their days in their homes – including creating phishing emails that attack both businesses and consumers. Fraudsters are currently taking advantage of the millions of people working from home. They may try representing themselves as the U.S. government, whether it be about a stimulus check, unemployment benefits, etc. Now, with the National Guard and other types of support being implemented in certain areas, the alarm is being sounded on scammers going door-to-door.

The National Guard is being deployed to assist with the Federal Emergency Management Agency work in some states. Some of the aspects of their duties include helping FEMA with gathering swabs and transporting them to certified labs for testing; delivering medical supplies as directed and creating medical stations. The National Guard says they have been activated for logistical support, and are not being deployed for enforcement. That means they will not be going door-to-door to implement any self-quarantines or shelter-in-place orders. If a “military personnel” comes to a person’s door posing as a National Guardsmen, the healthcare department or a healthcare professional regarding COVID-19, whether it is with a “test,” “cure” or regarding sheltering in place, it is likely a scam.

With that being the case, interactions someone may have with the National Guard would be at an identified FEMA drive-thru testing station or designated location for medical assistance. These two scenarios are examples of where you may be asked to provide personal information to the National Guard in reference to COVID-19 relief.

These types of door-to-door scams are not uncommon during a time of crisis. Scammers typically use them as an opportunity to pose as someone who can help people, but in reality, all they will do is hurt them.

If someone is going door-to-door posing as a utility worker, law enforcement, government agency or healthcare professional, ask for their identification before engaging in any conversation. Providing an ID card doesn’t always mean the person is legitimate because it is easy for a scammer to create what might look like an ID, dress up and act like someone else. If the person at the door is reluctant to show their ID or you have concerns about their legitimacy, close the door and call the organization that they are representing.

Also, if someone comes to a person’s door offering that if a fee is paid, they can provide faster service for aid, it is a scam. In fact, that is one of the go-to tactics scammers use to lure victims in. In the event that you are asked to provide personally identifiable information by someone on your doorstep, calling the organization that they are representing could prevent you from self-compromising sensitive information.

Finally, if someone is uncomfortable with anyone who comes to their door, they should call their local law enforcement. It is always better to be safe than sorry.

If people have questions regarding COVID-19 scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


Read the latest…