Phishing scams are a low effort way for scammers to trick consumers into revealing personal information. Communication from payment platforms can be convincing with a Stripe email now making the rounds.

Phishing scams have been around for years, and with the ability to send out millions of phony emails a day, scammers don’t have much legwork to do. All they have to do is send a plausible email, get you to click the link or follow the instructions, and their work is done. One widespread form of attack involves pretending to be a high-profile company like Amazon, PayPal, or your bank in order to trick you into following their instruction and landing in their trap.

The latest front for this type of phishing attack is mobile payment company Stripe. Many small business owners, charities, and everyday consumers rely on Stripe for processing everything from payments to donations to cash from friends or relatives. The “Stripe” email claims that your account has been compromised and any money you are expecting will not be transferred to you, scammers hope to lure you into clicking and entering your info.

See real example sent to an ITRC employee:

An email typically with a subject line, “Stripe: deposit will not be made to your bank account,” has been circulating and frightening the site’s users, so much so that the company issued a scam watch statement. This post tells users what to do if they receive a strange communication that appears to come from the company. For instance, misspellings in the message or uncapitalized use of the company name are some red flags, as is an unknown email address or one that does not include the “stripe.com” domain name. Other telltale signs are listed in the website’s post.

There are some steps that tech users can follow to protect themselves from this kind of low-tech crime.

  • Never click a link, open an attachment, or download a file in an email or message unless you were specifically expecting it; even if you think you recognize the sender, it is a good idea to verify it with the sender first.
  • Next, never submit any kind of sensitive information based on a communication about your account. This includes usernames, passwords, account numbers, or any other details. Instead, go directly to the company’s website and log into your account. If there is a problem, it will be visible on the screen.
  • If all else fails, contact the company directly using a verified phone number or email address.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When it comes to avoiding a scholarship scam or financial aid scam is that there really are some obscure and even bizarre scholarships out there. There’s a scholarship for being left-handed, one for being above average in height or below average in height, one for being a redhead, and so much more. That means it’s easy to accidentally fall into a trap of applying for a scholarship from a company or organization that you’ve never heard of.

Fortunately, avoiding a scholarship scam only takes a little bit of attention and precaution.

Stick to reputable scholarship links

Many colleges and high schools will link to safe, trustworthy sources of financial aid on their websites. Start with your school’s site or your guidance counselor to find these and other sources.

Watch out for emailed offers

Once you begin engaging in activities that can be linked to college life—such as signing up for updates, filling out online applications, even searching for housing or shopping for dorm room essentials—that can trigger scammers who are looking for victims. When your email inbox begins filling up with scholarship offers and even “congratulations, you’ve been awarded a grant!” messages, it can be tempting to open them and click the link but you don’t want to do that. Opening the email and finding out if it’s legitimate is fine, but clicking a link or downloading an application can be dangerous if the sender isn’t genuine and can lead to a malicious virus or another compromise of your data.

There’s no such thing as free money

 It might sound like the opposite of a scholarship search—since scholarships are, by nature, free college money—but no one will hunt you down to give you money. Scholarships are funded by many different sources, and they are to reward hard-working students with the means to afford their tuition. No one sends out emails begging students to take the money, though. Many scholarships involve a rigorous selection process, so any claims that something is free or already yours should be a red flag.

You can’t win if you don’t play

Another important truth about scholarships is you cannot receive one if you don’t apply for it. That means you’ll never receive a scholarship that you didn’t submit your application for. If you are contacted by email, text, social media message, or some other way and told you’ve won a scholarship, make sure it’s one you applied for before you engage with the message. Furthermore, don’t fall for any hidden “fees” like paying $40 to process your new $400 scholarship; you never have to pay money to receive money.

Protect your data

With very few exceptions, you should not have to submit your Social Security number in order to apply for a scholarship. The exception may be scholarships that are awarded directly by your university (and even then, they should already have that information) or government grants and aid. A club, team, community organization, or other company should not need it, so don’t turn it over without investigating why it’s necessary.

It’s hard to believe that someone would stoop so low as to steal from a young college hopeful with a scholarship scam, but it’s true. Safeguard your identifying information and be very careful of what information you share.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Criminals have developed DNA test scams targeting victims to retrieve medical and sensitive information. DNA test kits have grown in both popularity and affordability in recent years. While not claiming to be foolproof or accurate, they can provide a glimpse into the genetic makeup of your family tree. There have been stories about these swab-at-home test kits providing more important information as well, such as the likelihood of certain medical issues.

Attorneys general in two states have already issued warnings about DNA test scams that steal the victims’ sensitive information. The caller claims to be from a testing agency and offers the victim a free DNA test kit if they meet specific criteria. In one victim’s case, the criteria was a family history of cancer. You would be hard-pressed to find an individual who does not have a relative who has had cancer, so of course, the victim instantly qualifies.

All they have to do to receive their free kit is answer some general questions and provide their medical coverage information. Some experts believe that DNA test scams may have grown out of the recent announcement that Medicare would cover the cost of genetic screening for cancer patients if the kit is an FDA-approved tool.

In some of the reports of these scams, individuals were actually going door to door and offering victims a free kit plus $20 in exchange for their medical coverage information. The kits are easy and cheap to replicate, as they only require some cotton swabs and a mailer envelope. Victims were easily fooled into thinking they were receiving real testing kits.

The best advice for avoiding DNA test scams is remembering that no one will ever call you and offer you something that is genuinely free. Whether it is medical services or anything else, the only reason to offer you anything is because the other person is getting something in return. In this scam victims sensitive data or medical identity is compromised. Remember to always speak with your physician about any potentially necessary tests, or contact your health coverage provider directly to see if there are services or treatments you can use that they cover. Otherwise, steer clear of anyone who wants access to your records or data.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

A new report from the Federal Trade Commission found that tax return fraud actually declined recently, and Social Security scams stepped in to take their place. These scams can manifest in a few different ways, but all of them are intended to steal your money, your identity or both.

Listen to the real scam below:

In one of the Social Security scams circulating, a caller claiming to be from the Social Security Administration informs you that there has been suspicious identity theft activity involving your SSN. You are urged to purchase a prepaid debit card, iTunes gift card or other reloadable funds card and transfer all of your money out of your bank accounts and onto that card. This is supposed to keep those dangerous hackers from getting your money. The agent calls back later to confirm that you have done it, and then tells you the Social Security Administration will record the card’s account number and PIN number in your file, supposedly to protect your money in case something happens to that card. Once you read the card number and the PIN number to the fake agent, they will drain the funds off the card and you will now be completely broke.

The more common of the Social Security scams, is to call a potential victim and claim that their SSN has been suspended. This scam has actually been at work for some time, but there has recently been a renewed number of victim reports. In this Social Security scam, a fake agent tells you that your number has been suspended due to possible identity theft, meaning you will no longer receive benefits, it can no longer be used for health care or other benefits. You are required to confirm your SSN and some other sensitive personal information for the agent in order to reinstate your SSN. After you confirm your personal identifying information, the fake agent steals your identity and uses it for a variety of malicious activities, including opening new lines of credit and claiming your benefits.

In order to protect yourself, you must adopt one ridiculously easy habit: never believe what you hear over the phone. It is far too easy to scam people via phone, and thanks to simple tools that anyone can acquire, the scammer can even change their phone number on your caller ID in order to look legitimate. Therefore, it is vital that you ignore any warning or request from anyone who calls you—and the same is true for emails, social media messages or texts. If there is a genuine problem with your account or your information, you can always contact the organization, agency, or business directly to put the matter to rest.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you have not filed your tax return yet, the deadline is looming. If you have filed already, you are probably still very aware of the date as you anxiously await your return. Whether you have filed or not, there is a good chance you have encountered one or two tax scams this year or in previous. Many scammers take advantage of the lack of knowledge and fear that comes with the April 15th tax day. While there may be fewer calls from shady people demanding your tax information after the 15th passes, that only means that tax scams will take on a new look and scammers will adapt.

First, remember that not everyone will file by the April 15th deadline. Whether due to late activity or previously-approved extensions, a significant number of consumers will mail or e-send those returns in after the date. Scammers know this, and therefore, have no intention of cutting off their activity. It is important to be on the lookout even after the deadline has passed and after you have filed your return.

Of course, extensions or late filing only applies to some people. If you have already filed but a caller tells you that your return was never received, you can probably have a good laugh and hang up the phone. Why? Because the IRS does NOT call you, but rather sends letters through the postal service instead (if you have not received any confirmation that your postal return was received, you might check in with the IRS to be safe, but they still will not call you).

What if the caller has a different story? What if someone posing as an IRS agent tells you that your return had an error, or that they suspect you have been the victim of identity theft since someone else sent in a return in your name? Those scenarios can be very frightening, and that means these tax scams are a lot harder to ignore.

First of all, the same rule from above still applies: the IRS will not call you, even for something as serious as those situations. You will receive a mailed letter if there is an issue, and this letter will provide you with the information you need to take your next steps. Even if your caller ID says “IRS,” you should be very careful since it is most likely a scam.

Next, it is important to develop a good habit of safeguarding your information, no matter who calls or why they claim to need it. If you are ever asked to verify your identity by providing anything more sensitive than your name or home address, do not comply. Instead, take down the caller’s information and contact their company or agency yourself using a verified contact method.

Also, if you are ever told you failed to pay your taxes correctly or owe a penalty, you will never be required to make an immediate payment over the phone (see previous mentions of phone calls). You will have time to look into the matter and take appropriate action. This is very important: you cannot pay with an iTunes or other gift cards, no matter what the scammer tells you. You will also never be required to use an untraceable method like a prepaid debit card or wire transfer. Your own check, a money order, or a cashier’s check are all valid forms of payment.

Finally, tax scams rely on the fear factor of messing up where the IRS is concerned but do not fall for this scare tactic. The burden of proof has been on the IRS’ shoulders for quite some time, not on the individual taxpayer. Do not be frightened into handing over your money or your identity to a thief.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Imposter Scams Were The Most Reported Consumer Complaint

The Federal Trade Commission (FTC) is the U.S. government agency tasked with protecting consumers. Whether it is issuing warnings and recalls about dangerous products, policing companies for misleading advertising or helping write regulations in regards to harmful products, the FTC is certainly the unsung hero that protects all of us on a daily basis.

The FTC has another crucial job, it is the go-to department for reporting scams, fraud, and other related crimes. As such, the FTC keeps tabs on the types of consumer reports that are filed each year and releases this comprehensive information in its annual report from the Consumer Sentinel Network.

The 2018 report has been released with a shocking new finding: for the first time since the FTC began tabulating and reporting the complaints, imposter scams topped the list of most commonly reported consumer fraud.

An imposter scam occurs when a criminal uses a false identity or persona to trap you. It might be someone pretending to be a Microsoft employee, a Google ad salesman, someone from your bank or credit company, an IRS agent, or a customer service representative from your utility company, just to name a few examples. Using this false persona, the criminal alerts you to some plausible reason why you must pay money or face a consequence of some kind.

For obvious reasons involving threats of jail time and significant penalties, government imposter scams are commonplace. Scams involving phony IRS or Social Security agents made up about half of the 535,417 imposter scam attempts that were reported to the FTC last year. The thought of a fraudulent charge on your credit can make some scam victims comply with a banking imposter scam, but thinking that they have broken the law with regards to their taxes is far scarier.

What is interesting about the increase in government imposter scams is that it is branching out from the norm. IRS scams were commonplace for a long time, as a caller would contact you and claim you have failed to pay your taxes. Now, Social Security imposters contact potential victims and frighten them into thinking their SSN has been suspended or their benefits will not be issued that month unless they verify their identities.

In either case, the goal is money or information. If a scammer can convince you to pay or provide your personally identifiable information, then they can cash in. Sometimes the scammer even manages to acquire both a payment and your data, which will then be used for identity theft.

Unfortunately, as the number of complaint reports to the FTC increased, so did the number of losses that victims reported. With nearly three million different consumer reports made to the FTC last year, the total amount of loss was $1.48 billion, a 38 percent increase compared to the previous year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

Of all the user-centric, social media websites on the internet, it is possible that none has faced as much intense public and government scrutiny as Facebook. Apart from various bugs, glitches, and possible hacking attempts the company has endured since its launch, governments around the world have taken the website and its founder to task for nearly abusing its users’ privacy.

The site has a long history of gathering, storing, and selling users’ information and internet habits to third-parties, some of whom users do not want to be associated with. There have even been allegations that one specific third-party, Cambridge Analytica, was using information to influence political action.

Now, after a lot of public and legislative demand, Facebook will launch a new feature this year that lets its users clear their Facebook “connection” history. No, this will not delete your posts or photographs instead, Facebook clear history will show users what apps and websites they have visited that maintained a connection to their Facebook accounts, and give users the ability to break that connection by deleting their history.

Why should you do this? First, it puts a dent in the number of websites that can see your posts or content and gather information about where you go, who you visit, what you like, and more. From there, it can stop that information from being sold to advertisers.

The purpose of Facebook clear history really comes down to removing any trace of a connection rather than just blocking a website from accessing your data. Think of this example: if you were simply to remove a baby product website from your Facebook access, that one website could no longer target you with ads. However, any other website that sells similar products may still be able to see that you were once connected and that you interacted with those ads.

Until this new feature launches, there are some things consumers can do if they want to help safeguard some of their privacy on social media. Remember, though, the entire reason you can use these platforms for free is because they are benefitting financially from third parties who pay for access to your account activity.

First, stop logging in with Facebook. It’s very convenient to simply tap “log in with Facebook” on an app or other websites, but it connects that app or website to your Facebook account. Next, stop sharing the news of your latest high score in a game; no one actually cares how well you are playing, but more importantly that game is connected to your profile information. The entire reason that game lets you play for free is because they want that access.

Finally, do your own privacy checkups from time to time, not just on social media but on all of your online accounts. Delete cookies and your browser history if you do not want that information stored, and make sure your passwords are strong and up-to-date in order to keep hackers at bay.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

A lottery scam is still an ever-present threat despite high-tech cybercrime initiatives like hacking. These far more low-tech means of stealing from innocent victims take no skill whatsoever to accomplish, meaning they may be more likely to impact you than high-tech crimes. A Greenburgh woman has been arrested in connection with a lottery scam that authorities said bilked at least 30 elderly victims out of more than $1 million.

There are many different ways a lottery scam can manifest, but they all have a few things in common. First, there’s some “story” behind why they need you to pay a small fee in order to claim your outrageously high-dollar winnings. Second, they want access to your bank account to directly transfer your winnings to you.

The fees – Different versions of lottery scams have different reasons for this phony fee. It might be taxes on your new wealth, a “transfer” fee since the lottery originates in a foreign country, a currency exchange rate fee (again, due to the different country of origin), or a processing fee to transfer the money to you. In any event, it’s all fake. There’s no reason at all—not even taxes, which are paid after you accept the money and not before—to give anyone a payment in order to claim something you have won.

The account access – Scammers who claim you’ll receive a direct deposit or electronic transfer will ask for your bank account number, your routing number, and even things like your Social Security number or birthdate. The criminals have no intention of putting money into your account, but with the information they requested they can easily remove every penny you already have.

A lottery scam, fake sweepstake, and phony contest have some other common threads, and you can spot them before they strike if you understand a few universal truths:

1. You will never, ever win a contest of any kind if you did not enter it. That means the Jamaican lottery or the Facebook sweepstakes or any other phony contest is not going to send you millions of dollars.

2. There is no such thing as a transfer fee, upfront tax costs, or any other payment required for receiving the money you have already won.

3. Online contests should be treated with caution. There are some legal web-based outlets for selling lottery tickets within the US, but even those sites are coming under fire for being too similar to known but unrelated scams.

4. You do not have to “win” to be a victim. Officials have reported a marked increase in scams in which the thief claims he is a foreigner who bought a legitimate lottery ticket within the US, but that he cannot win because he is not a citizen. He offers to split the money with you if you will go claim the winnings but asks you for a hefty fee up front to ensure you do not run off with his ticket.

5. Ticket scams are another common threat, especially for sought-after sports events or sold-out concerts and theater performances. Beware of messages that claim you have won tickets (or have the opportunity to pay for a chance to win tickets) to March Madness, “Hamilton,” or any other exclusive event.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The How and Why of Tax Identity Theft

The federal government shutdown is affecting hundreds of thousands of employees and their families, but other victims stand to be harmed as well. While the government and its agencies handle the employees and continued services for the duration, criminals have been busy contacting consumers with plausible shutdown-related scams.

One law enforcement agency has already alerted area residents to a Medicare scam related to the shutdown. Callers posing as government employees contact random citizens and claim their Medicare (and conceivably Medicaid as well) coverage will be suspended during the shutdown unless the would-be victim signs up to have their information submitted manually. Faced with losing healthcare and prescription coverage, it’s easy to see why someone might willingly hand over all of their personally identifiable information.

Another variation related to the shutdown involves zero-interest temporary loans to “help” federal employees weather the weeks ahead without a paycheck. It sounds like the ideal solution to a terrifying problem, right? Just receive the loan and pay back the funds when work resumes and any back pay arrives? Unfortunately, this isn’t a government program or even one that’s backed by any financial institution. It’s entirely the product of a scammer’s imagination; providing your personal data and your bank account information—presumably for the loan to be directly deposited—only makes you their next victim.

Yet another confirmed instance involves phishing emails that appear to come from your bank. The subject line may actually be very comforting, something about skipping payments during the shutdown, but that’s only to get you to open the email. Like most phishing emails, you’re directed to click the link to sign up for the free payment forgiveness offer, but the link can install harmful software on your computer, redirect to a fake website that steals your information, or worse.

It’s sickening to think that anyone would be so cruel as to steal from federal employees or Medicare recipients at a time like this, and worse, would use a frightening scenario such as the shutdown to steal from the public. Sadly, scammers love nothing more than a widespread crisis to lure their victims into their net.

There are some steps that consumers can take to protect themselves. Fortunately, these are not only useful during this shutdown, but rather are good habits to develop to keep yourself safe at all times:

1. Do not confirm your identifying information for anyone who contacts you.

No matter what excuse they give, refuse then take down their information. Then, using only a verified contact method, contact their business or agency yourself and find out what is wrong with your account.

2. The government will not call you out of the blue, regardless of what agency they work for.

If you receive a call from someone claiming to work for the government, it’s probably a scam.

3. The same applies to financial institutions.

Legitimate offers from a bank will arrive via postal mail and will never expect you to provide personal information to a caller or via email.

4. The best offense is always a strong defense.

Become “suspicious by nature” when anyone contacts you and wants your information or account access.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The Government Shutdown is Hurting Crime Victims

If you pulled up in your driveway and saw an orange extension cord running from your exterior outlet to your neighbor’s house, you might have something to say about it. If your neighbors ran a long wire to your cable box to steal your cable, you would probably do something about that as well.

But your neighbors could be stealing your internet connection without your knowledge. Without the need for wires or cords, they could have gained access and your signal strength could be suffering. Worse, you don’t know what kind of activity they’re engaging in over your connection, or what else they may be able to infiltrate over your wifi.

There are a few ways you can tell if someone—a neighbor or even someone paused nearby in a vehicle—is using your internet connection:

1. Internet Slowdown – if your internet connection is suddenly slower, meaning web pages don’t load like they once did or your favorite videos just display an icon circling around instead of playing, you might be running too many devices on your connection. If you know that you haven’t increased the number of computers, phones, tablets, laptops, or IoT devices, someone else may have joined.

2. Check Your Connection Settings – if you can access the app for your router (the box that turns your modem into a signal broadcaster so wireless devices can reach it) or visit the manufacturer’s website to see your account, you should be able to see how many devices are connected to your network. Their customer service department can help you with this step.

Once you find out if someone else has jumped on your connection, it’s actually a pretty easy fix. First, password protect your wifi network, which is a good idea even if no one has been using your connection; however, if you already had a password in place, then the outsider has gained access to it somehow, so simply change it. Also, be sure to check for any available updates to your router’s software since outdated software could have vulnerabilities that outsiders can exploit.

Unfortunately, if someone has been using your wifi, there’s a chance they also accessed sensitive information about you and your family. Change the passwords on all of your sensitive accounts like email, banking, and retail shopping sites, and monitor your accounts for any suspicious activity.


Read next: “Don’t Get Scrooged by a Holiday Scam”