As the COVID-19 pandemic continues to grow and seriously impacts everyone across the country, so do the number of COVID-19 scams that will pop-up trying to get access to personally identifiable information (PII) and finances. It can be difficult to decipher which emails, phone calls, social media posts or text messages are scams versus legitimate ones. Scammers will always take advantage of new opportunities in a time of crisis like evictions and foreclosures assistance, unemployment benefits, stimulus payments, etc. Here are some tips to help navigate those emails, text messages and voicemails:

Go to the source

Unsure if something is legitimate? Go to the source of the potential assistance. That means if the offer of unemployment benefits seems to be uncharacteristic, go directly to the employment development department and check their website. If it has to do with housing – whether that’s eviction or foreclosure assistance – head to that source (local housing commission, banking institution, etc.). Don’t trust an inbound message that isn’t verifiable.

Unsure of how a fraudster might try to get consumers to self-compromise?

Based on experience, the ITRC anticipates that they will give these a go:

1. Government Checks: Consumers receiving an email or phone call from someone that claims they can ensure a check from the government for an individual right now; it is likely a COVID-19 scam. The government is still working on the details of how these funds will be made available as of the original date of this post. For specific details, consumers can always visit local, state or federal government websites to get the most accurate information.

2. Asking for Verification of PII: If someone calls asking for a Social Security number, driver’s license number, credit card number or bank account information, it is a high probability that it is a scam. Say “K, Bye”, hang up and call the company directly to see if the offer is legitimate. If it is real, they will have a record of the calls and offers that were made.

3. Pay Upfront for Government Assistance: The government will not ask consumers to pay upfront to get any of the relief money. Scammers have attempted this before with the “Federal Government Empowerment Money Program” scam.

4. Social Media: If consumers receive messages on a social media platform claiming to be the government for anything regarding COVID-19, anticipate that this is a COVID-19 scam, too. Report it to the social media platform and block the sender. The government does not contact individuals through social media. Additionally, posts or messages enticing individuals to “sign-up” to receive more information on how to get access to more information or funds should be considered gateways to compromising PII.

5. Emails: There are loads of phishing emails under the guise as COVID-19 help. If an email arrives that wasn’t expected, ignore it and go directly to the source to determine whether or not it is legitimate. Under no circumstances should consumers click on any links or open any attachments from unanticipated emails or texts. COVID-19 scams via phishing emails are going around right now attacking both businesses and consumers.

6. Phone Calls: COVID-19 phone scams are beginning to gain steam and something else consumers should be aware of. The advice for phone scams is pretty similar to email scams. Don’t answer calls from numbers you do not recognize and do not return calls from voicemails if you aren’t completely sure from whom the call originated. Should a call regarding COVID-19 assistance inadvertently get answered, say “K, Bye!,” hang up and directly call the source. Verify the legitimacy of the call.

7. Grandparent Scams: Grandparent scams have been around for a long time and play on the fear of loved ones. Recently, scammers have been posing as family members that are sick and need money to pay their medical bills. It is important for people to resist the urge to act, no matter how dramatic the story is. People should also never make a payment over email or the phone to someone they were not expecting to hear from. Instead, they should hang up and reach out to the mentioned loved one directly to see if they are okay.

Scammers Take Advantage of Public Events

Every time there is a crisis, natural disaster or newsworthy event, expect scammers to come out in full force looking to take advantage and play on the public’s fear of the unknown. It is important to not let scammers take advantage of us while scared and unsure of what to do. These tips should help reduce the risk of falling victim to a COVID-19 scam.

Contact ITRC For Free Assistance

You can call the Identity Theft Resource Center toll-free if you think you may have been a victim of any type of scam at 888.400.5530. You can also live chat with one of our expert advisors for assistance.

Don’t forget to download the ITRC’s ID Theft Help App to help in managing your identity crime case should you find that you are a victim of a scam.


Read more:

As too many victims have already learned, there is something worse than just being a scammer’s prey. That something worse is being pulled into the scam yourself until you are (inadvertently) a criminal as well. There are a variety of scams, including romance scams, work-from-home scams and lottery scams, in which being snared in the scammer’s trap can leave you facing jail time. It is what is called a money mule scam.

In a money mule scam, criminals get someone else to move funds for them. It might be cashing checks and mailing the money to other people, depositing funds into your account and buying items that you send elsewhere, or any other similar kind of transaction.

First, never give money to someone you have met online, no matter what excuse they give you. However, the flip side is that you should never accept money from someone either. Ask yourself why this person is using you as their own personal ATM, or why you are the one buying iPads or smartphones and shipping them to other people. Why can’t your “friend” do it themselves?

The answer is not a good one. There is no legitimate, legal reason why someone can manage to send you money but cannot make a purchase for themselves or transfer that money to a different individual. The only reason to do it is to avoid putting their name on the paper trail, or because residents of their home country are not allowed to make the purchase or transaction. Most likely, though, is that the original funds were stolen. You are now the person who deposited that stolen money into your bank account, and you can be subject to a criminal investigation as a result.

One variation of the money mule scam includes overpayment scams. This happens when someone sends you money—often for a fake “work from home” job, an invoice to your company, or even a purchase like buying your used car—and then claims they have overpaid you. When you accept their funds and send some of it back, you are not only taking the risk that their check was bad and the refund actually came out of your own account balance. Worse, their original funds may have been stolen. You took possession of the stolen money (which can be a crime) and then turned around and moved those funds back to them from your account, which can fall under money laundering.

What do you do if you think someone is using you as part of a money mule scam?

  1. Contact the Identity Theft Resource Center and the Federal Trade Commission for help and information.
  2. Stop making any sort of transactions immediately.
  3. Monitor your accounts to ensure the scammers are not still able to access your funds.
  4. File a police report if you have lost any of your own funds in interacting with the scammers.

Money mule scams are some of the most dangerous scams because they can inadvertently turn victims into criminals. Do what you can to educate yourself to reduce your risk of falling victim.


You might also like…

Did you get a letter in the mail about the census? The Identity Theft Resource Center (ITRC) has seen a rise in our contact center through calls and LiveChat messages recently about a letter from the U.S. Census that people have been getting in the mail titled “My 2020 Census.” Callers are afraid it might be a scam because of the word “my” before “2020 Census.”

The ITRC has verified the legitimacy of this letter and is not a scam. The official U.S. Census Bureau website “2020census.gov” will direct people to “ https://my2020census.gov/,” where you will start your individual questionnaire. You will then be asked to log in with the 12-digit Census code provided in the materials that were mailed to you. It is safe to login with the 12-digit code and is not a scam.

The U.S. Census Bureau also has an alert on its website that individuals will receive this letter between March 12-20, 2020.

Image from https://my2020census.gov/

The ITRC is encouraged by all of the calls and messages to the contact center because if something seems suspicious, you should always reach out to a verifiable resource to confirm or deny the validity of the letter, email, etc. The U.S. Census Bureau also has a helpful page about how to verify a census survey, mailing or contact here: https://www.census.gov/programs-surveys/surveyhelp/verify-a-survey.html  

Update as of 3/20/20: During this time of quarantine due to COVID-19, all Census field operations have been suspended. As noted in a press release, “Beginning today, in support of guidance on what we can all do to help slow the spread of coronavirus, 2020 Census field operations will be suspended for two weeks until April 1, 2020.” This means if someone knocks at your door claiming to be from the U.S. Census Bureau, it is a scam and you do not provide them any information.

If you get a letter in the mail in the coming days titled “My Census 2020,” follow the instructions on it and take part in the survey. If you have any questions, call the ITRC toll-free at 888.400.5530 or live-chat with one of our advisors.


You might also be interested in…

First, hackers were taking advantage of the global pandemic coronavirus news coronavirus with an email scam that targeted consumers. Now, they are targeting businesses with a new coronavirus business scam.

Just like the last scam, criminals are using the concerns over the outbreak to unleash malware. They are continuing to try and find ways to make money by playing off everyone’s concerns and fears.

This coronavirus business scam is targeting professionals by sending phishing emails that look like a company’s purchase order for facemasks or other supplies that could trick employees into making payments to a fraudulent account. Scammers are also sending phishing emails about a company’s remote-work plan in hopes to get a response that provides personal details.

According to Proofpoint’s analysis cited in an article for the Wall Street Journal, attackers have sent emails containing nearly a dozen types of malware. Some of these emails even include company logos, instructions and attachments.

As long as the coronavirus stays in the headlines, so will the scams. In order to avoid these scams, it is critical that everyone adopt and develop good cybersecurity behaviors and habits. Here are a couple of tips to help you reduce your risk of falling victim to a coronavirus business scam.

  • Never click a link, open an attachment or download a file that you are not expecting. Instead, you should contact the sender to verify its authenticity. If the sender is not someone you regularly interact with, ignore the email. If it is someone you know, still verify the email before you click any links or open any attachments.
  • Do not share or forward emails about the coronavirus unless you have verified its authenticity. They are often alarmist to the point of being hoaxes or contain outdated details. In the case of the coronavirus scam, they contain dangerous links.

It is important to stay up-to-date on all major events. In order to stay on top of the news, go directly to trusted sources like the CDC or World Health Organization for updates and information.

If you believe you have fallen victim to a coronavirus scam, contact the Identity Theft Resource Center toll-free at 888.400.5530 to speak with an expert advisor. You can also live chat with us. Our advisors will help guide you through your case and provide you with the proper resources.


You might also like…

A new PayPal phishing scam is making the rounds that are hard to spot, which emphasizes the importance of using an abundance of caution when you receive a message you are not expecting.

Phishing scams work by tricking people into clicking a link, opening an attachment or redirecting to a website. From there, the scammers might install harmful software on your computer, infect your entire network with a virus, steal your login credentials or other similar tactics. Some phishing scams are much simpler, though, like the infamous Nigerian prince emails that trick people into sending money or paying a fee.

There are two different kinds of phishing scams. Some of them, like the ones that claim the sender needs help getting hundreds of millions of dollars out of the country, can be somewhat unrealistic and filled with grammar errors.

The other kind is more sophisticated. They might contain cut-and-paste corporate logos, copied wording from a real company communication, perhaps a copycat address that could fool savvy consumers. Those phishing attempts are trying to convince the recipient that there is something legitimately wrong with their account, their tax return or some other plausible situation.

A new PayPal phishing scam that pretends to be from PayPal is a good example. This message has a very friendly tone, correct spelling and grammar and even has the company’s image in the message. It informs the recipient that PayPal was unable to process their refund of a high-dollar value amount and to please go to Member Support for assistance. As part of the PayPal phishing scam, the handy link is even provided in the message.

Since the recipient does not remember sending or refunding hundreds of dollars, they might click the link to find out what is going on. That is when the scammers have redirected them to a different site where the consumer will type their login credentials—while the scammers steal that information—and see that it was all a big mistake and nothing is wrong. It is also possible that clicking the link will instead install malicious software like a virus on the user’s computer.

In any event, the same advice as always applies: never click a link, open an attachment, download a file or follow through with any instructions in a message that you were not specifically expecting.

Instead, ignore the message. Simply contact the company yourself using a verified contact method that you looked up, not one that may have been provided in the message (it could lead you right back to the scammers). Once you go to your account or contact customer service, you will discover that everything is fine. On the off chance there really is a problem with your account, you will also be able to fix it right then. The Identity Theft Resource Center is here to help if you believe you are a victim of the new PayPal phishing scam. Call one of our advisors’ toll-free at 888.400.5530. You can also live chat with an advisor. They will walk you through the next steps you need to take.


You might also like…

It seems like there is no end to the ways that hackers can attempt to attack victims. From the loss of funds, lost time from work to handle the matter, even a lost sense of safety and security as reported by victims in the ITRC’s Aftermath report, it can feel like one crisis pops up after another. One victim had to seek help over a whole new kind of identity theft attempt, that being income tax documents from a phone fraud attack that, fortunately, was unsuccessful.

A man in Florida received a phone call that someone had used his identifying information to buy two cell phones at a nationally-known cellular store and racked up a $2,399 debt. He spoke with an agent from the company, explained that he was not the customer—nor did he even have any accounts with that company—and they worked together to resolve the issue. Since identity theft is a widespread and well-documented problem, he thought the phone fraud matter was put to rest.

However, the man then began receiving letters about the two phones and their unpaid bills. He called the company again to explain that this was a case of identity theft. Finally, things came to a head when the man received the most unexpected and unwelcomed surprise: a 1099-C form that he was supposed to include in his income tax filing, claiming the cancelled debt from the fraudulent purchase of the phones as considered income.

How can that be? Easy. Companies can file your unpaid debt with the government as extra income you received. After all, if you owe money to a business but do not pay, you essentially kept that money and therefore it amounts to additional income. The issue is that filing a 1099-C is saying “Yes, this debt is mine and I’m being forgiven” when in reality, this is a case of account fraud and the individual should not have to have the debt reflected on their credit reports for the long-term.

“It’s almost like you’re guilty until you can prove you’re innocent,” said the victim.

What’s so strange in this account fraud case is that it was actually the cellular provider who first contacted the man and said they suspected phone fraud. They were the ones to spot suspicious activity and decided it warranted another look for account fraud. Yet after confirming several times that he was not the one who purchased the phones, they sent him the document for him to claim responsibility.

The identity theft victim eventually reached out to a local news station for help after getting nowhere in resolving the phone fraud case. By shining a larger light on it, a reporter was able to speak with a company representative who said the issue would be corrected by dismissing the case and letting the credit agencies know so that the victim’s credit reports are not impacted.

This event goes to show that there is no such thing as being “safe” from identity theft concerns and that even an old incident can have lasting repercussions. It is also proof that account fraud can happen in many different ways.

Unfortunately, it often falls to the victims to advocate for themselves and make sure that all incidents are handled fully. That is why it is important to keep good records of everyone you have spoken with about an incident, note the dates the conversations took place, keep copies of any documents that you have that can provide a paper trail and even file a police report when you know your identity has been stolen. Try using our free ID Theft Help Case log where you can document the steps you’ve had to take in resolving your account fraud and export to a PDF document.

If you believe you have been a victim of account fraud, or identity theft in general, reach out to the Identity Theft Resource Center for free assistance at 888.400.5530. You can also live chat with us. Our expert advisors will help you create an action plan for your case and point you to who you need to contact and what you need to say.

For on-the-go identity assistance, check out the free ID Theft Help App from ITRC: https://www.idtheftcenter.org/itrcapp/


You might also like…

With graduation just around the corner and college plans already taking shape for a lot of students, this is the time of year when students put in a lot of work in finding sources of financial aid. However, scammers are working just as hard in order to take advantage of students who are trying to spend wisely for higher education with student loan scams. Here are just a few of the ways scammers can put a very expensive damper on your plans.

Scholarship “Finders”

For a hefty fee and access to all of your sensitive information, some notorious sites will claim to seek out scholarships that you are eligible for. The problem is that you still have to do the work of applying for them. So, all this company did was take your money, input your information into a large search database—one that the public can also access for themselves—and send you the results. They literally got paid to do what you could have done for free, only they were hoping you did not know that. This is a classic student loan scam.

“Guaranteed” Acceptance Aid

Any form of financial aid that tells you it is guaranteed is probably a scam. After all, there are a lot of factors at play when it comes to approving requests for financial aid. Your FAFSA form is your first step in filing for financial aid, so start there at FAFSA.gov.

High-Pressure Pitches

Yes, our country is stronger when its young people can access the kinds of educational and work opportunities they desire. However, any company that contacts you relentlessly—whether by email, phone, text or social media ad—has another interest in mind, and that is getting money from you. To avoid a student loan scam, stay away from any website, platform or company that goes with high-pressure, act-now sales pitches.

Loan Erasure Scams

While student loan debt can be a burden for a lot of people, scammers are making it a lot worse. By claiming to offer services that “erase” or forgive your student loans—which are nothing more than government programs that anyone can apply for on their own—scammers take your money in the form of application fees and steal your identifying information. Then they leave you with just as much debt as you had before.

When it comes to student loan scams, a good rule of thumb is to be very wary of anyone who wants your personally identifiable information or who insists on upfront fees. If you do a little bit of homework, you might discover that the company is charging you money for nothing in return. Stay safe this student loan scam season by not falling for the scammer’s tricks.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Scammers are trying out a new “cancellation request” email scam to see if anyone will fall for it, even employees at the Identity Theft Resource Center (ITRC).

There are a few hilarious videos floating around online in which scammers call an unsuspecting victim and threaten to have them arrested. Many of these scammers claim to be with the IRS or the Social Security Administration and inform the consumer that they will be arrested if they do not pay a hefty fine immediately over the phone. The hilarious part? Some of the videos, such as this one, were received by the police.

Of course, scams are not funny when the recipient cannot tell they are being scammed. One “cancellation request” email scam attempt that was received by a staff member of the ITRC claimed to be shutting down their work email address; clicking the “cancel” button would supposedly stop it. Fortunately, as an ITRC staffer, they were very aware of many of the tactics these criminals use and did not click the button.

In the case of the email shutdown message, there was a link button for the recipient to click. As the ITRC and other experts have warned for years, you should never click a link, download a file or open an attachment in any kind of message unless you were specifically expecting it. Why?

  • It can contain a virus
  • It can redirect you to a page that steals your personal information or login credentials
  • It can propagate within your computer or network to look for files that the scammers think are useful
  • It can be ransomware, which will lock up your entire computer or network until you pay the ransom to the scammers

There are things you can do to see whether or not an email is an email scam. First, hover your mouse over the sender’s email address. Do not click it. Just hover. The actual email address will show up in a small box. Next, look for grammar errors or misspellings in the message itself. If you spot any, it is probably not a real message. Finally, on the off-chance there is something to this warning, head over to your account yourself by going directly to the company’s website. Find out if there is anything wrong and handle it that way instead of clicking through. Hackers are always looking for new ways to scam consumers. However, if you implement these practices, it will reduce your risk of falling victim to the latest scam that is making the rounds, including this “cancellation request” email scam.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

When you are on the internet in this day in age, you always have to be cautious about whether games and deals are legitimate fun or a social media hoax. There is no shortage of ways to earn money, win prizes or benefit from free goods online. Contests, giveaways and company discounts are all over, and the chance to score some savings can be very enticing. Sometimes it takes nothing more than “liking and sharing” a page. Other times, it requires you to sign up with your identifying information. Unfortunately, scammers know that as well.

From social media hoaxes and fake contests to outright phishing attempts that steal your information, there is no end to the ways that criminals will try to take advantage of you. Adopting a suspicious air of caution is important whenever you sign up for something, enter a game or contest or any other type of activity that exposes your information.

For example, a new contest has made serious waves online, mostly for its originality but also for its red flags. A group known as MSCHF has had a lot of fun—and shared that fun with a vast community of online users—with innovative and inventive offerings. Their newest project, however—Password of the Day—is no exception.

The way it works is you sign up with your phone number to receive text messages from the company. Every day, users can request the “password of the day.” The reply will include the login credentials for some kind of online account. It might be an Amazon account equipped with Prime, a PayPal account with a $1,000 balance in it, a Disney+ account or any other kind of account. Not knowing is part of the game, after all. The trick is the first person to find the online account that those credentials go to gets to keep it.

Fun, right? Except for some media coverage of this “internet treasure hunt” that failed to point out where exactly these login credentials came from. That left people to speculate as to whether these credentials had been stolen or bought from the Dark Web. Is this the latest social media hoax?

Luckily, no. Upon further research about this game, showed that the creators had established all of the accounts themselves to give away. That might not have been clear at the onset to some users since the game was very mysterious. However, it is a legitimate game that does not steal from others.

It is hard to find fault with the people who were concerned about a social media hoax, though. After all, the internet is filled with too-good-to-be-true offers, fake coupons that require you to turn over your personal data and surveys that go on for page after page and result in a flood of spam emails. Furthermore, this game requires you to submit your cellphone number—in order to receive the text messages—and that can make people stop and think, too.

This should serve as a warning to all internet users to be careful of “crazy” deals and offers. More importantly, do your own homework before signing up for or rejecting a company. Simple Google searches can tell you a lot about whether or not it is a social media hoax. If you are still unsure, contact the company directly or err on the side of caution. In the meantime, enjoy the game when a company has proven itself to be trustworthy!

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.


For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…