Ransomware, spearphishing, trustjacking, crypto jacking…every time you turn on the news, it seems like there’s a new form of cyber attack with a strange new name to go with it.

However, understanding what the term means and how it can impact you is important. Knowing what kind of threats you may encounter will help you to take as many preventive steps as possible.

Only a couple of years ago, security researchers at Proofpoint designated a new form of attack called “angler phishing” that could potentially affect anyone. Named for the far-from-adorable anglerfish that attracts its prey with a lure that grows from its head (remember Finding Nemo?), an angler phish attack occurs via social media when scammers spoof a well-known company’s customer service account. They lure in unsuspecting victims by pretending to be helpful, supportive agents of the company.

It might not sound like the most effective way to trick someone into handing over access to their personal data, money or computer, but the most recent report shows that this type of tactic is responsible for about 55 percent of the social media spoofing attacks.

These attacks are actually very simple. Scammers create a fake account on a site like Twitter, such as @AmazonHelp$, instead of the genuine customer service account. They wait for a Twitter user to send out a seemingly harmless but obviously irritated message, such as, “Ugh! Can’t believe Amazon still hasn’t delivered my package!” The scam account is set up to automatically respond to any message with “Amazon” in it.

The fake account responds with something professional sounding, like, “Sorry to hear about your package. Click the link below to talk to an agent.” The problem is the link actually installs a virus on the user’s computer.

If your tech skills are strong enough, you can spot a faked customer service account. Depending on the platform you’re using, you can look back at the account’s posts and see a pattern. A strange number of posts would also be an indication that this may not be a real account. The most important thing you can do to protect yourself is avoiding the temptation to click a link. Sure, it might be a convenient way to resolve an issue, but it’s just as likely to be a scam attempt.

To be certain that you’re only dealing with legitimate company resources, go directly to the business’ website and locate the customer service center. You can avoid copycats and scammers by only communicating with the actual site.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The world of cryptocurrency is filled with opportunity, but it can also be like wading into a pool of rip-offs and scams if you don’t know what you’re doing.

The easiest of these scams are the simple phishing emails that entice you to turn over your personal data, your money and access to your computer. But new scams have cropped up, including one that is so hard to discern because it mimics a real—albeit risky—activity around cryptocurrency.

You might have heard the term “air drop” in the past because it’s a handy feature on many smartphones. It lets you send a large file, such as an entire folder of pictures or a long video, to someone in the vicinity if you’ve both approved the connection. That’s not the case with cryptocurrency airdrops.

A cryptocurrency airdrop is a legitimate venture, but a risky one. Basically, an existing form of “internet money” launches an airdrop, which allows people to snag some of the coin or currency. This isn’t a “get rich quick” maneuver but rather is intended to be a long-term investment.

The scam comes in when someone develops and announces an airdrop of a specific currency, but it’s really just a copycat of another coin. There’s no actual air drop opportunity, but the victims just opened access to their digital stash of cryptocurrency (in order for the coins to be airdropped into their crypto wallets) to the scammers.

As with any other type of scam or fraud, criminals are coming up with new ways to steal from victims every day. With so much nuance surrounding the function and investment in cryptocurrency, scammers who are looking to steal from newcomers don’t have to work too hard. If you’re interested or already investing in cryptocurrency, it’s absolutely vital that you do thorough research on every communication, opportunity, and mechanism to come along.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

A tech support scam that was shut down a couple of years ago is back, this time masquerading as a browser locker. You’re happily going about your business on the internet when suddenly a red screen appears, telling you that your computer is infected (one Identity Theft Resource Center staffer even had audio warnings accompanying the message, to make it seem more serious) and it appears your browser is locked.

The catch is the browser isn’t locked at all, it just appears that way.  The user is generally frightened into not clicking out of it, turning off the computer, or taking other actionable steps. Instead, the message tells the user to contact tech support—sometimes listing real companies like Microsoft or the security firm Malwarebytes—who will redirect them to another external support company. The victim is coerced into paying to “clean out” the computer, then duped into purchasing an expensive “tech support” subscription.

All that money was spent on an issue that could have been undone with a few clicks.

The first thing you can do to protect yourself is to understand a few basic principles behind how your computer works. Some tech support scams are perpetrated through the phone, meaning a scammer calls you and informs you that your computer is infected. But no one hires teams of professionals to sit in a help center and monitor your network; not only would that be an incredible invasion of privacy, but how would Microsoft afford to pay people to “watch” millions or even billions of users’ computers?

Popup boxes are also familiar sources of tech support scams, but the strange thing is they’re generally harmless. They’re often just some code that was inserted in the webpage you’re viewing. It’s only when you click on the button to “clean” your infected computer that you install the virus yourself.

In this scam, though, the criminals are using a browser locker. It makes you think your browser is frozen or locked up. It’s really not. You were merely redirected to a malicious URL that looks like a warning. All you have to do is click control-alt-delete (on a Windows computer) to open the Task Manager, then highlight the browser and click “End Task.” When you relaunch your browser, it might offer to “Restore” your previous session; don’t do that since it will reopen the page with the browser locker and you’ll have to repeat this process.

It’s worth noting that many browser lockers frighten you with warnings about criminal activity. It might be a message that claims to come from the FBI, saying you were looking at pornography (not a crime, in most cases) or pirating copyrighted content (this is a crime, but that’s not what you were doing when your browser locked up). There might be warnings about how all content on your computer will be recorded by the government if you click out of the browser, or other ridiculous claims. Don’t fall for the scare tactic. Just exit your browser and make sure your popup blocker is enabled.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Older Americans may be accustomed to having their Social Security numbers used as identifiers, especially for important purposes like military service or healthcare.

But skyrocketing rates of identity theft and data breaches over the past few decades have led to a lot more caution when it comes to our personally identifiable information. Savvy consumers now know that their SSN, driver’s license number, birthdate, and other key details can be used by a thief.

Unfortunately, there are some things you just can’t get around. Any time an older adult uses their Medicare card, for example, their SSN is visible right on the card. Going to see the doctor, picking up prescriptions, and other everyday tasks mean putting their most sensitive information in the hands of a stranger and hoping no one copies it.

But that’s about to change. The Centers for Medicare and Medicaid Services (CMS) will begin mailing new cards to Medicare recipients and these cards will replace the owner’s SSN with a Medicare-specific identifier number. It will take about a year for all Medicare recipients around the US to receive their cards, and that can spell trouble for the users in the meantime.

During this transition time, your original Medicare card will still be valid. That means you still need to protect it just as you have before, and you will need to destroy it according to the mailed instructions when your new card arrives. This turnover to the new cards also means scammers may already be preparing to lure victims into giving them money or information.

If anyone contacts you and claims to be from the Social Security Administration, Centers for Medicare and Medicaid Services, a doctor’s office or hospital, a pharmacy discount program, or any other related entity, STOP. Think about what they’re saying and what they’re requesting before you take any action. Remember, no matter how plausible it sounds, don’t be fooled into turning over money or your personal information. You will not have to pay a fee for your new card, and, no, your coverage for healthcare or prescriptions will not be stopped if you fail to “register” or verify your information with the caller.

If you are contacted by anyone claiming to need access to your information, take their name, phone number, employee identification number, and the company or agency they claim to work for. Hang up, then look up the number for that agency yourself; do NOT simply call the number they provided, as you may be calling the scammer right back. Using a verified phone number, report the phone call to an agent and make sure that everything is secure with your account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Scammers have long relied on “spoofing” to lure victims into a sense of trust.

It might be an email with a cut-and-pasted logo from a well-known company, or a fake phone number that appears on your caller ID, tricking you into thinking it’s the police, the IRS, or even your neighbor on the line. But a newly reported tactic relies on two different companies’ names to convince you that it’s safe to click.

According to reports, it starts as an email from FedEx, informing you that there’s a problem delivering your package. The message includes a link, supposedly for you to download a new shipping label. Clicking on the link even takes you to a Google Drive account to print the label, so you know it’s trustworthy, right?

Of course not. Everything about it, from the original email to the shipping label, has been recreated to look like communications from FedEx and Google. Rather than resolving this mysterious shipping issue, the link installed software on your computer will mine information from your hard drive, your web browser, your search history, and more.

How do you avoid these kinds of threats when everything about them looks legitimate? It’s actually quite simple, but it involves developing a few steadfast habits.

1. Never click a link or open an attachment that you weren’t expecting – It doesn’t matter if you’re at work, at home, on your mobile device, or any other scenario: if you receive an email or a message with a link or attachment, ignore it. Contact the person who supposedly sent it, even if it’s a major company, using a phone number or email address that you looked up for yourself. Find out what the message was about, what the issue supposedly is, then take corrective action that way.

2. Install up-to-date, quality AV software – Antivirus software can go a long way towards helping you block harmful downloads, but remember, it can’t do its job if you don’t update it. Without those updates, the software only knows about threats that existed the day you installed it, not any harmful software that’s been created since then.

These good habits can create a safer internet experience for you and your family or co-workers, but can also help fight back against the spread of malicious software. Stay on top of the threat by refusing to install it.


 Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Investigators believe that third-party sellers on Amazon are buying their own products in order to leave a wonderful five-star review, then using victims’ names and addresses to appear as independent customers.

Scammers find new ways to commit fraudulent acts all the time; it seems like it happens daily. Some of their methods are so sinister they are immediately taken as a threat, while others seem a lot less alarming on the surface.

One newly reported scam looks a lot less like a potentially harmful crime and a whole lot more like a generous friend or family member, but it could be a sign of trouble.

It’s scary because victims may not even know they’re part of something underhanded.  Called a “brushing scam,” box after box of “free” goods show up on their doorsteps, causing them to feel like they just won the lottery instead of being targeted by scammers. One couple found out they were victims of a brushing scam after countless boxes began arriving from Amazon, filled with a seemingly random assortment of items.

The victims are not charged for the items in questions, but also can’t stop the items from being shipped. Scammers engage in this behavior in an effort to make the purchase look genuine and avoid violating Amazon’s terms for reviewing one’s own products.

Again, some people might not think of this as being “victims” of a scam. After all, you’re not being charged for the items, no one has touched your credit card (that you know of), and technically, these items aren’t even stolen since the seller is the one who purchased them. Wouldn’t it be neat if some of those boxes contain some new gadgets?

The reality, though, is being involved in a brushing scam means that someone has gained access to your name, mailing address, and potentially other information. What else are they doing with it? Depending on how they accessed your information, they could be privy to a lot more of your personally identifiable information than you realize.  Other crimes, such as hacking into a retail website where you legitimately placed an order so scammers can get your data, may have led to your information being used in a brushing scam.

If you begin receiving packages that are addressed to you but you did not order, contact the retailer immediately. Then change your passwords on your online accounts, just in case the scammer got your address by hacking an account. If the volume of shipments becomes a problem, such as the case of the victims in Arizona, you can contact the post office for help with holding packages until you can pick them up or otherwise handle the matter.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Has Your Password Expired? No, So Don’t Click that Link!

There’s a new phishing scam making the rounds, one that tricks you into clicking a link and turning over a lot of your sensitive information. This scam starts with a very official-looking email that says you must renew your password, but steals your data instead.

It might look like the message comes from your email provider, your Amazon account, your online banking account, or any other sensitive website, but there’s a good chance the email is a fake. Scammers use a tactic known as “spoofing” to make their email look genuine, but the link they provide for you is false. At best, you’re asked to turn over a lot of your identifying information, which could lead to identity theft. At worst, the link contains malicious software that downloads to your computer; then, it’s just a matter of sifting through your hard drive and your web browser history to steal identifying information and account access.

If you are ever told to change your password, there’s actually a chance that the request is legitimate.

Why? Because companies do find suspicious activity on their servers, which could be a sign that hackers have attempted to break in. Companies may actually tell their customers to go renew their passwords just to be on the safe side. However, those warnings usually tell you to go directly to the website rather than providing you with a link to click. Also, you can’t always know if that warning message is the real deal or the work of a scammer.

No matter how the message appears, instead of following the instructions, it’s best to go directly to your account through the verified website (NOT by clicking the included link) and change your password in the settings tab. That way, you’ll be one step ahead of any potential hacking activity, and you won’t have to worry about that ominous email. By handling the issue yourself, you’re securing your account and avoiding a scam at the same time.

It’s worth noting that most passwords don’t usually “expire,” but there are a few sites that require their customers to change their passwords every ninety days, for example. Those websites rarely email you when it’s time, though. They typically wait to inform you of the need to change your old password the next time you attempt to log in. To avoid falling into a scammer’s trap, simply use your better judgment, and never click a link that you weren’t expecting.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There’s a very specific danger looming online right now, one that seeks to steal both its victims’ money and identifying information. Under the wrong circumstances, this particular threat can even land the victims in jail.

Romance scams prey on people who are lonely or feel unsuccessful at finding love. Victims of romance scams can come from every income level, educational background, gender, sexual identity, and ethnicity. There’s no single target demographic for this crime because anyone can be tricked by a sweet talker who says exactly what they need to hear.

Unfortunately, with the commercialism of Valentine’s Day all around us, this is the time when scammers up their game. No one wants to be alone on the most romantic day of the year, so now is the time when the bait is thrown out there and the nets are cast, hoping to snare a willing victim.

There are a few different ways that romance scams can manifest, including:

1. Out of towner needs money

One all too common approach is the social media message from a pleasant-looking person who is “intrigued” by your profile picture. You start talking and learn that this person is an offshore oil rig worker, or deep-sea fisherman, or even a deployed member of the military. The job is important, as it provides the excuse to be away from a computer and phone and away from their own funds for long periods of time. That way, it’s much more plausible when they need YOU to send money for some reason. Some reported excuses have included things like a new engine for the boat since the scammer claims to be stranded at sea, or plane tickets home from Afghanistan when the scammer says his mother is in the hospital.

2. I want to come see you, but…

Some reported romance scams have included victim stories about losing a lot of money because the other person was supposed to come visit. When they supposedly arrived at the airport, their ticket was for the wrong flight and they had to pay a fee. Then it was the need for a visa to enter the country. Then it was more fees… and the game continued.

3. Money laundering romance scams

But how do victims end up in criminal trouble for their part in all this? It’s simple. The scammer gets the victim to accept a deposit in their bank account, withdraw the money, then turn around and wire that money to someone else. The victim is now complicit in stealing money from other victims and forwarding it to other bad guys. Just because they’re also a victim, that doesn’t erase their criminal role in the scam.

The internet is filled with very real opportunities to meet someone special, but it’s also a breeding ground for scammers. By using reputable dating sites you might avoid a lot of the heartache, but the companies who run the sites cannot vet every single profile or message for authenticity. At the same time, social media has made it all too easy for criminals to contact victims with sincere-sounding promises.

In order to safeguard your heart and your money, it’s important to adopt an air of caution about anyone you meet online. A good rule of thumb is this: if you wouldn’t fall for it in person, don’t fall for it online. Anyone who declares undying love too early in the relationship or asks for over-the-top favors too soon is not to be trusted. If the person’s background story is a little too shady or falls into the stereotype of the romance scammer, be careful. Most of all, keep your personal information and your money close and don’t be quick to share either one.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Whenever the end of another year rolls around, it’s interesting to look back at the year behind and compile the “best of” or “worst of” lists. Top twenty songs or films, top fashion trends or viral videos, you name it…there’s a list for everything.

Unfortunately, identity theft and fraud also have a top ten list, as the following scams demonstrate. This list includes some of the most prevalent scams of 2017, some of the most damaging, and quite frankly, some of the most bizarre.

1. Can You Hear Me? Scam

When news of this scam began to circulate, it almost seemed like a hoax. However, law enforcement agencies all over the country issued warnings after victim reports began to roll in. A caller, presumably fumbling with a headset mic or worried about a bad connection, would ask a simple question—“Can you hear me?”—and record the victim saying, “Yes.” That simple answer led to expensive charges and subscriptions for the victim after their responses were spliced onto a different recorded question.

2. Bank Text Scams

Victims all across the country reported receiving text messages from Wells Fargo, Bank of America, Chase, and other high-profile financial institutions, warning them that something was wrong with their accounts. These “smishing” scams called for recipients to click the included link, which led to installing a virus on the mobile device or taking the victim to a screen to submit all of their highly sensitive personal information to the scammer.

3. Health Insurance Scams

Following the start of a new presidential administration, there was a lot of news circulating about “repealing and replacing” the government healthcare program. That led to scam attempts that offered to secure your health insurance coverage for another year, offers of a new government program, and more, all of which were fake.

4. Student Loan Relief Scams

Again, with the changeover in presidential administrations, scammers also sought out victims by threatening them with the loss of other existing government programs, this one specifically for student loan forgiveness. Any scam that can entice victims to “act now or lose out” can cause even the most sensible people to make a rash decision.

5. Reshipping Scams

This category of scams not only can cause its victims to lose money or personal information, it can also land them in jail. Reshipping scams can involve trafficking in stolen goods or accepting illegal payments then sending that money on to another scammer. Either way, the victim in the middle is just as guilty of a crime as the mastermind behind it. One US citizen in Louisiana has just been indicted on more than 200 counts of wire fraud for serving as the go-between in a Nigerian prince email scam.

6. Nigerian Prince Scams

Speaking of Nigerian princes…those scams aren’t going away anytime soon. What has changed, though, are the tone and the tactics. One version went rampant this year: the death threat. The bone-chilling email says someone has hired the sender to kill you, but he’s been following you and you “seem like a good person.” For the amount of money requested, he will happily not harm you.

7. Social Media Scams

This year saw not only social media scams, but also more variety in the platforms that were used. Facebook hoaxes and gift card scams are nothing new, but they’ve filtered over to other platforms like Instagram and WhatsApp. These typically entice you to click, like, or share in order to earn a gift card or be entered in a drawing. Unfortunately, you’re only increasing their visibility online when you play along, and you’re potentially sharing your sensitive information with scammers.

8. Jury Duty Scams

One commonly reported police warrant fraud this year was the jury duty scam. The victim is informed that they failed to appear for jury duty—because they were never summoned in the first place—and now they must pay a hefty fine for being in contempt of court. That all sounds very plausible, right up until the scammer orders you to pay via prepaid debit card, iTunes gift card, or some other untraceable method.

9. Federal Grant Scams

These scams work because we’ve probably heard about wasteful spending or unclaimed budget line items. This scam informs you that you’re eligible for some type of government money, whether it’s to go back to school, pay off your mortgage, start a business, even to lose weight. Clicking the link will possibly install harmful software on your computer, and you’ll be asked to fill out highly-sensitive forms that scammers will use to steal your identity.

10. Travel Scams

There is a growing world of app-based travel that involves third-parties. Companies like Uber and AirBnb don’t actually own any of the vehicles or properties, but you can take advantage of the low cost associated with using another individual’s car or house. While these are absolutely legitimate companies that offer tremendous savings and convenience, there are also plenty of scammers who’ve slipped through the cracks. They sign up to be a driver or host an accommodation, only you’re trapped by the bait and switch.

Of course, this list is only skimming the surface of the types of identity information-based crimes that occur each and every day. The most important thing consumers can do is to remain aware and vigilant about the threat; exercising an air of caution can help you pause and think through the ramifications before clicking on that message.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The internet has been all a-buzz over the recent vote on net neutrality, and the issue does not seem to be put to rest.

In short, the FCC voted to repeal some regulations that were put in place not too long ago, and many people feel that stripping away those rules can open the door to increased costs, reduced internet connection speeds, and tiered pricing plans. Again, the issue is not entirely decided. A number of Congressmen have stated their intent to address the matter with legislation, and quite a few state governments have declared that the previous regulations will remain in effect within their states.

But as consumers, it’s important to remember that any headline-worthy event can open the door to scams and fraud attempts. Now is the time to think through any message, social media post, email, or other communication you receive regarding net neutrality or your internet service provider (ISP).

One of the most prevalent concerns from experts who were opposed to removing the regulations is that your ISP can now require you to purchase different “plans,” much like you may be doing for television service. You might have “basic cable” or “extended cable,” or you might pay extra for a specific number of premium channels. The theory is that the ISPs will now be legally allowed to do the same thing with the internet, limiting you from accessing certain websites or features unless you choose to a different plan that might cost more.

It’s important to note that this has not gone into effect through ISPs at this time, but we do see a possibile opportunity for scammers to take advantage of this and start selling you premium services that don’t exist, requiring you to “verify your username and password” to prove that you’re a customer or any number of other possible scams and fraud attempts. Remember to be on guard against spoofed emails that appear to come from your ISP or services like Netflix, and never make an immediate payment or turn over your information to someone who contacts you without prior notice. Contact your ISP yourself to ensure the security of your account if there’s a problem.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.