• As more people get the coronavirus vaccine, the level of COVID vaccine fraud could rise, particularly around vaccine passport and scheduling apps and vaccination cards.
  • Right now, there are no programs in the U.S. that use or require a vaccine passport app. If anyone receives a message about one, it is a scam trying to steal people’s credentials or get them to pay for a fake app or service.
  • There are apps to schedule a vaccine. However, an app that asks for money or personal health information (PHI) should raise a red flag.
  • Many people are posting pictures online of their vaccination cards once they’ve gotten the COVID shot. The Identity Theft Resource Center (ITRC) does not recommend people post these photos unless they blur out their personal information to reduce identity risks.
  • If anyone wants to learn more about COVID vaccine fraud concerns or believes they have been the victim of a COVID vaccine scam, they can contact the ITRC toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

The number of Americans receiving the COVID vaccine is on the rise. According to the Centers for Disease Control and Prevention (CDC), well over 100 million vaccines have been administered, and more than 12 percent of Americans are fully vaccinated. States across the U.S. are moving beyond limited groups to vaccinate the general public, leading to concerns over COVID vaccine fraud. There are several different ways identity criminals could attack.

Vaccine Passport & Scheduling Apps

There are no current programs in the U.S. that use or require a vaccine passport. While the World Health Organization (WHO) says the race is on to develop a vaccine passport, any phone calls or messages to download a COVID vaccine passport app is a scam. However, there are apps for vaccine scheduling, like the CDC’s Vaccine Schedules app and other healthcare apps. With that said, any app that asks for money or personal health information (PHI) could be suspect. Fake apps often attempt to either steal someone’s credentials, get them to pay for the fraudulent app, or use a fraudulent vaccine scheduling service.

Vaccination Cards

Another COVID vaccine fraud concern involves COVID vaccine cards. By now, most people have probably seen at least one of their friends, family members or co-workers post a picture online of their COVID vaccination card. COVID vaccine cards have personal information (name, birth date and vaccination location) on them that people need to safeguard. Posting vaccine cards could help scammers create and sell phony vaccination cards or even hack accounts. The Identity Theft Resource Center (ITRC) recommends people remove or block sensitive information before they post their cards online.

According to a Better Business Bureau (BBB) alert, there have been no reports of fake vaccination cards sold in the U.S. However, in Great Britain, scammers have already been caught selling phony vaccination cards on eBay and TikTok.

How to Avoid a COVID Vaccine Scam

COVID vaccine scams based around fake websites and vaccines have been around since nearly the beginning of the global pandemic. There is no reason to believe the trend will decline as more COVID vaccines are administered. Consumers should be aware of the COVID vaccine fraud attempts and take the following steps to protect themselves:

  • Do not download any apps that claim to be a vaccine passport.
  • Only schedule vaccination appointments through official websites, a local health authority, or your medical provider. Services requiring payment to schedule an appointment are a sign of fraud.
  • Do not post pictures of your vaccination card online unless the personal information is blocked or removed.
  • Only get vaccinated from a licensed medical provider.
  • Do not respond to any calls, emails or text messages about COVID vaccines that ask for your personal information. Also, don’t click on any links, attachments or files unless you initiated the contact. If in doubt, reach out to the entity directly to verify the validity of a message.

Contact the ITRC

For more information on COVID vaccine fraud concerns, or if someone believes they are the victim of a COVID vaccine scam, contact the ITRC toll-free by phone (888.400.5530) or live-chat. Visit our website for the latest news on COVID scams and other identity-related issues. All people have to do is go to www.idtheftcenter.org to get started.

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a stimulus payment scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more. However, it could mean more stimulus payment scams.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

The post was originally published on 12/22/20 and was updated on 3/10/21

  • Facebook and Instagram users are being targeted by cybercriminals promoting fake grants, particularly grants for COVID-19 relief. Recent grant scams reported to the Identity Theft Resource Center (ITRC) include requests for gift cards to “pay the taxes” if the grant is approved. 
  • The messages come from cloned accounts or hacked profiles of one of the user’s real Facebook or Instagram friends.  
  • Anyone receiving a message about a grant via Facebook, Instagram, phone, or text message should report it.  
  • If anyone wants to learn more about the Facebook grant scam or believes they are a victim, they should contact the ITRC toll-free at 888.400.5530 or by live-chat. Just visit www.idtheftcenter.org to get started. 

While Facebook grant scams have been around for a while, the Identity Theft Resource Center (ITRC) has seen a spike in calls and live-chats around this type of scam, particularly a new version that targets people in need of money due to hardships from the COVID-19 pandemic.  

The grant scam is not just circulating on Facebook. ITRC advisors have also received cases from victims who claim they were targeted on other social media platforms, including Instagram, owned by Facebook. 

Who is the Target 

Facebook users appear to be the primary target. However, other social media platforms like Instagram are beginning to see similar scams. The BBB reports that scammers are also creating versions of the Facebook grant scam to target people by phone and text message.   

What is the Scam 

Cybercriminals attack social media accounts or create lookalike accounts to target friends, family members, or other people trusted by the impacted account owner. Once the account has been compromised, the criminals message the friend telling them about a government grant. 

Some of the recent grant names the ITRC has seen are the Department of Homeland Security (DHS) grant, the RWCB grant, the Federal Government Empowerment grant and the Publisher’s Clearinghouse (PCH) Fee Government grant. The victims are then told to call a phone number about the grant and are asked to fill out a form that includes one’s Social Security number (SSN) and Driver’s License (DL) information before the grant is approved. The “friend” may claim they have already applied for the grant and received the funds. 

ITRC advisors say, right now, the most common reports of the Facebook grant scam evolve around phony grants for COVID-19 relief. The ITRC also continues to see Facebook grant scams where scammers ask for gift cards to “pay their taxes” associated with an approved grant. 

What They Want 

Scammers are looking to escape with the victim’s money, their personal information, or both to commit other identity crimes. 

How You Can Avoid Being Scammed 

  • If you receive a Facebook message from a friend regarding a grant opportunity, chances are it is a scam. Do not respond or provide any personal information. 
  • Inform your friend that their Facebook or Instagram account might be hacked or cloned. A big red flag is if you receive a new friend request from an existing friend and receive a direct or private message about a grant opportunity. 
  • Report the grant scam to FacebookInstagram, or other social media platforms where you receive the fraudulent grant message. Once you’ve reported the scam, delete the message. 
  • Never pay any money for a “free” government grant. A government entity will not ask you to pay a processing fee or taxes for a grant you were awarded, especially in a social media message. 

If you believe you are a victim of a Facebook grant scam or would like to learn more, contact the ITRC Center toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.   

  • An Internal Revenue Service (IRS) text scam is circulating to get consumers’ personal information, which may put them at further risk of tax identity crimes. 
  • According to the Federal Trade Commission (FTC), imposter scams were the top reported fraud in 2020. The FTC had approximately 500,000 reports of the scam, leading to an estimated $1.2 billion in lost funds.  
  • People may receive text messages from their tax service but will never get a text message directly from the IRS. (People should still independently check with their filing service because scammers may also spoof tax filing entities.
  • If anyone receives a text claiming to be from the IRS, they should ignore it, not click on any links or attachments, forward the text and originating phone number to the IRS at 202.552.1226 and then delete the text message. 
  • For more information on IRS text scams or if someone believes they are a victim of tax identity theft, they can visit www.idtheftcenter.org for resources or speak with an advisor toll-free by phone (888.400.5530) or live-chat. 

IRS Text Scam Pops Up on First Day to File

February 12, 2021, is the first day for people to file their 2020 tax returns, and many consumers may receive an email or notification from their tax service that it is time to file. Scammers are trying to take advantage by posing as IRS agents to exploit tax filers. 

The Identity Theft Resource Center (ITRC) has received reports of a new Internal Revenue Service (IRS) text scam that claims “your federal tax return was rejected.” The IRS text scam is designed to get consumers’ personal information, which puts people at additional risk of tax identity theft. Here’s an example of the IRS text scam sent to the ITRC: 

Example of the IRS Text Scam sent to the Identity Theft Resource Center

Government Imposter Scams Continue to Spread 

The IRS text scam is not a new tactic for scammers. Government imposter scams were among the top frauds in 2020 reported by the Federal Trade Commission (FTC). The FTC says that they received nearly 500,000 reports of imposter scams that cost people $1.2 billion, with a median loss of $850. Government and business imposter scams were among the top categories of COVID-19 and stimulus-related reports. 

Cybercriminals Target Tax Season 

Criminals know they can take advantage of tax season by posing as an IRS representative, especially with more Americans likely to receive a Form 1099-G because their state employment office is providing documentation for receipt of unemployment benefits. However, many of those taxpayers may be victims of unemployment benefits fraud because identity thieves received benefits in their name.  

What You Should Do 

The IRS will not text anyone about their tax return. People may receive a text from their tax filer, but never from the IRS. (People should still independently check with their filing service because scammers may also spoof tax filing entities.)  

If anyone gets a text message claiming to be the IRS, they should do the following: 

  1. Do not respond, open any attachments or click on any links. An attachment or a link could contain a malicious code that has the ability to infect someone’s device. 
  1. The IRS asks people to forward the IRS text scam and the originating phone number as-is to  202.552.1226.  
  1. After forwarding the information to the IRS, the original text message should be deleted.  

It is also a good idea to never respond to any unsolicited messages. Instead, consumers should reach out directly to the company or person the message claims to be from to verify the message’s validity. People should also refrain from providing their personal information unless it is necessary or with a trusted organization. 

Contact the ITRC 

Anyone who believes they are the victim of an IRS text scam, tax identity theft, or wants to learn more can visit the ITRC website for additional resources. They can also contact an advisor toll-free by phone (888.400.5530) or by live-chat. All people have to do is visit www.idtheftcenter.org to get started. 

  • The U.S. Food and Drug Administration (FDA) warns consumers that while a vaccine is closer to distribution, so are COVID-19 vaccine scams. 
  • The FDA fears misleading products could cause Americans to delay or stop appropriate medical treatment, leading to life-threatening harm. 
  • There is also a fear that the COVID-19 vaccine scams could lead to many people having their personally identifiable information (PII) and personal health information (PHI) stolen. 
  • Consumers should only get vaccines from approved medical providers, not respond to any calls that ask for PHI or PII, and not click on any links claiming to sell cures. 
  • For more information, contact the Identity Theft Resource Center toll-free by live-chat on the company website or by calling 888.400.5530.  

coronavirus vaccine is closer to reality, with companies like Pfizer and Moderna seeking permission to distribute their vaccines to Americans. However, the U.S. Food and Drug Administration (FDA) and investigators warn that scammers are also waiting, ready to take advantage of those desperate for the vaccine by tricking them with a COVID-19 vaccine scam.  

The FDA fears deceptive and misleading products might cause Americans to delay or stop appropriate medical treatment, leading to serious and life-threatening harm. There is also a fear that bogus claims about vaccines and treatments could lead to people having their personally identifiable information (PII) and personal health information (PHI) stolen by cybercriminals.  

Who is the Target 

Vulnerable & high-risk populations; individuals waiting for the vaccine 

What is the Scam 

COVID-19 vaccine scams could come in many different forms. Investigators expect scammers to create fake websites, try to sell fake vaccines and treatments, and try to get people’s PII and PHI along the way. Identity thieves used similar tactics while trying to take advantage of a shortage of COVID-19 tests and personal protective equipment (PPE) like masks, gloves and gowns near the beginning of the pandemic.

How You Can Avoid Being Scammed 

  • Homeland Security investigators say you should only get vaccinated from an approved medical provider. 
  • Do not respond to any calls about COVID-19 vaccines that ask for your personal information like Social Security Number and “promise to reserve you a vaccine.”
  • Do not click on any posts or ads claiming to sell cures. Remember, if it seems too good to be true, it probably is. 
  • Never click on any links, open any attachments, or download any files in an email claiming to offer a COVID-19 vaccine.  

To learn more about COVID-19 vaccine scams, or if you believe you are a victim of a vaccine scam, contact the Identity Theft Resource Center toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • Scammers are looking to take advantage of consumers that need money due to the effects of the COVID-19 pandemic with a credit line scam. 
  • The scam tries to trick consumers with fake phone calls that look like they are from legitimate banks offering credit lines with low interest rates. Ultimately, scammers are looking to steal sensitive personal information or financial information.  
  • People should be cautious when taking a call from someone claiming to be with a bank. Consumers are encouraged to call the bank directly if they are interested in a new line of credit. Also, if anyone is struggling to pay off their debts, they should only talk to the holder of the debt.   
  • For more information on credit line scams, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website. 

Many people need money due to the COVID-19 pandemic. Scammers are taking advantage by trying to trick consumers with fake phone calls that look like they are from legitimate banks offering lines of credit with a low interest rate. The scam can fool people because the calls can have spoofed phone numbers to make it look like they are coming from a legitimate bank.  

Who ithe Target 

Vulnerable consumers that need money 

What is the Scam 

It is a credit line scam that targets people by phone. The calls begin with a stolen recording from a real bank. Once a “live agent” joins the call, they offer credit lines with low interest rates. However, before the caller gets their new credit line, they have to provide their credit card number and other credit card details. The Federal Trade Commission’s (FTC) Midwest Region Office tells ABC 7 Chicago that they have received thousands of complaints about this particular credit line scam.  

What They Want 

Credit card numbers, expiration dates and the three-digit CVV code on the back of the card; stolen credit card information can lead to different forms of financial identity theft 

How You Can Avoid Being Scammed 

  • If you get a call from someone claiming to be with a bank and offering credit, be cautious and don’t give out sensitive personal information. You can also let the call go to voicemail and call the security department directly through the number on the bank’s website.  
  • If you are interested in a credit line, contact your bank directly. 
  • If you are having trouble paying off any of your debts, only talk to the holder of that debt.  

If you believe you are a victim of a credit line scam or would like to learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530. You can also speak with an expert advisor on the company website via the live-chat function. 


Read more of our latest information & educational resources below

California Voters Pass Strongest Privacy Law in the U.S. – The California Privacy Rights Act (CPRA)

QR Code Security Threats Begin to Grow as Digital Barcode Popularity Rises

Unsubscribe Email Scam Looks to Trick Consumers

  • Domain name scams are making the rounds in hopes of triggering a response from a company’s employees out of fear. 
  • The Identity Theft Resource Center (ITRC) recently received a domain name scam claiming a registrar found the main body of domain names from “RENDE International Ltd.” that were the same as the ITRC’s. 
  • If anyone receives a similar email, ignore it. Never share personal or sensitive information with an unknown company.  
  • For more information, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website. 

Domain name scams are making their way through different companies, including the Identity Theft Resource Center (ITRC). The scam is well-known, but small-to-mid-size businesses (SMBs) can be tricked into responding. While scammers send the email in hopes of triggering a response out of fear, it is important employees at businesses of all sizes be able to spot the domain name scam. 

Here is one of a few of the emails that the ITRC recently received: 

Who It Is Targeting 

SMBs; Email users; Employees of companies with websites 

What It Is 

A CEO domain name scam is an email that appears to be a warning for the website owner regarding possible issues with their brand and domain name.

In the case of the ITRC, the email claims a website registrar found the ITRC’s domain name was also being used by “RENDE International Ltd.” The email asks for a response ASAP to “solve the problem promptly.”  

What They Are After 

Scammers hope that companies fear losing their brand identity or trademark information to a competitor that will purchase new domain names. The “registrars” may also charge higher prices than the standard rates offered by reputable registrars.  

How You Can Avoid It 

  • Do not respond to the email. Only renew a domain name through the company where it was initially purchased.  
  • Use the company email provider’s “spam” feature to report the email as junk. 
  • Never share personal or sensitive information with an unknown company. 
  • Companies should train their employees on how to respond to domain name scams and any  attempted scams that could affect the company. 

For more information on how an SMB, or any other company, can avoid a CEO domain name scam, contact the ITRC toll-free at 888.400.5530 to speak with an expert advisor. You can also live-chat through the company website.  

  • The Identity Theft Resource Center (ITRC) discovered multiple social media posts encouraging people to leave their Social Security numbers in the comment section of popular social media sites. It is known as the “Social Security number challenge.” 
  • While many people will not fall for the challenge, it is a reminder that there are fake social media profiles that ask for personal information.  
  • No one should ever give out any personal information publically or to someone they do not know, especially on social media. 
  • For more information, contact the ITRC for no-cost assistance by phone at 888.400.5530 or by live-chat via the company website.  

Have you ever heard of the Social Security number challenge? Someone posts a call to action on social media for people to “drop their Social Security number” in the comments. The Identity Theft Resource Center (ITRC) recently was notified of the trending Social Security number challenge on Facebook. 

Image from Facebook

While the challenge seems far-fetched, it is a good reminder that there are fake social media profiles that ask for personal information like “your mother’s maiden name” or “the answer to your security question.”  

Who It Is Targeting 

Facebook and social media users 

What It Is 

A social media challenge where someone posts on social media asking others to place their Social Security number in the comments. It is known as the “Social Security number challenge.”  

What They Are After 

In this particular case, people’s Social Security numbers. However, there are fake social media profiles that ask for other personal information like account security answers (your mother’s maiden name or dog’s name) that could lead to lots of damage if used in your password or other.

What You Can Do 

Never give out personal information to anyone you do not know. It’s impossible to know whose hands the information will end up in and what they might do with it. Personal information can be used to commit many different forms of identity theft. 

If you want to learn more about social media safety or have questions about the use of your Social Security number, contact the ITRC toll-free at 888.400.5530 to speak with an expert advisor. You can also live-chat with an advisor on the company website.  


Read more of our latest information & educational resources below

QR Code Security Threats Begin to Grow as Digital Barcode Popularity Rises

Unsubscribe Email Scam Looks to Trick Consumers

Social Media Scams are on the Rise as More People Use the Platforms to Connect

  • A new unsubscribe email scam tries to scare people into “unsubscribing” from confirmation emails coming from an adult dating list.
  • The unsubscribe button could lead to malware or to a form to steal your personal information.
  • Anyone who receives a suspicious email they are not expecting should ignore it and not click on any links, open any attachments, or download any files. Users can also report the email as spam.
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

Scammers are always looking for new ways to dupe consumers into turning over their personal information or spreading malware to one of their devices. A new unsubscribe email scam reported to the Identity Theft Resource Center (ITRC) tries to trick people into clicking an “unsubscribe button” that could be either a malicious link or a form to steal your personal information.

Who It Is Targeting

Email users

What It Is

A “confirmation” email that claims you received a private message from an adult dating website. The fake email asks the user to confirm by entering their email address and name, and it gives people an option to “unsubscribe” if they would like to stop receiving the adult dating list emails. Scammers use scare tactics such as an email from an adult website in hopes people will click the “unsubscribe” button.

What They Are After

Entering your email address and name into the confirmation email gives cybercriminals the personal information needed to commit identity crimes. Clicking the “unsubscribe” button could lead to malware infecting your device, or to a form that asks for your personal information.

What You Can Do

  • If you receive a suspicious or unexpected message that includes links or asks for your information, ignore it. If it claims to be from a legitimate company, go directly to the source to verify the validity of the message.
  • Do not click on any links, open any attachments, or download any files in an email or text unless you confirm it is legitimate.
  • Use your email provider’s “spam” feature to report the email as junk rather than clicking unsubscribe.

If you believe you have fallen victim to an unsubscribe email scam or have additional questions, call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.