If you work at a small business, be sure to keep your eye out for small business phishing scams. Consumers have been warned for some time about the threat of phishing attacks. These scams are highly prevalent because they are easy to pull off and require almost no technical know-how. At the same time, they are also highly believable and victims fall for them too often. Therefore they can have devastating financial consequences.

However, consumers are not the only victims who face down this threat on a near-daily basis. Small business phishing scams have emerged as an increasingly popular scam for a variety of reasons.

In a phishing scam, someone sends you a message and pretends to be someone else. They might pose as your favorite retailer, your financial institution, your email provider, your college roommate or even your boss. The goal is to lure you into handing over sensitive information, making a payment, downloading a virus to your computer or some other similar malicious activity.

For small businesses, the scammer’s goal might be similar but may include a different approach, one that is more oriented towards businesses. One report of a small business phishing scam involved an email that offered the business owner the chance to be featured in a holiday gift guide. The link included in the email redirected to a harmful website and contained a virus. Other common small business phishing scams can include phony invoices, bogus tax notices, fake customer service complaints and instructions from the boss to purchase gift cards and submit the gift card numbers.

No matter how it occurs and what is the goal, it is the victims’ unfortunate task to be prepared. Avoiding a small business phishing scam requires that you can spot the signs of a phishing attempt, such as an email address that does not match the company name, intentionally bad grammar and spelling, a vague greeting or description of the issue or any instructions to provide sensitive information. Also, making it a good habit—or even a company policy—to never download an attachment, click a link or visit a website through a message unless you were expecting it can protect you. Keeping your antivirus software up-to-date is also important for fighting back against certain forms of phishing attempts. For companies, keeping a tight rein on who can interact with your computer network can also help prevent these kinds of attacks.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Our Holiday Shopping Tips to Keep You Cybersafe

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

There is a new Better Business Bureau (BBB) complaint phishing scam making its way around that is hitting the inboxes of consumers, business owners and even charities.

Phishing attempts get their name from the wide net that scammers throw out, hoping to catch a few gullible people in the process. Some reports have even said that ridiculous stories and bad grammar are intentional. The reports have said it helps the scammers only catch the kind of people who are willing to believe that a major corporation sends out emails with terrible typos and awkward sentences.

However, this new BBB complaint phishing scam that appears to come from the BBB pretty much takes the cake:


The Better Business Bureau has received the bellow referred complaint from one of your associate on the subject of their dealing with you. …We look forward to your urgent response. Before we take action on you”

As you can see, the author of this email does not pay much attention to the rules of standard English. Remember, though, that the goal is to only interact with people who would believe an email such as this one would really come from the BBB. Anyone savvy enough to spot the errors and understand that a national company would never release such a message is probably too worldly to fall for the BBB complaint phishing scam including the email address from “report@bbbcomplain.com”.

However, there is a dangerous aspect to the BBB complaint phishing scam, that being the instructions (removed from the middle of the message for brevity) telling the recipient to download the attachment in order to read the complaint against them. It is noted twice in the email that it must be downloaded to a computer to be read, which is actually not true. The goal is simply to get you to open the attachment, which will undoubtedly install harmful software on your computer.

In order to avoid scams like the BBB complaint phishing scam—even if there is a chance that the message is legitimate—make it a habit to never click a link, download a file, open an attachment or any other dangerous response. Even if you recognize the sender’s name and email address, do not click or open anything unless you were expecting it since their account could have been hacked or spoofed.

Also, learn to be a little bit of a “message detective” when you receive a strange email or text. Is the grammar up to par? Are there strange salutations, like “Dearest Sir or Madam” or simply “Attn” instead of a formal greeting? Do you even have an account with the bank the email supposedly came from? Or in the case of the BBB complaint phishing scam, do you even own a business? If not, how would you be cited by the BBB for complaints about shady business practices?

Remember, scammers do not care if you actually have an account or own a business. All they need you to do is be curious enough to click that attachment. From there, they can root through your computer and find what they want. Do not fall for it.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Adobe Account Information Leaked After Server Left Unsecured

Be on the Lookout for 2020 Census Scams

Hy-Vee Cards Stolen in Recent Data Breach Are Fetching a Higher Price on Dark Web Websites

Update as of 8/21/20: The Census Bureau is emailing people who have not completed their forms, asking them to click on a link to complete it. The Census Bureau will also be texting a limited number of people to participate in the 2020 Census User Experience Survey.  While the texts and emails are legitimate, scammers could take advantage of the opportunity, especially given the current climate.

Always Go Directly to the Source

The Identity Theft Resource Center continues to advise people to “go directly to the source” to check the validity of the message before responding. If consumers have already filled out the census and/or participated in the survey, there is no reason to respond to a message about the census. If a consumer has not completed the census or the survey, they can visit 2020census.gov

COVID-19 Pandemic Impact

Due to the COVID-19 pandemic, the U.S. Census Bureau decided to push back their 2020 census deadline to mid-August. The previous deadline was the end of July. The Census Bureau also pushed back their deadline of counting the homeless one month. That process was originally set to begin at the end of March.

In April, all Census field operations were suspended due to COVID-19. The announcement was noted in a press release, “Beginning today, in support of guidance on what we can all do to help slow the spread of coronavirus, 2020 Census field operations will be suspended for two weeks until April 1, 2020.” However, U.S. Census Bureau workers are now going door-to-door to reach households nationwide. With any large political event or happening, scammers try to take advantage of the public and this could mean a rise in census scams.

This important process comes around every ten years, and it helps with things like ensuring a region has adequate representation in Congress, adequate school funding and is cited in scientific research and social surveys. However, it is also time-consuming and can feel really invasive. Page after page will ask questions that might not seem to be anyone’s business. What is your household income? How many cars do you own? How many children do you have and how old are they? How many televisions do you have?

Unfortunately, there has been a sharp increase in identity theft and fraud that masquerades as government agency communications, which could mean an increase in census scams. Scammers try everything from claiming someone’s Social Security number has been suspended to threatening them with police action for unpaid taxes. They can even spoof their email address or phone number on a caller ID to seem legitimate.

There is every reason to suspect that scammers could take advantage of the publicity surrounding the 2020 census in order to steal personal information as part of a census scam. They may even threaten people with jail time if they do not immediately pay a fine since it is technically a crime to not fill out the census.

Here are some things people should remember that will help them spot census scams:

The official website

The website for the Census Bureau is census.gov, and the specific website for the 2020 census is 2020census.gov. However, a scammer could easily buy the domain for 2020census.com or spoof their email by swapping a capital 0 for one of the zeros in the number. Remember, caller ID and email domain names are not proof that the person is legitimate.

They will only call you after no response from initial mailings

If the Census Bureau tried to call every U.S. household and take their census data over the phone, we would be ready for the 2030 census before they were finished. They will not call and request information unless someone does not respond to their initial mailings.

They might come to your house, but will not request anything

In some areas, government volunteers serving as census takers will knock on doors. However, they will not request Social Security numbers, bank or credit card numbers or any other payment information. They will also not ask for payments for their time or for the postage on someone’s forms, no matter what the person claims.

The police are not coming to your house

Regardless of what the person on the phone says, the police are not being sent to anyone’s house for failure to fill out the census. Yes, it is required under the law and it is vitally important for a variety of reasons, but the police are very busy. The caller who claims someone can simply pay some kind of fine over the phone, especially with prepaid debit cards or iTunes gift cards, is not being truthful. It is a census scam.

For more information on the 2020  census and survey process, click here.

You might also like…

Worst Places in the U.S. for Identity Theft

Facebook Lottery Scam Brings Attention to Hoaxes, Phishing Attempts and Account Takeovers

California Improves Outdated Privacy Law with Biometric Protection

Individuals are reporting a new Venmo scam that tries to overpay you out of the blue but why would a scammer want to pay you? There is no limit to the creativity scammers can employ when they are trying to separate you from your money. Worse, as new technologies and platforms emerge, scammers come up with even more ways to take advantage of their victims.

A new Venmo scam that relies on the Venmo peer-to-peer payment app has users and security experts alike scratching their heads, trying to determine how exactly scammers can benefit and victims can be harmed. Venmo, owned by PayPal, lets you send money instantly from a stored credit card, bank account or pre-loaded Venmo card to anyone with an account. It is a great way to pay your friend for your part of the rent, for takeout food they brought over or concert tickets they bought in order to ensure seats located together.

What do you do if a stranger on Venmo sends you a suspiciously large amount of money? Some potential victims from the Venmo scam have received as much as $1,000 from someone they do not know, only to receive a strange message: “Sent to you by mistake, please return the money.”

It is already starting to sound fishy.

A lot of people have confused this Venmo scam with a fake check scam. In a fake check scam, someone sends you a check, you cash it, then you either return a portion according to their directions or make some kind of purchase on their behalf, such as buying them gift cards or sending them electronics. Once the bank finds out the check was fake, though, that money actually came out of your bank account.

In this Venmo scam, the best guess is that the scammer is only using you and you do not actually come to any personal harm at first. The scammer uses a stolen credit card number to send you money and says, “Oops! Can you send that back?” You actually see the money sitting there in your account and you do not really know that this person is a criminal. So you do it.

Most likely, the scammer withdraws the money to their Venmo card instead of back on the original credit card. They might also delete the stolen credit card from their account and submit their own card in its place so that the money you are sending them goes to their personal card.

First, you might wonder how anyone could make such a ridiculous mistake as to send you $1,000. Sadly, it happens. With Venmo, you do not have to have any kind of approval in order to look up someone’s name and try to send them money. However, that is exactly what the scammers are counting on.

Second, you might be tempted to think, “It is not affecting me in any way, so I do not mind sending it back to them.” That can be a dangerous tactic, though. It is unclear whether or not this scam is actually impacting the recipient of the money, but more importantly, you would now be taking part in money laundering of stolen funds.

Third, there is that little voice that might be telling you, “You do not have to send this money back! After all, you would be stealing from a scammer. They deserve it!” Not exactly. Remember, the money still came from someone’s stolen credit card and that person is a victim. When the victim discovers the charge on their card and sees that it is a Venmo transaction, the company may be more than happy to tell them which Venmo user it went to. In this case, that would be you.

Some users affected by this Venmo scam have reported that they tried to contact Venmo and the results were not very reassuring; they were simply told, “Sure, refund the money.” After all, accidents do legitimately happen.

If you are at all concerned about how this Venmo scam could affect you, reach out to law enforcement for support. Some forum users have stated they returned the money only after waiting for a reasonable amount of time, but again, that advice is more for avoiding a fake check scam. You can also contact Venmo and discuss suspending your account once you do return the money so that no further transactions can go through from that sender.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Venmo Scam Targets Payment App Users

Millions Of Venmo Payments Accessed Publicly

Payment App Protection: Keep Scammers Out of Your Accounts

Thanks to a very savvy social media user, the Identity Theft Resource Center has learned more about how scammers are operating international money theft via a Facebook lottery scam. A user reached out to the ITRC for help after very nearly losing a substantial amount of money.

A social media user named Jane* reached out online after receiving a direct message from one of her friends. It said that the friend had won a substantial amount of money in a Facebook lottery and happened to see that Jane’s name was on the list as well.

Jane was given the name of a man to “friend” on Facebook in order to ask about her winnings. The new friend took a lot of her information, including photos of her ID and driver’s license, to verify her identity, then confirmed that she was, indeed, a winner. All she needed to do in order to claim her prize was to submit payment for the fees associated with claiming her prize, roughly £279, which, unfortunately, she did.

However, Jane immediately thought better of it. She went to her online banking portal and transferred all of her money out of that account and into her savings account in an effort to block the transaction from going through. At the time that she reached out, she believes she succeeded in stopping it. The money has not come out of her account, and the supposed lottery official has messaged her several times asking when she will make payment.

How did this happen, and what does it have to do with multiple types of scams?

1. Account takeover

The original message came from an account that Jane recognized. Unfortunately, it was not her friend. It was either a copycat version of her friend’s account or a hacker managed to gain access to it, probably by guessing the username and password or using stolen credentials.

2. Phishing scam

A phishing scam involves some plausible story about why you need to submit your money, sensitive data, or both. In this case, the thief got away with Jane’s identifying information from her two forms of ID and almost made off with her money.

3. Facebook lottery hoax

For years, scammers have shared posts about a “Facebook lottery,” but there was not a clear reason why, until now. After all, most of those old posts did not ask for money or require anything. Now it starts to make sense. Since more users than ever have seen posts about a Facebook lottery or heard mention of it, criminals can actually cash in on the scam.

The victim, in this case, did the right thing by working to stop the payment from going through. However, her situation can serve as a warning to other users. Never share your ID with anyone who does not have proof of why they need it, be very cautious about believing strangers on the internet and remember that there is no such thing as winning a lottery or sweepstakes that you did not enter. You will never win any kind of prize or money without taking action beforehand. Protect yourself, your identity and your funds from these kinds of criminals.

*name has been changed to protect identity of victim

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

One Simple Way to Not Get Your Twitch Account Hacked

Do Your Boss a Favor and Don’t Fall for a Gift Card Scam

Instagram Creates New Feature That Fights Phishing Attacks

There are a million excuses why someone might send you a text, email or social media message that says, “Can you do me a favor?” It might be something simple like your boss asking you to go get some gift cards for a company-wide promotion, or a more cryptic message from a friend that claims they are locked out of their phone’s account and need a gift card to get back in. No matter what excuse they offer, there is a good chance it is actually a scammer posing as someone you know in order to steal from you.

The boss gift card scam is so simple that it requires almost no tech know-how. The message claims to be from someone you know. They might have “spoofed” your boss’ work email by changing the address a little, actively hacked into someone’s account or are pretending they are using a stranger’s phone or computer since theirs is locked. A simple internet search for your place of employment would show a scammer not only the names of people within the company but usually their email addresses as well. Some scammers may even send a spam email to the boss first to see if it is auto-replied with an “out of town” message, specifically so they can reach out to you under the boss’ names since they are traveling.

In this email scam, you are given a very plausible story as to why they need a gift card. You are to buy the card, send over the numbers from the back and then then they will pay you back. But as too many victims already know, the last step is the one that does not happen.

First, it is important to remember that once a gift card is bought or its code is revealed, it is just as vulnerable as cash. There is no way to recover those funds if you lose the card or its number is given to someone else.

Also, there is no plausible reason why someone would need you to go purchase a gift card. Most major companies will sell their gift cards in stores and online, and retailers like Amazon and Walmart who sell other companies’ gift cards will even sell others’ cards on their websites.

Finally, the best way to avoid becoming the victim of a boss gift card scam is to pick up the phone and call the person who is asking. If you verify the purchase before doing it, you will know for sure if this is genuine or not. This might mean giving your boss a quick phone call to ask if the email is real. Trust your instincts and protect yourself (and your company).

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Instagram Creates New Feature That Fights Phishing Attacks

Flipping Scam on Social Media Targets Influencers and Followers

TikTok Platform Found to Be Full of Scams and Fake Accounts 

Halloween is drawing near, and all manner of monsters are waiting in the shadows. Ghosts? Werewolves? Those are just fairy tales. Do not be deceived when your eyes are playing tricks on you, though. The real monsters are more frightening and even worse, they are coming for you.

Drink Your Blood? No, Drain Your Bank Account!

Vampires may be out for a nibble and a pint, but scammers can attack by going after your money. Worse, if you do fall for a scam, numerous cases have shown that the villains might return again and again, demanding more money each time. Garlic will not help you here, though; avoiding scammers means learning how to spot their efforts and ignoring their stories, no matter how scary they might sound.

Shape-Shifting at the Full Moon? No, It Is a Romance Scam!

Romance scams are deeply troubling because the victim not only loses their money (and potentially faces criminal charges), but their adoring “soulmate” turned out to be nothing more than a con artist. If you meet someone online who cannot speak face-to-face or visit for some reason, such as working on an offshore oil rig or being deployed with the military, be very careful about interacting with them. If the talk ever turns to needing money for any reason at all, that is a sure sign of a scam.

A Ghost Rising from the Grave? No, It Is Deceased Identity Theft!

As horrible as it sounds, deceased identity theft can strike whenever we lose a loved one. Even worse, it is easy to accomplish thanks to a lot of publicly available information, like obituaries and death certificates, and it often goes unnoticed because no one is checking up on their loved one’s credit report. If you experience the pain of loss, make sure you take steps to lock down your loved one’s credit report, Social Security number and social media accounts in order to prevent anyone from abusing them.

Spider Webs? No, It Is the Dark Web!

What exactly do hackers do with information they have managed to steal? They either use it for identity theft or they sell it on the Dark Web. This nefarious internet underworld is as scary as any haunted house, only the monsters who are chasing you can actually cause you harm. Protect your information by monitoring your accounts, freezing your credit report if applicable, being mindful not to overshare and securing all of your accounts with strong and unique passwords.

Friendly Trick or Treaters? No, It’s a Phishing Attack!

The best part of Halloween, for young and old alike, is trick-or-treating. Whether you are taking in all the goodies or just enjoying all the costumes that come your way, it is a lot of fun. However, what is not fun is getting caught in the snare of a phishing attack. Much like offering Halloween candy, criminals hold out promises of wealth, free gift cards or high-dollar coupons to your favorite store or even the chance to be recognized by the “boss” for doing a favor. Sometimes the stories are a little scary, too, like a phony threat from the IRS or having your bank account shut down. Whatever you do, do not fall for it. It is not a full-size candy bar, it is a scam that will cost you money, your identity, or both.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Cyberbullying and Identity Theft Go Hand in Hand and Continue to Pose a Threat

Airport Technology Risks Can Threaten Your Identity

National Cybersecurity Awareness Month (NCSAM): Own It. Secure It. Protect It.

While a few social media platforms like Facebook and Twitter are household names, there are many more that have dedicated followings, even if they do not have the same user base. One relatively new video-based platform is TikTok, which combines the fun of longer videos and posts like Instagram with the curated video feed format of Vine. The result is a 14 million-fan platform that uploads countless fifty-second videos on a daily basis.

Unfortunately, a new study has found that scammers have also infiltrated this site and are using it to promote everything from dating apps to financial fraud. This is especially alarming considering the numbers of children and teens who use TikTok regularly.

  • Some of the scams are obvious teasers for explicit adult content. Using stolen images and video clips, scammers entice viewers to click through to a different platform and pay money for access to pornography. Other platforms, like Snapchat, do not require users’ phone numbers if they want to send messages, and are therefore a little harder to track and block
  • Other TikTok scams have been uncovered that offer users the chance to buy high numbers of followers. Since many of these followers are fake accounts, it literally serves no purpose other than to make other users think you are important or popular due to your high follower count
  • Finally, researchers uncovered bogus accounts that masquerade as other users, especially celebrities, in an effort to get more followers. Once the scammer has a lot of followers, they can monetize by posing as an “influencer” who can promote products and brands

None of these scams are inherently unique to TikTok, but at the same time, TikTok is precisely as problematic as any other platform for its potential to cause harm to unsuspecting users. It is very important that users—and users’ parents, if the account holders are underaged—know the ins and outs of how different social media sites work before engaging with other users and their content.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Cyberbullying and Identity Theft Go Hand in Hand and Continue to Pose a Threat

Airport Technology Risks Can Threaten Your Identity

National Cybersecurity Awareness Month (NCSAM): Own It. Secure It. Protect It.


What is it:

Fake advertisements on social media platforms

Who is it targeting:

Social media users, consumers who have searched for specific products

How does it work:

Social media platforms are filled with advertisements for different products and services. Advertising revenue is how those companies can stay in business while not charging their users a fee for the service. However, some ads are legitimate offers for great products, while others are advertisement scams. These links steal your money and never provide the product, redirect to fake websites that steal your personal data and require you to install software that turns out to be malicious.

It can be very tricky to tell the difference between an advertisement scam and a legit ad. Until you can be certain of the ad’s safety, it is best to ignore the ad and search for the product name and website on your own. If you do recognize the ad’s platform (like Amazon or Walmart, with no other names listed in the address) then it is probably safe to click.

What you can do about it:

  • Beware the “too good to be true” ads that offer innovative products for pennies on the dollar
  • Watch out for “snake oil” health remedies and weight loss solutions
  • Be mindful that these bogus ads can target children, too. Talk to your family about safe clicking and avoiding spam and viruses

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next…

Facebook Pyramid Scheme Leaves You at Risk

New Venmo Scam Targets Payment App Users

SCAM: Your Social Security Number Has Been Suspended


What is it:

“Flipping” scam that promises you big money on social media

Who is it targeting:

Social media users on Instagram, Facebook, Snapchat and more

How does it work:

A flipping scam looks a lot like a pile of cash, at least in the picture accompanying the post. A user on the same platform shows the image and promises that you, too, can earn this kind of money for sending in only a little bit of upfront payment. Their post may even have a lot of comments from people who claim to have already benefitted, thanking the person for bringing them into this kind of wealth. Be warned: those people are not real and neither is the money.

A flipping scam plays off the old concept of an illegal pyramid scheme, in which you send in $100 and get ten people to send you their $100, and so on. However, this one does not even bother going that far. You send your money to the scammer, and that is the end of it.

What you can do about it:

  • Remember that things, and people, are not always what they seem on the internet
  • It is very easy to create fake accounts, fake posts and fake followers
  • Some of these scams want prepaid debit cards or gift cards, but remember that those are just as insecure as cash

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next…

Facebook Pyramid Scheme Leaves You at Risk

New Venmo Scam Targets Payment App Users

SCAM: Your Social Security Number Has Been Suspended