Home Page Featured 3

  • Criminals claiming to be with the Internal Revenue Service (IRS) are targeting people with emails as taxpayers continue to receive the third round of Economic Impact Payments (EIP) that began in March 2021.
  • Identity criminals send messages claiming you can receive an EIP Payment. They say the IRS is sending payments each week to qualified individuals as they continue to process tax returns.
  • However, messages like these are IRS scams seeking your personal and financial information to commit identity theft and fraud.
  • The IRS will never email, text, call or send a message on social media to anyone. If you receive a message claiming to be from the IRS, ignore it. You are also encouraged to forward it to the IRS at phishing@irs.gov and note that it seems to be a phishing scam seeking your personal information.
  • To learn more, or if you believe you have received IRS scams by email, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at www.idtheftcenter.org to speak with an expert advisor.

The third round of Economic Impact Payments (EIP) from the Internal Revenue Service (IRS) began to go out in March 2021. However, the Identity Theft Resource Center (ITRC) continues to receive messages about IRS scams by email, like the one below.

According to an official IRS notice, the Service is still sending EIP Payments weekly as 2020 tax returns are processed. Criminals have been striking with scams since the first stimulus package was passed in 2020. While many EIP Payments have been received, you should beware of scams asking for payment to receive compensation and remember that the IRS will never call, message or email anyone.

Who are the Targets?

U.S. Taxpayers

What is the Scam?

In the latest IRS scams by email, identity criminals send emails to inboxes claiming that they are eligible to receive a payment after the last annual calculation of their “fiscal activity.” The email goes on to say that each week the IRS will continue to send the third EIP Payments to eligible individuals as they process tax returns. The phishing emails also include a button to “claim my payment.”

What They Want

Scammers want you to either respond or click on a malicious link so they can steal your personal and financial information to commit different forms of identity crimes, including financial identity theft.

How to Avoid Being Scammed

  • Ignore emails, texts or social media messages claiming to be from the IRS. Do not respond to the messages or click on any links or attachments because they could be malicious. Acting on the IRS scams by email, text or social media could lead to having your information stolen. The IRS will not email or message anyone. Do not share any personal information, including credit card and bank account numbers, except on the official www.IRS.gov website or the representative you contacted by calling the IRS.
  • Ignore calls claiming to be from the IRS. While IRS scams by email continue to circulate, identity criminals could call you, too. If you receive an unsolicited call claiming to be from the IRS, ignore it. The IRS will not call anyone unsolicited, either.
  • Send phishing emails to the IRS. The IRS asks anyone who receives a phony email to forward it to phishing@irs.gov and note that it seems to be a phishing scam seeking your information.
  • Report the identity crime. You can report any identity fraud to the Federal Trade Commission (FTC) by visiting www.IdentityTheft.gov.

If you have received IRS scams by email, text message, social media or by phone, you can also contact the ITRC toll-free by calling 888.400.5530 or using the live-chat function at www.idtheftcenter.org. ITRC expert advisors will help you create a resolution plan with the steps you need to take.

  • According to ID.me Founder and CEO Blake Hall, the ultimate unemployment benefits fraud totals could be between $200-$300 billion for the last year.  
  • Hall also says that over 50 percent of the claims being paid on are fraudulent, individuals are applying with their own identity in multiple states, and that eligibility fraud is at 30 percent.  
  • To learn more, listen to this week’s episode of The Fraudian Slip.  
  • You can learn more about the identity-related crimes discussed in the podcast and how to protect yourself from identity fraud and compromises by visiting the ITRC’s website www.idtheftcenter.org
  • If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit www.idtheftcenter.org to get started. 

Below is a transcript of our podcast with special guest Blake Hall, CEO of ID.me 

Welcome to The Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud that impact people and businesses. 

This month, March, we will explore one of the key issues at the root of the tsunami of fraudulent unemployment benefit claims prompted by the COVID-19 pandemic. The level of benefit fraud has gone from truly unprecedented to staggering. 

In mid-2020, the Inspector General for the U.S. Department of Labor told Congress that stolen unemployment benefits could reach $26 billion. That was before the state of California warned benefit fraud had already exceeded $11 billion just in that state. This past weekend, officials now estimate the amount of fraud to be more than $60 billion.  

Our guest on this month’s podcast, ID.me Founder and CEO Blake Hall, predicts the ultimate unemployment benefits fraud totals will be between $200-$300 billion. He also says over 50 percent of the claims being paid on are fraudulent, individuals are applying with their own identity in multiple states, and that eligibility fraud is at 30 percent.  

This is just one piece of a bigger identity-related fraud puzzle. Complaints to the Federal Trade Commission (FTC) about identity-related fraud more than doubled in 2020, with government credential and benefit fraud topping the list. 

What is the common denominator here? Automated and manual processes are used to prove we are who we say we are. I.D. verification and validation is a bedrock principle of our technology-driven world. Professional cybercriminals have largely figured out how to get around common identity proofing techniques.  

In some cases, well-meaning state officials even “pulled the goalie” last year by relaxing verification standards to help speed benefits to people impacted by the pandemic who desperately needed the help.  

There is good news to be found when it comes to identity verification. Private companies and government agencies are rapidly moving away from traditional I.D. proofing and to more modern, secure, and accurate ways of proving you are who you claim to be. 

We talked with ID.me CEO Blake Hall about the following: 

  • Traditional ways to verify identities, and how they failed in 2020 
  • State of the Art in I.D. verification 
  • What is next for I.D. verification in the age of privacy 

We also talked with ITRC CEO Eva Velasquez about the following: 

  • What happened in 2020 with identity-related fraud  
  • What individuals can do to protect themselves against identity-related fraud 
  • Resources available to help consumers protect themselves from identity-related fraud 

For answers to all of these questions, listen to this week’s episode of  The Fraudian Slip Podcast

By Eva Velasquez, president and CEO, Identity Theft Resource Center 

  • The Identity Theft Resource Center (ITRC) expects to see the number of victims of COVID-19 identity crimes continue to rise in 2021. The ITRC’s new data shows an increase in identity crime victims being targeted multiple times (28 percent in 2019 versus 21 percent in 2018) before pandemic-related identity crimes. The ITRC expects to see victims targeted multiple times continue to rise. 
  • Right now, victim resources are not top of mind for many people. Since 2018, U.S. Department of Justice funds allocated for all crime victim services has fallen from a high of $3.7 billion to $1.9 billion. 
  • Focusing on just the dollar losses of identity fraud paints an incomplete picture because it does not consider long-term impacts or each victim’s unique situation. 
  • Additional pandemic-related benefits and stimulus payments due in early 2021 will also result in more identity crime victims linked to new benefit fraud cases.  
  • Join experts from the ITRC and the Federal Trade Commission (FTC) on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. 

The last year has been a difficult one for many people. Some have lost their jobs, others have had to close their businesses and many people have gotten sick or lost loved ones from the coronavirus. Another segment of people affected has not gotten as much attention: victims of COVID-19 identity crimes.  

The Impacts of COVID-19 Identity Crimes in 2020 

Millions of state unemployment benefit-related identity theft cases have been detected across the country since March 2020. On average, the Identity Theft Resource Center (ITRC) receives less than 20 inquiries regarding unemployment benefits a year. In 2020, the ITRC had more than 700 unemployment benefits fraud victims reach out for help. 2020 also saw a sharp increase in scams. Criminals had countless opportunities to trick people with phishing scams, charity scams, healthcare scams, disaster scams and work-from-home scams.  

What to Expect in 2021 

The ITRC believes COVID-19 identity crimes will impact victims well into 2021. Many victims may not be aware that their identity credentials were misused until they receive an IRS Form 1099 for non-wage income. The ITRC’s research also shows a significant increase in identity crime victims being victimized a second time, even before the rise in fraud, scams and identity crimes in 2020. The post-pandemic analysis should show an even greater spike.  

The Ripple Effects of the Pandemic-Related Identity Crimes 

Resources for identity crimes are not keeping pace with the criminals. Trends identified by the ITRC and many private-sector researchers show that profit-motivated cybercriminals are using consumer’s and employee’s bad security habits, as well as the changing work environment, to attack businesses more often. Yet, resources for cybersecurity training and education along with identity-related crime victim assistants are moving in the opposite direction. 

Since 2018, U.S. Department of Justice (DOJ) funds allocated for all crime victim services has dropped from a high of $3.7 billion to $1.9 billion. Discretionary DOJ grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020. Funds to programs that support victims of identity crimes and compromises, cybercrime, scams and fraud have been reduced to $0. 

Meanwhile, the average ransomware payment has grown from less than $10,000 per incident in late 2018 to $233,000 as of Q3 2020, with some large enterprises reportedly paying ransoms over $1 million, according to cybersecurity firm Coveware. The most common root cause (55 percent) of ransomware attacks is stolen credentials to access a business system or network remotely. 

Measuring just the dollar amount paints an incomplete picture. A dollar sign does not take into account the trauma, downstream effects and lost opportunity costs for each of the victims whose identity credentials were misused. New ITRC research that will be published in May 2021 reveals an increase in identity crime victims being targeted multiple times. Nearly 28 percent of victims reported a second identity crime in 2019 versus 21 percent in 2018. At the ITRC, we expect to see that number continue to go up, especially after the rise in COVID-19 identity crimes.  

What It Means Moving Forward 

The data shows that COVID-19 identity crimes will continue in 2021, and more victims will suffer from the trauma of a second and even third identity crime. Someone that does not trust an infrastructure that has failed them will continue to disengage. Some victims cannot meet their basic needs or find a job because they cannot pass a background check until they get the fraud resolved. How long does that take? How does someone explain that to an employer? They are simply the victim of a crime that is not acknowledged to have the devasting life impacts that it does.  

The statistics show we are not winning the battle to protect ourselves from cybercriminals. Winning will require us to devote more resources toward assisting victims and devote more time and attention to educating consumers and employees of their need to be cyber-aware and vigilant. 

What to Do If You’re a Victim of Identity Theft 

If anyone believes their information may have been compromised, we suggest contacting us toll-free. Consumers can call (888.400.5530) or live-chat with an identity theft advisor to start their remediation process. Our experts will help advise victims on the best next steps for them to take.  

Learn more  

People can learn more about identity theft and COVID-19. Join experts from the ITRC and the FTC on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. We’ll explore topics including identity theft involving unemployment benefits, federal stimulus payments, Small Business Administration loans and more. Register here

The webinar is being held as part of the FTC’s Identity Theft Awareness Week, February 1-5, 2021. To find out more about the week’s events and the FTC’s free identity theft resources, please visit the FTC’s website

The Identity Theft Resource Center’s 2021 Predictions show fundamental shifts in how identity crimes are committed, what cybercriminals want, and the resources available to help victims

SAN DIEGO, December 1, 2020 – The Identity Theft Resource Center® (ITRC), a nationally recognized non-profit organization established to support victims of identity crimes and compromises, has released its 2021 predictions and trends. There are four things the ITRC expects to see in the next calendar year: 

ITRC 2021 Predictions
The ITRC’s 2021 predictions include fundamental shifts in how identity crimes are committed, what cybercriminals want, and the resources available to help victims.

1. Key U.S. government resources dedicated to financial and identity crime victims have been eliminated. The ITRC believes options for direct assistance will continue to decline in 2021. 

  • Since 2018, U.S. Department of Justice funds allocated for all crime victim services has dropped from a high of $3.7 billion to $1.9 billion. A vast majority of the funds have been awarded to the states to administer government offices such as prosecutors’ offices and police departments. 
  • Discretionary grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020.  
  • Funds to programs that support victims of financial crimes, including identity crimes and compromises, cybercrime and scams/fraud have been reduced to $0. 

2. Cybercriminals are relying less on consumers’ personal information and more on consumer behaviors to commit identity-related crimes, making personal information less valuable and attractive to cybercriminals. The ITRC believes this could be a long-term trend. 

  • Cybercriminals are making more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. 
  • As a result, data breaches are on pace to be down by 30 percent in 2020 and the number of individuals impacted down more than 60 percent year-over-year. 
  • Cybercriminals are focusing on cyberattacks that require logins and passwords to get access to corporate networks for ransomware or Business Email Compromise (BEC) scams. These attacks require less effort, are largely automated, the risk of getting caught is less, and the payouts are much higher than taking over an individuals’ account. The average ransomware payouts for all businesses have grown from less than $10,000 in Q3 2018 to more than $178,000 per event by the end of Q2 2020. Large enterprises are making average ransomware payments of over $1 million. BEC scams cost businesses more than $1.8 billion in 2019. 

3. The ITRC believes pandemic-related identity crimes will impact victims well into 2021. Re-victimization rates for identity crimes and compromises are rising, too. 

  • Millions of state unemployment benefit-related identity theft cases have been detected across the country since March 2020. Victims may not be aware that unemployment benefits have been obtained using their identity credentials until they file their tax returns and discover that the IRS is penalizing them for failing to claim the fraudulent benefits as income. 
  • The ITRC’s Aftermath survey data shows an increase in identity crime re-victimization (28 percent in 2019 versus 21 percent in 2018) occurring before the massive increase in fraud/scams and identity crimes in 2020. The post-pandemic analysis should show an even greater rise.   
  • Subscribe to our data breach newsletter to get our full 2020 report in late January 2021. The 2020 data breach report will expand on some of the 2021 predictions.  

4. The ITRC expects privacy, cybersecurity and identity laws to continue to merge into a more holistic set of public policies – at least at the state level – as evidenced by California voters passing the Consumers Privacy Rights Act (CPRA), the toughest privacy law in the U.S.  

  • The European Union started the trend in 2016 with the adoption of the comprehensive General Data Protection Regulation (GDPR) that governs data, identity privacy and cybersecurity. Two U.S. states followed in 2019 and 2020 with GDPR style laws – New York and California – with more states exploring similar laws when the COVID-19 pandemic interrupted most state legislative sessions. 
  • California voters approved the CPRA, a more comprehensive privacy and cybersecurity law that brings the state’s unified approach closer to the GDPR. The CPRA adds more consumer controls over behavioral marketing and requires routine cybersecurity audits and privacy risk assessments for companies that collect and maintain consumer information. 

“While we cannot predict what will happen in the future, some of the data is troubling,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Federal government funds for victim services continue to be reduced, and they have been eliminated for identity crime victims. That action comes at a time when fraud and cybercrime that impact consumers are growing. The number of “repeat” victims – people who have been the target of more than one identity crime or compromise – is also on the rise along with the non-financial impacts of these crimes.” 

“There is a clear shift in tactics away from cyberattacks that require mass amounts of consumer information to fuel identity crimes – and that’s good news for consumers. With that said, businesses of all sizes are now the targets of cybercriminals who know how to take advantage of human behaviors – not hope for a technology failure – to rake in billions of dollars. That harms consumers, too.” 

“There are clearly some headwinds to provide assistance to identity crime victims. However, just as we have been for 20 years, the ITRC will fight for those impacted by the misuse of their identity.” 

Anyone can receive free support and guidance from a knowledgeable live-advisor by calling 888.400.5530 or visiting  www.idtheftcenter.org to live-chat. 

About the Identity Theft Resource Center®  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a non-profit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live-chat feature and ID Theft Help app. For more information, visit: https://www.idtheftcenter.org  

Media Contact  

Identity Theft Resource Center  
Alex Achten   
Earned & Owned Media Specialist  
888.400.5530 Ext. 3611  

Third-party sellers on Amazon are buying their own products so they can leave five-star reviews, then using victims’ names and addresses to disguise themselves as customers. 

Who Is It Targeting: Amazon customers

What Is It: Brushing scam that uses another person’s information to place fake orders

What Are They After: This Amazon brushing scam is tricky because while victims are not charged for the goods that appear on their doorstep, being a victim still means that someone has gained access to your name, mailing address, and other information. Some people may not think of this as being victims of a scam, but there is no way of knowing what else these scammers could be doing with your personal data.

In a post on Reddit, one user randomly received a weeding tool and posted to understand what he received in the mail by mistake, unknowing it was part of a brushing scam.

Image of Reddit.com

Another Reddit user let the original poster alerted them to the possibility of this being a scam and referred them back to our resources for assistance.

How Can You Avoid It: If you begin receiving packages that are addressed to you but you did not order, contact the retailer immediately. Change your passwords on your online accounts, just in case the scammer got your address by hacking an account.

According to The Verge, Amazon will start disclosing the names and addresses of US-based third-party sellers on its Marketplace platform as part of an effort to fight counterfeiters. The company announced the change in a note sent to sellers on Wednesday, and goes into effect on September 1st.

If you think you may be a victim of identity theft or an Amazon brushing scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. Find more information about current scams and alerts here.

You might also like…

The Unconventional 2020 Data Breach Trends Continue

School District Data Breaches Continue to be a Playground for Hackers

Brushing Scam: Can it Really Hurt You?

The Federal Trade Commission announced that it will be closed due to a lapse in its funding until the government shutdown ends. That means a number of critical services for consumers, businesses, law enforcement agencies, and other organizations will be temporarily unavailable. Some services—as outlined on the FTC’s website and the announcement on the shutdown—will still be in operation but with reduced staff numbers; this can have a big impact on those services and the timeliness of the support.

Consumers will not be able to file reports or notify the FTC of scams, fraud, or other similar issues during this time. Identity theft reports will also be on hold, as will the National Do Not Call Registry, the Consumer Sentinel Network for law enforcement, and other critical functions.

In the meantime, the non-profit partner Identity Theft Resource Center is ready and willing to help consumers in need and provide valuable insights to any law enforcement agencies or policymakers. The toll-free helpline (888) 400 – 5530 and live chat feature provide immediate answers to questions and concerns about your data, your privacy, and your first steps in the event of suspected identity theft.

ITRC resources can also help keep you informed about the latest scams, fraud, and cybersecurity trends, as well as provide you with actionable steps to avoid becoming a victim. Should you find yourself snared by this kind of criminal activity, our knowledgeable staff can help you take action. The website is also filled with helpful documents that are categorized by the type of consumer issue to assist you in finding the right resources. The Identity Theft Resource Center also has a free ID Theft Help app, which gives you access to resources and tips to protect your identity, a case log feature to help remediate your case as well as the ability to contact our call center advisors.

Fortunately, the FTC’s website and social media channels will still be available with past information, although these outlets will not continue to be updated during the shutdown. The ITRC will continue to post updates and new information at IDTheftCenter.org as well as on its Facebook and Twitter accounts.

During this time, it’s vital that consumers and businesses be extra vigilant about protecting themselves. There’s never a good time to let your guard down when it comes to your identity or your privacy, but at a time when the safeguards are suspended, it’s even more important that individuals use an air of caution when it comes to consumer interactions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The 2018 Impact of Data Breaches and Cybercrime

Pyramid schemes are nothing new. They go by many names and offer a lot of different variations, some of which sound like harmless fun or even legitimate business opportunities. But in the end, not only are pyramid schemes a good way to lose a lot of money and the trust of your friends and family, they’re also illegal.

Last year, ITRC exposed a new Facebook pyramid scheme called the Secret Sisterhood Gift Exchange that left users at risk. It is beginning to resurface again this year and here’s how you can stay ahead of the game. If you’re new to the concept of this kind of scam, a pyramid scheme works by building on your own “meager” investment. You are approached by someone who’s already involved in the scam and told that if you pay up the specified cost, you will then make a multifold return on your “investment” by recruiting others to join in the scam. For example, you may be asked to pay $5,000, which is shared among the people on the level above you; then you’re tasked with recruiting ten other people to each pay $5,000. You will make a portion of their investments, as will the people above you. The selling point for the hapless people you recruit is that they will turn around and each find ten people to join in, and the game goes on.

It’s not hard to see why this is illegal under the endless chain scheme laws. All it takes for one person—possibly even you—to lose all your money and make no return is for someone to not uphold the bargain of finding ten people to each pay in their share.

But what about the ones that don’t require massive cash payments? Over the years, this type of scam has been presented with everything from children’s books to dish towels to panties—seriously, ladies’ underwear, in which you send a pair of undies to the next person on the list, then get ten other people to join in the panty fun. Even the old concept of the chain letter—“send this letter to twenty of your friends within the next twenty-four hours…don’t let the chain be broken or there will be deadly consequences!”—seems harmless on the surface because it doesn’t appear to cost you anything more than some postage or a click of your email forwarding mouse. But that’s not actually what’s at stake.

A new scam that’s making its way around social media is called the “secret sister” game, and it’s nothing more than an old-fashioned pyramid scheme. In this version, new recruits agree to send a $10 gift—perhaps a candle, some gloves, or some fancy lotion—to the names on the list. They will then turn around and recruit ten more people to do the same, thereby ensuring that they receive $10 gifts from thirty-six people down the line. It seems harmless enough, right?

Wrong. First of all, it violates the terms of service for sites like Facebook, and could result in your account being blocked. In this era of privacy, security and identity theft, there’s simply no reason to participate in a “game” of this kind. Even if you end up a winner, what you win is a houseful of cheap gifts from total strangers. The more likely outcome, though, is the possibility that someone is gathering and storing the personal information on everyone who plays along. This kind of threat is too great to ignore for a cheap candle from someone you’ve never met.

For your own sake, and the safety of your identifying information, you need to file this one in the “something for nothing” scam drawer and get rid of it. Whether it’s money, children’s books, chain letters, or even underwear, no one starts these things because they have too much free time on their hands. There’s typically an underlying motive that you can’t see, and in this case the consequences could be lasting damage to your identity.

As always, anyone who believes their identity has been stolen or their personal data has been compromised is invited to connect with the ITRC through our 24-hour toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.