• A new Google Photo sharing scam is the latest attempt to steal your credentials to hack and access your accounts.
  • You receive a message claiming to be from Google Photo that says someone is sharing a photo album with you. You’re asked to log into your account, except the message isn’t real, and the criminals take off with your Google credentials.
  • If you receive a message you are not expecting or from someone you don’t know, don’t click on any link in the message.
  • If you want to learn more about the Google Photo sharing scam or if you are a victim, contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat. Just visit www.idtheftcenter.org to get started.

Scammers always try to find different ways to attack consumers. One new attempt is through a text or email that appears to come from Google Photo. The Identity Theft Resource Center (ITRC) recently received a suspicious message that appeared to be a legitimate attempt to share a Google Photo album. However, it was actually a phishing scam.

Like many phishing attacks, the Google Photo sharing scam is an attempt to steal your credentials. The tactic has become more common with cybercriminals shifting away from attacks seeking consumer information and towards attacks that target logins and passwords. 

Who is the Target?

Text message users; email users

What is the Scam?

You receive what appears to be a real attempt to share a Google Photo album. The message claims that someone has shared a photo album with you. However, there is no photo album. Once you click the “View Photo” link, you are prompted to another website to log into your Google account. Since the website captures the login information, you then provide the identity thieves with access to your credentials and account.

What They Want

It’s always easier to steal something when you have the key to a lock instead of having to break into where valuables are kept. Identity criminals want to access personal and work accounts because that’s easier and faster than trying to break into a system. The Google Photo sharing scam is a way for identity criminals to get the credentials needed to access and steal personal and company information. According to the FBI, email compromises cost U.S. businesses $1.8 billion, and phishing schemes cost individuals $54 million in 2020.

How to Avoid Being Scammed

  • Never click on a link in a suspicious or unexpected message. While the message might look legitimate, the links and attachments could still have malware. Instead, if the message comes from a “company,” reach out to the company directly to verify whether the message is real. If it comes from an unknown person, delete the message without clicking any links.
  • Check the URL link and be on the lookout for short links. Sometimes, there are signs in the link that give away it is a scam. For example, a link address might read “Goo.gle” instead of “Google.” You are more likely to see that when a link is shortened, a favorite tactic of cybercriminals. Another tactic is typing out a hyperlinked text to what looks like a legitimate website (like Google.com). However, it actually displays an unknown site when you hover over the link.
  • Use Multifactor Authentication (MFA) on important accounts. Even trained cybersecurity professionals fall for sophisticated phishing attempts that look real. That’s why it’s important to use MFA on any account that offers the feature. Use an authenticator app when possible – Microsoft and Google offer them for free – because they are more secure than just having a code texted to your mobile device. With MFA in place, having your login and password won’t help a criminal access your protected accounts.
  • Never reuse or share passwords. Criminals steal logins and passwords because they know most people use the same password on multiple accounts. Too many people also use the same passwords at home and work. Make sure each account has a unique password that is at least 12 characters long.

If you believe you are a victim of a Google Photo sharing scam or would like to learn more, contact the ITRC toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.   

  • An Internal Revenue Service (IRS) text scam is circulating to get consumers’ personal information, which may put them at further risk of tax identity crimes. 
  • According to the Federal Trade Commission (FTC), imposter scams were the top reported fraud in 2020. The FTC had approximately 500,000 reports of the scam, leading to an estimated $1.2 billion in lost funds.  
  • People may receive text messages from their tax service but will never get a text message directly from the IRS. (People should still independently check with their filing service because scammers may also spoof tax filing entities.
  • If anyone receives a text claiming to be from the IRS, they should ignore it, not click on any links or attachments, forward the text and originating phone number to the IRS at 202.552.1226 and then delete the text message. 
  • For more information on IRS text scams or if someone believes they are a victim of tax identity theft, they can visit www.idtheftcenter.org for resources or speak with an advisor toll-free by phone (888.400.5530) or live-chat. 

IRS Text Scam Pops Up on First Day to File

February 12, 2021, is the first day for people to file their 2020 tax returns, and many consumers may receive an email or notification from their tax service that it is time to file. Scammers are trying to take advantage by posing as IRS agents to exploit tax filers. 

The Identity Theft Resource Center (ITRC) has received reports of a new Internal Revenue Service (IRS) text scam that claims “your federal tax return was rejected.” The IRS text scam is designed to get consumers’ personal information, which puts people at additional risk of tax identity theft. Here’s an example of the IRS text scam sent to the ITRC: 

Example of the IRS Text Scam sent to the Identity Theft Resource Center

Government Imposter Scams Continue to Spread 

The IRS text scam is not a new tactic for scammers. Government imposter scams were among the top frauds in 2020 reported by the Federal Trade Commission (FTC). The FTC says that they received nearly 500,000 reports of imposter scams that cost people $1.2 billion, with a median loss of $850. Government and business imposter scams were among the top categories of COVID-19 and stimulus-related reports. 

Cybercriminals Target Tax Season 

Criminals know they can take advantage of tax season by posing as an IRS representative, especially with more Americans likely to receive a Form 1099-G because their state employment office is providing documentation for receipt of unemployment benefits. However, many of those taxpayers may be victims of unemployment benefits fraud because identity thieves received benefits in their name.  

What You Should Do 

The IRS will not text anyone about their tax return. People may receive a text from their tax filer, but never from the IRS. (People should still independently check with their filing service because scammers may also spoof tax filing entities.)  

If anyone gets a text message claiming to be the IRS, they should do the following: 

  1. Do not respond, open any attachments or click on any links. An attachment or a link could contain a malicious code that has the ability to infect someone’s device. 
  1. The IRS asks people to forward the IRS text scam and the originating phone number as-is to  202.552.1226.  
  1. After forwarding the information to the IRS, the original text message should be deleted.  

It is also a good idea to never respond to any unsolicited messages. Instead, consumers should reach out directly to the company or person the message claims to be from to verify the message’s validity. People should also refrain from providing their personal information unless it is necessary or with a trusted organization. 

Contact the ITRC 

Anyone who believes they are the victim of an IRS text scam, tax identity theft, or wants to learn more can visit the ITRC website for additional resources. They can also contact an advisor toll-free by phone (888.400.5530) or by live-chat. All people have to do is visit www.idtheftcenter.org to get started. 

*Originally posted December 2015. Updated as of December 14, 2020.

  • Facebook users have recently been receiving messages about winning a “Christmas bonus.” These messages are scams. 
  • The messages come from cloned accounts of one of the user’s real Facebook friends.  
  • If anyone receives a message about a Christmas bonus on Facebook, they should ignore it. If it comes from the Facebook page or someone they know, they should alert them that their Facebook has been hacked or cloned. People should also consider reporting it to Facebook.  
  • If anyone wants to learn more about the Facebook Christmas bonus scam or believes they are a victim, they should contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website. 
One user alerted others and pointed to the ITRC for free assistance

Facebook users have been targeted by scammers offering a “Christmas bonus” or a “Christmas Benefit.” The Identity Theft Resource Center (ITRC) has spotted multiple Facebook Christmas bonus scam posts warning others of the scam.      

Who is the Target 

Facebook users; social media profiles

What is the Scam 

Example of Christmas bonus

Facebook users receive messages from individuals in their contact lists about winning a “Christmas bonus.” The messages are coming from the cloned accounts of friends, and they state that the individual has won a Facebook Christmas Bonus Giveaway. The targeted victim is then directed to contact a “Facebook Agent,” who will send a message that the winning is a random contest sponsored by Powerball.

The scammers will then ask for personal information to deliver the winnings. They may also ask for a small “transfer fee” to transfer the money into the victim’s account. Once the victim gives them their money or their personal information, the scammers disappear and do not award the “bonus.” Facebook Christmas bonus scams can use various tactics from scam to scam. However, they all are after the same thing. 

“Christmas Bonus Cash Guarantee” Facebook page targeting vulnerable populations

What They Want 

Personal information or direct payment 

How You Can Avoid Being Scammed 

  • If you receive a Facebook message stating that you have won something, chances are it is a scam. Do not respond.  
  • Delete the message and inform your friend that their Facebook account might be hacked or cloned. 
  • Report the Facebook Christmas bonus scam to Facebook 

If you believe you are a victim of a Facebook Christmas bonus scam or would like to learn more, contact the ITRC Center toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.  

  • A new unsubscribe email scam tries to scare people into “unsubscribing” from confirmation emails coming from an adult dating list.
  • The unsubscribe button could lead to malware or to a form to steal your personal information.
  • Anyone who receives a suspicious email they are not expecting should ignore it and not click on any links, open any attachments, or download any files. Users can also report the email as spam.
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

Scammers are always looking for new ways to dupe consumers into turning over their personal information or spreading malware to one of their devices. A new unsubscribe email scam reported to the Identity Theft Resource Center (ITRC) tries to trick people into clicking an “unsubscribe button” that could be either a malicious link or a form to steal your personal information.

Who It Is Targeting

Email users

What It Is

A “confirmation” email that claims you received a private message from an adult dating website. The fake email asks the user to confirm by entering their email address and name, and it gives people an option to “unsubscribe” if they would like to stop receiving the adult dating list emails. Scammers use scare tactics such as an email from an adult website in hopes people will click the “unsubscribe” button.

What They Are After

Entering your email address and name into the confirmation email gives cybercriminals the personal information needed to commit identity crimes. Clicking the “unsubscribe” button could lead to malware infecting your device, or to a form that asks for your personal information.

What You Can Do

  • If you receive a suspicious or unexpected message that includes links or asks for your information, ignore it. If it claims to be from a legitimate company, go directly to the source to verify the validity of the message.
  • Do not click on any links, open any attachments, or download any files in an email or text unless you confirm it is legitimate.
  • Use your email provider’s “spam” feature to report the email as junk rather than clicking unsubscribe.

If you believe you have fallen victim to an unsubscribe email scam or have additional questions, call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

Classes being moved to virtual and students being off of campus is not stopping scammers from targeting students. According to the Federal Trade Commission, a recent college student stimulus check scam claims to be from universities’ financial departments. However, it’s a trap to steal sensitive information and install malware on students’ devices.

Who is it targeting: College students

What it Is: Phishing scam that steals information, potentially installs malware

What Are They After: This recent email scam is disguised as a message from the victim’s university’s “financial department” regarding their COVID-19 economic stimulus check. The email claims it needs to be opened from a portal using a university login. If a student logs in with their university account, they could give away their login credentials and potentially download malware to their device.

How You Can Avoid It:

  • Investigate – If you are suspicious of an email, contact the sender directly to verify that they are legitimate. Look up their phone number or website yourself. Do not click on any links.
  • Pay attention to detail- Bad grammar and spelling can be a way to spot a phishing email. Another clue that the email is not from your school is if they use the wrong department name (calling themselves the Financial Department rather than the Financial Aid Department).

If a student thinks they may have been targeted by a stimulus check scam, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call for toll-free, no-cost assistance at 888.400.5530. For full details on the college student stimulus check scam, consumers can check out this article from the FTC.


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

A long-time scam tactic has made a comeback amid the coronavirus pandemic. COVID-19 catfishing scams are out in full force in an attempt to play on people’s emotions and steal their personally identifiable information to commit fraud.

Who Is It Targeting: Social media and dating app users

What Is It: A scam where someone creates a fake social media profile to target victims for financial donations or sensitive personal information used for identity theft.

What Are They After: Scammers are stealing photos of frontline workers to lure in victims to give money to a fake charity, or to steal their personal information to commit fraud. As reported by NBC, one student nurse had to report a fake Facebook page over 400 times as it was soliciting illegitimate coronavirus donations.

Despite an increase in awareness of similar scams, fake accounts are becoming more common. In the FBI’s 2019 Internet Crime Report, there were 1,000 more reports of confidence fraud and romance cybercrimes compared to 2018. Those statistics are an example of why so many people might be getting targeted by COVID-19 catfishing scams.

How Can You Avoid It:

  • Research the person the profile claims to be
  • If someone refuses to meet in person, it is probably a scam
  • Never give money or personal information to someone who will not meet in person
  • Consider making all social media profiles private and report any abuse to the appropriate platform

If someone believes they are a victim of a COVID-19 catfishing scam or find a picture of themselves on a fake profile, they can live-chat with an Identity Theft Resource Center advisor. They can also call toll-free at 888.400.5530.


You might also like…

CAM4 DATA EXPOSURE LEAKS BILLIONS OF RECORDS FROM ADULT STREAMING WEBSITE

THIRD CHEGG DATA BREACH IN THREE YEARS IMPACTS NEARLY 700 EMPLOYEES

BILL & MELINDA GATES FOUNDATION, CDC, NIH AND WHO EMPLOYEE INFORMATION EXPOSED

Scammers are looking to scare people into falling for a COVID-19 contamination scam that contains a link that is designed to steal personal information.  Scammers are sending potential victims a text message informing them that someone they know tested positive for the coronavirus. However, it is just a trap.

Who Is It Targeting: Text message users

What Is It: A phishing scam based on fears of COVID-19

What Are They After: Text message users have reportedly received alerts that someone they know has tested positive for COVID-19. The message instructs them to self-isolate immediately, and then to click the link for further information and action. However, it is all part of a COVID-19 contamination scam. Police have warned that the link is likely designed to steal people’s personal data.

How Can You Avoid It:

  • Stay informed; COVID-19 information is not yet being shared this way
  • Never click a link, download an attachment or open a file that you were not specifically expecting
  • Follow trusted sources like the CDC or your local EMA for accurate information on the virus

If you think you may be a victim of identity theft or a COVID-19 contamination scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530 or live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from IDTheftCenter.org.


You might also like…

CASHAPP SCAMS SEE A RISE DUE TO COVID-19

WHY HAVE YOU NOT RECEIVED YOUR STIMULUS CHECK PAYMENT YET?

CHOOSE STRONG SECURITY QUESTIONS/ANSWERS FOR ONLINE ACCOUNTS

With news of the economic hardship surrounding the containment of COVID-19, scammers are out in full force trying to get consumers to fall for CashApp scams by clicking on fraudulent and malicious links that could steal people’s money and identity.

Who Is It Targeting: Social media users, email recipients, text messaging platforms

What Is It: A phishing scam that claims to donate money to its victims

What Are They After: Like all newsworthy events, scammers have come up with a variety of ways to capitalize on the current concerns surrounding COVID-19 in order to steal money, identities or both. In this version, it is messages that offer the would-be victims’ free money via CashApp to help them through this difficult time with a link to participate. However, since it is a CashApp scam, the link is fraudulent and malicious and can lead to problems for anyone who follows it.

How Can You Avoid It:

  • No one will ever contact you out of nowhere to give you money
  • Never click a link, download a file or open an attachment that you were not expecting
  • Never input your login credentials for someone who requests them

If you think you may be a victim of identity theft or a CashApp scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530, or live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from IDTheftCenter.org


You might also like…

WHY HAVE YOU NOT RECEIVED YOUR STIMULUS CHECK PAYMENT YET?

CHOOSE STRONG SECURITY QUESTIONS/ANSWERS FOR ONLINE ACCOUNTS

FINANCIAL DATABASE LEAK LEADS TO OVER 500,000 DOCUMENTS EXPOSED ONLINE

Grandparent scams have been around for a long time. However, scammers are coming up with a new twist based on the coronavirus. COVID-19 grandparent scams are playing on the fears many people have right now, that they might lose a loved one.

Who Is It Targeting: Phone and email users

What Is It: A grandparent scam is a phishing scam that claims your family member is in trouble

What Are They After: Scammers are posing as grandchildren who claim they are sick and need money to pay their hospital bills. The information is easily gleaned from social media accounts, giving the caller a name that the person knows to use in their scam. In the current times of the coronavirus, COVID-19 grandparent scams can be particularly compelling.

How You Can Avoid It:

  • Never make a payment over the phone to anyone you do not know or were not expecting to hear from
  • Resist the urge to act immediately, no matter how dramatic the story is
  • If you receive a call like one of these, say that you have to go to the store or bank to secure the money and have them call you back; during that time, reach out to your friend or relative to confirm that they are okay

If people have questions regarding COVID-19 grandparent scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will provide assistance as quickly as possible.


You might also be interested in…

The Treasury Department and IRS announced that the automatic distribution of stimulus checks will start within the next week, with no action required for most people. Scammers are already one step ahead with IRS stimulus check scams and have started making calls asking for people’s bank account number to deposit their check.

Who Is It Targeting: Individuals awaiting the stimulus checks

What Is It: Phony IRS stimulus check scam calls asking for bank account numbers in order to receive a $1,200 stimulus check payment

What They Are After: Scammers will use this opportunity to try and trick consumers that the IRS needs their bank account information in order to deposit the check. In reality, no one has to give their personal information to receive the payment. As noted in this Forbes article, “Eligible taxpayers who filed tax returns in either 2019 or 2018 will automatically receive an economic impact payment.”

How You Can Avoid It:

  • Never give out personal information over the phone, especially to numbers you do not recognize.
  • Check the facts! If you get a call saying it is an IRS stimulus check scam, know it is a scam.the IRS will not call you. Federal aid will either be deposited via account information the IRS already has from your tax filings or they will send you a check.

If people have questions regarding stimulus check scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor.

For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


You might also like…