Due to the coronavirus, the stock market is making headlines right now, for all the wrong reasons. Scammers see it as the perfect time to prey on consumers with investment scams.

Who Is It Targeting: Small-time, first-time, and seasoned investors

What Is It: Various scams that target novice and seasoned investors

What Are They After: When the stock market makes headlines—whether good or bad—scammers are more prone to come after unsuspecting consumers and steal their money. Some investment scams may simply tell victims to invest heavily in a certain stock, while others will actively trick investors into handing over their personally identifiable information. With news of the coronavirus growing each day, this is also a time when spoofed emails—such as those that appear to come from a financial institution or brokerage—can lure someone in and steal their account access.

How Can You Avoid It:

  • Do not act on instinct or be driven by panic
  • Remember that the stock market is a long-term prospect, not a “get rich quick” scheme
  • Always seek out professional information before you respond or take action

If you think you may be a victim of identity theft or an investment scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from TMJ4.com

The big crime money right now seems to be in green energy scams, which target rich and poor alike.

Who Is It Targeting: Would-be investors, socially conscious consumers

What Is It: Bait-and-switch investment scams

What Are They After: Want to buy some swampland in Florida? A bridge in Brooklyn? Most people probably don’t, which is why scammers are luring in victims with more socially-conscious, headline-grabbing methods. Climate change, global warming and initiatives like the Green New Deal are major topics right now. Scammers are using promises of fake “green energy” companies like electric car manufacturing, solar technology, wind farms and other similar ideas to steal from their would-be investors as part of green energy scams.

How Can You Avoid It:

  • Never invest in a company unless all of their filings are available to you
  • Consult with an expert before making any kind of investment
  • Remember that things like flashy websites and digital presentations are easy to make and easy to fake

If you think you may be a victim of identity theft or a green energy scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with one of our expert advisors. Find more information about current scams and alerts here. For full details of this scam check out this article from NBCNews.com.

You might also like…


The University of Utah Health announced that it discovered two different data breaches that impacted patients’ personal data and medical records. The first University of Utah Health data breach gave hackers access to some employees’ email accounts, while a second one is believed to be linked to malware that was discovered on an employee’s computer.

In regards to the first University of Utah Health data breach, investigators believe phishing emails were the culprit. Phishing emails are nothing new—if someone has an email account, they have probably received one before—but the methods that hackers are using are constantly evolving. In the case of a professional setting, the phishing email could look like it comes from a trusted source, such as a third-party that the company does business with or even someone from within the company itself. These hacking attempts often instruct the recipient to enter their username and password to confirm their identity and re-establish their login.

Malware typically happens when someone installs the software on their computer. Opening a harmful attachment in an email, downloading a suspicious file or clicking on a link that takes someone to a malicious website are just a few of the ways hackers can get consumers to fall into one of their traps. Once the malware is installed, the hacker can deploy it on the computer and use it to steal information.

The health center has begun notifying affected patients of the University of Utah Health data breach, but that process is still ongoing. If someone believes they might have been affected, they can reach out to the Identity Theft Resource Center (ITRC) for assistance and information. They can also take some of the following steps if they believe their information may have been compromised in this or any other data breach:

  1. Change your passwords on any sensitive accounts immediately.
  2. Place a freeze on your credit reports with the three major credit reporting agencies.
  3. Monitor your insurance statements carefully for the coming months to make sure no one has used your identity to seek medical treatment or prescriptions.

Victims can reach the ITRC toll-free at 888.400.5530. They can also live chat with an expert advisor that will help them create a customized plan that is tailored to their needs.

You might also like…

Confirming your account can hand your login credentials over to a scammer.

Who Is It Targeting: Email users

What Is It: Phishing scam that targets users with fake confirmation messages

What Are They After: A popular type of scam involves sending large numbers of emails to potential victims, claiming to come from a well-known company. The messages state that users only have a limited amount of time to confirm their accounts by clicking the link and logging in. Unfortunately, when you do that, you will be redirected to a fake page where your username and password are stolen, leading to you falling victim to an account confirmation scam.

How Can You Avoid It:

  • Companies do not need you to log into your account from time to time just to prove you exist
  • Never click a link that you were not expecting
  • Be careful about opening attachments or downloading files since those could be filled with harmful software

If you think you may be a victim of identity theft or an account confirmation scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. Find more information about current scams and alerts here. For full details of this scam check out this article from IDTheftCenter.org.

You might also like…

Grandparent scams are nothing new, but there are certain times of year—like spring break—when they can ramp up as students head out of town on spring break.

Who Is It Targeting: Phone users

What Is It: A grandparent scam is a phishing scam that claims your family member is in trouble

What Are They After: A grandparent scam gets its name from the fact that it once targeted the elderly. However, now anyone can receive a phone call or email that claims someone they know is in trouble and needs help. A typical story might claim that your friend or relative has been arrested and needs money for bail or court costs.

Another might say someone is in the hospital and needs funds immediately for their care. There are even ones that claim someone has been kidnapped and will be hurt if you fail to pay the ransom. There is always some reason why they cannot let you speak to the individual. The information is easily gleaned from your social media accounts, giving the caller a name that you know to use in their scam.

How Can You Avoid It:

  • Never make a payment over the phone to anyone you do not know or were not expecting to hear from
  • Remember that prepaid debit cards, wire transfers and iTunes gift cards would never be required payment methods for the police or a hospital
  • If you receive a call like one of these, say that you have to go to the store or bank to secure the money and have them call you back; during that time, reach out to your friend or relative to confirm that they are okay

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For the latest scams, sign-up for our TMI (Too Much Information) Weekly newsletter.

You might also like…

Medical data breaches can be some of the most damaging breaches because of the types of personal information that hospitals collect. Combine that with the sensitivity of a child’s personal information and there is a potential for child identity theft – medical and financial. San Diego’s Rady Children’s Hospital is just the latest hospital to suffer a data breach. While the Rady Children’s Hospital data breach did not include Social Security numbers, credit card numbers, radiology images, radiology reports or diagnosis, it did include patient names, gender, and in some instances, dates of birth, medical record numbers, parent/guardian names, descriptions of imaging studies and the names of referring physicians.

The hospital learned of the potential incident on January 3, 2020. After an investigation, it was determined that patient names, gender and date and type imaging studies were accessed without authorization through an internet port between June 20, 2019 and January 3, 2020.

The hospital is notifying the 2,360 patients whose information may have been exposed in the Rady Children’s Hospital data breach and providing them with the steps they can take to protect their personal information. In a press release, the hospital states that any patient or legal guardian who receives a letter should review the steps that are outlined in the letter to protect their personal information. The hospital has also provided a toll-free number for people to call who might have questions about the incident (844.902.2025.)

The Rady Children’s Hospital data breach is an example of how thieves might get the personal information of children. However, there are things that the parents can do to reduce their child’s likelihood of falling victim to identity theft following this data breach.

Some red flags of medical identity theft could include:

  • Calls from collection agencies regarding bills or credit cards in your child’s name
  • Your child is denied government assistance or medical insurance because income or benefits have already been assigned to the child’s Social Security number
  • Receiving a medical bill in your child’s name for treatments/services they never received

Keep a close eye on any accounts that may come up in your child’s name. It is recommended to check your child’s credit report because children should not have a credit report in the first place. If one is discovered, parents/legal guardians need to consider placing a freeze on their account and disputing any suspicious activity. Additionally, because of the types of data available in the breach, the potential of a longtail impact to minors is a very real threat. With key information like parents’ name and date of birth, there could be potential risks for children well after the incident is resolved.

If you believe your child may have been the victim of identity theft or their/your information was exposed from the Rady Children’s Hospital data breach, you can call the Identity Theft Resource Center toll-free at 888.400.5530 to speak with one of our advisors. You can also live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.

Scammers are trying out a new “cancellation request” email scam to see if anyone will fall for it, even employees at the Identity Theft Resource Center (ITRC).

There are a few hilarious videos floating around online in which scammers call an unsuspecting victim and threaten to have them arrested. Many of these scammers claim to be with the IRS or the Social Security Administration and inform the consumer that they will be arrested if they do not pay a hefty fine immediately over the phone. The hilarious part? Some of the videos, such as this one, were received by the police.

Of course, scams are not funny when the recipient cannot tell they are being scammed. One “cancellation request” email scam attempt that was received by a staff member of the ITRC claimed to be shutting down their work email address; clicking the “cancel” button would supposedly stop it. Fortunately, as an ITRC staffer, they were very aware of many of the tactics these criminals use and did not click the button.

In the case of the email shutdown message, there was a link button for the recipient to click. As the ITRC and other experts have warned for years, you should never click a link, download a file or open an attachment in any kind of message unless you were specifically expecting it. Why?

  • It can contain a virus
  • It can redirect you to a page that steals your personal information or login credentials
  • It can propagate within your computer or network to look for files that the scammers think are useful
  • It can be ransomware, which will lock up your entire computer or network until you pay the ransom to the scammers

There are things you can do to see whether or not an email is an email scam. First, hover your mouse over the sender’s email address. Do not click it. Just hover. The actual email address will show up in a small box. Next, look for grammar errors or misspellings in the message itself. If you spot any, it is probably not a real message. Finally, on the off-chance there is something to this warning, head over to your account yourself by going directly to the company’s website. Find out if there is anything wrong and handle it that way instead of clicking through. Hackers are always looking for new ways to scam consumers. However, if you implement these practices, it will reduce your risk of falling victim to the latest scam that is making the rounds, including this “cancellation request” email scam.

If you believe you are a victim of identity theft, you can call the Identity Theft Resource Center toll free at 888.400.5530 to speak with one of our advisors or live chat with an advisor on our website. They will help you create an action plan for your case while directing you on the next steps you need to take.

For on-the-go identity assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Unbeknownst to many consumers, the country’s most advanced consumer privacy act just went into effect on January 1, 2020. The California Consumer Privacy Act (CCPA) outlines some of the strongest protections for individual consumers and the companies they choose to do business with. However, some early reporting shows that a lot of people are still not aware of the new legislation.


CCPA provides new protections in the event of a data breach, new tools for consumers to find out exactly what information a company has collected and sold or shared and more. Under the CCPA, consumers also have the right to delete some personal information and opt-in for children. In the CCPA personal information is defined as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information under the CCPA does not include publicly available information.

 Companies doing business in California — whether they are located there or not, or simply have customers or users who reside in the state — must provide more than just the proof of information they have collected. If an individual consumer does not want their information sold to third parties, the CCPA states they have the right to opt-out and the companies must comply. Failure to comply could result in significant fines, penalties and damage awards of up to $7,500 per consumer.

Image of business with notice of CCPA

That has been a sticking point for a number of businesses, though.

There are questions about how businesses will comply with the do not sell requirements. Some companies are claiming that if they “share” their users’ data with an outside company, they are in compliance. The supporters of the CCPA have said selling or sharing is the same thing, though companies like Facebook, CVS, Indeed and others argue their methods of providing users’ information to outsiders does not violate the CCPA.

Image of Conde Nast disclosure of CCPA

Some of the other responsibilities of businesses include a child opt-in requirement, a website notice requirement, a duty to educate, vendor agreements, third-party transfers and cybersecurity protections to prevent a data breach. In the event of a data breach, consumers can now sue to recover up to $750 in costs per data breach. For more information about consumer rights in the event of a data breach or other CCPA rights, click here.

Image of business disclosure of CCPA

Though the California Consumer Privacy Act went into effect on January 1, businesses have until July 1 to comply before enforcement—and presumably, punitive action—begins. It will be interesting to see both how this plays out for businesses that make a lot of money by selling their customers’ information, and how many other states follow suit with legislation of their own.

Sign Up For Identity Theft and Data Breach News

Sign up for the TMI Weekly to stay in the know about potential threats to your identity/privacy and tips to keep you safe. Our monthly breach alert keeps you posted on the latest trends and activity in the world of breaches.

Free Identity Theft Assistance

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

This news is currently evolving and we will update as announcements are made available.  

You might also like…

The holidays have past and a new year is upon us. With that, New Year’s resolutions are beginning to surface. Some resolutions might include going to the gym every day, spending less time on social media or creating a budget you can actually stick to next year. While some of those resolutions might be more realistic than others, there are some practical resolutions you can make that will be even more beneficial. And it’s all based on protecting your identity… In 2019, the Identity Theft Resource Center saw the number of data breaches reported continue to rise. In fact, the ITRC has now recorded over 10,000 data breaches since 2005, hitting the mark this past calendar year. 2019 also saw the announcement of large-scale data breaches like Capital One and healthcare providers and insurance companies continue to be one of the hardest-hit targets, thanks to the overwhelming amount of personally identifiable information (PII) they gather. So what is your New Year’s resolution heading into 2020? If you do not have one, or even if you do, consider making some 2020 identity theft New Year’s resolutions to make your personal data as safe as you can. You can protect your privacy through your simple, everyday habits.

Resolution One: Be Aware of What You Post on Social Media and What You Share

If you are connected online through any of the several social media platforms, you need to know how they work and how to keep your information private.

  • Enact practices that include not oversharing information and change your settings to private.
  • Use different passwords for each social media account.
  • Create strong and unique passwords that include two-factor authentication.

Resolution Two: Guard Your Data

One of your 2020 identity theft New Year’s resolutions should include keeping better tabs on your PII. Do not just turn over your Social Security number without asking why they need it and verifying their plans to protect it. A lot of organizations still ask for it simply out of habit. However, your SSN was designed as a tax identification number, and by law is not to be used for everyday identification purposes.

Resolution Three: Know the Latest Scams and Help Others Stay Alert Too

Fraudsters are always trying to find new ways to attack. That is why it is so important for consumers to stay up-to-date on all of the latest scams, fraud attempts and identity theft information. You can check in with the ITRC for the latest information by signing up for the TMI (Too Much Information) Weekly and following the ITRC on Facebook and Twitter. Once you know about the latest threats, you can help spread the word with friends and family.

Resolution Four: Adopt Good Cyber Hygiene Habits

While 2019 was the year of data, 2020 will be the year of privacy. That is one reason why your 2020 identity theft New Year’s resolutions should include good privacy habits. While data breach fatigue is a recognized phenomenon, the flip side is paranoia that makes you want to unplug and go off the grid. Neither is a solution. Rather, the solution is good privacy habits:

Resolution Five: Watch Out Account Hacks from Credential Stuffing

In 2019 we saw numerous data breaches and account hacks from credential stuffing. Disney+ users saw their accounts sold online after hackers were able to infiltrate their accounts and change the passwords to lock users out. Earlier in the year, TurboTax announced a data breach that was caused by credential stuffing. Consumers need to be sure they are consistently changing their usernames and passwords to reduce the risk of credential stuffing and having any accounts hacked. The unfortunate truth is that some identity theft crimes are unpreventable. However, these 2020 identity theft New Year’s resolutions are steps you can take that will reduce your risk of falling victim to identity theft and increase the likelihood of you spotting a problem quickly. The ITRC is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.

You might also like…

2020 Trends for Identity Theft, Data Privacy, and Cybersecurity

Wawa Data Breach Caused by Card-Stealing Malware Don’t Get Grinched by the Ellen Facebook Scam