Spoofed Email Attack

On June 28, 2021, the Identity Theft Resource Center (ITRC) discovered a particular form of a phishing attack (also known as a brand spoofing attack) imitating our non-profit organization. The spoofed email, which was determined to be an identity monitoring services scam, sent offers of an “elite search account” with monitoring services to “track your social security, name, address, phone, and any other pertinent information that may be compromised over the web.”

The ITRC Never Charges Consumers or Collects Sensitive Information

The ITRC never charges consumers for assistance and any communication you receive claiming to offer an ITRC service for a fee is a scam. The ITRC only provides no-cost identity theft victim remediation services for individuals that does not include a monitoring service.

The ITRC also does not request or collect sensitive personal information like Social Security numbers, driver’s license numbers or physical addresses. The ITRC may ask for your email or phone number to send you free identity theft resources and educational advice. The limited information you share is never sold to anyone and only to be shared with our research partners with your permission.

What is a Brand Spoofing Attack?

For Consumers:

With this attack style, a cybercriminal imitates a well-known brand to offer a product or service. The attack may also include a live operator acting as a contact center service representative.  Consumers need to follow the best practices for avoiding phishing attacks:

  • Be suspicious of emails that claim you must pay, click for your offer or open an attachment immediately.
  • Think about if you have ever interacted with the company before. If this is a new company or account, go directly to their website or call to ask them if the offer is legitimate.
  • If you think you clicked on a malicious attachment, be sure to run an update on your computer and consider anti-virus software.
  • If you gave away your personal or financial information, place a credit freeze on your credit reports and monitor your accounts regularly.

For Businesses:

If your business email, website, social media accounts, or text services were used in a brand spoofing attack, notify your customers or visitors of the spoof and the steps they should take if they have given their account password or financial information to a criminal. You may direct victims to the ITRC’s contact center or website for free assistance.

Read more about business email imposter recovery steps to take with advice from the Federal Trade Commission.

What You Need to Know About Identity Monitoring Services Scams

In an identity monitoring services scam, an identity thief poses as a well-known brand or government agency and contacts you to say your identity has been compromised. They have discovered your personal information on the dark web and insist you should pay for services to monitor your identity.

The identity monitoring services scam is similar to the IT support scam where the cybercriminal poses as Microsoft, Apple, etc. to say your computer has been infected with malware and is alerting you. They then urge you to clean it up as soon as possible and will take your credit card information or payment through gift card to clean up the infection for you.

Report to the ITRC

If you receive an email, phone call or other communication that asks for your personal or financial information to pay for a service, report it directly to the ITRC to receive our free remediation services to help protect your identity and help prevent additional identity crimes. The ITRC’s expert advisors will help you take additional steps if required, to secure your identity.

Contact the ITRC for Free Identity Theft Information

If you accidentally click on a link of a brand phishing attack or provide information to what you discover later was a fake website form, contact the ITRC toll-free at 888.400.5530 or live-chat with an expert advisor on the company website www.idtheftcenter.org. An advisor will walk you through the steps to take to protect yourself from any possible identity misuse. 

The ITRC is a non-profit organization established in 1999 to empower and guide consumers, victims, business, and government to minimize risk and mitigate the impact of identity compromise and crime. Read more about our mission.