Posts

  • The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  


COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19

  • The software provider behind some of the largest travel websites, Prestige Software, maintained a cloud database without a password. The unsecured database led to approximately 10 million accounts being available to view online to anyone who knew where to look.  
  • Prestige Software provides technology services to Booking.com, Expedia, Hotels.com, Sabre and other hotel reservation websites around the world. Information included credit card details, payment details and reservation details dating back to 2013.  
  • While there is no evidence the exposed information is being misused, travel website users should change their passwords on their accounts (our experts suggest enacting a passphrase), add two-factor authentication, freeze their credit, monitor their bank statements for any unusual activity and keep an eye out for phishing attempts.  
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat on the company website. 
  • For the latest on data breaches, visit the ITRC’s data breach tracking tool notifiedTM

Subscribe to the Weekly Breach Breakdown Podcast 

Every week the Identity Theft Resource Center (ITRC) looks at some of the top data compromises from the previous week and other relevant privacy and cybersecurity news in our Weekly Breach Breakdown Podcast. This week, we look at the all too frequent event in the world of data – unsecured databases. 

A Lack of Secure Online Databases 

In the context of data protection, repeating the same mistake can have significant consequences. It is why cybersecurity professionals tend to focus on preventing data breaches. That requires them to continually adapt their strategies and tactics to match those of the treat actors who are frequently attacking company systems.  

 Securing online databases continues to slip away from cybersecurity teams. The software provider behind some of the world’s largest travel websites maintained a cloud database without a password, leading to 10 million accounts being available online for access by anyone who knew where to look.  

Forensic researchers believe the available information dates back to 2013 and only relates to hotel reservations. While the information contained in the unsecured database could be used to commit several identity crimes and fraud, right now, there is no evidence the information has been copied and removed from the database. Also, right now, there are no reports of the data being used. 

Software Provider Behind Large Travel Websites Leaves Database Unsecured 

Prestige Software provides technology services to websites that many consumers may have used, including: 

  • Booking.com 
  • Expedia 
  • Hotels.com 
  • Sabre (The reservation system used by American Airlines) 
  • Other hotel reservation websites & mobile apps 

The cloud database was hosted in an Amazon Web Services (AWS) environment that included basic security protections. However, they were not configured. Prestige Software confirmed the database was open to the internet and is now secured.  

Information Exposed Due to Unsecure Prestige Software Database 

The information stored in the unsecured database included large amounts of personal information like full names, email addresses, national I.D. numbers and phone numbers of hotel guests. Additional information stored includes: 

Credit card details: card number, cardholder’s name, CVV and expiration date 

Payment details: total cost of hotel reservations 

Reservation details: reservation number, dates of a stay, the price paid per night, additional requests made by guests, number of people, guest names and much more 

What Impacted Consumers Need To Do 

Consumers who have used these travel websites should assume that any information they shared since 2013 is in the wild and available to be misused in identity crimes, fraud and phishing schemes. Consumers should act as if they have already received a breach notice due to the unsecured database and take the necessary steps to protect their personal information

  • Change your passwords on the travel accounts to a longer, memorable passphrase. Make sure it is unique to the account. Do not use the same passphrase on more than only one account because it helps the bad guys. 
  • Add two-factor authentication. 
  • Freeze your creditif you haven’t already, and monitor your credit card statements for unusual activity over the next few months. 
  • Keep an eye out for phishing attemptsespecially related to any websites affected by this breach or other travel-related websites. Remember, the best protection is to never click on unsolicited links. If you are unsure, contact the company directly.  

How It Impacts Prestige Software 

For the company, the impacts of the lapse in cybersecurity could be significant. Prestige Software is based in Spain and subject to the European Union’s strict privacy and cybersecurity law, known as the General Data Protection Regulation (GDPR). Companies found to have failed to protect consumer information are subject to significant fines up to four percent of their annual revenue.  

Also, companies that process credit cards are subject to self-regulations. The penalty for failing to comply with the Payment Card Industry (PCI) standards include, in some cases, a company losing the right to process debit and credit cards. It is surprising that we have to continue to remind companies of a simple fact: Companies are responsible for securing their cloud environments, not cloud platform providers like Amazon, IBM, Microsoft or any other cloud services companies. Cloud hosts will make basic tools available, but companies have to use them. Also, companies are still responsible for patching their applications and maintaining their advanced cybersecurity tools.  

notifiedTM  

For information about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notifiedTM. It is updated daily and free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC 

If you believe you have been affected by the Prestige Software database exposure and want to learn more or think you’re the victim of an identity crime, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website. Also, download the free ID Theft Help App to access resources, a case log and much more.  

Join us on our weekly data breach podcast to get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform. 


Timberline, BankSight and MAXEX Headline the Most Notable Data Breaches in October

California Voters Pass Strongest Privacy Law in the U.S. – The California Privacy Rights Act (CPRA)

Reports Show Consumer Privacy and Cybersecurity Views Have Evolved

  • A new unsubscribe email scam tries to scare people into “unsubscribing” from confirmation emails coming from an adult dating list.
  • The unsubscribe button could lead to malware or to a form to steal your personal information.
  • Anyone who receives a suspicious email they are not expecting should ignore it and not click on any links, open any attachments, or download any files. Users can also report the email as spam.
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

Scammers are always looking for new ways to dupe consumers into turning over their personal information or spreading malware to one of their devices. A new unsubscribe email scam reported to the Identity Theft Resource Center (ITRC) tries to trick people into clicking an “unsubscribe button” that could be either a malicious link or a form to steal your personal information.

Who It Is Targeting

Email users

What It Is

A “confirmation” email that claims you received a private message from an adult dating website. The fake email asks the user to confirm by entering their email address and name, and it gives people an option to “unsubscribe” if they would like to stop receiving the adult dating list emails. Scammers use scare tactics such as an email from an adult website in hopes people will click the “unsubscribe” button.

What They Are After

Entering your email address and name into the confirmation email gives cybercriminals the personal information needed to commit identity crimes. Clicking the “unsubscribe” button could lead to malware infecting your device, or to a form that asks for your personal information.

What You Can Do

  • If you receive a suspicious or unexpected message that includes links or asks for your information, ignore it. If it claims to be from a legitimate company, go directly to the source to verify the validity of the message.
  • Do not click on any links, open any attachments, or download any files in an email or text unless you confirm it is legitimate.
  • Use your email provider’s “spam” feature to report the email as junk rather than clicking unsubscribe.

If you believe you have fallen victim to an unsubscribe email scam or have additional questions, call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.

  • The Federal Trade Commission reports that people who lost money to scams that started on social media has more than tripled in 2020, with a significant increase in the second quarter of the year. 
  • The increase in social media scams fits the overall 2020 trend of more phishing scams on channels besides email. 
  • Some recent social media scams include romance scamsfake advertisements, and social media messages offering grant money or giveaways. 
  • To reduce the risk of falling for a social media scam, don’t click on any links from unknown messages, do research on any ad seen on social media, and never send money to someone you’ve never met in person. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530, or speak with an expert advisor via live-chat on the company website. 

There is an increase of social media scams in 2020, fitting the overall trend of the year of more phishing scams on channels besides email. Scams strike people in many different ways, ranging from robocalls to phishing attacks. While social media websites are another platform scammers use for their attacks, it’s not always the first place people think to monitor when they hear the phrase “phishing scams.” 

Scammers Take Advantage of More People Online During COVID-19 

However, 2020 is different. Social media is already a great place to connect, but especially right now due to COVID-19. More people are using social media, and scammers are aware. In fact, more scammers are hanging out on the sites, posing a greater threat for scams to users. Scammers know COVID-19 changes the way people live, and they try to take advantage in any way possible. 

New Report on Increase in Social Media Scams 

The Federal Trade Commission (FTC) reports that people who lost money to scams that started on social media has more than tripled in 2020, with a significant increase in the second quarter of the year. The FTC says the growth has been happening for years, reporting social media scam fraud losses of $134 million in 2019.  

However, the first half of 2020 had $117 million in fraud losses from social media scams alone. Some recent social media scams include romance scamsfake advertisements, and social media messages offering grant money or giveaways. Often, scammers create fake profiles of people victims may know to take advantage of them. In some cases, scammers will even take over a real person’s account. 

How to Avoid a Social Media Scam 

Consumers can do a handful of things to reduce their risk of falling victim to a social media scam.  

  1. Check the validity of any ad you see on social media. Do a quick Google search of the supposed business followed by “complaints,” “reviews” or “scam.” This will help you determine whether or not the company has been reported or accused of any suspicious activity. Also, directly search for the company website. Any legitimate company will most likely have contact information on their webpage. 
  1. Never click on a link or open an attachment without verifying the validity of the message or ad. You can do this by directly reaching out to the company to see if they sent the message or posted the ad. If not, it is probably a scam. If you cannot find any contact information for the company, it is probably a scam. 
  1. Reach out directly by phone or email to the friend or family member asking for money or personal information. If they did not send the message, the sender’s account was probably hacked. 
  1. Never send money or personal information to someone you have never met in person. Imposter scams, where scammers try to trick people into giving up personal information or money by posing as someone fake, continue to rise throughout the country.  
  1. Regularly check your privacy settings on all of your social media platforms. Make it more challenging for scammers to target you by limiting what you share online. 

Contact the Identity Theft Resource Center 

Consumers should be aware of the 2020 trend around scams and that scammers will continue to hang out in the social media space. However, if everyone does their part, they can still enjoy the platforms with minimal risk of falling for a social media scam.  

To learn more, or if you believe you are the victim of a social media scam, reach out to the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 or by live-chat on the company website. Also, download the ITRC’s free ID Theft Help app for access to additional resources. 


Read more of our latest articles below

Phishing Attack Report Reveals Microsoft is the Top Spoofed Brand and Other Data Breach News

New VPN Security Vulnerability Could Affect Businesses and Consumers

Election Scams Begin to Surface with the General Election Less than One Month Away

  • Election scams are beginning to appear, prompting the FBI and Cybersecurity and Infrastructure Security Agency (CISA) to warn consumers that spoofed internet domains and email accounts pose cyber and disinformation risks to voters. 
  • Scammers are also looking to trick voters by mimicking ballot-tracking text services
  • Identity thieves are seeking many different forms of personally identifiable information (PII), looking to commit malware attacks, and creating fake websites to collect PII or spread false or misleading information. 
  • Consumers should never share PII, respond to any unexpected messages until they have verified the website address, email address or text message link by checking with the legitimate source.  
  • For more information, or if you fell victim to an election scam, reach out to the Identity Theft Resource Center toll-free at 888.400.5530 or on our website via live-chat.  

The general election is less than one month away, and scammers are aware. Multiple voting organizations are expressing concerns over fake election-related websites that look like official voting resources, but contain false or misleading information, as well as phishing emails that are designed to gather personally identifiable information (PII) or spread malware. Some states are also seeing scammers trying to trick voters with phony text messages, like in California, where they mimic ballot-tracking text services. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) want to help people spot and avoid every form of election scam.  

Who It Is Targeting 

Voters; Online device users 

What It Is 

Scammers are using many different tactics to try to trick voters: 

  • They create fake election-related websites to spread misinformation, confuse people, or trick voters into sharing personal information ahead of the November 3 elections. According to the FBI and CISA, election scams around fake websites aim to mislead voters and try to use interest around voting to steal people’s passwords. Scammers create websites that try to imitate election websites by altering one or two letters in the site’s address.  
  • Another election scam the FBI and CISA want people to be aware of is phishing emails. Scammers email voters from spoofed addresses that appear to come from election officials.  
  • Scammers are using text messages to attack, too. Some text messages claim they are from the United States Postal Service (USPS). Others look like they are from the Registrar of Voters asking consumers to take a survey or re-register to vote. Some even offer prizes for voting or registering to vote. 

What They Are After 

“There’s risk to you personally,” James Lee, Chief Operating Officer of the Identity Theft Resource Center (ITRC), told NBC 7 San Diego in an interview. “And in this case, because we’re talking about an election, there’s risk to our society. There’s risk to our country.” 

All of these election scams try to steal usernames, passwords or email addresses. They lead to the collection of PII and spread malware, leading to the potential of more compromises and financial losses in the future. 

What You Can Do 

  • Verify the spelling of all websites, email addresses or links in text messages. Make sure domains consist of http or https at the beginning of the domain, and .gov at the end if it is a government website. 
  • If you receive an unexpected or unsolicited email or text message, ignore it and do not click on any links. Go directly to the source to verify the validity of the message. 
  • Find election information from trustworthy websites, like the Election Assistance Commission.  
  • Make sure all of your applications are up-to-date and update your anti-virus and anti-malware systems. 
  • If possible, use two-factor authentication (2FA) on your accounts.  
  • Disable or remove unneeded applications from your devices. 

If you believe you are a victim of an election scam or want to learn more, contact the ITRC to speak with an expert advisor toll-free at 888.400.5530. You can also live-chat with us on our company website. 

The coronavirus is making a lasting impact on the United States in many different ways. More than 175,000 people have died from the coronavirus, and 57+ million Americans have filed for unemployment. Another noticeable impact is the dramatic increase in scams and identity theft. There have been more than 92,000 COVID-19 fraud reports and $118+ million lost from fraud, according to the Federal Trade Commission. A story published by the Washington Post reports that no event over the last decade has spawned as many schemes or lasted this long.

Since COVID-19 began seriously affecting the U.S. in March, fraudsters and scammers have been trying to take advantage of the situation to steal or misuse people’s personally identifiable information (PII) in any way possible to commit identity theft. Recently, scammers have been taking advantage of the medical space to commit financial identity theft from COVID-19, using many different methods.

Medicare and Medicaid Scams

There is some good news when it comes to COVID-19 scams. COVID-related phishing scams appear to be on the decline. According to CheckPoint, July saw a 50 percent decrease in COVID-19 scams compared to June. However, CheckPoint reported that COVID-19 medical and vaccine-related scams are still in high demand as the race is on to find a vaccine. The U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG) echoes a similar message. The HHS-OIG says scammers are offering tests to Medicare beneficiaries in exchange for PII, like Medicare and Medicaid information to commit financial identity theft.

The AMAC Foundation is so concerned about the current issue that they and Medicare.gov are sending a notice warning recipients of the scams. The HHS-OIG believes fraudsters are targeting recipients with telemarketing calls, text messages, social media messages and door-to-door visits in their effort to steal PII. PII can be used to bill Federal health care and commit financial identity theft fraudulently.

Insurance Scams

Insurance scams are another financial identity theft concern from COVID-19 with telemedicine being so widely available, as mentioned by the Coalition Against Insurance Fraud. The Coalition warns that costly insurance scams can exploit the burgeoning arms-length telemedicine. Tele-schemes can steal patients’ identities and defraud their insurance policies.

Medical Identity Theft Threat

While fraudsters are using the medical space to commit financial identity theft from COVID-19, there is also a risk of medical identity theft. According to a story published by CBS Dallas, hackers know more people are using the healthcare system, and they know they can take advantage of the situation.

If hackers get their hands on medical records, it could leave a lasting impact. The Senior Director of Threat Hunting and Intelligence at Binary Defense says someone who steals a victim’s identity can go as far as getting an expensive medical procedure done and charge it to the victim’s insurance account. The story suggests consumers give out the bare minimum amount of PII at medical appointments, ensure the provider’s online portals are secure, and ask providers to delete all of their medical records from the database once they are no longer a patient to help reduce their risk of falling victim to identity theft.

What You Can Do

Scammers are using Medicare and Medicaid scams, insurance scams, and a rise in people using the healthcare system to commit identity theft – particularly financial identity theft from COVID-19. However, there are still actions you can take to reduce your risk of falling victim to a COVID-19 scam or financial identity theft.

  • Medicare and Medicaid beneficiaries should be cautious of any unsolicited requests for Medicare or Medicaid numbers
  • Keep an eye out for unexpected calls or messages that ask for PII. If someone receives a message with a link or an attachment, do not click or open anything. (NOTE: A physician or trusted health care provider will approve any COVID-19 tests or treatments.)
  • Anyone suspicious of COVID-19 healthcare fraud should report it online to the U.S. Department of Health and Human Services Office of Inspector General or call 800.HHS.TIPS

If you are the victim of financial identity theft from COVID-19, or a COVID-19 scam, you can call the Identity Theft Resource Center toll-free at 888.400.5530. You can also live-chat on our website to speak with an expert advisor.


Read more of our latest news below

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

Phishing attacks are nothing new. However, with scammers increasingly using sophisticated and new methods of harming recipients that experts are not as familiar with, being able to identify a phishing attack has never been more important. They can arrive as emails, texts, social media messages, phone calls or links to websites which appear to come from someone the victim knows or a legitimate business. It might look like a boss or co-worker, someone in an email contact list, a bank or a consumer’s favorite retailer.

Trusted brands are used to provide an air of credibility for scammers, who capitalize on the good reputation and relationships these brands have built. Some brands that have been used in phishing attacks to target consumers include Wells Fargo, Zoom, American Express, Apple and Microsoft. The companies being used are not involved in these scams; in many ways, they are victims of the scammer as much as the targeted consumer.

Every phishing attack has a different goal, depending on what kind of ruse they are using. Some use links or attachments to insert malicious code on the user’s device so they can collect more information. Others attempt to steal people’s personal and business usernames or passwords,  and others still try to get someone to click on a well-disguised link so they can divert them to a place where the user enters even more information that the fraudster will use to his or her benefit. While phishing attacks have different objectives, the attackers’ primary goal is to steal the information needed to scam individuals and businesses.

Fortunately, the age-old advice about avoiding a phishing attack still holds true. These are some things people should keep in mind when trying to identify a phishing attack.

Check the email address and URL to make sure it is not fake

Check unexpected inbound messages very carefully, paying special attention to the sender’s email or website address included in the message; they might notice something strange. If it says “Amaz0n.com,” for example, it is fake. If the website link is Citibank.card.shop.com (as an example), instead of the company’s actual web address, again, it is probably fake. Always go back to the source of the email (or in this case, the company that is being represented) and check for alerts about potential scams of which they are already aware. Many times, the company is aware and has posted information about the scam.

Never click on an unknown link or open an unexpected attachment

Received an unexpected email, text, social media message or phone call with a link or an attachment?  Consumers should reach out directly to the purported “source” of the communication to verify the validity of the message before clicking on a link or opening an attachment (as mentioned above). Clicking on a malicious link or opening a bogus attachment could lead to someone’s personal information being stolen or infect the device with malware.

Check the message for grammatical errors and awkward phrasing

Read unexpected messages carefully and with a critical eye. Grammatical errors and awkward language are two quick indicators that the email isn’t sent by the company indicated. In trying to identify a phishing attack, customers should remember that companies do not send out emails or other messages with glaring errors – in most cases, large, reputable companies have teams checking their communications for just those types of issues. Smaller businesses may have a looser communication style, but loyal customers will know if something is “off.”  If someone sees any strange mistakes, that is probably a sign it is a fake. In fact, sometimes spelling mistakes are intentional so that only more gullible recipients will interact.

Never trust the caller ID

Do not go by what the caller ID may say. It is easy for a scammer to change the phone number or screen name to say anything, like “IRS” or “County Sheriff’s Department.” If someone calls with an attempt to verify identity information or demands for some kind of payment, consumers should hang up immediately and initiate contact with the company directly using a verified phone number from a trusted source. Here’s a tip: people should put numbers in their contact list for companies that are used regularly – but name them something only they would identify. For example, list the bank as “Bank on 4th & Main St.” instead of by the bank’s name. That way, if there’s an inbound call from the number, the person receiving the call will know they can trust it.

Remember that in many cases, fraudsters are using websites that look like the companies they are pretending to be. A web search could also bring someone to a potential fraudulent site. People should always treat the search results with the same critical eye as they would these other steps.

Phishing attacks can be confusing because of how close to real they can look or sound. Scam websites, emails, phone calls and text messages that mimic trusted brands will continue. However, by implementing these tips to identify a phishing attack, it will help reduce the risk of falling for a phishing attack.

Anyone with additional questions about phishing attacks, or believes they have been a victim of one, can call the Identity Theft Resource Center toll-free at 888.400.5530 to speak with an expert advisor. They can also use the live-chat feature on the website to get the help they need.


You might also like…