Posts

Mystery shopping has been around for a long time. Mystery shoppers help businesses, retailers and restaurants get information on the quality of their stores in exchange for money. In the past, scammers have found ways to turn the service into a mystery shopper scam, also known as a secret shopper scam. These scams are resurfacing during the coronavirus due to over 45 million people filing for unemployment and looking for some extra cash.

There are different forms of mystery shopper scams. One popular version of the scam is when scammers pose as retailers looking to lure people into being secret shoppers. They ask victims to pay for their products or training and then take off with their money. Fraudsters will also steal a victim’s personally identifiable information (PII) from the application they filled out and commit identity theft.

Another version of the mystery shopper scam includes fake checks. In this scam, the victim signs up to become a secret shopper through an online form – potentially giving away sensitive PII like Social Security numbers, date of birth and address. Then the victim is sent a check in the mail to use to secretly shop at a store. Once the check is posted to their bank account, the victim begins to shop as instructed. In some instances, the victim is told to buy reloadable cards and send pictures of them and their PIN card numbers from the back. Once the bank finds out the check is fake, the victim is on the hook for all of the money that they spent plus bank fees. This particular version of the scam lures victims in with a fake check, like the one pictured below that was sent to the Identity Theft Resource Center (ITRC) from a mystery shopper scam victim:

At first glance the check appears to be legitimate. However, while the check says it is to PNC bank, the routing number is for HSBC. Hanover Insurance Company also has a notice on their website about fraudulent checks.

The ITRC was also sent this letter that went along with the check:

While the letter also seems legitimate at first glance, the company listed is Assign Retailer Metrics Inc. instead of Hanover Insurance Company. The letter also asks people to take pictures of the card numbers and scratched PIN numbers and email them to a Gmail account instead of a company account. These are just a few signs that prove this is a secret shopper scam.

Mystery shoppers can be very effective for retailers because the secret shopper can buy whatever the retailer wants them to buy and then report back their experience. However, it can leave consumers looking for a way to make a little extra money in the difficult economy vulnerable to being taken advantage of by ne’er-do-wells. There are things people can do to reduce their risk of falling for a mystery shopper scam.

To avoid these types of scams, people should:

  • Never pay to be a mystery shopper – don’t wire money or  send a “deposit” via PayPal, Venmo, or Zelle
  • Do NOT give out PII on an application
  • Be wary if offered a lot of money for a simple task
  • Cash the check at an issuing bank or wait until the money has not just posted but cleared the other account; if the check is not good, the victim can return the cash into their account

There are also things people can do to spot a legitimate mystery shopping opportunity. People should:

  • Do their research on legitimate opportunities; search the internet for reviews and comments on mystery shopping jobs
  • Remember they are paid to be a mystery shopper (typically after the task is completed); they do not have to pay to do it

Anyone who believes they are a victim of a mystery shopper scam can live-chat with an ITRC expert advisor or call toll-free at 888.400.5530. Advisors will guide victims on the next steps they need to take.


You might also like…

Identity Theft Resource Center Announces Change to Board of Directors

Google Alert Scam Sends Fake Data Breach Notifications Embedded With Malware

Hackers Take Advantage of COVID-19 Closures to Launch Claire’s Data Breach

Free credit reports are now available to access every week to help minimize the long-term economic impacts of COVID-19. The continuing crisis surrounding the virus has affected people’s lives in many ways. However, fear of the economic impact is also at the top of many people’s minds. Across the U.S., more than 40 million people have filed for unemployment benefits since the first wave of the coronavirus closures and many business owners have had to shut their doors. Some employees wonder if their jobs will be waiting for them and business owners question whether they will be able to reopen once it is safe to do so.

Fortunately, there is some good news for consumers who are concerned about their financial security. The three major credit reporting agencies are offering free credit reports every week through April 2021.

While the economic impacts can be far-reaching, there are other harmful effects as well. Data breaches continue to happen. At least six states who have established public-facing websites for filing unemployment claims have exposed tens of thousands of users’ identity credentials online. There have already been reports of scammers targeting those seeking assistance with phishing attempts.

Consumers have been entitled to a free copy of their credit reports, up to one copy per year from each of the three major credit reporting agencies—TransUnion, Equifax and Experian. Those reports are readily available from AnnualCreditReport.com and are easy to download. However, requesting further reports after the initial free request (in a twelve-month period) could incur a fee. Now, consumers will be able to access each of their free credit reports every week through next spring with no additional cost.

For consumers, checking and understanding their credit report is vital in order to maintain some control over their financial health. It gives them a clearer picture of their current debt and spending potential, as well as help uncover whether or not malicious actors have been using their identities. Any fraudulent charges, purchases and lines of credit would appear on the credit report, making it helpful for monitoring one’s identity. To request a free credit report, users need to visit AnnualCreditReport.com and enter their information. The report will be available for download almost immediately. For more information on how to request a report and why it is a useful tool, click here. If there are any signs of suspicious activity on the report—such as purchases, new credit cards or too many inquiries from lenders—consumers can contact the Identity Theft Resource Center via live-chat or toll-free at 888.400.5530.


You might also like…

DARK WEB DATA BREACH LEADS TO THIEVES STEALING FROM THIEVES

AERIES DATA BREACH AFFECTS SCHOOL DISTRICTS ACROSS CALIFORNIA

PURPORTED LIVEJOURNAL DATA BREACH LEADS TO 26 MILLION USER RECORDS BEING STOLEN

State and local governments around the country are working hard on plans, and in some cases, starting to execute, to carefully reopen their communities and businesses in the wake of the COVID-19 pandemic. Data is being tracked; task forces are mobilizing and planning; and the “new normal” is beginning to take shape. However, this could lead to an increase in reopening job scams.

More jobs could be a welcomed sight for over 40 million U.S. workers who have had to file for unemployment benefits since mid-March. Some consumers expect to return to their old jobs. However, many others will be looking for a new one.

According to a survey issued by FlexJobs, 19 percent of respondents reported that they have already been victimized by an employment scam. The company further stated that for every legitimate work-from-home job—a highly sought-after option during the pandemic—there are between sixty and seventy scam offers. Out of concern for consumers, as they seek employment, the FBI is warning the public about reopening job scams or fake job offers that would ordinarily raise some red flags if not for the specific changes that quarantine has required.

The FBI says they have seen an uptick in fake job and hiring scams with cybercriminals posing as legitimate employers by spoofing company websites and posting fake job openings on popular online job boards. One of the scams involves fraudsters going as far as conducting false interviews with applicants, then requesting personal information or money that could be transferred to a private location. The Better Business Bureau told FOX 13 in Memphis that fraudsters are using the COVID-19 pandemic in their employment scams to make them more believable.

Fortunately, much of the same caution that applied to job-seeking before COVID-19 still applies. Consumers should know the source of the job listing and only use reputable websites to find employment opportunities. To avoid a reopening job scam, consumers should also be mindful of unsolicited emails and offers with outrageous claims—such as, “Earn $3,000 a week working from home.”

Once a job posting is found, consumers should also be careful about how much personal data they share, at least during the application period. If a company claims they want to do a phone, Skype or Zoom interview due to social distancing and safety, that’s okay. However, it does not mean candidates should turn over information like their Social Security numbers until they have been hired.

Finally, to avoid a job reopening scam, consumers should remember that legitimate jobs don’t usually require any upfront fees or costs. Even things like company uniforms or specialized equipment such as steel-toed shoes are often deducted from the first paycheck or purchased by the employee through an outside company. Typically, they are not charged in the form of a payment. If an employer asks for a finder’s fee, administrative fee, background check fee or any other funds, it is probably a reopening job scam. Even for legitimate actions like submitting a bank account number and routing number for direct depositing of paychecks, it’s important to be sure the company is legitimate and the job has already been awarded before submitting the information. If someone believes they are victim to a COVID-19 reopening job scam, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530.


You might also like…

ShinyHunters Hacks Expose Business Vulnerabilities

Stolen Stimulus Checks Creating Concerns for Consumers

College Student Stimulus Check Scams Begin to Heat Up

Some consumers have yet to receive their stimulus check, leaving many wondering why. The Identity Theft Resource Center has seen a sharp increase in “stolen stimulus check” cases. However, not everyone who believes they had their stimulus check stolen finds that to be the case. In fact, there are a handful of reasons why people could still be waiting. With that said, some are legitimately stolen.

The FTC reports that some stolen stimulus checks appear to be from nursing home residents. Nursing homes in several states have made residents sign over their stimulus checks. Other cases involve people committing physical mail theft, like this New York man who stole over $12,000 worth of stimulus checks. Some thieves are going as far as stealing stimulus checks from postal trucks. The Chicago metro saw multiple postal trucks get broken into in April.

No matter how stimulus checks are being stolen, it can be a headache for consumers and something law enforcement is working to stop. If someone believes they are the victim of a stolen stimulus check, they should report it to the Federal Trade Commission (FTC) and the IRS.

  • Victims of a stolen stimulus check can go to IDTheft.gov and click “Get Started”
  • On the next page, which is titled “Which statement best describes our situation,” victims should click the line that says “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”
  • After the victim answers the questions provided, the page will complete an IRS Identity Theft Affidavit for the victim to submit electronically to the IRS, which can also be downloaded for file keeping
  • The website will provide the victim with a recovery plan to follow that includes steps to prevent identity theft
  • The IRS and their “Get My Payment” tool is a way for consumers to learn the status of their payment, including where it was sent. For more information, consumers can visit the IRS’s Economic Impact Payment Information Center and Get My Payment Frequently Asked Questions pages for detailed, and frequently-updated, answers to questions. They also can find information here about payments that the IRS may have deposited to an account that is not recognized.

It is important for consumers to remember that the IRS will never call, email, text or reach out via social media to anyone about a stolen stimulus check or to receive a stimulus check. If someone does, it is probably a phishing scam looking to steal personal information and should be reported to the proper agency.

If someone had their stimulus check stolen, or had another form of government identity theft,  they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. ITRC advisors will walk victims through the process and tell them where they need to go, who they need to talk to, what they need to say and what they need to do.


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

Classes being moved to virtual and students being off of campus is not stopping scammers from targeting students. According to the Federal Trade Commission, a recent college student stimulus check scam claims to be from universities’ financial departments. However, it’s a trap to steal sensitive information and install malware on students’ devices.

Who is it targeting: College students

What it Is: Phishing scam that steals information, potentially installs malware

What Are They After: This recent email scam is disguised as a message from the victim’s university’s “financial department” regarding their COVID-19 economic stimulus check. The email claims it needs to be opened from a portal using a university login. If a student logs in with their university account, they could give away their login credentials and potentially download malware to their device.

How You Can Avoid It:

  • Investigate – If you are suspicious of an email, contact the sender directly to verify that they are legitimate. Look up their phone number or website yourself. Do not click on any links.
  • Pay attention to detail- Bad grammar and spelling can be a way to spot a phishing email. Another clue that the email is not from your school is if they use the wrong department name (calling themselves the Financial Department rather than the Financial Aid Department).

If a student thinks they may have been targeted by a stimulus check scam, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call for toll-free, no-cost assistance at 888.400.5530. For full details on the college student stimulus check scam, consumers can check out this article from the FTC.


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

This post will be updated as more information becomes available

Contact tracing scams have begun to pick up steam with the evolving technology coming closer to becoming a reality. Some of those scams include hackers and fraudsters posing as contact tracers – both online and in person – trying to steal personally identifiable information (PII), personal health information (PHI) and other personal data.

The United States began the re-opening process after the COVID-19 pandemic closed many aspects of daily life. That is expected to include many precautions to keep people safe, including contact tracing – a method used to find the people who may have come into contact with someone infected with COVID-19. In fact, many people anticipate contact tracing will play a large part in keeping people informed of their risk of exposure until a vaccine is available.

Apple and Google are cooperating to ensure the different phone operating systems are compatible for contact tracing purposes. Apple and Google are also working with health departments across the country to figure out how to roll-out an effective contact tracing Bluetooth-based system that would allow public health departments to create their own contact tracing apps. Despite doubts from some health officials on how useful Apple and Google’s optional systems will be, the two tech companies have developed the digital contact tracing system, and have included it in their latest software updates. Contact tracing apps have already rolled out in other countries. According to MIT Technology Review, so far, there are 25 contact tracing efforts globally. However, none of those apps work in the U.S. Consumers should beware of any attempt to entice them or someone else to download and register for an app.

While app development efforts continue, scammers are tricking people into contact tracing scams using fake apps that steal their personal information. The Better Business Bureau of Connecticut warns people about text messages in their area that appear to be linked to COVID-19 contact tracing, alerting people that they were near someone who tested positive for coronavirus. Police in Washington state are alerting residents of contact tracing scams going around trying to steal sensitive information, including credit card information and Social Security numbers. The Champaign-Urbana Public Health District urges residents not to fall for contact tracing scams, adding that they will never alert people of a positive test via text.

In all of these scams, fraudsters are trying to steal people’s personal information, whether it is by trying to get them to click on unknown malicious links or simply asking for them to provide it. Hackers then have the ability to turn right around and sell the information, which could lead to identity theft. Even when legitimate apps are available, users should check to see if the data they share will be used for marketing purposes without their permission or sold for other purposes.

To avoid a contact tracing scam, people should stay informed on the latest contact tracing details, as well as the most up-to-date COVID-19 information from their state and local health departments. Local health departments will inform people of what a legitimate contact tracer will ask and any protocols they will follow. If anyone gets a text or notification they are not expecting that they were in contact with someone who tested positive for COVID-19, they should ignore it and call their local health department to confirm the validity of the message. They should not provide any information they are asked for, nor should they click any links, open any attachments or download any files.

If anyone believes they have fallen victim to a contact tracing scam or is a victim of identity theft, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. An advisor can help victims create an action plan on the steps they need to take that are customized to their needs.


You might also like…

Online Shopping Safety a Priority During Coronavirus Pandemic

Five State Unemployment Department Data Exposures Uncover System Flaws

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

From groceries and household goods to medicine and clothes, the coronavirus pandemic has forced people to do a fair bit of their shopping online. According to data from ACI Worldwide, in March 2020, online retail shopping saw a rise in sales as high 74 percent year over year. While online shopping is playing an important role in allowing people to stay home and safely shop during COVID-19, hackers are taking note as well. That could be part of the reason why retail and manufacturing companies are seeing the most attacks. It is also why it is so important for consumers to exercise online shopping safety to not expose their personally identifiable information (PII) unwittingly.

Online shopping has grown in popularity and ease of use over the years. The increase of its use due to COVID-19 could lead to a heightened risk of formjacking, when cybercriminals insert malicious code to an existing, reputable website and gain access to its sensitive user information. While shopping the site, the user data is sent to hackers even as the user’s cart is processing as it should with the retailer. According to CNBC, e-skimming attacks intended to steal people’s personal information while shopping online were already increasing before COVID-19. Online shopping amid the pandemic has also led to an increase in fake goods being sold online, like fake cures, vaccines and tests.

Fraudsters understand the consumers’ needs to buy essential and nonessential goods during COVID-19 and are taking advantage. Tenable Research identified an SMS spoofing flaw that could have allowed an attacker to send spoofed messages to any mobile number. While the flaw was patched, hackers could have exploited it with malicious links.

Despite some of the risks of shopping online, there are things consumers can do to practice online shopping safety. People should make sure all of their transactions are at legitimate business websites that they visit directly. If someone comes across any fake products, they should report it to the National IPR Center or the Consumer Product Safety Commission. Finally, when creating an account to shop online, consumers should exercise online shopping safety by using strong security questions and answers.

To reduce the likelihood of falling victim to a phishing attempt while trying to shop online, consumers should protect their computers and devices by using security software, multi-factor authentication and backing up their data. These tips could help reduce the likelihood of a consumer falling for a scam or victim of identity theft. If someone believes they are a victim of identity theft or has any questions regarding online shopping safety, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530.


You might also like…

COVID-19 COULD LEAD TO INCREASE IN TRAVEL LOYALTY ACCOUNT TAKEOVER

COVID-19 CATFISHING SCAMS MAKE A REBOUND AMID PANDEMIC

CAM4 DATA EXPOSURE LEAKS BILLIONS OF RECORDS FROM ADULT STREAMING WEBSITE

During the COVID-19 pandemic, people are not traveling much – if at all. As a result, people could be more susceptible to travel loyalty account takeover (accounts that may include large amounts of personally identifiable information like driver’s license and passport numbers). They could also be more vulnerable to attacks because of past breaches and exposures like MGM, Marriott, Choice Hotels and Carnival Cruise Line, to name a few. Many experts are predicting a long, slow recovery to reach a sense of normalcy, while others believe “normal” will never be quite the same. One of the most impacted areas where that is expected is the travel industry.

With a 95 percent drop in passenger travel and most air passengers flying only in emergency situations, it could be hard for some to envision a speedy recovery for the travel and hospitality industries. For that reason, there is another precaution that consumers need to take in this time of quarantine: monitoring their travel loyalty accounts.

COVID-19 could make it easier for fraudsters to steal consumers’ credit card information, passport information, names, dates of birth, along with any other information included in a travel loyalty account. It could also allow scammers to steal credits and travel funds. In fact, one source cited an estimated fourteen trillion flight and hotel miles already go unused each year. That means a lot of travelers are saving up their bonuses or banking credits for unused trips but not cashing them in at the moment, which could attract hackers to travel loyalty accounts as a means to get their hands on PII as well as cash equivalent benefits.

Travel loyalty account takeover has been a problem for a long time. However, with people putting a halt to their travel plans for the immediate future, identity theft advocates like the Identity Theft Resource Center worry that those unmonitored accounts could be vulnerable to an attack due to lack of use or oversight. Account-holders need to protect themselves, and their accounts, in a variety of ways.

Fortunately, the steps that can help people protect their travel loyalty accounts are identical to the actions that users can take to secure any account type. First, people should monitor their account routinely for any signs of suspicious activity and report the activity immediately. Next, people need to be very cautious about clicking any links in emails, even ones that appear to pertain to travel loyalty credits or funds. Finally, people should secure their account with a strong, unique passphrase—one that is not easily guessed by hacking software and that is not reused on other accounts. It is also advised to change the account passphrase from time to time to prevent credential stuffing.

Anyone who believes they have fallen victim to travel loyalty account takeover is encouraged to live-chat with an expert advisor from the Identity Theft Resource Center. Victims can also call toll-free at 888.400.5530.


You might also be interested in…

COVID-19 Catfishing Scams Make a Rebound Amid Pandemic

CashApp Scams See a Rise Due to COVID-19

A Shift in 2020 Identity Theft Trends as a Result of COVID-19

A long-time scam tactic has made a comeback amid the coronavirus pandemic. COVID-19 catfishing scams are out in full force in an attempt to play on people’s emotions and steal their personally identifiable information to commit fraud.

Who Is It Targeting: Social media and dating app users

What Is It: A scam where someone creates a fake social media profile to target victims for financial donations or sensitive personal information used for identity theft.

What Are They After: Scammers are stealing photos of frontline workers to lure in victims to give money to a fake charity, or to steal their personal information to commit fraud. As reported by NBC, one student nurse had to report a fake Facebook page over 400 times as it was soliciting illegitimate coronavirus donations.

Despite an increase in awareness of similar scams, fake accounts are becoming more common. In the FBI’s 2019 Internet Crime Report, there were 1,000 more reports of confidence fraud and romance cybercrimes compared to 2018. Those statistics are an example of why so many people might be getting targeted by COVID-19 catfishing scams.

How Can You Avoid It:

  • Research the person the profile claims to be
  • If someone refuses to meet in person, it is probably a scam
  • Never give money or personal information to someone who will not meet in person
  • Consider making all social media profiles private and report any abuse to the appropriate platform

If someone believes they are a victim of a COVID-19 catfishing scam or find a picture of themselves on a fake profile, they can live-chat with an Identity Theft Resource Center advisor. They can also call toll-free at 888.400.5530.


You might also like…

CAM4 DATA EXPOSURE LEAKS BILLIONS OF RECORDS FROM ADULT STREAMING WEBSITE

THIRD CHEGG DATA BREACH IN THREE YEARS IMPACTS NEARLY 700 EMPLOYEES

BILL & MELINDA GATES FOUNDATION, CDC, NIH AND WHO EMPLOYEE INFORMATION EXPOSED

Scammers are looking to scare people into falling for a COVID-19 contamination scam that contains a link that is designed to steal personal information.  Scammers are sending potential victims a text message informing them that someone they know tested positive for the coronavirus. However, it is just a trap.

Who Is It Targeting: Text message users

What Is It: A phishing scam based on fears of COVID-19

What Are They After: Text message users have reportedly received alerts that someone they know has tested positive for COVID-19. The message instructs them to self-isolate immediately, and then to click the link for further information and action. However, it is all part of a COVID-19 contamination scam. Police have warned that the link is likely designed to steal people’s personal data.

How Can You Avoid It:

  • Stay informed; COVID-19 information is not yet being shared this way
  • Never click a link, download an attachment or open a file that you were not specifically expecting
  • Follow trusted sources like the CDC or your local EMA for accurate information on the virus

If you think you may be a victim of identity theft or a COVID-19 contamination scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530 or live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from IDTheftCenter.org.


You might also like…

CASHAPP SCAMS SEE A RISE DUE TO COVID-19

WHY HAVE YOU NOT RECEIVED YOUR STIMULUS CHECK PAYMENT YET?

CHOOSE STRONG SECURITY QUESTIONS/ANSWERS FOR ONLINE ACCOUNTS