Posts

  • Facebook and Instagram users are being targeted by cybercriminals promoting fake grants, particularly grants for COVID-19 relief. Recent grant scams reported to the Identity Theft Resource Center (ITRC) include requests for gift cards to “pay the taxes” if the grant is approved. 
  • The messages come from cloned accounts or hacked profiles of one of the user’s real Facebook or Instagram friends.  
  • Anyone receiving a message about a grant via Facebook, Instagram, phone, or text message should report it.  
  • If anyone wants to learn more about the Facebook grant scam or believes they are a victim, they should contact the ITRC toll-free at 888.400.5530 or by live-chat. Just visit www.idtheftcenter.org to get started. 

While Facebook grant scams have been around for a while, the Identity Theft Resource Center (ITRC) has seen a spike in calls and live-chats around this type of scam, particularly a new version that targets people in need of money due to hardships from the COVID-19 pandemic.  

The grant scam is not just circulating on Facebook. ITRC advisors have also received cases from victims who claim they were targeted on other social media platforms, including Instagram, owned by Facebook. 

Who is the Target 

Facebook users appear to be the primary target. However, other social media platforms like Instagram are beginning to see similar scams. The BBB reports that scammers are also creating versions of the Facebook grant scam to target people by phone and text message.   

What is the Scam 

Cybercriminals attack social media accounts or create lookalike accounts to target friends, family members, or other people trusted by the impacted account owner. Once the account has been compromised, the criminals message the friend telling them about a government grant. 

Some of the recent grant names the ITRC has seen are the Department of Homeland Security (DHS) grant, the RWCB grant, the Federal Government Empowerment grant and the Publisher’s Clearinghouse (PCH) Fee Government grant. The victims are then told to call a phone number about the grant and are asked to fill out a form that includes one’s Social Security number (SSN) and Driver’s License (DL) information before the grant is approved. The “friend” may claim they have already applied for the grant and received the funds. 

ITRC advisors say, right now, the most common reports of the Facebook grant scam evolve around phony grants for COVID-19 relief. The ITRC also continues to see Facebook grant scams where scammers ask for gift cards to “pay their taxes” associated with an approved grant. 

What They Want 

Scammers are looking to escape with the victim’s money, their personal information, or both to commit other identity crimes. 

How You Can Avoid Being Scammed 

  • If you receive a Facebook message from a friend regarding a grant opportunity, chances are it is a scam. Do not respond or provide any personal information. 
  • Inform your friend that their Facebook or Instagram account might be hacked or cloned. A big red flag is if you receive a new friend request from an existing friend and receive a direct or private message about a grant opportunity. 
  • Report the grant scam to FacebookInstagram, or other social media platforms where you receive the fraudulent grant message. Once you’ve reported the scam, delete the message. 
  • Never pay any money for a “free” government grant. A government entity will not ask you to pay a processing fee or taxes for a grant you were awarded, especially in a social media message. 

If you believe you are a victim of a Facebook grant scam or would like to learn more, contact the ITRC Center toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.   

  • Digital wallets, an electronic version of payment cards and accounts, and mobile payment apps have become more popular during the global pandemic. U.S. users jumped from 38 percent to 55 percent of smartphone owners in 2020 because they are more convenient and secure for many consumers. They also help serve an important population: the unbanked and underbanked
  • It can be difficult for some households (approximately 7.1 million) to get a bank account for an array of reasons. Digital wallets and mobile payment apps allow those households to make payments, store funds, transfer money to other financial accounts and even write checks depending on the app.  
  • Digital wallets and mobile payment apps can be less risky than traditional payment methods because there are security measures that are not available when someone pays with a physical card or cash. Because digital wallets are contactless, they also represent less of a health risk during the COVID-19 pandemic. 
  • To learn more about digital wallets, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on our website www.idtheftcenter.org.  

Digital wallets and mobile payment apps continue to grow in popularity. In fact, U.S. users jumped from 38 percent to 55 percent of smartphone owners. A digital wallet allows people to carry much of what they would have in their physical wallet on a mobile device. Payment apps are also surging in popularity. According to an article in Newsday, a recent survey sponsored by SimpleTexting, a Miami Beach provider of text messaging software, shows that 81 percent of those polled use cash apps more often since the COVID-19 pandemic. Digital wallets provide people with more payment options and allow them to convert physical cash to an online account to then link to these services, especially those who are unbanked and underbanked

Digital Wallet vs. Mobile Payment App 

A digital wallet is a virtual version of payment cards and financial accounts that can be accessed on a computer or smart device. Some popular digital wallets include ApplePay, Google Pay, Samsung Pay and PayPal. Mobile payment apps are tied to purchases made at a single business such as Starbucks or Walmart, or an app like Venmo that transfers cash to other people as payment. 

The Benefits and Risks of a Digital Wallet and Mobile Payment App 

Digital wallets and mobile payment apps allow people to simplify how they make payments and what they have to carry with them to purchase items. Both kinds of apps enable consumers to complete transactions without using cash while protecting financial account information and passwords. Digital wallets use security protocols, like two-factor authentication and one-time-use PIN numbers. They also use advanced encryption and virtualization techniques that ensure people’s financial information never leaves their actual device.   

However, that does not mean criminals will not target users. Keeping a device secure by using screen locks and device passwords/biometrics is vitally important, along with the ability to remotely disable a smart device if it’s lost or stolen. If a thief gains access to someone’s digital wallet, they may have the ability to make purchases or steal someone’s fundslike one person from Grosse Pointe Farms. There is still the risk of also being tricked into old-fashioned product or service fraud, too. Users of digital wallets and payment apps need to be cautious and only engage in a transaction if it’s part of a purchase or fund transfer they initiate. 

Digital Wallets and Mobile Payment Apps Help the Unbanked and Underbanked 

The FDIC Survey of Household Use of Banking and Financial Services found that in 2019 approximately 7.1 million U.S. households were unbanked, meaning no one in the home had a bank account. The number of unbanked and underbanked people (U.S. residents with limited access to banking services) is on the decline, and the increased use of digital wallets and payment apps is part of the trend.  

Digital wallets and mobile payment apps are a great answer and a more secure way of making financial transactions for those who cannot or do not want to access a bank’s services. It is safer, there are fewer fees and easier access. Unbanked and underbanked households can make payments, store funds, transfer money to other financial accounts, and even have bill pay (check writing) features depending on the app.  

Digital wallets and mobile payment apps can also improve financial inclusion by reducing people’s dependency on cash and decreasing risks associated with handling money, such as health concerns, fraud, theft, and loss. 

What People Should do to Stay Safe 

  • Enable all the security features like screen lock/biometric lock and Find my iPhone to keep hackers from accessing the digital wallet, payment apps as well as stealing login credentials or money. 
  • Use a strong password and good cyber hygiene/security practices on all accounts to reduce the risk of hacking. The Identity Theft Resource Center (ITRC) encourages consumers to use a passphrase that is at least 12 characters long.  
  • Beware of phishing attacks because they could lead to a hacked account. Consumers should avoid unsolicited emails or text messages that ask the user to send money directly through a digital wallet or payment app. Criminals may send people an unsolicited payment request through a mobile app, so users should only use a digital wallet or mobile payment app if they initiate the transaction.  
  • Look for red flags like payments you did not make using your payment apps. If someone is victimized, they should report it to the app, change their account password and consider scanning their device with antivirus software. 

Contact the ITRC 

If anyone has questions about digital wallets, how to use them or how safe they are, they can contact the ITRC. Consumers can reach a live advisor for free by phone (888.400.5530) or live-chat and can get access to the ITRC’s latest information. All people have to do is visit www.idtheftcenter.org to get started. 

  • An Internal Revenue Service (IRS) text scam is circulating to get consumers’ personal information, which may put them at further risk of tax identity crimes. 
  • According to the Federal Trade Commission (FTC), imposter scams were the top reported fraud in 2020. The FTC had approximately 500,000 reports of the scam, leading to an estimated $1.2 billion in lost funds.  
  • People may receive text messages from their tax service but will never get a text message directly from the IRS. (People should still independently check with their filing service because scammers may also spoof tax filing entities.
  • If anyone receives a text claiming to be from the IRS, they should ignore it, not click on any links or attachments, forward the text and originating phone number to the IRS at 202.552.1226 and then delete the text message. 
  • For more information on IRS text scams or if someone believes they are a victim of tax identity theft, they can visit www.idtheftcenter.org for resources or speak with an advisor toll-free by phone (888.400.5530) or live-chat. 

IRS Text Scam Pops Up on First Day to File

February 12, 2021, is the first day for people to file their 2020 tax returns, and many consumers may receive an email or notification from their tax service that it is time to file. Scammers are trying to take advantage by posing as IRS agents to exploit tax filers. 

The Identity Theft Resource Center (ITRC) has received reports of a new Internal Revenue Service (IRS) text scam that claims “your federal tax return was rejected.” The IRS text scam is designed to get consumers’ personal information, which puts people at additional risk of tax identity theft. Here’s an example of the IRS text scam sent to the ITRC: 

Example of the IRS Text Scam sent to the Identity Theft Resource Center

Government Imposter Scams Continue to Spread 

The IRS text scam is not a new tactic for scammers. Government imposter scams were among the top frauds in 2020 reported by the Federal Trade Commission (FTC). The FTC says that they received nearly 500,000 reports of imposter scams that cost people $1.2 billion, with a median loss of $850. Government and business imposter scams were among the top categories of COVID-19 and stimulus-related reports. 

Cybercriminals Target Tax Season 

Criminals know they can take advantage of tax season by posing as an IRS representative, especially with more Americans likely to receive a Form 1099-G because their state employment office is providing documentation for receipt of unemployment benefits. However, many of those taxpayers may be victims of unemployment benefits fraud because identity thieves received benefits in their name.  

What You Should Do 

The IRS will not text anyone about their tax return. People may receive a text from their tax filer, but never from the IRS. (People should still independently check with their filing service because scammers may also spoof tax filing entities.)  

If anyone gets a text message claiming to be the IRS, they should do the following: 

  1. Do not respond, open any attachments or click on any links. An attachment or a link could contain a malicious code that has the ability to infect someone’s device. 
  1. The IRS asks people to forward the IRS text scam and the originating phone number as-is to  202.552.1226.  
  1. After forwarding the information to the IRS, the original text message should be deleted.  

It is also a good idea to never respond to any unsolicited messages. Instead, consumers should reach out directly to the company or person the message claims to be from to verify the message’s validity. People should also refrain from providing their personal information unless it is necessary or with a trusted organization. 

Contact the ITRC 

Anyone who believes they are the victim of an IRS text scam, tax identity theft, or wants to learn more can visit the ITRC website for additional resources. They can also contact an advisor toll-free by phone (888.400.5530) or by live-chat. All people have to do is visit www.idtheftcenter.org to get started. 

By Eva Velasquez, president and CEO, Identity Theft Resource Center 

  • The Identity Theft Resource Center (ITRC) expects to see the number of victims of COVID-19 identity crimes continue to rise in 2021. The ITRC’s new data shows an increase in identity crime victims being targeted multiple times (28 percent in 2019 versus 21 percent in 2018) before pandemic-related identity crimes. The ITRC expects to see victims targeted multiple times continue to rise. 
  • Right now, victim resources are not top of mind for many people. Since 2018, U.S. Department of Justice funds allocated for all crime victim services has fallen from a high of $3.7 billion to $1.9 billion. 
  • Focusing on just the dollar losses of identity fraud paints an incomplete picture because it does not consider long-term impacts or each victim’s unique situation. 
  • Additional pandemic-related benefits and stimulus payments due in early 2021 will also result in more identity crime victims linked to new benefit fraud cases.  
  • Join experts from the ITRC and the Federal Trade Commission (FTC) on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. 

The last year has been a difficult one for many people. Some have lost their jobs, others have had to close their businesses and many people have gotten sick or lost loved ones from the coronavirus. Another segment of people affected has not gotten as much attention: victims of COVID-19 identity crimes.  

The Impacts of COVID-19 Identity Crimes in 2020 

Millions of state unemployment benefit-related identity theft cases have been detected across the country since March 2020. On average, the Identity Theft Resource Center (ITRC) receives less than 20 inquiries regarding unemployment benefits a year. In 2020, the ITRC had more than 700 unemployment benefits fraud victims reach out for help. 2020 also saw a sharp increase in scams. Criminals had countless opportunities to trick people with phishing scams, charity scams, healthcare scams, disaster scams and work-from-home scams.  

What to Expect in 2021 

The ITRC believes COVID-19 identity crimes will impact victims well into 2021. Many victims may not be aware that their identity credentials were misused until they receive an IRS Form 1099 for non-wage income. The ITRC’s research also shows a significant increase in identity crime victims being victimized a second time, even before the rise in fraud, scams and identity crimes in 2020. The post-pandemic analysis should show an even greater spike.  

The Ripple Effects of the Pandemic-Related Identity Crimes 

Resources for identity crimes are not keeping pace with the criminals. Trends identified by the ITRC and many private-sector researchers show that profit-motivated cybercriminals are using consumer’s and employee’s bad security habits, as well as the changing work environment, to attack businesses more often. Yet, resources for cybersecurity training and education along with identity-related crime victim assistants are moving in the opposite direction. 

Since 2018, U.S. Department of Justice (DOJ) funds allocated for all crime victim services has dropped from a high of $3.7 billion to $1.9 billion. Discretionary DOJ grants awarded to victim services organizations dropped from $311 million in 2019 to $144 million in 2020. Funds to programs that support victims of identity crimes and compromises, cybercrime, scams and fraud have been reduced to $0. 

Meanwhile, the average ransomware payment has grown from less than $10,000 per incident in late 2018 to $233,000 as of Q3 2020, with some large enterprises reportedly paying ransoms over $1 million, according to cybersecurity firm Coveware. The most common root cause (55 percent) of ransomware attacks is stolen credentials to access a business system or network remotely. 

Measuring just the dollar amount paints an incomplete picture. A dollar sign does not take into account the trauma, downstream effects and lost opportunity costs for each of the victims whose identity credentials were misused. New ITRC research that will be published in May 2021 reveals an increase in identity crime victims being targeted multiple times. Nearly 28 percent of victims reported a second identity crime in 2019 versus 21 percent in 2018. At the ITRC, we expect to see that number continue to go up, especially after the rise in COVID-19 identity crimes.  

What It Means Moving Forward 

The data shows that COVID-19 identity crimes will continue in 2021, and more victims will suffer from the trauma of a second and even third identity crime. Someone that does not trust an infrastructure that has failed them will continue to disengage. Some victims cannot meet their basic needs or find a job because they cannot pass a background check until they get the fraud resolved. How long does that take? How does someone explain that to an employer? They are simply the victim of a crime that is not acknowledged to have the devasting life impacts that it does.  

The statistics show we are not winning the battle to protect ourselves from cybercriminals. Winning will require us to devote more resources toward assisting victims and devote more time and attention to educating consumers and employees of their need to be cyber-aware and vigilant. 

What to Do If You’re a Victim of Identity Theft 

If anyone believes their information may have been compromised, we suggest contacting us toll-free. Consumers can call (888.400.5530) or live-chat with an identity theft advisor to start their remediation process. Our experts will help advise victims on the best next steps for them to take.  

Learn more  

People can learn more about identity theft and COVID-19. Join experts from the ITRC and the FTC on Monday, February 1, at 10 a.m. PST (1 p.m. EST) for a free webinar, Protecting Yourself Against Identity Theft in the Age of COVID-19. We’ll explore topics including identity theft involving unemployment benefits, federal stimulus payments, Small Business Administration loans and more. Register here

The webinar is being held as part of the FTC’s Identity Theft Awareness Week, February 1-5, 2021. To find out more about the week’s events and the FTC’s free identity theft resources, please visit the FTC’s website

  • One of the first changes in 2020 due to COVID-19 was the delay in the regular income tax filing date. Soon after that, millions of out-of-work Americans began to receive enhanced unemployment benefits and special small business loans.
  • Soon after that, cybercriminals began to steal those benefits. The Department of Labor estimates that unemployment fraud could total as much as $26 billion. California alone has seen nearly $2 billion in unemployment benefits fraud.
  • With the 2021 tax filing season quickly approaching, many people will receive a 1099 form alerting them that they must claim income they never received from the benefits they never sought.
  • To learn more, listen to this week’s episode of the Fraudian Slip.
  • People can learn about taking advantage of the Internal Revenue Service (IRS) identity protection programs or reporting identity-related issues to the IRS at IRS.gov and clicking on the Identity Theft Protection link at the bottom of the home page.
  • If anyone believes they are a victim of tax identity theft or unemployment benefits fraud, they should contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat on the company website idtheftcenter.org.

The below is a transcript of our podcast episode with special guest, IRS

Welcome to the Fraudian Slip, the Identity Theft Resource Center’s (ITRC) podcast, where we talk about all-things identity compromise, crime and fraud, including the impact identity issues have on people and businesses.

In a typical episode, we would focus on something that has happened or is happening that impacts consumers and businesses. Not today. We are going to talk about what’s about to happen, specifically the 2021 tax filing season.

It’s been nearly a year since the COVID-19 pandemic disrupted virtually every aspect of everyday life. One of the first changes in 2020 was the delay in the traditional income tax filing date. Soon thereafter, millions of out-of-work Americans began to receive enhanced unemployment benefits and special small business loans. Shortly after that, cybercriminals began to steal those benefits. The Department of Labor estimates that unemployment fraud could total as much as $26 billion. California alone has seen nearly $2 billion in unemployment fraud.

Fast forward to today, and the spike in benefits fraud is subsiding. However, a second round of victims may soon emerge. Benefits like unemployment payments are considered income and are taxable. Thousands of the unemployment payments made in 2020 were made in the names of people whose identities were misused – and they didn’t know it. With the 2021 tax filing season quickly approaching, many people will receive a 1099 form alerting them that they must claim income they never received from the benefits they never sought. That is on top of the usual identity-related income tax fraud the IRS sees each year.

We talked with Jim Robnett, the Deputy Chief of the IRS – Criminal Investigation Division, about the following:

Overview

  • Before 2020, the number of false income tax returns linked to identity compromises was already falling. What had the IRS done that was working so well to reduce tax-related identity theft?

Pandemic-Related Tax Issues

  • The most obvious change in terms of taxes in 2020 was moving the filing date. From the IRS perspective, what was 2020 like for you?
  • Anytime there is a mass injection of money into the economy, there is fraud. The IRS played a crucial role in delivering the stimulus checks approved by Congress. What kind of response did you expect from criminals, and what did you see? 
  • We know there has been a massive amount of unemployment fraud, and that has had tax implications for victims. Explain why that is and what taxpayers should do if they suspect or know they are the victim of benefit fraud?
  • What should taxpayers do who get a 1099 form they were not expecting?
  • What about small businesses or entrepreneurs who may discover someone took out an SBA loan or other pandemic benefit in their name?

2021 Tax Issues

  • What should taxpayers do to prepare for 2021?
  • The IRS recently announced the expansion of Identity Protection PINs. That’s going to be a great tool for preventing fraud. Explain how that works and what taxpayers need to do to take advantage of the IP PIN program?

For answers to all of these questions, listen to this week’s episode of The Fraudian Slip Podcast.

Learn More From the IRS

You can learn more about taking advantage of the IRS identity protection programs or reporting identity-related issues to the IRS at IRS.gov and clicking on the Identity Theft Protection link at the bottom of the home page.

Contact the ITRC

You can learn how to protect yourself from identity fraud, crimes and compromises – including the tax-related issues we discussed today, by visiting idtheftcenter.org, where you can also read more about the latest data breach trends.

If you think you are the victim of an identity crime or your identity has been compromised, you can call us, chat live online, send an email or leave a voice mail for an expert advisor to get advice on how to respond. Just visit the website to get started.

  • The IRS and Treasury Department began distributing stimulus payments the last week of 2020. Direct Deposits, paper checks and debit cards will be sent out to some Americans throughout January. No action is required by anyone to receive their stimulus payment.  
  • Some Americans say they are missing their stimulus payment, while others claim their money was deposited into the wrong bank account. 
  • According to a notice shared with the Identity Theft Resource Center, Turbo Tax recently pointed to an Internal Revenue Service (IRS) error that led to millions of stimulus payments sent to the wrong bank accounts. Turbo Tax expects the issue to be resolved within days.  
  • The IRS says people should visit IRS.gov for the most current information on the second round of Economic Impact Payments rather than calling the agency or their financial institutions or tax software providers. 

Many Americans continue to wait for their stimulus payment, approved as part of the second stimulus package passed by Congress in December 2020. Others claim they are missing their stimulus payment because it was deposited into the wrong bank account. The Identity Theft Resource Center (ITRC) continues to receive calls and live-chats regarding missing stimulus payments. One person reported to the ITRC that they received a message from Turbo Tax claiming millions of stimulus payments were sent to the wrong bank accounts. 

Image provided to ITRC

The message goes on to say the IRS expects the issue will be resolved soon, and stimulus payments will be deposited into the correct bank accounts within days. The Detroit Free Press also reports some taxpayers believe their money is going into the wrong bank accounts. Others say checks are being mailed to them when they received a direct deposit during the first round of payments in April 2020.  

On January 4, the IRS issued a news release urging people to visit IRS.gov for the most current information on the second round of Economic Impact Payments rather than calling the agency or their financial institutions or tax software providers. The release says the IRS phone advisors do not have additional information beyond what’s available on IRS.gov

On January 5, the IRS issued a second news release saying they updated the “Get My Payment” tool with information around the second round of stimulus payments. The Service acknowledged issues and errors with the “Get My Payment” tool, and they encouraged people to check back later. 

On January 8, the IRS acknowledged some payments may have gone into a temporary bank account established when people’s 2019 tax return were filed, and they are taking immediate steps to redirect stimulus payments to the correct account for those affected.  

The ITRC asks consumers to visit IRS.gov and to be patient throughout the process. We will update consumers if new information arises. Anyone concerned about a missing stimulus payment can also contact the ITRC toll-free either by phone (888.400.5530) or via live-chat. All people have to do is go to idtheftcenter.org to get started.  


Stimulus Payment Scams Expected with New Relief Package

Cybercriminals Exploit Google and Microsoft Products to Attack SMBs


The FDA Issues Warning Over Potential COVID-19 Vaccine Scams

In May 2020, many consumers did not receive their stimulus check, leaving some wondering why. The Identity Theft Resource Center (ITRC) saw a sharp increase in “stolen stimulus check” cases. Now, the second round of checks is being sent out as part of a new stimulus package. Once again, the ITRC has seen a rise in people reaching out to the non-profit over stolen stimulus checks.

Not everyone who believes they had their stimulus check stolen finds that to be the case. In fact, there are a handful of reasons why people could still be waiting. With that said, some are legitimately stolen.

In May, during the first wave of payments, the Federal Trade Commission (FTC) reported that some stolen stimulus checks appeared to be from nursing home residents. Nursing homes in several states made residents sign over their stimulus checks. Other cases involved people committing physical mail theft, like this New York man who stole over $12,000 worth of stimulus checks. Some thieves went as far as stealing stimulus checks from postal trucks. The Chicago metro saw multiple postal trucks get broken into in April 2020.

The second wave of payments has already seen text message scams where scammers pose as the Internal Revenue Service (IRS) and robocalls and email scams from con artists asking consumers to verify their personal information before the stimulus check is sent out. The ITRC has received reports of people having their payments deposited into the wrong bank account, consumers having their check stolen from their mailbox and much more.

No matter how stimulus checks are being stolen, it can be a headache for consumers and something law enforcement works to stop. If someone believes they are the victim of a stolen stimulus check, they should report it to the FTC and the IRS.

  • Victims of a stolen stimulus check can go to IDTheft.gov and click “Get Started”
  • On the next paged, which is titled “Which statement best describes our situation,” victims should click the line that says, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”
  • After the victim answers the questions provided, the page will complete an IRS Identity Theft Affidavit for the victim to submit electronically to the IRS, which can also be downloaded for file keeping
  • The website will provide the victim with a recovery plan to follow that includes steps to prevent identity theft
  • The IRS and their “Get My Payment” tool is a way for consumers to learn their payment status, including where it was sent. For more information, consumers can visit the IRS’s Economic Impact Payment Information Center and Get My Payment Frequently Asked Questions pages for detailed, and frequently-updated, answers to questions. They also can find information here about payments that the IRS may have deposited to an account that is not recognized.

It is important for consumers to remember that the IRS will never call, email, text or reach out via social media to anyone about a stolen stimulus check or to receive a stimulus check. If someone does, it is probably a phishing scam looking to steal personal information and should be reported to the proper agency.

If someone had their stimulus check stolen, or had another form of government identity theft, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. ITRC advisors will walk victims through the process and tell them where they need to go, who they need to talk to, what they need to say and what they need to do.

The post was originally published on 5/28/20 and was updated on 1/5/21


You might also like…

Contact Tracing Scams Ramp Up as New Technology Evolves Amid COVID-19 Pandemic

Possible Nigerian Fraud Ring to Blame for Unemployment Identity Theft Attack

Five State Unemployment Department Data Exposures Uncover System Flaws

*Updated as of 3/10/2021

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

  • The U.S. Food and Drug Administration (FDA) warns consumers that while a vaccine is closer to distribution, so are COVID-19 vaccine scams. 
  • The FDA fears misleading products could cause Americans to delay or stop appropriate medical treatment, leading to life-threatening harm. 
  • There is also a fear that the COVID-19 vaccine scams could lead to many people having their personally identifiable information (PII) and personal health information (PHI) stolen. 
  • Consumers should only get vaccines from approved medical providers, not respond to any calls that ask for PHI or PII, and not click on any links claiming to sell cures. 
  • For more information, contact the Identity Theft Resource Center toll-free by live-chat on the company website or by calling 888.400.5530.  

coronavirus vaccine is closer to reality, with companies like Pfizer and Moderna seeking permission to distribute their vaccines to Americans. However, the U.S. Food and Drug Administration (FDA) and investigators warn that scammers are also waiting, ready to take advantage of those desperate for the vaccine by tricking them with a COVID-19 vaccine scam.  

The FDA fears deceptive and misleading products might cause Americans to delay or stop appropriate medical treatment, leading to serious and life-threatening harm. There is also a fear that bogus claims about vaccines and treatments could lead to people having their personally identifiable information (PII) and personal health information (PHI) stolen by cybercriminals.  

Who is the Target 

Vulnerable & high-risk populations; individuals waiting for the vaccine 

What is the Scam 

COVID-19 vaccine scams could come in many different forms. Investigators expect scammers to create fake websites, try to sell fake vaccines and treatments, and try to get people’s PII and PHI along the way. Identity thieves used similar tactics while trying to take advantage of a shortage of COVID-19 tests and personal protective equipment (PPE) like masks, gloves and gowns near the beginning of the pandemic.

How You Can Avoid Being Scammed 

  • Homeland Security investigators say you should only get vaccinated from an approved medical provider. 
  • Do not respond to any calls about COVID-19 vaccines that ask for your personal information like Social Security Number and “promise to reserve you a vaccine.”
  • Do not click on any posts or ads claiming to sell cures. Remember, if it seems too good to be true, it probably is. 
  • Never click on any links, open any attachments, or download any files in an email claiming to offer a COVID-19 vaccine.  

To learn more about COVID-19 vaccine scams, or if you believe you are a victim of a vaccine scam, contact the Identity Theft Resource Center toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  


COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19