Posts

Each year, the Identity Theft Resource Center (ITRC) reflects on the previous year’s exploits and anticipates trends for the next. When we first published our thoughts on 2020 back in December, it was stated that we anticipated the identity theft trends for 2020 would include 2020 being the year for privacy. While privacy remains an important topic, the recent changes in the landscape with other cyber issues have changed the conversation.

Data Breaches in Overdrive

Data breaches have continued to occur and the ITRC believes hackers and scammers will shift things into overdrive due to the amount of money that is about to flow through the economy, creating a redistribution of assets.

The coronavirus has forced most companies and their employees to work remotely. While that used to be a luxury, it is the new normal for many who previously haven’t had the experience. That has created a whole new challenge for companies, platforms, service providers and each individual employee.

In this post-COVID-19 shift, the ITRC anticipates breaches will continue to occur at an increased rate, both the number of breaches and the number of records exposed in a single incident. Given that there are a lot of new users that are creating an increase in user-data being housed in databases, it’s easy to see why this will be a potential outcome as a result of shifting workforces.

Increase in User Vulnerabilities Exposed

Security deficiencies are exposed daily, and more rapidly, because of the sheer volume of use of platforms. No one anticipated all of the vulnerabilities that would have to be fixed due to the increase in use. The ITRC has seen a massive shift in those priorities.

Now, issues that might have been well down the road to update need immediate attention because of how organizations have had to shift their use of products and services. Also, those providing those products and services must address the issues now to maintain the integrity of their users’ data.

There are other vulnerabilities with the new remote workforce that will be exploited as they become apparent over the course of the coming weeks and months.

Cybersecurity Issues Exacerbated by Remote Work

The previous 2020 identity theft trends that the ITRC predicted, in all likelihood, will happen. What is now new are the challenges that shifting to remote work as the primary method of working due to COVID-19 entail. All of the problems like ransomware, phishing attacks and patching are still going to be issues. However, they will be exacerbated by this shift in business being done by remote individuals. People who are not accustomed to working from home will be easy prey for hackers and scammers to exploit because of their lack of familiarity with platforms and processes.

Adding to that, companies that moved to stand up a remote workforce quickly may not have the proper policies, processes and employee training in place to guide their workers.

ITRC Is Here For You

Predictions like the 2020 identity theft trends are only educated guesses, based on previous events and information. Businesses, policymakers and the public will have to wait and see how the 2020 trends for identity theft, cybercrime and data privacy play out. Regardless of what happens the rest of 2020, the ITRC will be available, working to teach each person how to fight back against the techniques scammers will use to commit identity theft and support victims through the process of regaining their identities.

For a complete look at the ITRC’s 2019 Data Breach Report, click here.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also be interested in…

Grandparent scams have been around for a long time. However, scammers are coming up with a new twist based on the coronavirus. COVID-19 grandparent scams are playing on the fears many people have right now, that they might lose a loved one.

Who Is It Targeting: Phone and email users

What Is It: A grandparent scam is a phishing scam that claims your family member is in trouble

What Are They After: Scammers are posing as grandchildren who claim they are sick and need money to pay their hospital bills. The information is easily gleaned from social media accounts, giving the caller a name that the person knows to use in their scam. In the current times of the coronavirus, COVID-19 grandparent scams can be particularly compelling.

How You Can Avoid It:

  • Never make a payment over the phone to anyone you do not know or were not expecting to hear from
  • Resist the urge to act immediately, no matter how dramatic the story is
  • If you receive a call like one of these, say that you have to go to the store or bank to secure the money and have them call you back; during that time, reach out to your friend or relative to confirm that they are okay

If people have questions regarding COVID-19 grandparent scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will provide assistance as quickly as possible.


You might also be interested in…

UPDATED 12/8/2020- With so many people working and socializing from home, more than just businesses – employees, families and friends – are trying to find a place to gather (hold virtual meetings, religious services, game nights, birthday parties and happy hours). Zoom has become “that meeting place” for most. According to the Chief Executive of Zoom, in December the video platform had approximately 10 million users, to currently over 200 million users.

While Zoom has become popular rather quickly, some of its security vulnerabilities have taken the spotlight too. Some of the recent Zoom privacy issues have included user data being sent to Facebook and a flaw leaving Mac users vulnerable to their microphones and webcams being accessed. Another Zoom privacy issue has included a lack of password protection. That has led to some meetings being “Zoom-bombed,” like an AA meeting where trolls harassed those participating in the recovery process.

Zoom executives have come out and said they are working to address the Zoom security problems, including enabling passwords by default in all future meetings, clarifying its encryption practices, releasing fixes for Mac-related issues and more.

In the meantime, there are few things users can do to make sure their Zoom meetings are secure.

Protecting Meetings

Zoom now offers its users multiple ways to protect their meetings. Users can secure a meeting with end-to-end encryption, create waiting rooms for attendees, require a host to be present before the meeting begins, lock a meeting and more. These features can be found in the host settings. These Zoom privacy measures can also help reduce the risk of someone getting into a meeting that does not belong and “Zoom-bombing” the meeting.

Protecting Data

According to Zoom’s website, recordings can be stored locally on the host’s device with the local recording option or on the Zoom Cloud with the Cloud Recording option that is available for customers who are paying for Zoom’s services. The meeting host can manage their recording through a secured interface and the recording can either be shared, downloaded or deleted. Zoom phone voicemail recordings are also processed and stored in the Zoom Cloud and can be managed through Zoom Client. Meeting hosts can manage the Zoom data settings in the settings tab.

Protecting Privacy

Zoom currently stores user email addresses, passwords, names, company names, phone numbers and profile pictures. Company names, phone numbers and adding a profile picture are optional for users. If a user is concerned about their Zoom security, they can elect to only provide their name, email address and password. Users will not be asked to provide any personally identifiable information and should report any message asking them to do so directly to Zoom because it could be a scam.

Oversharing

While Zoom has taken responsibility for its security issues, it is important users do their part. Oversharing their meeting information on social media can lead to some scary consequences, making it easier for others to join what was intended to be a private Zoom meeting. It could also lead to information in someone’s profile settings being stolen. To prevent oversharing, users should not post meeting information on any of their social media platforms. Instead, send the invitation directly to the person they would like to invite. Also, consider revisiting what level social media privacy and security settings are set – otherwise, users may be sharing more information than they intended with people they shouldn’t.

Avoiding Zoom Scams

Security issues are not the only problem Zoom is running into. Zoom phishing attacks are making the rounds threatening employees that their contracts will be terminated, and then asking recipients to input their login credentials in a fake Zoom login page. According to Check Point Research, scammers registered more than 2,449 Zoom-related domains from late April to early May.

There are also Zoom phishing scams saying people received a video conference invitation, like the one the Identity Theft Resource Center received that is pictured below. The email looks real because it is sent with “High Priority” as indicated by the red exclamation point. It is generically from “Zoom” and there is no name of the sender. However, if you hover over the email address with your mouse, it shows a full address that is gibberish. Do not click on links you are not expecting. Rather, go directly to your Zoom account to manage any invitations. At the bottom, there is also no contact information or business logo verifying it is the company.

Image provided by Identity Theft Resource Center

In a statement to NBC 7 San Diego, a Zoom representative said that there are three web addresses that may appear in a legitimate invitation.

  • Zoom.us
  • Zoom.com
  • Zoom.com.cn

The rest of the statement said:
Users across all services and technology platforms should be cautious with e-mails or links received from unknown senders, and they should take care to only click on authentic links to known and trusted service providers. Zoom users should be aware that links to our platform will only ever have a zoom.uszoom.com or zoom.com.cn domain name. Prior to clicking on a link, users should carefully review the URL, being mindful of lookalike domain names and spelling errors.

If anyone ever comes across a Zoom email they are not expecting, they should ignore it and go to their work manager to verify whether or not it is real.

The current times are unprecedented and people are doing what they can to stay connected. Zoom and other video conferencing platforms will continue to play a large role during these times – and beyond. However, being aware of some of the Zoom privacy pitfalls, and can be done to keep themselves and their information safe while they are on their next virtual meeting, game night or happy hour should be the first priority.

The current times are unprecedented and people are doing what they can to stay connected. Zoom and other video conferencing platforms will continue to play a large role during these times – and beyond. However, being aware of some of the Zoom privacy pitfalls, and can be done to keep themselves and their information safe while they are on their next virtual meeting, game night or happy hour should be the first priority.

If people have questions regarding their privacy settings, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor toll-free.

For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


You might also be interested in…

This post will be updated as more information becomes available

UPDATE: 6/15/2020- According to the Wall Street Journal, Treasury Secretary Steven Mnuchin said the administration is “very seriously considering” a second round of stimulus checks. The proposed $3 trillion Health and Economic Recovery Omnibus Emergency Solutions, or HEROES Act, was passed by the U.S. Senate but has not been passed by the U.S. House of Representatives. It would authorize another round of stimulus payments for most U.S. households. For more information on what the HEROES Act would provide, click here.

UPDATE: 4/29/2020- Anyone who did not file a tax return for 2018 or 2019 and have dependent children must register with the IRS by Tuesday, May 5, at noon EST to get an additional $500 economic impact payment for their dependents. If anyone misses the deadline, they will have to wait until they file their 2020 tax return to get the money. For more information on how to fill out a non-filer form, and how to avoid a non-filer scam, click here.

UPDATE: 4/15/2020 – Stimulus check have begun being distributed and people are already seeing them show up in their bank accounts. The IRS has created a portal where people can check the status of their economic impact payment. It could take a few minutes to load the website due to overload. However, people will be able to see what day they are expected to receive their payment, as well as the payment method.

Non-filers can now also file through the IRS to get their payment sooner. To learn how to file, and how to avoid a non-filer scam click here.

UPDATE 4/13/2020 – The Treasury Department and the IRS have announced that the distribution of stimulus checks will begin this week and that most of them will be deposited directly, requiring no action. Anyone who does not typically file a tax return will need to file a simple tax return to receive their stimulus check.

If there is anyone who has not filed their 2019 tax return but did file a 2018 return, the IRS will use the information provided in the 2018 return. The Treasury also plans on creating a web-based portal where people can enter their direct-deposit information online. The stimulus checks will be available to consumers through the end of 2020. For more information, consumers can visit IRS.gov/coronavirus. To learn more about the stimulus checks, click here. For tax rules to help you fill out your 2019 taxes, click here.

ORIGINAL 3/27/2020- With the COVID-19 pandemic impacting everyone across the United States, the U.S. federal government passed the largest stimulus package ever to help minimize the financial impacts for businesses and consumers. Coronavirus stimulus checks are being mentioned in the news daily, which is leading fraudsters to come up with stimulus check scams.

While there are a lot of questions about the $2 trillion stimulus package and stimulus check payments, most consumers should not have to take any action to receive their stimulus check because the payment will be directly deposited by the IRS into their bank account from the information provided on their 2018 or 2019 tax return. Payments will begin arriving in mid-April.

If anyone receives any messages or letters regarding a government check, it is very likely a coronavirus stimulus check scam. The government will not ask anyone for their Social Security number, bank account number or credit card number; the government will also not ask anyone to pay a fee upfront to get their government check; there will not be a way to “expedite payment” through a service provider either.

If anyone did not provide their bank account information on their last tax return, the IRS will mail people their stimulus checks. There have also been discussions about the possibility of sending some payments to consumers on prepaid debit cards to speed up the process. While that is a possibility, if someone reaches out saying that they can get the stimulus payment to you on a debit/credit card, please report it to local authorities or the Internet Crime Complaint Center (IC3) to verify whether it is real or fake.

With the stimulus package passing, people can expect to see a rise in stimulus check scams. When the government ends up mailing checks and/or prepaid debit cards, people can also expect to see a rise in prepaid card scams and physical mail theft.

To avoid any of these scams, consumers should make sure they have filed their taxes and have provided their direct deposit information to the IRS in their latest tax return. Consumers should also check to see if they are qualified to receive a coronavirus stimulus check, and for how much.

Finally, if consumers receive anything that does not seem correct or something they are not expecting, they should ignore it and go directly to the source to verify its legitimacy. There is a possibility it could be a stimulus check scam.

If people have questions regarding stimulus check scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, they can call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


You might also like…

Due to the coronavirus, the stock market is making headlines right now, for all the wrong reasons. Scammers see it as the perfect time to prey on consumers with investment scams.

Who Is It Targeting: Small-time, first-time, and seasoned investors

What Is It: Various scams that target novice and seasoned investors

What Are They After: When the stock market makes headlines—whether good or bad—scammers are more prone to come after unsuspecting consumers and steal their money. Some investment scams may simply tell victims to invest heavily in a certain stock, while others will actively trick investors into handing over their personally identifiable information. With news of the coronavirus growing each day, this is also a time when spoofed emails—such as those that appear to come from a financial institution or brokerage—can lure someone in and steal their account access.

How Can You Avoid It:

  • Do not act on instinct or be driven by panic
  • Remember that the stock market is a long-term prospect, not a “get rich quick” scheme
  • Always seek out professional information before you respond or take action

If you think you may be a victim of identity theft or an investment scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from TMJ4.com


Scammers have gotten creative as the COVID-19 pandemic has driven most people to spend their days in their homes – including creating phishing emails that attack both businesses and consumers. Fraudsters are currently taking advantage of the millions of people working from home. They may try representing themselves as the U.S. government, whether it be about a stimulus check, unemployment benefits, etc. Now, with the National Guard and other types of support being implemented in certain areas, the alarm is being sounded on scammers going door-to-door.

The National Guard is being deployed to assist with the Federal Emergency Management Agency work in some states. Some of the aspects of their duties include helping FEMA with gathering swabs and transporting them to certified labs for testing; delivering medical supplies as directed and creating medical stations. The National Guard says they have been activated for logistical support, and are not being deployed for enforcement. That means they will not be going door-to-door to implement any self-quarantines or shelter-in-place orders. If a “military personnel” comes to a person’s door posing as a National Guardsmen, the healthcare department or a healthcare professional regarding COVID-19, whether it is with a “test,” “cure” or regarding sheltering in place, it is likely a scam.

With that being the case, interactions someone may have with the National Guard would be at an identified FEMA drive-thru testing station or designated location for medical assistance. These two scenarios are examples of where you may be asked to provide personal information to the National Guard in reference to COVID-19 relief.

These types of door-to-door scams are not uncommon during a time of crisis. Scammers typically use them as an opportunity to pose as someone who can help people, but in reality, all they will do is hurt them.

If someone is going door-to-door posing as a utility worker, law enforcement, government agency or healthcare professional, ask for their identification before engaging in any conversation. Providing an ID card doesn’t always mean the person is legitimate because it is easy for a scammer to create what might look like an ID, dress up and act like someone else. If the person at the door is reluctant to show their ID or you have concerns about their legitimacy, close the door and call the organization that they are representing.

Also, if someone comes to a person’s door offering that if a fee is paid, they can provide faster service for aid, it is a scam. In fact, that is one of the go-to tactics scammers use to lure victims in. In the event that you are asked to provide personally identifiable information by someone on your doorstep, calling the organization that they are representing could prevent you from self-compromising sensitive information.

Finally, if someone is uncomfortable with anyone who comes to their door, they should call their local law enforcement. It is always better to be safe than sorry.

If people have questions regarding COVID-19 scams, they are encouraged to contact the Identity Theft Resource Center through the website to live chat with an expert advisor. For those that cannot access the website, call the toll-free hotline (888.400.5530) and leave a message for an advisor. While the advisors are working remotely, there may be a delay in responding but someone will assist you as quickly as possible.


Read the latest…

As the U.S. continues to struggle to meet the need for coronavirus testing, some scammers are beginning to call people and offer them free tests. Consumers should be on the lookout for these coronavirus testing robocalls.

Who Is It Targeting: Phone users

What Is It: Robocalls that steal personal information

What Are They After: While robocalls can be a nuisance, scammers have found a new way to make people pay attention and play along. Anything that makes headline news is increasing scammers’ ability to lure people in. While hospitals around the country struggle to get enough COVID-19 testing supplies, these coronavirus testing robocalls offer the recipient a free test in their area. However, in order to find out where the nearest test location may be, consumers have to hand over personal information.

How Can You Avoid It:

  • For the most accurate COVID-19 information and testing options, follow your local news outlets or the CDC’s website
  • Never give out all of your information or any form of payment to someone who contacts you
  • Never confirm your identity for a caller because they should know who they have called

If you think you may be a victim of identity theft or have received coronavirus testing robocalls, you can contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. You can also live chat with an expert advisor. Find more information about current scams and alerts here. For full details of this scam check out this article from CNN.com.


You might also like…

As the COVID-19 pandemic continues to grow and seriously impacts everyone across the country, so do the number of COVID-19 scams that will pop-up trying to get access to personally identifiable information (PII) and finances. It can be difficult to decipher which emails, phone calls, social media posts or text messages are scams versus legitimate ones. Scammers will always take advantage of new opportunities in a time of crisis like evictions and foreclosures assistance, unemployment benefits, stimulus payments, etc. Here are some tips to help navigate those emails, text messages and voicemails:

Go to the source

Unsure if something is legitimate? Go to the source of the potential assistance. That means if the offer of unemployment benefits seems to be uncharacteristic, go directly to the employment development department and check their website. If it has to do with housing – whether that’s eviction or foreclosure assistance – head to that source (local housing commission, banking institution, etc.). Don’t trust an inbound message that isn’t verifiable.

Unsure of how a fraudster might try to get consumers to self-compromise?

Based on experience, the ITRC anticipates that they will give these a go:

1. Government Checks: Consumers receiving an email or phone call from someone that claims they can ensure a check from the government for an individual right now; it is likely a COVID-19 scam. The government is still working on the details of how these funds will be made available as of the original date of this post. For specific details, consumers can always visit local, state or federal government websites to get the most accurate information.

2. Asking for Verification of PII: If someone calls asking for a Social Security number, driver’s license number, credit card number or bank account information, it is a high probability that it is a scam. Say “K, Bye”, hang up and call the company directly to see if the offer is legitimate. If it is real, they will have a record of the calls and offers that were made.

3. Pay Upfront for Government Assistance: The government will not ask consumers to pay upfront to get any of the relief money. Scammers have attempted this before with the “Federal Government Empowerment Money Program” scam.

4. Social Media: If consumers receive messages on a social media platform claiming to be the government for anything regarding COVID-19, anticipate that this is a COVID-19 scam, too. Report it to the social media platform and block the sender. The government does not contact individuals through social media. Additionally, posts or messages enticing individuals to “sign-up” to receive more information on how to get access to more information or funds should be considered gateways to compromising PII.

5. Emails: There are loads of phishing emails under the guise as COVID-19 help. If an email arrives that wasn’t expected, ignore it and go directly to the source to determine whether or not it is legitimate. Under no circumstances should consumers click on any links or open any attachments from unanticipated emails or texts. COVID-19 scams via phishing emails are going around right now attacking both businesses and consumers.

6. Phone Calls: COVID-19 phone scams are beginning to gain steam and something else consumers should be aware of. The advice for phone scams is pretty similar to email scams. Don’t answer calls from numbers you do not recognize and do not return calls from voicemails if you aren’t completely sure from whom the call originated. Should a call regarding COVID-19 assistance inadvertently get answered, say “K, Bye!,” hang up and directly call the source. Verify the legitimacy of the call.

7. Grandparent Scams: Grandparent scams have been around for a long time and play on the fear of loved ones. Recently, scammers have been posing as family members that are sick and need money to pay their medical bills. It is important for people to resist the urge to act, no matter how dramatic the story is. People should also never make a payment over email or the phone to someone they were not expecting to hear from. Instead, they should hang up and reach out to the mentioned loved one directly to see if they are okay.

Scammers Take Advantage of Public Events

Every time there is a crisis, natural disaster or newsworthy event, expect scammers to come out in full force looking to take advantage and play on the public’s fear of the unknown. It is important to not let scammers take advantage of us while scared and unsure of what to do. These tips should help reduce the risk of falling victim to a COVID-19 scam.

Contact ITRC For Free Assistance

You can call the Identity Theft Resource Center toll-free if you think you may have been a victim of any type of scam at 888.400.5530. You can also live chat with one of our expert advisors for assistance.

Don’t forget to download the ITRC’s ID Theft Help App to help in managing your identity crime case should you find that you are a victim of a scam.


Read more:

As news of a COVID-19 outbreak continues to grow, companies large and small are requiring more employees to work from home in an effort to create social distance. However, that is leading to an increase in the risk of COVID-19-related cyberattacks.

Potential Risks of Teleworking: Higher Rates of Phishing/Cyberattacks

With more than 10,000 breaches tracked since 2005, the Identity Theft Resource Center anticipates a rise in the cyberattacks on business infrastructure as more of their employees potentially work remotely from home. In 2019 alone, “hacking” accounted for 39 percent of all breaches.

Working Remotely Cybersecurity Tips

While people are working remotely, especially during an event like the COVID-19 outbreak, it is critical they follow the same security policies at home that they would at work.

1. Update all of your software including the operating system (Ex: Mac, Windows, Linux, Chrome) & applications; turn-on “auto-update” if you have not already

Hackers use known flaws that have not been fixed to break into business networks and home accounts. Keeping software updated prevents many attacks.

2. Add a stronger passphrase to your home Wi-Fi & wired networks

Many home wireless routers (and other Internet of Things or IoT devices) have easy-to-guess default passwords. Update them to stronger passwords, or use an even stronger passphrase (see below).

3. Update account passwords to a passphrase of at least 10 characters and give each account a unique passphrase you can remember

Gone are the days of changing our password every 30 days and Us1ng a C0mP1ex set of characters as your password. Current recommendations are to use a memorable phrase that you can easily remember – like a book title or movie quote.

4. Keep your work passwords and personal passwords separate to limit the potential of “credential stuffing attacks”  

Hackers use stolen passwords from data breaches to break into computer systems because they know the vast majority of people reuse the same passwords for both work and home accounts. Using the same password for your work accounts as your personal accounts could translate into fraudsters gaining access to one from the other.

5. Do not click on any email, attachment, text, social media post or weblink unless you know the source is real

Phishing attacks are not just for email anymore. And, hackers use near-flawless copies of real materials to fool people into clicking on the fake, but dangerous links or attachments.

6. Check websites and email addresses thoroughly to ensure it is the actual address of the company who sent it

The best way to avoid a phishing attempt is to verify the web or email address to make sure it comes from a legitimate company.

7. If anyone asks for personal data related to COVID-19, it is probably a scam

Scam artists take advantage of vulnerable people during times of crisis and they are using the current COVID-19 pandemic to get the attention of people online and on the phone. Never give personal information to any person or organization that contacts you unsolicited. 

ITRC is Available for Questions & Assistance

The Identity Theft Resource Center, based in San Diego, is operating at limited-capacity during the COVID-19 outbreak to ensure the health and safety of our staff, their families and the community. The ITRC will continue to assist individuals across the country who are victims of identity crime, data breaches and identity-based scams, including COVID-19-related scams. We are here for individuals and businesses who may have questions or need assistance with these scams. You can reach one of our expert advisors via our website Live Chat, toll-free phone number (888.400.5530) and email (itrc@idtheftcenter.org).


You might also be interested in…

Is This a Census Scam?
Fake Vendor Emails on the Rise 
Coronavirus Business Scam Targeting Employees