Posts

Everything’s Bigger in Texas

Welcome to the Identity Theft Resource Center’s (ITRC’s) Weekly Breach Breakdown for September 10, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. For the past two weeks, we’ve concentrated on what happens when you receive a notice that your personal information has been compromised. This week, we’re going to talk about a data breach involving personal information for children and the unique risks created when children’s personal information is exposed.

When you grow up in the southern U.S, you learn very quickly that the saying “Everything’s bigger in Texas” is absolutely true. The Lone Star state is twice the size of Germany. Texans eat 54,000 tons of catfish each year. That’s six times the weight of the Eiffel Tower. There are high school football stadiums in Texas that seat more than 19,000 people, enough to fit the entire population of three average-size U.S. cities.

Dallas I.S.D. Data Breach

This week, the Dallas, Texas Independent School District (Dallas I.S.D.) has earned a different distinction: the target of a significant data breach.

More than 145,000 students attend 230 schools across the district that employs 22,000 people. That doesn’t include independent contractors and vendors who also serve the Dallas schools.

School officials announced late Friday before Labor Day that an “unauthorized third-party” had accessed, downloaded and stored personal information on a cloud data storage site. The stolen data included information on current and former students and their parents as well as current and former employees and contractors dating back to 2010.

The compromised information includes full names, addresses, Social Security numbers (SSNs), phone numbers, dates of birth, and employment and salary information for current and former employees and contractors. The breached data also includes full names, SSNs, dates of birth, parent and guardian information, and grades for current and former students. According to the school district, some students’ custody status and medical conditions may have also been exposed.

What Happened

As is typical in the early days of data breaches, there are many unknowns and a lot of reluctance to share information about what happened. Dallas I.S.D. has hired forensic investigators to determine how the cybercriminals gained access to the student, parent and employee information. However, little is known about how cybercriminals got their hands on the employees, contractors and student’s personal information.

School officials are not calling this a ransomware attack. However, they acknowledge that they have communicated with the data thieves who claim the information has not been sold or shared, but has been removed from the cloud database. Ransomware attacks against schools have dramatically increased as students return for the new school year and identity criminals look for children’s personal information. One cybersecurity firm reports seeing more than 1,700 attacks against schools around the world each week in July.

The Impacts of a Children’s Personal Information Being Stolen

Dallas I.S.D. is offering credit monitoring and identity theft recovery services for one year. The ITRC always recommends data breach victims take advantage of those offers. However, the release of student information is especially troubling as criminals who take control of a young person’s identity can cause significant harm over time.

Imagine a high school student applying for college and being denied financial aid or admission because someone had used their SSN to report income or obtain credit. An identity thief can abuse the personal information for children for years before the parents or child learn of the crime.

Freeze Your Child’s Credit

It’s important for parents to not only freeze their own credit, but to freeze their children’s credit, too. That won’t prevent your child’s information from being exposed in a data breach. However, it will keep a cybercriminal from using the children’s personal information to ruin their credit and perhaps their education and work opportunities when they grow up.

Contact the ITRC

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an ITRC expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Experian for supporting the ITRC and this podcast. Listen next week as we talk about credit freezes with the founder of Frozen Pii on our sister podcast, The Fraudian Slip. We will be back in two weeks with another episode of the Weekly Breach Breakdown.

  • T-Mobile’s most recent 2021 data breach impacts 50+ million people. The exposed information includes Social Security numbers (SSNs), driver’s licenses, phone numbers, and International Mobile Equipment Identities (IMEIs) and International Mobile Subscriber Identities (IMSIs).
  • According to Threatpost, Microsoft’s Power Apps management portal exposed the data of 47 businesses for months, including 38 million people’s personal records. The information exposed varies by company. However, it ranges from names, COVID-19 vaccination status, email addresses, and phone numbers to SSNs and job titles.
  • Approximately 1.4 million people were impacted by a ransomware attack on St. Joseph’s/Candler Health System in Georgia that shut down the healthcare provider’s systems. Information compromised includes health insurance information, financial information and medical records information.
  • Anyone impacted by a data breach should follow the advice in the notification letter, change their password to a long and unique passphrase and keep an eye out for phishing attempts that claim to be from the breached organization.
  • For more information about August 2021 data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.   
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website www.idtheftcenter.org.

Notable August Data Breaches

Of the nearly 160 data events the Identity Theft Resource Center (ITRC) tracked in August, three stand out: T-Mobile, Microsoft and Georgia’s St. Joseph’s/Candler Health System (SJ/C). T-Mobile’s latest 2021 data breach highlights the jump in mobile breaches. The Microsoft data event is significant because it’s due to a flaw in a platform’s security. Finally, SJ/C exposed 1.4 million people’s personal information after a ransomware attack on the healthcare system.

T-Mobile

According to T-Mobile, identity criminals compromised T-Mobile’s systems. The company says hackers gained access to their testing environments and then used brute force attacks and other methods to make their way into other IT servers. T-Mobile located and closed the access point they believe was used to gain entry to their servers.

On August 17, T-Mobile confirmed that approximately 47 million people were impacted by their latest data breach in 2021. T-Mobile also said the data stolen from their systems includes personal information like customers’ names, dates of birth, Social Security numbers (SSNs), and driver’s license/identity information for current, past, and prospective customers.

However, in an update on August 20, T-Mobile said they discovered that phone numbers, as well as the typical numbers that allow a mobile phone to be identified and join a network (the International Mobile Equipment Identity (IMEI) and International Mobile Subscriber Identity (IMSI)), were also compromised in the third T-Mobile data breach since December 2020. T-Mobile identified another 5.3 million current customer accounts with one or more associated names, addresses, dates of birth, phone numbers, and IMEIs and IMSIs illegally accessed. For more information on the T-Mobile data breach and steps to take, click here.

Microsoft

According to Threatpost, research from UpGuard revealed Microsoft’s Power Apps management portal accidentally exposed the data of 47 businesses for months, including 38 million people’s personal records. UpGuard reports that Microsoft’s Power Apps platform was flawed in the way it forced customers to configure their data as private or public. The article says that Microsoft does not consider the data issue a vulnerability, rather a configuration issue that can be improved.

Information exposed varies per business. However, the personal information ranges from names, COVID-19 vaccination status, email addresses and phone numbers to SSNs and job titles. Some of the notable businesses impacted are American Airlines, Ford, the Maryland Department of Health and the New York City schools. 

UpGuard says since disclosure of the issue, Microsoft released a tool for checking Power Apps portals for leaky data. Microsoft also plans to change the product so that permissions will be enforced by default. Microsoft’s data event is one of the first data breaches in 2021 the ITRC has seen due to a flaw in platform security. It is considered one of the rarest forms of data compromise.

St. Joseph’s/Candler Health System

On August 10, SJ/C, a healthcare system in Savannah, Georgia, released information on a ransomware attack on their systems. According to the news release, SJ/C found suspicious activity in its IT network and launched an investigation. The investigation determined that the incident resulted in an unauthorized party gaining access to its IT networks between December 18, 2020 and June 17, 2021 and launching a ransomware attack, making the systems inaccessible.

Nearly 1.4 million individuals were impacted by the data breach, both patients and employees. At-risk information includes SSNs, driver’s license numbers, patient account numbers, billing account numbers, financial information, health insurance plan member I.D. numbers, medical record numbers, medical and clinical treatment information and much more.

SJ/C says, following the incident, they have implemented and will continue to adopt additional safeguard and technical security measures to further protect and monitor its systems. The ITRC has seen similar incidents happen across the U.S., including at Scripps Health in San Diego, California.

What to Do if These Breaches Impact You

Anyone who receives a data breach notification letter should follow the advice offered by the impacted company. The ITRC suggests you immediately change your password and switch to a 12+-character passphrase, change the passwords of other accounts with the same password as the breached account, consider using a password manager, use multi-factor authentication with an app (not SMS/Text) and to keep an eye out for phishing attempts that claim to be from the breached organization.   

T-Mobile recommends all eligible customers sign up for scam blocking protection through the company’s Scam Shield as protection from the latest data breach in 2021. They are also directing people to a customer support webpage with breach information and access to tools.

SJ/C has a toll-free incident response line to answer people’s questions about the latest data breach in 2021. Anyone can call 855.623.1933 Monday through Friday between 8 a.m. and 5:30 p.m. EST. Additional information is available at www.sjchs.org.

notified 

For more information about August data breaches in 2021, or other data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers.   

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.      

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data event, you can speak with an ITRC expert advisor toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started.   

  • Mobile telecom providers U.S. Cellular, Mint Mobile and T-Mobile have all been breached in 2021. In fact, T-Mobile has been breached twice in 2021, and once in December 2020.
  • If your mobile phone account is breached, you should freeze your credit, change your passwords and PIN numbers, and use multi-factor authentication (MFA or 2FA) using an app, not text messages, to protect yourself when available.
  • You should also follow the steps in any data breach notification letter you receive or read in a public notice.
  • Keep an eye out for phishing emails, closely monitor your financial accounts and contact your Department of Motor Vehicles (DMV) if your license number is exposed in the breach.
  • If you believe your phone account is breached, or want to learn more, contact the Identity Theft Resource Center. Call toll-free (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

The Rise in Mobile Data Breaches

The Identity Theft Resource Center (ITRC) has seen mobile data breaches rise, particularly in 2021. Customers of mobile phone companies that have not reported a breach also want to know what to do if their phone account information is exposed.

In January, U.S. Cellular suffered a data breach after hackers were able to scam employees to gain access to one retail store’s computer. In July, some Mint Mobile customers had phone numbers ported, leading to data being accessed. One month later, T-Mobile was breached when bad actors compromised their systems, impacting millions of documents. In fact, it is the second T-Mobile data breach in 2021 and the third since December 2020. Right now, Bleeping Computer reports that well-known threat actor ShinyHunters claims to be selling a database containing the personal information of 70 million AT&T customers. However, AT&T says they did not suffer a data breach.

Telecommunications companies continue to be targeted by identity criminals due to the importance of mobile devices in our daily lives. The rise in mobile data breaches means everyone needs to be prepared if they are impacted by a compromise. There are steps you can take to protect your information and if your phone account is breached.

What You Should do to Protect Yourself if Your Phone Account is Breached

  • Freeze your credit. Monitoring your credit is informative because it alerts you to changes on your credit reports that may need further investigation if your phone account is breached. However, it does not offer protection. While it tells you what happened, it does not stop anything from happening. A credit freeze does. Freezing your credit is free, easy and does not impact your credit.
  • Change your mobile phone account password and PIN numbers. Also, change the passwords of other accounts with the same password or PINs as the breached account. You do not want the same passwords or PINs on more than one account. Cybercriminals want you to do that because they can commit credential stuffing attacks. The ITRC recommends you switch to a unique 12+ character passphrase because they are harder for criminals to crack. You can also use a password manager to generate and keep track of your credentials.
  • Use multi-factor authentication (MFA or 2FA) on your accounts. MFA and 2FA provide an added layer of security, making it harder for hackers to gain access if your phone account is breached. Also, if possible, use an authentication app rather than having a code sent by text to your phone because the text messages can be spoofed and intercepted in a SIM swapping scheme. Authentication apps are available for free from Microsoft, Google and other software providers.
  • FOR BUSINESSES: Don’t lose control over the information you don’t have. Don’t collect more information than you need. Don’t keep the sensitive information longer than you need to complete the transaction. Keep what data you do collect and maintain safe and secure by encrypting it. Finally, make sure you offer MFA or 2FA for your customers’ and prospects’ protection when logging into their accounts.

Next Steps to Take if Your Phone Account is Breached

  • Watch for data breach notification letters. It is easy to ignore a breach notification. However, there are usually important steps in the notices, like how to activate free identity protection services. Follow the advice offered by the impacted company.
  • Be on the lookout for phishing emails. Identity criminals may look to exploit the data breach to get you to click on a malicious link or share sensitive information.
  • Closely monitor your financial accounts (credit cards, banking, utilities, etc.) If you see anything out of the ordinary, it may be a sign of fraudulent activity.
  • Contact the Department of Motor Vehicles (DMV) if your license is impacted. Notify the DMV in your state that your information may have been exposed. See if you can place an alert on your license number and check your driving record.

Contact the ITRC

Data breaches are inevitable. Consumers can do everything right and still have their phone account breached. If you believe your phone account is breached or want to learn more, contact the ITRC. You can speak with an expert advisor by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org. Advisors will answer any question you may have and help you through the resolution process.

The ITRC does not want anyone to panic. While it can be frightening if your phone account is breached, you will be able to work through any misuse of your information if you have a plan.

  • Criminals claiming to be with the Internal Revenue Service (IRS) are targeting people with emails as taxpayers continue to receive the third round of Economic Impact Payments (EIP) that began in March 2021.
  • Identity criminals send messages claiming you can receive an EIP Payment. They say the IRS is sending payments each week to qualified individuals as they continue to process tax returns.
  • However, messages like these are IRS scams seeking your personal and financial information to commit identity theft and fraud.
  • The IRS will never email, text, call or send a message on social media to anyone. If you receive a message claiming to be from the IRS, ignore it. You are also encouraged to forward it to the IRS at phishing@irs.gov and note that it seems to be a phishing scam seeking your personal information.
  • To learn more, or if you believe you have received IRS scams by email, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at www.idtheftcenter.org to speak with an expert advisor.

The third round of Economic Impact Payments (EIP) from the Internal Revenue Service (IRS) began to go out in March 2021. However, the Identity Theft Resource Center (ITRC) continues to receive messages about IRS scams by email, like the one below.

According to an official IRS notice, the Service is still sending EIP Payments weekly as 2020 tax returns are processed. Criminals have been striking with scams since the first stimulus package was passed in 2020. While many EIP Payments have been received, you should beware of scams asking for payment to receive compensation and remember that the IRS will never call, message or email anyone.

Who are the Targets?

U.S. Taxpayers

What is the Scam?

In the latest IRS scams by email, identity criminals send emails to inboxes claiming that they are eligible to receive a payment after the last annual calculation of their “fiscal activity.” The email goes on to say that each week the IRS will continue to send the third EIP Payments to eligible individuals as they process tax returns. The phishing emails also include a button to “claim my payment.”

What They Want

Scammers want you to either respond or click on a malicious link so they can steal your personal and financial information to commit different forms of identity crimes, including financial identity theft.

How to Avoid Being Scammed

  • Ignore emails, texts or social media messages claiming to be from the IRS. Do not respond to the messages or click on any links or attachments because they could be malicious. Acting on the IRS scams by email, text or social media could lead to having your information stolen. The IRS will not email or message anyone. Do not share any personal information, including credit card and bank account numbers, except on the official www.IRS.gov website or the representative you contacted by calling the IRS.
  • Ignore calls claiming to be from the IRS. While IRS scams by email continue to circulate, identity criminals could call you, too. If you receive an unsolicited call claiming to be from the IRS, ignore it. The IRS will not call anyone unsolicited, either.
  • Send phishing emails to the IRS. The IRS asks anyone who receives a phony email to forward it to phishing@irs.gov and note that it seems to be a phishing scam seeking your information.
  • Report the identity crime. You can report any identity fraud to the Federal Trade Commission (FTC) by visiting www.IdentityTheft.gov.

If you have received IRS scams by email, text message, social media or by phone, you can also contact the ITRC toll-free by calling 888.400.5530 or using the live-chat function at www.idtheftcenter.org. ITRC expert advisors will help you create a resolution plan with the steps you need to take.

  • President Joseph R. Biden signed an executive order extending a pause on student loan payments to January 31, 2022. However, some borrowers are already reporting a rise in student loan forgiveness scams where people pose as loan providers that can help pay off student loans.
  • Identity thieves ask for information like Social Security numbers (SSNs), federal student aid I.D.s, bank account information and credit card information to commit different forms of identity theft and fraud.
  • Some loan forgiveness solicitations are not attempts to steal your information. However, they are designed to steer you into high-cost loan repayment programs with high interest rates or fees.
  • Be skeptical of anyone who calls or emails you offering to pay off your student loans. Call your loan provider to see if the message was legitimate, and do research on the loan provider the caller claims to represent.  
  • If you fall victim to an identity scam, call your bank or credit card provider to stop payments or close your accounts. Also, contact your loan servicer so they can monitor your account. Finally, check your credit report for any suspicious activity and strongly consider freezing your credit.
  • To learn more about student loan forgiveness scams, or to create a resolution plan, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

Student loan forgiveness scams have been around for a long time. However, they have spiked during the COVID-19 pandemic. President Joseph R. Biden recently issued an executive order extending student loan relief until January 31, 2022. While the extension is welcome news to many borrowers, it also means student loan forgiveness scams will continue for the foreseeable future. CNBC reports an uptick in student loan forgiveness scams. The Identity Theft Resource Center (ITRC) has also received inquiries about the scams, like the one below:

While the voicemail might not be a scam, people who receive voicemails like these should use caution. The same advice applies to emails received about student loans resuming, especially if the sender claims to be from a loan provider that was not used to take out the loan. COVID-19 has given criminals and unethical loan processors more ways to take advantage of people who have been hurt financially over the last year and a half. It could be a scammer looking to exploit the pause in payments due to COVID-19, and any potential confusion it brings.

Who are the Targets?

Former and current college students who are paying off student loans

What is the Scam?

Identity thieves call or email people with student loans claiming to be a loan provider or the U.S. Department of Education. They offer to reduce and help pay off monthly payments. Scammers ask for all sorts of personally identifiable information (PII) over the phone so that they can commit different forms of identity crimes like account takeover.

However, not all of the unsolicited student loan calls and emails are identity scams. Some are reported to be attempts to steer borrowers into repayment programs with high fees and high interest rates.

What They Want

Criminals ask for PII like Social Security numbers (SSNs), federal student aid I.D.s, credit card information and bank account information to commit identity theft. Unethical loan processors attempt to enroll borrowers in high-cost loan repayment programs.

How to Avoid Being Scammed

  • To avoid student loan forgiveness scams, be skeptical of anyone who calls you to help you pay off your student loans. Google the name of the loan provider the caller claims to be working for and see if there are any complaints. Also, if you have any doubts, contact your loan provider directly about the inquiry.
  • Look for the name of the program that is being offered to you. CNBC says, in some scams, criminals have claimed they are part of “Biden loan forgiveness” or “CARES Act loan forgiveness,” two programs that do not exist.
  • If you receive an email about student loan forgiveness, check the sender’s email address to make sure the email is coming from an address that ends in .gov.
  • If you provide a scammer with bank account or credit card information, call your bank or credit card provider to stop the payments immediately, and close your accounts if needed. It’s also a good idea to contact your student loan servicer, especially if you provided information such as your federal student aid I.D., so they can monitor your account, and check your credit report for suspicious activity. The ITRC strongly recommends you also freeze your credit.
  • Finally, report the student loan forgiveness scams to the Federal Trade Commission (FTC) at www.IdentityTheft.gov.

To learn more about student loan forgiveness scams, or if you believe you were the victim of a scam, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

Police frequently warn Facebook users about the Federal Government Empowerment Money Grant Program scam that circulates in inbox messages. It is important you can spot the scam and know what to do when you encounter it.

Who are the Targets?

Facebook users

What is the Scam?

Scammers pose as an individual’s friend on Facebook and send them messages about a “Federal Government Empowerment Money Program.” However, it is a Federal Government Empowerment Money Grant Program scam. Scammers say they have received a large amount of money from the program after sending in a small “transaction” fee. The scammer also sends a form requesting personal and financial information. Individuals are more likely to fall for the scam because it comes from a Facebook friend.

What They Want

Personal information, account information, payment

How to Avoid Being Scammed

If you receive a message about this program, do not respond because it is a Federal Government Empowerment Money Grant Program scam. Instead, immediately report the message to Facebook through the platform’s “report” link at the top of the message and then block the person. Never click on suspicious links.

If you think you are a victim of identity theft, or want to learn more about this scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance. You can speak with an expert advisor by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

This post was originally published on 9/9/16 and was updated on 7/14/21

  • Did you recently receive a phone call claiming to be from the U.S. Department of Homeland Security (DHS)? Homeland Security phone scams are making the rounds, leaving some people in a panic.
  • In the Homeland Security scam phone calls, criminals are impersonating both Homeland Security Investigations Office agents and U.S. Customs and Border Protection (CBP) agents. One scam threatens people with warrants and investigations if they do not give up either money or personal information. Another scam claims cash and drugs were intercepted with your name on it and asks for banking information.
  • If you receive a threatening phone call from a Homeland Security Investigations agent or an unsolicited call from a CBP agent, you should hang up because it is probably a Homeland Security phone scam. DHS will never call anyone with demands or requests for sensitive information. Instead, report the call to DHS and the Federal Trade Commission.
  • If you want to learn more, believe you are the victim of a phone scam, or if you have been receiving Homeland Security scam phone calls, contact the Identity Theft Resource Center (ITRC) at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

The Department of Homeland Security (DHS) is usually the agency issuing a fraud alert informing the public about the latest scams, like DHS giving a new warning about immigration scams from the Department’s Ombudsman office. However, now criminals are trying to get your money and personal information by impersonating Homeland Security agents, particularly in the Philadelphia and Miami areas. DHS officials say the calls are part of a Homeland Security phone scam and are intended to frighten people. DHS agents will never call you unsolicited.

Who are the Targets?

Phone users; Non-U.S. citizens

What is the Scam?

Identity criminals impersonate agents from the DHS Investigations Office and the U.S. Customs and Border Protection (CBP). In one Homeland Security phone scam, criminals threaten you with arrest or an investigation if you do not provide payment in the form of “immigration bonds” or sensitive information. Other Homeland Security scam phone calls have a pre-recorded message that says, “a box of drugs and money being shipped has your (caller’s) name on it, and it has been intercepted.” They then instruct the caller to press #1 to speak with a CBP agent, attempting to get the caller’s banking information.  

What They Want

Scammers hope to steal either money or personal information. The personal information and bank account information can be used to commit an array of different identity crimes in your name.

How to Avoid Being Scammed

  • The DHS Investigations Office will never call you with demands like those included in the current scams. If you receive a threatening call, hang up because it is a Homeland Security phone scam. Do not give them any money or personal information.
  • Also, DHS Investigations and CBP do not solicit money over the phone. If you get a call like that, note the number, any other pertinent details about the call and then hang up.
  • If you receive Homeland Security scam phone calls, report them to the DHS Investigations Field Office or the CBP, even if you did not fall for the scam. Phone scams can also be reported to the Federal Trade Commission online at reportfraud.ftc.gov/.

To learn more about Homeland Security scam phone calls, or if you believe you were the victim of a phone scam, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

For years, U.S. Postal Service (USPS) officials have warned people about USPS email scams with fake email notifications attempting to phish for personal information. The scam has resurfaced, with the Identity Theft Resource Center (ITRC) receiving this USPS email scam:

With scams looking more legitimate each day, it is important that you know how to spot them and what to do to keep yourself safe.

Who are the Targets?

Email users

What is the Scam?

Individuals receive email notifications from scammers posing as the USPS, stating a package could not be delivered to their residence. The fake notification instructs the recipient to click on a link within the email in order to “print a delivery label and pick up the package at their local post office.” Unfortunately, victims of this scam who click on the link expose their computer to a virus that steals personal information.

In the latest version of the scam, the link takes victims to a website for them to re-enter their address and enter a payment card for a $3 fee to reship the package. All of the footer information is from USPS and takes people back to the legitimate USPS website.

What They Want

Personal Information, financial account information

Howto Avoid Being Scammed

  • The USPS does not send email notifications when they have a package for pick-up.
  • Always check with the source directly to see if the email is legitimate or a USPS email scam before clicking on any links or giving away personal information. Contact your local post office by phone.
  • Examine any suspicious emails closely. Poor grammar and spelling errors are a good indication that the email is fraudulent.
  • Report the scam by forwarding the email to spam@uspis.gov and then delete the email. For more information on other USPS scams, visit uspis.gov/tips-prevention.

If you think you may be a victim of identity theft, or have questions about the USPS email scam, contact the ITRC for toll-free assistance by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

This post was originally published on 11/15/16 and was updated on 7/9/21

  • The Federal Emergency Management Agency (FEMA) reports that criminals are creating COVID-19 funeral scams. The announcement comes just days after the federal agency launched a new program to provide relief to the families of loved ones who died from COVID-19.
  • As part of the funeral scam, criminals contact people offering to register them for funeral assistance. Identity thieves are looking to steal money, as well as personal and financial information, to commit identity theft.
  • If you receive an unsolicited message offering to assist in registering for the program, you should contact FEMA directly. Also, you should never pay a fee or share personal information with anyone who sends an unsolicited message to obtain a government benefit on your behalf.
  • To report a funeral scam, call FEMA’s Helpline at 800.621.3362. To learn more, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at the company website www.idtheftcenter.org.

The Federal Emergency Management Agency (FEMA) is doing what it can to help the families of loved ones who died from COVID-19. However, due to criminals, everyone needs to be on the lookout for COVID-19 funeral scams.

FEMA started a program in mid-April that offers up to $9,000 in relief to help families cover the funeral expenses for those who passed after June 20, 2020, from COVID-19. However, criminals have found a way to take advantage of the newest program.

FEMA has sounded the alarm with a fraud alert. They have received reports of scammers reaching out to people by phone, email, and online, offering to register them for funeral assistance. However, FEMA says that is not how the program works.

The Identity Theft Resource Center (ITRC) has received more than 1,500 reports of identity fraud related to government benefits since the beginning of the pandemic.

Who are the Targets?

The families and friends of loved ones who died from COVID-19 who are applying for FEMA’s COVID-19 Funeral Assistance Program.

What is the Scam?

FEMA says criminals are contacting people and offering to register them for funeral assistance. However, the criminals are asking for “fees” and other options to “expedite the process” to register for funeral expenses.

According to FEMA, any efforts that charge fees to assist in the application process are scams. The application process begins when you call the agency’s Funeral Assistance Line at 844.684.6333. FEMA will not contact you about the program unless you have already contacted them.

What They Want

Scammers hope to make away with either money or you or your deceased loved one’s personal information to commit an identity crime in you or your loved one’s name.

How to Avoid Being Scammed

  • If someone contacts you about the assistance program and you did not either apply or call FEMA directly, ignore it because it is a COVID-19 funeral scam. FEMA will not reach out until you either call them or apply for assistance.
  • Do not pay a fee for quicker service because that is another sign of a funeral scam. The government will not ask you to pay anything to get the FEMA benefits.
  • Do not provide your own or your deceased loved one’s personal or financial information to anyone based on an unsolicited call, text message, or email claiming to come from FEMA or another federal agency.
  • If you received a COVID-19 funeral scam call or email, report it to the FEMA Helpline at 800.621.3362.

Contact the ITRC

If you believe you are a victim of the COVID-19 funeral scam, received a suspicious message and want to know if it is a funeral scam, or want to learn more, contact the ITRC toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.   

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a stimulus payment scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more. However, it could mean more stimulus payment scams.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

The post was originally published on 12/22/20 and was updated on 3/10/21