Posts

  • The Federal Emergency Management Agency (FEMA) reports that criminals are creating COVID-19 funeral scams. The announcement comes just days after the federal agency launched a new program to provide relief to the families of loved ones who died from COVID-19.
  • As part of the funeral scam, criminals contact people offering to register them for funeral assistance. Identity thieves are looking to steal money, as well as personal and financial information, to commit identity theft.
  • If you receive an unsolicited message offering to assist in registering for the program, you should contact FEMA directly. Also, you should never pay a fee or share personal information with anyone who sends an unsolicited message to obtain a government benefit on your behalf.
  • To report a funeral scam, call FEMA’s Helpline at 800.621.3362. To learn more, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at the company website www.idtheftcenter.org.

The Federal Emergency Management Agency (FEMA) is doing what it can to help the families of loved ones who died from COVID-19. However, due to criminals, everyone needs to be on the lookout for COVID-19 funeral scams.

FEMA started a program in mid-April that offers up to $9,000 in relief to help families cover the funeral expenses for those who passed after June 20, 2020, from COVID-19. However, criminals have found a way to take advantage of the newest program.

FEMA has sounded the alarm with a fraud alert. They have received reports of scammers reaching out to people by phone, email, and online, offering to register them for funeral assistance. However, FEMA says that is not how the program works.

The Identity Theft Resource Center (ITRC) has received more than 1,500 reports of identity fraud related to government benefits since the beginning of the pandemic.

Who are the Targets?

The families and friends of loved ones who died from COVID-19 who are applying for FEMA’s COVID-19 Funeral Assistance Program.

What is the Scam?

FEMA says criminals are contacting people and offering to register them for funeral assistance. However, the criminals are asking for “fees” and other options to “expedite the process” to register for funeral expenses.

According to FEMA, any efforts that charge fees to assist in the application process are scams. The application process begins when you call the agency’s Funeral Assistance Line at 844.684.6333. FEMA will not contact you about the program unless you have already contacted them.

What They Want

Scammers hope to make away with either money or you or your deceased loved one’s personal information to commit an identity crime in you or your loved one’s name.

How to Avoid Being Scammed

  • If someone contacts you about the assistance program and you did not either apply or call FEMA directly, ignore it because it is a COVID-19 funeral scam. FEMA will not reach out until you either call them or apply for assistance.
  • Do not pay a fee for quicker service because that is another sign of a funeral scam. The government will not ask you to pay anything to get the FEMA benefits.
  • Do not provide your own or your deceased loved one’s personal or financial information to anyone based on an unsolicited call, text message, or email claiming to come from FEMA or another federal agency.
  • If you received a COVID-19 funeral scam call or email, report it to the FEMA Helpline at 800.621.3362.

Contact the ITRC

If you believe you are a victim of the COVID-19 funeral scam, received a suspicious message and want to know if it is a funeral scam, or want to learn more, contact the ITRC toll-free. You can call (888.400.5530) or use the live-chat function on the company website. Just go to www.idtheftcenter.org to get started.   

*Updated as of 3/10/2021

  • The third round of stimulus payments is on the way. Scammers are aware, too, which means another round of scams as well.
  • Remember, the Internal Revenue Service (IRS) will not text, email or call anyone about a stimulus payment. If someone receives an unsolicited message from someone claiming to be with the IRS, it is probably a scam. Consumers should contact the IRS directly to verify before they respond. 
  • Offers that require people to pay to receive a stimulus benefit or to use a service to get a payment faster are also signs of a stimulus payment scam. 
  • Consumers can track their new stimulus checks once they are sent. Then can visit the IRS “Get My Payment” page to follow their payments.  
  •  To learn more about stimulus payment scams, the new stimulus payment or if someone suspects they are the victim of a stimulus scam, they can contact the Identity Theft Resource Center toll-free at 888.400.5530 or by live-chat on the company website.  

New Stimulus Payments Approved by Lawmakers 

Lawmakers voted to approve the third stimulus package since the coronavirus pandemic. The package includes a $1,400 stimulus payment for anyone who earns $75,000 or less (the payments start to phase out at $75,000), extends jobless aid supplement and programs making more people eligible for unemployment insurance, and much more.

Late in 2020, lawmakers agreed on a new stimulus package, which included a $600 stimulus payment for anyone who earned $75,000 or less. There was also a reduced payment for anyone who made $75,000-$99,000.

In the spring of 2020, the first batch of stimulus payments assisted Americans in need of financial relief due to the economic impacts of COVID-19. Criminals took advantage of the situation by offering to help benefit recipients speed access to their stimulus funds. Criminals stole checks from nursing home residents, out of people’s mailboxes, and even from postal trucks. The Identity Theft Resource Center (ITRC) saw some of those methods used to steal identity information and stimulus payments the second time around, and expect to see it again. The ITRC has also had a sharp rise in reported stolen stimulus payments and stimulus payment scams cases.

As of March 10, 2021, the Federal Trade Commission (FTC) had logged more than 382,000 consumer complaints related to COVID-19 and stimulus payments totaling more than $366 million in losses. Two-thirds of the complaints involved fraud or identity theft. The median fraud loss per person is $325.

New stimulus checks mean more scams are on the way. With more stimulus payment fraud expected, consumers should know how to spot a scam and what to do if an identity criminal contacts them.

Possible Stimulus Payment Scams 

According to the Washington Post, researchers recently discovered a campaign of thousands of emails that sought to trick Americans into filling out a phony form to “apply” for American Rescue Plan checks from the IRS before the third stimulus package was even passed by congress. The emails encouraged recipients to download an Excel sheet that launched malicious software that steals personal banking information and other login credentials once downloaded.

Criminals use different schemes to trick people, and they can be expected to do the same this time, as seen above. Here are a few things for people to watch for that indicate that someone might be the target of a stimulus payment scam:

  • Text messages and emails about stimulus payments – Criminals use text messages and emails to send malicious links in hopes that people will click on them to divulge personal information or insert malware onto someone’s device. If anyone receives a text message or email about a stimulus check or direct deposit with a link to click or a file to open, they should ignore it. It’s a scam because the IRS will not contact anyone unsolicited by text, email or phone to discuss a stimulus payment. 
  • Asked to verify financial information – The IRS will not call, text or email anyone to verify their information. If information needs to be confirmed, people will be directed to an IRS web page. This includes retirees who might not typically file a tax return.  
  • A fake check in the mail – Anyone who earns $75,000 or less will get $1,400. People who make between $75,000-$80,000 will receive a reduced amount. Anyone who gets a check and has questions about the amount, or thinks the check seems suspicious, should contact the IRS.
  • Offers for faster payments – Any claim offering payment faster through a third-party is a scam. All new stimulus checks will come from the IRS, and the IRS says there is no way to expedite a payment.  
  • Pay to get a check – No one has to pay to receive a stimulus check. New stimulus checks will be deposited directly into the same banking account used for previous stimulus payments or the most recent tax refund. If the IRS does not have someone’s direct deposit information, a check or prepaid card will be mailed to the last known address on file at the IRS.
  • Stolen checks – The ITRC has received numerous complaints from consumers about their stimulus checks being stolen. If anyone believes their payment is stolen, they should visit IDTheft.gov, where they can report, “Someone filed a Federal tax return – or claimed an economic stimulus payment – using my information.”

What to Do If You’re a Victim of Stimulus Payment Scams 

 If anyone believes their information may have been compromised or their stimulus payment was stolen, the IRS suggests people report it to the IRS and FTC simultaneously through IdentityTheft.gov. If anyone wants to learn more about stimulus payment scams or if someone believes they are the victim of a stimulus payment scam, they may also contact the Identity Theft Resource Center toll-free. Consumers can call (888.400.5530) or live-chat on the website. People can go to www.idtheftcenter.org to get started.

  • A Canon data breach resulted from a ransomware attack on the company by the Maze ransomware group. Canon is just one of many companies recently hit with a ransomware attack, a trend the Identity Theft Resource Center predicts to continue in 2021.  
  • The mobile video game Animal Jam suffered a data breach affecting 46 million users after threat actors stole a database. However, WildWorks, the game’s owner, has been very transparent throughout the entire process, setting an example of how businesses should approach data breaches. 
  • Insurance tech company Vertafore discovered files containing driver-related information for 28 million Texas residents were posted to an unsecured online storage service.  
  • For more information about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notifiedTM.  
  • Keep an eye out for the ITRC’s 15th Annual Data Breach Report. The 2020 Data Breach Report will be released on January 27, 2021. 
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website.  

Notable Data Compromises for November 2020 

Of all the data breaches the Identity Theft Resource Center (ITRC) tracked in November, three stood out: Canon, WildWorks – Animal Jam, and Vertafore. All three data events are notable for different reasons. One highlights a trend and prediction made by the ITRC; another shows transparency by the company throughout the process; the third leaves 28 million individuals’ driver-related information exposed. 

Canon 

Camera manufacturer Canon recently suffered a data breach that was caused by a ransomware attack, but the company only acknowledged the attack was the result of ransomware in November. According to techradar.com and Bleeping Computer, the Canon IT department notified their staff in August that the company was suffering “widespread system issues affecting multiple applications, Teams, email and other systems.” On November 25, the company acknowledged the Canon data breach was due to a ransomware attack by the Maze ransomware group.  

It is unknown how many people are affected by the Canon data breach. However, files that contained information about current and former employees from 2005 to 2020, their beneficiaries, and dependents were exposed. Information in those files included Social Security numbers, driver’s license numbers or government-issued identification numbers, financial account numbers provided to Canon for direct deposit, electronic signatures and birth dates. 

Canon is just one of many companies that have been hit with a ransomware attack. As the ITRC mentioned in its 2021 predictions, cybercriminals are making more money defrauding businesses with ransomware attacks and phishing schemes that rely on poor consumer behaviors than traditional data breaches that rely on stealing personal information. As a result of the ransomware rise, data breaches are on pace to be down by 30 percent in 2020 and the number of individuals impacted down more than 60 percent year-over-year.  

WildWorks – Animal Jam 

Animal Jam, an educational game launched by WildWorks in 2010, suffered a data breach after threat actors stole a database. According to the WildWorks CEO, cybercriminals gained access to 46 million player records after compromising a company server. The information exposed in the Animal Jam data breach includes seven million email addresses, 32 million usernames, encrypted passwords, approximately 15 million birth dates, billing addresses and more. 

WildWorks has been very transparent throughout the entire process. The company provided a detailed breakdown of the information taken in the Animal Jam data breach, how the data event happened, where the information was circulated, whether people’s accounts are safe and the next steps to take. The ITRC believes WildWorks has set an example of how other businesses should share information with impacted consumers after a data breach.  

Anyone affected by the Animal Jam data breach should change their email and password for their account (consumers should switch to a 12-character passphrase because it is easier to remember and harder to guess). Users should also change the email and password of other accounts that share the same email and password. If any users think their account was used illegally, they are encouraged to contact the Animal Jam security team by emailing support@animaljam.com  

Vertafore 

Vertafore, a Denver based insurance tech company, recently discovered three files containing driver-related information were posted to an unsecured online storage service. The files included data from before February 2019 on nearly 28 million Texas drivers. Vertafore says the files have since been secured, but they believe the files were accessed without authorization. To learn more about this data breach, read the ITRC’s latest blog, and listen to our podcast on the event. 

Unfortunately, companies continue to leave databases unsecured, which is tied with ransomware as the most common cause of data compromises, according to IBM. Consumers impacted by the Vertafore data event need to follow the advice given by Vertafore and the Texas Department of Public Safety

notifiedTM  

For more information about recent data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notifiedTM, free to consumers. Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.  

Contact the ITRC 

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no-cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started. Also, victims of a data breach can download the free ID Theft Help app to access resources, a case log and much more.  

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.

  • Election scams are beginning to appear, prompting the FBI and Cybersecurity and Infrastructure Security Agency (CISA) to warn consumers that spoofed internet domains and email accounts pose cyber and disinformation risks to voters. 
  • Scammers are also looking to trick voters by mimicking ballot-tracking text services
  • Identity thieves are seeking many different forms of personally identifiable information (PII), looking to commit malware attacks, and creating fake websites to collect PII or spread false or misleading information. 
  • Consumers should never share PII, respond to any unexpected messages until they have verified the website address, email address or text message link by checking with the legitimate source.  
  • For more information, or if you fell victim to an election scam, reach out to the Identity Theft Resource Center toll-free at 888.400.5530 or on our website via live-chat.  

The general election is less than one month away, and scammers are aware. Multiple voting organizations are expressing concerns over fake election-related websites that look like official voting resources, but contain false or misleading information, as well as phishing emails that are designed to gather personally identifiable information (PII) or spread malware. Some states are also seeing scammers trying to trick voters with phony text messages, like in California, where they mimic ballot-tracking text services. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) want to help people spot and avoid every form of election scam.  

Who It Is Targeting 

Voters; Online device users 

What It Is 

Scammers are using many different tactics to try to trick voters: 

  • They create fake election-related websites to spread misinformation, confuse people, or trick voters into sharing personal information ahead of the November 3 elections. According to the FBI and CISA, election scams around fake websites aim to mislead voters and try to use interest around voting to steal people’s passwords. Scammers create websites that try to imitate election websites by altering one or two letters in the site’s address.  
  • Another election scam the FBI and CISA want people to be aware of is phishing emails. Scammers email voters from spoofed addresses that appear to come from election officials.  
  • Scammers are using text messages to attack, too. Some text messages claim they are from the United States Postal Service (USPS). Others look like they are from the Registrar of Voters asking consumers to take a survey or re-register to vote. Some even offer prizes for voting or registering to vote. 

What They Are After 

“There’s risk to you personally,” James Lee, Chief Operating Officer of the Identity Theft Resource Center (ITRC), told NBC 7 San Diego in an interview. “And in this case, because we’re talking about an election, there’s risk to our society. There’s risk to our country.” 

All of these election scams try to steal usernames, passwords or email addresses. They lead to the collection of PII and spread malware, leading to the potential of more compromises and financial losses in the future. 

What You Can Do 

  • Verify the spelling of all websites, email addresses or links in text messages. Make sure domains consist of http or https at the beginning of the domain, and .gov at the end if it is a government website. 
  • If you receive an unexpected or unsolicited email or text message, ignore it and do not click on any links. Go directly to the source to verify the validity of the message. 
  • Find election information from trustworthy websites, like the Election Assistance Commission.  
  • Make sure all of your applications are up-to-date and update your anti-virus and anti-malware systems. 
  • If possible, use two-factor authentication (2FA) on your accounts.  
  • Disable or remove unneeded applications from your devices. 

If you believe you are a victim of an election scam or want to learn more, contact the ITRC to speak with an expert advisor toll-free at 888.400.5530. You can also live-chat with us on our company website. 

  • Shopify recently announced that two support team members allegedly committed insider theft and obtained transactional records of at least 100 merchants.  
  • Data exposed in the Shopify data compromise includes names, physical addresses, email addresses, products, and services purchased. 
  • Businesses should consider reducing their privilege access based on the employee’s status, watch data movement across the company, and have tools to give visibility to file activities. 
  • Consumers should change their usernames and passwords for their Shopify account, keep an eye out for phishing emails, and act on a breach notification letter if they receive one. 
  • Anyone impacted by the Shopify data exposure can call the ITRC toll-free at 888.400.5530, or live-chat on the company website with an expert advisor.  

The E-commerce platform, Shopify, is used by online businesses and retail point-of-systems all over the world. One of the most notable companies is Kylie Cosmetics, Kylie Jenner’s well-known make-up company. Kylie Cosmetics is one of an unknown number of merchants, believed to be between 100 – 200 merchants, impacted by a recent Shopify data exposure. While information is still limited, there are important facts and tips for both consumers and businesses to know about this case of an insider threat.  

What Happened 

On September 22, Shopify announced that two members of their support team were engaged in a scheme to obtain customer transaction records from merchants. While there is no evidence of the data of the impacted merchants being utilized right now, the e-commerce company says they are only in the early stages of the investigation. Data exposed by the Shopify compromise includes email addresses, names, physical addresses as well as products and services purchased. 

According to MarketWatch, the order details do not include financial information like credit card information or additional personal information. Shopify says most of their merchants are not affected, and the ones that are have been notified. They say they will also be updating affected merchants as more information becomes available. 

How the Shopify Data Exposure Impacts Businesses 

More people are working from home now than ever due to COVID-19, which means remote workers may have more access privileges than usual with fewer security restrictions. The Shopify data exposure is a great example of the dangers of an organization offering employees too much access privilege. Security experts also say that insider threats are growing with more people getting accustomed to working from home. 

How Businesses Can Protect Themselves 

  • Reduce privilege access based on the employee and their position. 
  • Watch data movements across the entire company environment whether employees are on or off the network. 
  • Adopt a zero-trust framework so the security team can better track who is coming in and out of the network. 
  • Have tools in place that give visibility into file movements, enabling them to verify that corporate intellectual property and sensitive data is not leaving the organization. 

How the Shopify Data Exposure Impacts Consumers 

While only names, email addresses and address information were exposed, consumers affected by the Shopify data exposure could be at risk of receiving phishing emails or other emails that try to target financial information.  

What Consumers Should Do  

  • Change their usernames and passwords for their account. 
  • Watch out for phishing emails and other emails attempting to collect financial information or other personally identifiable information (PII). 
  • Watch for a breach notification letter. If they get one, it should not be ignored. Consumers need to act and follow the steps provided in the letter. Consumers should also take advantage of credit monitoring if it is provided and consider freezing their credit. 
  • While full payment information is not believed to be involved, it is still a good idea for consumers to regularly check their accounts for any suspicious activity.  

Contact the Identity Theft Resource Center 

Victims of the Shopify data exposure are encouraged to contact the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 or live-chat with an expert advisor on our website. Data breach victims can also download the ITRC’s ID Theft Help app to access resources, advisors, a case log and much more. 


Read more of our latest news below

iPhone 12 Chatbot Scam Begins to Spread Through Text Messages

Dunkin Donuts Data Breach Settlement Highlights Busy Week of Data Compromise Updates

50,000+ Fake Login Pages for Top Brands from Credential Theft

CashApp scams have seen an uptick since COVID-19 began impacting the United States. In April, we wrote about scammers out in full force trying to get consumers to fall for CashApp scams by clicking on fraudulent and malicious links that could steal people’s money and identity, taking advantage of the economic hardships. Now, the Identity Theft Resource Center (ITRC) is receiving multiple calls and live-chats about a twist on the CashApp scam: a CashApp customer support scam.

Who Is Targeted

CashApp users

What It Is

A CashApp customer support scam where scammers act as CashApp customer support on a hotline to gain access to users CashApp accounts or ask users to download software to allow remote access to their mobile device.

What They Are After

Scammers are after money and personal information using a fake customer support hotline. In one CashApp scam case reported to the ITRC, a scammer stole all of the victim’s money and changed their username and password. In another case, a scammer was able to get a hold of the victim’s bank account number and access the victim’s bank account.

How You Can Avoid It

  • As of right now, CashApp only offers customer service via email or through the app, not by telephone. Reach out to customer support directly through the company’s website or app.
  • Never give out personal information over the phone if you do not know who is on the other end.
  • Do not download software to allow third parties to have access to any of your mobile devices.
  • Only use CashApp to transfer money to people you know.
  • Add additional security measures, including multi-factor authentication.

If you think you may have fallen victim to a CashApp customer support scam, you can call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest blogs below

Fortnite Gaming Data Being Sold for Hundreds of Millions of Dollars Per Year

“Meow” Attacks Lead to 4,000 Deleted Databases and Perplexed Security Experts

Cense.Ai, Freepik and ArbiterSports Headline Recent Data Breaches

With some businesses opening back up after temporarily closing due to the COVID-19 pandemic, scammers are trying to capitalize using online job scams to steal people’s personal information.

Recently, Scripps Health found hackers exploiting job seekers through phishing emails with Scripps Health-themed “lures.” Scripps sent the following email to warn their community members:

Image provided to the Identity Theft Resource Center by public

ATA Engineering, another San Diego-based company, reports they also are seeing similar-type online job scams.

The Identity Theft Resource Center (ITRC) has seen a rise in victims contacting the organization about online job scams, including phishing emails. Some of the particular job scams reported to the ITRC include ones from Indeed, Zip Recruiter, and Facebook. The ITRC has had more than 40 victims reach out about online job scams the last three months.

Who Is It Targeting

People looking for work amist the COVID-19 pandemic

What Is It

Either a fake listing posted on a job board or a phishing email, robocall, social media message, or text message looking for a response.

What Are They After

While scammers attack in different ways, they are all looking for one thing: personal information. They hope they can trick people who are desperate or vulnerable into giving up sensitive data like usernames and passwords, financial data, or Social Security numbers. Once scammers have that information, they can commit many different forms of identity theft.

How You Can Avoid It

  • Never click on a link or open an attachment from an email you are not expecting. Instead, go directly to the source to verify the validity of the message.
  • Review all emails and websites carefully to make sure there are no suspicious addresses, subject lines or URLs.
  • Be careful about how much personal data you share, at least during the application process. Do not turn over information like your Social Security number until you are hired.
  • Make sure you have the job, and it is legitimate, before giving away financial information like a bank account number or routing number for direct depositing of paychecks.

If you think you may have fallen victim to an online job scam, you can call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest articles below

The coronavirus is making a lasting impact on the United States in many different ways. More than 175,000 people have died from the coronavirus, and 57+ million Americans have filed for unemployment. Another noticeable impact is the dramatic increase in scams and identity theft. There have been more than 92,000 COVID-19 fraud reports and $118+ million lost from fraud, according to the Federal Trade Commission. A story published by the Washington Post reports that no event over the last decade has spawned as many schemes or lasted this long.

Since COVID-19 began seriously affecting the U.S. in March, fraudsters and scammers have been trying to take advantage of the situation to steal or misuse people’s personally identifiable information (PII) in any way possible to commit identity theft. Recently, scammers have been taking advantage of the medical space to commit financial identity theft from COVID-19, using many different methods.

Medicare and Medicaid Scams

There is some good news when it comes to COVID-19 scams. COVID-related phishing scams appear to be on the decline. According to CheckPoint, July saw a 50 percent decrease in COVID-19 scams compared to June. However, CheckPoint reported that COVID-19 medical and vaccine-related scams are still in high demand as the race is on to find a vaccine. The U.S. Department of Health and Human Services Office of the Inspector General (HHS-OIG) echoes a similar message. The HHS-OIG says scammers are offering tests to Medicare beneficiaries in exchange for PII, like Medicare and Medicaid information to commit financial identity theft.

The AMAC Foundation is so concerned about the current issue that they and Medicare.gov are sending a notice warning recipients of the scams. The HHS-OIG believes fraudsters are targeting recipients with telemarketing calls, text messages, social media messages and door-to-door visits in their effort to steal PII. PII can be used to bill Federal health care and commit financial identity theft fraudulently.

Insurance Scams

Insurance scams are another financial identity theft concern from COVID-19 with telemedicine being so widely available, as mentioned by the Coalition Against Insurance Fraud. The Coalition warns that costly insurance scams can exploit the burgeoning arms-length telemedicine. Tele-schemes can steal patients’ identities and defraud their insurance policies.

Medical Identity Theft Threat

While fraudsters are using the medical space to commit financial identity theft from COVID-19, there is also a risk of medical identity theft. According to a story published by CBS Dallas, hackers know more people are using the healthcare system, and they know they can take advantage of the situation.

If hackers get their hands on medical records, it could leave a lasting impact. The Senior Director of Threat Hunting and Intelligence at Binary Defense says someone who steals a victim’s identity can go as far as getting an expensive medical procedure done and charge it to the victim’s insurance account. The story suggests consumers give out the bare minimum amount of PII at medical appointments, ensure the provider’s online portals are secure, and ask providers to delete all of their medical records from the database once they are no longer a patient to help reduce their risk of falling victim to identity theft.

What You Can Do

Scammers are using Medicare and Medicaid scams, insurance scams, and a rise in people using the healthcare system to commit identity theft – particularly financial identity theft from COVID-19. However, there are still actions you can take to reduce your risk of falling victim to a COVID-19 scam or financial identity theft.

  • Medicare and Medicaid beneficiaries should be cautious of any unsolicited requests for Medicare or Medicaid numbers
  • Keep an eye out for unexpected calls or messages that ask for PII. If someone receives a message with a link or an attachment, do not click or open anything. (NOTE: A physician or trusted health care provider will approve any COVID-19 tests or treatments.)
  • Anyone suspicious of COVID-19 healthcare fraud should report it online to the U.S. Department of Health and Human Services Office of Inspector General or call 800.HHS.TIPS

If you are the victim of financial identity theft from COVID-19, or a COVID-19 scam, you can call the Identity Theft Resource Center toll-free at 888.400.5530. You can also live-chat on our website to speak with an expert advisor.


Read more of our latest news below

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams