• The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  

COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19

Updated as of 3/1/2021- The recent social-good relationship management software data breach has nonprofit organizations, educational institutions, healthcare organizations and others left to figure out what to do next. Blackbaud, a cloud software company, used primarily by nonprofits, announced that they were the victim of a ransomware attack. Also, according to a filing with the U.S. Securities and Exchange Commission, Blackbaud acknowledges that a ransomware attack in May that affected its clients could have exposed much more personally identifiable information (PII) – including banking details – than the company initially believed. The number of people affected is still unknown, and more information needs to be gathered to judge the attack’s actual scope.

However, the Identity Theft Resource Center (ITRC) has tracked 536 organizations and close to 13 million people affected. Anyone who engages with organizations that utilize Blackbaud could be at risk of scams, social engineering and more.

What Happened

In May 2020, a ransomware attack was partially thwarted. However, the perpetrator copied a subset of data before being locked out. The hackers then offered to delete the data for an undisclosed amount of money. According to Blackbaud, they paid the ransom and received confirmation that the copy they removed had been destroyed. However, the confirmation was not detailed. Blackbaud says they have no reason to believe that any data went beyond the cybercriminal, was or will be misused.

The information exposed in the breach includes Social Security numbers, driver’s license numbers, passport numbers, personal health information (PHI), financial information, credit card information, telephone numbers, email addresses, dates of birth, mailing addresses, phone numbers, student I.D. numbers, biographical information, donation dates, donation amounts and other donor profile information. Blackbaud is calling the incident a security incident.

How it Can Impact You

Consumers impacted by the Blackbaud data breach could be at risk of scams (particularly giving and donation scams) and social engineering tactics. Multiple sectors were also impacted by the attack.

Healthcare Sector

Healthcare organizations all over the world use Blackbaud as their cloud software company. According to Blackbaud, 30 of the top 32 largest nonprofit hospitals are powered by their solutions. The ITRC has seen multiple data breach notices from healthcare organizations affected by the Blackbaud data breach. Since the breach impacted donors primarily, it could mean those individuals may be more susceptible to being targeted by fraudsters in the future.

Education Sector

Blackbaud plays a significant role in the education sector. They offer school management software to K-12 schools, as well as universities. Some of the management software includes student information, learning management, enrollment management and school websites. Many schools and districts have acknowledged they were impacted by the Blackbaud data breach. Most of the information involved includes donor information, alumni information, student I.D. numbers and student demographic information.

Nonprofit/NGO Sector

Blackbaud is a service that is primarily by nonprofits. Blackbaud offers an array of software services that cater to nonprofits worldwide, but are best known for their customer relationship management (CRM) tools. Many nonprofits use these to nurture their donors and fundraising. The range of types of nonprofits affected by the attack is vast. In fact, some Blackbaud nonprofits continue to come forward about whether or not they may have been impacted. Now, many nonprofits are trying to figure out their next steps for how to securely manage their CRM needs.  

What You Need to Do

The Blackbaud data breach and its impacts on businesses and consumers are specific to each affected entity and customer. Blackbaud has said that it notified its affected customers of the breach, and those customers should be notifying their impacted individuals. Depending on what information was exposed, the steps for those affected individuals could vary. Anyone who receives a notification letter regarding the Blackbaud data breach should not dismiss the letter and take the notice’s recommended steps.

For entities where sensitive PII was not exposed, the biggest threat is social engineering. Employees of the nonprofit organizations impacted by the breach may receive emails that look like they are from an executive, in an attempt at spear phishing. Donors and members of the nonprofit organizations impacted by the Blackbaud data breach may receive messages asking to provide their PII to update their contact or financial information, either directly through the email or through a link that does not actually belong to the nonprofit they are affiliated with. If an employee comes across an email they find suspicious, they should go directly back to the person it claimed to come from and verify the validity of the message if it is internal. If it is someone claiming to be from outside the organization, it should be run by their manager, IT services, or someone familiar with the relationship. More steps may have to be taken for entities where sensitive PII was exposed.

Anyone who believes they were impacted by the Blackbaud data breach can call the ITRC toll-free at 888.400.5530. They can also live-chat with an expert advisor. Another option is the free ID Theft Help app. The app has resources for victims, a case log, access to an advisor and much more.

You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams