Posts

If you are one of the consumers who have placed a freeze on their credit reports, we commend you for taking your identity protection seriously. As an expert in the field of identity theft and crime, ITRC recommends credit freezes for certain potential and existing victims of identity crime. While a credit freeze provides almost exclusively benefits, there is a down side consumers should be aware of: a credit freeze can block your Medicare application.

Individuals applying for Medicare benefits used to rely on an easy process through the Social Security administration in order to apply. Now, however, in an effort to protect people’s sensitive data, the SSA requires a whole new account called a My Social Security account to apply for Medicare.

Consumers cannot create a My Social Security account without unfreezing their credit reports. Credit freezes can be thawed so this is a matter of minor inconvenience, but it does take additional time. If applying for Medicare online, consumers will need to first thaw their credit reports and plan for the additional time this will take.

There is some good news, if you need to unfreeze your credit report the SSA only needs access to your Equifax report at this time. You will not need to unlock the other two credit reports if you have already frozen those.

If you are in a time crunch for Medicare application, visit your local SSA office and apply in person. There is a small laundry list of items you will need to bring with you as proof of your identity, of course, but usually a valid driver’s license and passport will be enough. ITRC recommends calling ahead to determine the needed documents to help save time and streamline the process.

Remember, after your Medicare application is accepted re-freeze your credit report with Equifax to help minimize the likelihood of identity theft. While you are taking some time to address your frozen report, remember to request your once-a-year free copy of your credit report in order to look for any unusual activity that could be a sign of identity theft or fraud.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Payment apps, like Venmo, Apple Pay, Zelle and even Facebook Messenger, are used by over 90 million Americans, but are they actually secure? This touch-of-a-button technology lets you use actual funds from your bank account or your credit card to send money instantly to friends, family and retailers.

At first glance, some consumers might be a little reluctant to install and use a payment app. After all, anyone who gets a hold of your smartphone could wipe out your bank account, at least in theory. There are safety protocols in place – like two-factor authentication and one-time use PIN numbers – that help make these apps possibly safer than traditional payment methods. A lot of consumers have their smartphone on them at all times and treat it with the utmost safety concerns, so having payment information stored on their device might not seem all that farfetched.

Remember, convenience and security come with a price. Scammers have already victimized payment app users in a variety of ways including in-person scams and account takeover. Before using payment applications, it’s important to understand how to protect yourself.

Lending Your Phone

In this era of always-connected activity, everyone has a phone, but there is still the occasional instance when someone might ask to borrow your device. Many of us might not think anything of it, but when you allow access to your device you are opening up the door to your payment apps. Scammers have been known to ask to use strangers’ phones to make a call, but instead open payment apps and send themselves money.

You can avoid this one—and still be a generous person—by always logging out of your payment app when you are not using it. Also, if someone does need to make a call or send a text, dial the number for them before handing over your phone.

Scams

According to Javelin, more than $500 million was lost overall to fraud in 2017 involving a variety of peer-to-peer payments. Remember, all payment options are storing your information and are vulnerable to attacks. One woman had $9,000 debited from her account in increments after a thief gained access to her login. Plus scammers could ask for payments via app to eliminate traceability.

Never send money to individuals you don’t trust or who claim to be a business or government agency; many peer-to-peer transactions are instantaneous and irreversible.

Be sure to also not receive money from individuals you do not know as scammers will try to take advantage of you. As described in this article, “If it turns out that there’s a problem, the payment will be reversed, and you’re responsible for that money. If you haven’t used the funds, Venmo will take the money back. If you already spent the money, you’ll need to replace it.”

Enhanced Security

No matter which app you choose, make sure you have enabled all the security features you can. If the app offers one-time PIN numbers or multi-factor authentication, for example, use them. This can keep hackers from accessing your login credentials and stealing your money.

Remember, access to all of your accounts usually starts with your email address or social media accounts. You have to make sure that you are using solid password hygiene on all of your accounts in order to minimize risk of hacking.

With every new type of technology, there are undoubtedly criminals out there who have found some way to take advantage of it. Practice good security protocols that protect your tech tools and be ready to adjust your usage to fit the latest scam reports.

Don’t fall for fake phishing emails or websites asking you to “verify your login.”


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Phishing scams are a low effort way for scammers to trick consumers into revealing personal information. Communication from payment platforms can be convincing with a Stripe email now making the rounds.

Phishing scams have been around for years, and with the ability to send out millions of phony emails a day, scammers don’t have much legwork to do. All they have to do is send a plausible email, get you to click the link or follow the instructions, and their work is done. One widespread form of attack involves pretending to be a high-profile company like Amazon, PayPal, or your bank in order to trick you into following their instruction and landing in their trap.

The latest front for this type of phishing attack is mobile payment company Stripe. Many small business owners, charities, and everyday consumers rely on Stripe for processing everything from payments to donations to cash from friends or relatives. The “Stripe” email claims that your account has been compromised and any money you are expecting will not be transferred to you, scammers hope to lure you into clicking and entering your info.

See real example sent to an ITRC employee:

An email typically with a subject line, “Stripe: deposit will not be made to your bank account,” has been circulating and frightening the site’s users, so much so that the company issued a scam watch statement. This post tells users what to do if they receive a strange communication that appears to come from the company. For instance, misspellings in the message or uncapitalized use of the company name are some red flags, as is an unknown email address or one that does not include the “stripe.com” domain name. Other telltale signs are listed in the website’s post.

There are some steps that tech users can follow to protect themselves from this kind of low-tech crime.

  • Never click a link, open an attachment, or download a file in an email or message unless you were specifically expecting it; even if you think you recognize the sender, it is a good idea to verify it with the sender first.
  • Next, never submit any kind of sensitive information based on a communication about your account. This includes usernames, passwords, account numbers, or any other details. Instead, go directly to the company’s website and log into your account. If there is a problem, it will be visible on the screen.
  • If all else fails, contact the company directly using a verified phone number or email address.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There are two specifically related but not interchangeable threats to your identity, and the terms can often get confused. Credential cracking and credential stuffing both involve someone getting their hands on your personal data, especially your usernames and passwords, but how those two things take place are somewhat different.

Credential Cracking

Credential cracking happens when a hacker targets you or your company specifically. They spend a significant amount of time and tech resources on breaking into your accounts by undermining your password defenses. While victims of credential cracking can absolutely be random citizens caught up in a hacker’s trap, the effort behind it often means that the victim was targeted specifically. It might be a business account or a company’s social media accounts, financial accounts, or even the personal finances for someone within a company.

Credential Stuffing

Credential stuffing, on the other hand, usually occurs when a hacker casts a wider net. They either steal a database filled with information, buy it on the Dark Web, or even stumble upon it in an unsecured web-based storage server. Then, they use software that lets them attempt thousands of “matches” at a time, cross-referencing the stolen usernames and passwords that work on one website with many other websites. When they land on a match—meaning the victim’s username and password from PayPal, for example, are the same one they use on Amazon—they can use that information to steal money and even more identifying information.

Read next: TurboTax Security Breach Cause by Credential Stuffing

Who’s Targeted

Another major difference between these two forms of attack is in how the tech-using public can take action. Credential cracking is potentially in your own hands, unless a cybercriminal targets your place of employment; a lot of your preventive strategy will involve practicing good password hygiene. Credential stuffing, on the other hand, is a result of finding a treasure trove of information that someone else did not properly secure. You often have no way of knowing whether or not your information was included in such a database until you receive a notification letter from the company who allowed it to become compromised.

How to Protect Yourself

As always, one of the best defenses against either of these attacks is to use strong, unique, unguessable passwords that you change routinely. Changing your password can actually prevent credential stuffing since your old (and stolen) information would no longer be valid; by keeping your passwords unique—meaning they are valid on one account only—you can also work to avoid credential stuffing since they will not work on any other account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When news of yet another data breach comes out, the reaction can range from panic to “blah.” At the one of end of the spectrum, consumers can be left with documented feelings of stress, fear and even paranoia about further attacks to their identity. At the same time, a very real phenomenon known as “data breach fatigue” occurs when there are so many attacks that consumers stop taking them seriously.

Fortunately, a new tool can help consumers make sense of a data breach; while neither overreaction nor inaction is an appropriate response, this tool can help people who are affected by the breach understand their options and take corrective action.

The Identity Theft Resource Center and Futurion have partnered and launched a tool called Breach Clarity, which takes publicly-available data breach information and breaks down both the threat and that actionable steps for consumers.

Watch Our New Free Webinar: Deciphering the Code of Data Breach Notifications

Unfortunately, far too many consumers do not check up on these kinds of attacks until it is too late. Even then, many victims of data breaches do not follow up on the support that notification letters offer, including things like identity theft protection or credit monitoring.

Breach Clarity lets users type in a general search term for a known breach and see a graphic representation of the threat level based on a number of factors. These include things like understanding whether or not financial information was exposed or if Social Security numbers (or other sensitive PII) were accessed. From there, a one-to-ten risk score is provided so consumers understand just how seriously this could affect them. The Home Depot breach in 2014 only receives a 3 out of 10 because of the nature of the information that was stolen; the 2015 attack on the US government’s Office of Personnel Management was far more serious and received a 10 out of 10 risk score as a result.

Breach Clarity was unveiled at the 2019 KNOW Conference in Las Vegas where it won first place in the third annual Identity Startup Pitch Competition. The criteria for selecting a grand prize winner included factors like the degree to which the entrant meets the customer’s needs and expectations, innovation, originality, and more.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When it comes to avoiding a scholarship scam or financial aid scam is that there really are some obscure and even bizarre scholarships out there. There’s a scholarship for being left-handed, one for being above average in height or below average in height, one for being a redhead, and so much more. That means it’s easy to accidentally fall into a trap of applying for a scholarship from a company or organization that you’ve never heard of.

Fortunately, avoiding a scholarship scam only takes a little bit of attention and precaution.

Stick to reputable scholarship links

Many colleges and high schools will link to safe, trustworthy sources of financial aid on their websites. Start with your school’s site or your guidance counselor to find these and other sources.

Watch out for emailed offers

Once you begin engaging in activities that can be linked to college life—such as signing up for updates, filling out online applications, even searching for housing or shopping for dorm room essentials—that can trigger scammers who are looking for victims. When your email inbox begins filling up with scholarship offers and even “congratulations, you’ve been awarded a grant!” messages, it can be tempting to open them and click the link but you don’t want to do that. Opening the email and finding out if it’s legitimate is fine, but clicking a link or downloading an application can be dangerous if the sender isn’t genuine and can lead to a malicious virus or another compromise of your data.

There’s no such thing as free money

 It might sound like the opposite of a scholarship search—since scholarships are, by nature, free college money—but no one will hunt you down to give you money. Scholarships are funded by many different sources, and they are to reward hard-working students with the means to afford their tuition. No one sends out emails begging students to take the money, though. Many scholarships involve a rigorous selection process, so any claims that something is free or already yours should be a red flag.

You can’t win if you don’t play

Another important truth about scholarships is you cannot receive one if you don’t apply for it. That means you’ll never receive a scholarship that you didn’t submit your application for. If you are contacted by email, text, social media message, or some other way and told you’ve won a scholarship, make sure it’s one you applied for before you engage with the message. Furthermore, don’t fall for any hidden “fees” like paying $40 to process your new $400 scholarship; you never have to pay money to receive money.

Protect your data

With very few exceptions, you should not have to submit your Social Security number in order to apply for a scholarship. The exception may be scholarships that are awarded directly by your university (and even then, they should already have that information) or government grants and aid. A club, team, community organization, or other company should not need it, so don’t turn it over without investigating why it’s necessary.

It’s hard to believe that someone would stoop so low as to steal from a young college hopeful with a scholarship scam, but it’s true. Safeguard your identifying information and be very careful of what information you share.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Criminals have developed DNA test scams targeting victims to retrieve medical and sensitive information. DNA test kits have grown in both popularity and affordability in recent years. While not claiming to be foolproof or accurate, they can provide a glimpse into the genetic makeup of your family tree. There have been stories about these swab-at-home test kits providing more important information as well, such as the likelihood of certain medical issues.

Attorneys general in two states have already issued warnings about DNA test scams that steal the victims’ sensitive information. The caller claims to be from a testing agency and offers the victim a free DNA test kit if they meet specific criteria. In one victim’s case, the criteria was a family history of cancer. You would be hard-pressed to find an individual who does not have a relative who has had cancer, so of course, the victim instantly qualifies.

All they have to do to receive their free kit is answer some general questions and provide their medical coverage information. Some experts believe that DNA test scams may have grown out of the recent announcement that Medicare would cover the cost of genetic screening for cancer patients if the kit is an FDA-approved tool.

In some of the reports of these scams, individuals were actually going door to door and offering victims a free kit plus $20 in exchange for their medical coverage information. The kits are easy and cheap to replicate, as they only require some cotton swabs and a mailer envelope. Victims were easily fooled into thinking they were receiving real testing kits.

The best advice for avoiding DNA test scams is remembering that no one will ever call you and offer you something that is genuinely free. Whether it is medical services or anything else, the only reason to offer you anything is because the other person is getting something in return. In this scam victims sensitive data or medical identity is compromised. Remember to always speak with your physician about any potentially necessary tests, or contact your health coverage provider directly to see if there are services or treatments you can use that they cover. Otherwise, steer clear of anyone who wants access to your records or data.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

No matter where your spring break plans have taken you, it is important to remember that the security practices you use while at home are even more important when you are on the road. Also, those same good habits that protect you while traveling are just as crucial when you are relaxing at home.

Booking Your Trip and Hotel

No matter when you plan to go, finding affordable travel arrangements can be a minefield of potential scams and fraud. Do not be swayed by flashy sidebar ads or “act now” special offers, as these are rarely a good deal and can lead to identity theft. Of course, old-fashioned scams like bait-and-switch schemes in which your condo does not actually exist or your reservation is not real are still a major threat.

Check Your Tech

Your technology can leave you very vulnerable during an out-of-town getaway. From connecting over unsecured public Wi-Fi to having your device stolen and infiltrated, there are a lot of ways that malicious actors can get their hands on your sensitive information. Make sure you turn off the Wi-Fi on your mobile devices when you do not need it, only go online over a secured, password protected connection and make sure you have passcode protected your phone or tablet. When you are not using your important apps like email and social media, it is a good idea to log out of those too.

Bring the Receipts

Make sure you hang onto receipts while you are out of town. First, it will help you stay money-aware and avoid overspending if you keep tabs each day on how much you have spent. More importantly, you’ will have paper proof to compare to your bank or credit card statement when you get home. If anyone has copied your card and used your information, you will know at a glance.

Activate Alerts from Your Bank

By taking advantage of security tools offered by your financial institution, you can be informed the second any unusual activity occurs with your cards or your account. Card Not Present alerts, for example, will text or email you the moment someone uses your card number online. Some banks will even call if a physical card transaction occurs in a location too far outside your billing zip code. These can help you take immediate action against theft and fraud.

Old School Understanding

Remember, depending on where you travel there are a lot of scams that have been around for decades. You do not want to take extreme action to protect your identity, then fall for something as simple as a common pickpocket. Stay on top of the kinds of threats you are likely to encounter so you can avoid them.

The most important security step you can take happens when you get home. That is the time to post any photos and videos online—not while you are still away—but it is also the time to take inventory of your financial accounts and your identity. It cannot hurt to order one of your three free annual credit reports a few weeks after your trip is over, just to look for suspicious activity. If you begin receiving a higher volume of scam calls and emails, that may also be a sign that something has happened to your security. Check out the available tools to monitor your identity and reach out to the Identity Theft Resource Center for help if necessary.  


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

SAN DIEGO – Jan 14, 2019 – The Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, is available to assist victims during the Federal Government shutdown. Heading into its fourth week of federal agency closures, consumers continue to experience long-term consequences due to the aftermath of the lack of availability of integral government services. The ITRC, a trusted non-profit partner of the Federal Trade Commission and the Internal Revenue Service, can provide those that need immediate assistance help through their toll-free call center (888-400-5530) if they suspect they have fallen prey to identity theft or a scam.

The FTC announced that filing reports of fraud, scam and identity theft is suspended at this time – with not just the filing unavailable but necessary forms and informational resources are also offline. Always available to help consumers but especially during the current shutdown crisis, the ITRC provides valuable plans for victims to begin the remediation of an identity theft or fraud case as well as the necessary steps to take during the government shutdown to be prepared to provide the necessary agencies documents when they reopen. Advisors can also provide alternative remediation plans, where available, based on case specifics and the jurisdiction of the victim.

“The core of our mission is helping victims of identity crime and we know that given the Federal Government shutdown, our free services are needed now more than ever,” said Eva Velasquez, president and CEO of Identity Theft Resource Center. “Victims can use any of the available channels of communication for assistance not only during this time of uncertainty, but year round.”

Knowledgeable ITRC advisors can assist victims with any questions they have about identity crime, as well as help them appropriately plan for reporting an identity theft case, filing a scam or fraud complaint, setting victims up for success as soon as the relevant agencies reopen (FTC, IRS, Social Security Administration). Assistance includes one-on-one live help, forms and other resources, along with a detailed remediation plan for each victim’s unique case.

“In my role as ITRC’s chairman of the board, I have been able to experience the collaborative relationship between the FTC and ITRC,” said Matt Cullina, chairman of the board of the ITRC and CEO of CyberScout. “Both of these organizations have a mutual mission to provide victims access to resolve their identity theft cases, but work together to support each other. During this challenging time for both victims and the federal agencies impacted, it’s good to know that the ITRC is available to provide support in the wake of the shutdown.”

The ITRC provides identity theft victims with United States identity credentials assistance free of charge. An advisor will work with a victim to provide best-in-class assistance in compiling the necessary resources and documents, as well as offer step-by-step instructions on how best to remediate a case. Consumers can also receive information and assistance by visiting the Identity Theft Resource Center’s website at https://www.idtheftcenter.org/ and utilizing the “Live Chat” feature. The site also contains the necessary forms and fact sheets regarding identity theft. The free app from the ITRC, ID Theft Help, is available to manage your cases progress, get pertinent resources, contact a call center advisor and access information on how to protect your identity – for those that prefer a self-directed mobile application.

###

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help. For more information, visit: http://www.idtheftcenter.org

Contact: Charity Lacey, VP of Communications

CLacey@idtheftcenter.org

o: 858-634-6390

c: 619-368-4373

Identity theft is commonly associated with the damage it can do to victims’ finances, especially if the thief racked up tremendous debt. The countless new credit cards, the cars or houses, the new utilities turned on in apartments the victim didn’t rent can all lead to six-figure debt before they even know their identity was stolen.

There’s another serious threat to identity theft victims, one that may be just as harmful, and that’s the emotional toll this crime can take. This side effect can easily be overlooked at first by both the victim and their family members or friends. Worse, outsiders might even treat this side of identity theft as a non-issue, diminishing the feelings of loss, mistrust and even paranoia that victims can feel.

Each year, the Identity Theft Resource Center conducts an in-depth study of ID theft victims who’ve reached out to the organization during the year for help. The study is based on voluntary feedback to a comprehensive set of questions in order to get a better look at the trends and the lasting effects of this crime. The resulting ITRC Aftermath report is then made available to the public, including law enforcement, policymakers and other stakeholders, in order to provide accurate information from the victims’ standpoint.

Year after year, respondents to the ITRC Aftermath survey list some understandable emotional harm as a result of the crime. They’re often left feeling hopeless to resolve their cases and have a generally negative sentiment about their ability to recover. More than 85 percent have stated that they’ve felt worried, anger and frustration and another 83 percent are left feeling violated. Even worse, almost 70 percent of victims say they don’t think they can trust anyone and that they now fear for their safety. Almost as many victims reported that they feel powerless or helpless, while the majority of them are left feeling sad, depressed and betrayed.

Part of the hopelessness and paranoia may stem from all the ways that identity theft leaves its mark. More than 30 percent of the victims who responded said the crime caused them problems at work, either with their employers or with those they work with, while eight percent said it affected them at school with either the administration or other students. Some victims actually lost out on employment opportunities or even lost their jobs because someone had stolen their identity and used it in a way that came back on the victim. Some of the victims had their paychecks or their insurance benefits withheld due to the incidents, causing severe financial harm and the obvious distress that goes along with it. It’s easy to see how the financial turmoil can seem minor in comparison to the emotional upheaval. Money problems can be resolved, even if it takes time, but thinking that someone is using your good name to break the law is an endless kind of hurt. Knowing that your family members or coworkers think you’re a thief or an irresponsible consumer can break even the most solid bonds. It’s important that all consumers understand the aftermath of identity theft in order to be prepared, both financially and emotionally, should it happen to them or someone they care about.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Download now: The Aftermath®: The Non-Economic Impacts of Identity Theft