Posts

Identity Theft Resource Center and Futurion unveil a new tool Breach Clarity for consumers impacted by data breaches 

LAS VEGAS, Mar 24, 2019 ­­– Today, the Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, and Futurion announced during the KNOW 2019 conference the launch of a new tool to empower victims of data breaches in decoding what breach notification means to them and how they can minimize the risk of identity theft and fraud. The ITRC, along with the tool’s creator Jim Van Dyke, announced Breach ClarityTM. Breach Clarity is the secret decoder that will allow consumers to decipher data breach risks, prioritize the right minimization actions and access ITRC advisors for additional help. Breach Clarity is a no-cost, online tool for consumers, meant to crack the often muddled and incomplete information that follows breach notification.

Consumers can utilize the tool at www.idtheftcenter.org/BreachClarity and begin decoding the effect of any data breach on their identity safety. Breach Clarity uses a proprietary algorithm to give a data breach a risk score based on unique variables, like amount and type of information exposed. The higher the risk score for a specific breach, the more negative consequences that breach can potentially have for an individual. Breach Clarity also unlocks the top potential harms and recommended action steps for a victim of each breach, eliminating confusion in a time-is-of-the-essence period for victims. Finally, the tool provides resources for consumers like risk minimization plans from ITRC for data breach and next steps toward remediation.

The most frequently asked question ITRC receives when assisting victims of data breach is, “But what does this actually mean to me?” The national non-profit strives to better assist and educate victims in determining if they should be worried and how the breach can affect them. Breach Clarity gives consumers the power to decode the harms of a data breach. After receiving a notification letter or getting information from a credible third-party like media sources, websites that provide security

information and other sources, a victim can enter the name of the breach they were affected by to decode what that breach means to his or her safety.

“Victims deserve answers, not vague language that covers up the true meaning of data breaches,” says president and CEO of ITRC Eva Velasquez. “We are thankful to have partners, like Jim Van Dyke, who are working to change the industry and bring clarity to victims. Breach Clarity is the first step toward empowering data breach victims and changing the scope of the industry.”

The Breach Clarity algorithm runs on the backbone of ITRC’s proprietary database of publicly available and notified breaches. Since data breaches – and fraud methods around them – often change quickly, Breach Clarity is a dynamic, evolving tool that updates as new information becomes available regarding breaches and fraud mechanisms.

“I’m delighted to work with the ITRC because we share a passion for protecting consumers,” says Jim Van Dyke, inventor of Breach Clarity. “In contrast with some who blame victims as being ‘apathetic’ or even ‘dumb’ when it comes to security, Breach Clarity is designed to empower every identity holder with the facts and help they need to minimize the risk of a data compromise leading to identity theft.”

Shortly following the launch of Breach Clarity, ITRC and Van Dyke will jointly offer webinars on how to use the tool and address questions from the public. Sign up for the first webinar about Breach Clarity at idtheft.center/BreachClarity. For financial institutions and employers, a premium version of Breach Clarity will be created to provide advanced capabilities such as an expanded list of risks and action steps for the consumer, integrated results from multiple breaches and methods for integrating to digital finance systems that further empower the consumer after a breach.

Attendees of the KNOW 2019 conference can join Eva Velasquez, president and CEO of ITRC (booth #121), Jim Van Dyke, founder of Futurion and creator of Breach Clarity, and James Ruotolo, director of product management and product marketing for the Fraud and Security Intelligence division at SAS, for a covert event Monday March 25th, 7-9pm. Register here or visit ITRC’s booth (#121) for more information, space is limited as this is a first come, first serve event. Thanks to SAS for their support of ITRC and underwriting the KNOW 2019 networking event.

###

About the Identity Theft Resource Center®

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help app. For more information, visit: http://www.idtheftcenter.org

About Futurion and Breach ClarityTM

Futurion is a research-based consultancy focused on consumer identity, digital commerce and financial services. Futurion’s CEO Jim Van Dyke formerly founded and led Javelin Strategy & Research and has also held various product management and board positions. Breach Clarity was created based on research of consumer identity crime victims and interviews with experts on the front line of fraud prevention at financial institutions, government agencies, payments networks and more. Breach Clarity’s basic outputs are free to all consumers at www.BreachClarity.com, with an upcoming premium version being designed for consumers who log into their secure personal account at licensing financial institutions and employers.

###

Identity Theft Resource Center
Charity Lacey
VP of Communications
O: 858-634-6390
C: 619-368-4373
clacey@idtheftcenter.org

SAN DIEGO – Jan 28, 2019 – The Identity Theft Resource Center®, a nationally recognized non-profit organization established to support victims of identity crime, and CyberScout®, a full-spectrum identity, privacy and data security services firm, released the 2018 End-of-Year Data Breach Report.

According to the report, the number of U.S. data breaches tracked in 2018 decreased from last year’s all-time high of 1,632 breaches by 23 percent (or 1,244 breaches), but the reported number of consumer records exposed containing sensitive personally identifiable information jumped 126 percent from the 197,612,748 records exposed in 2017 to 446,515,334 records this past year.

“The increased exposure of sensitive consumer data is serious,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center. “Never has there been more information out there putting consumers in harm’s way. ITRC continues to help victims and consumers by providing guidance on the best ways to navigate the dangers of identity theft to which these exposures give rise.”

Another critical finding was the number of non-sensitive records compromised, not included in the above totals, an additional 1.68 billion exposed records. While email-related credentials are not considered sensitive personally identifiable information, a majority of consumers use the same username/email and password combinations across multiple platforms creating serious vulnerability.

“When it comes to cyber hygiene, email continues to be the Achilles Heel for the average consumer,” said CyberScout founder and chair, Adam Levin. “There are many strategies consumers can use to minimize their exposure, but the takeaway from this year’s report is clear: Breaches are the third certainty in life, and constant vigilance is the only solution.”
To download the 2018 End-of-Year Data Breach Report, visit: idtheftcenter.org/2018-end-of-year-data-breach-report/

###

About the Identity Theft Resource Center:

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help. For more information, visit: http://www.idtheftcenter.org

About CyberScout:
Since 2003, CyberScout® has set the standard for full-spectrum identity, privacy and data security services, offering proactive protection, employee benefits, education, resolution, identity management and consulting as well as breach preparedness and response programs.

CyberScout products and services are offered globally by 660 client partners to more than 17.5 million households worldwide, and CyberScout is the designated identity theft services provider for more than 750,000 businesses through cyber insurance policies. CyberScout combines extensive experience with high-touch service to help individuals, government, nonprofit and commercial clients minimize risk and maximize recovery.

###

Identity Theft Resource Center
Charity Lacey
VP of Communications
O: 858-634-6390
C: 619-368-4373
clacey@idtheftcenter.org

CyberScout
Lelani Clark
VP of Communications
O: 646-649-5766
C: 347-204-9297
lelani@adamlevin.com

The federal government shutdown is affecting hundreds of thousands of employees and their families, but other victims stand to be harmed as well. While the government and its agencies handle the employees and continued services for the duration, criminals have been busy contacting consumers with plausible shutdown-related scams.

One law enforcement agency has already alerted area residents to a Medicare scam related to the shutdown. Callers posing as government employees contact random citizens and claim their Medicare (and conceivably Medicaid as well) coverage will be suspended during the shutdown unless the would-be victim signs up to have their information submitted manually. Faced with losing healthcare and prescription coverage, it’s easy to see why someone might willingly hand over all of their personally identifiable information.

Another variation related to the shutdown involves zero-interest temporary loans to “help” federal employees weather the weeks ahead without a paycheck. It sounds like the ideal solution to a terrifying problem, right? Just receive the loan and pay back the funds when work resumes and any back pay arrives? Unfortunately, this isn’t a government program or even one that’s backed by any financial institution. It’s entirely the product of a scammer’s imagination; providing your personal data and your bank account information—presumably for the loan to be directly deposited—only makes you their next victim.

Yet another confirmed instance involves phishing emails that appear to come from your bank. The subject line may actually be very comforting, something about skipping payments during the shutdown, but that’s only to get you to open the email. Like most phishing emails, you’re directed to click the link to sign up for the free payment forgiveness offer, but the link can install harmful software on your computer, redirect to a fake website that steals your information, or worse.

It’s sickening to think that anyone would be so cruel as to steal from federal employees or Medicare recipients at a time like this, and worse, would use a frightening scenario such as the shutdown to steal from the public. Sadly, scammers love nothing more than a widespread crisis to lure their victims into their net.

There are some steps that consumers can take to protect themselves. Fortunately, these are not only useful during this shutdown, but rather are good habits to develop to keep yourself safe at all times:

1. Do not confirm your identifying information for anyone who contacts you.

No matter what excuse they give, refuse then take down their information. Then, using only a verified contact method, contact their business or agency yourself and find out what is wrong with your account.

2. The government will not call you out of the blue, regardless of what agency they work for.

If you receive a call from someone claiming to work for the government, it’s probably a scam.

3. The same applies to financial institutions.

Legitimate offers from a bank will arrive via postal mail and will never expect you to provide personal information to a caller or via email.

4. The best offense is always a strong defense.

Become “suspicious by nature” when anyone contacts you and wants your information or account access.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The Government Shutdown is Hurting Crime Victims

With more than 60 million reported cases of identity theft in the US to date, there is no single demographic that is immune from the threat. In fact, the opposite is true; some age groups or even residents in certain states are more likely than the rest of the population to face identity theft. Unfortunately, the more natural prey you appear to a criminal, the more of a target you become.

January is Braille Literacy Month in honor of Louis Braille’s birthday, so it’s a good time to understand how the threat of identity theft manifests among people with low-vision or vision loss, as well as share some ways to help reduce the risk of becoming a victim. Fortunately, many of the same steps are worthwhile for all consumers, not just a single risk group.

First, the Identity Theft Resource Center partnered with the Braille Institute on a highly informative session explicitly aimed at low-vision and vision-impaired people on how to reduce your risk and overcoming the aftermath of identity theft should it occur.

Also, Empish J Thomas of Vision Aware has shared a very insightful look at her own experiences with identity theft. The account includes key information about issues and obstacles that could make low-vision consumers more of a target for identity theft, as well as ways to overcome those problems. For example, junk mail and carrying extra credit cards could lead to theft without the owner’s knowledge, so Thomas recommends having a core group of trustworthy people who can intervene.

Unfortunately, common identity theft attempts can prove to be even more of a challenge for visually impaired people. Telemarketers and door-to-door salesmen, for example, can turn out not to be who you thought they were; there’s also the crime of opportunity in which the individual might not have set out to steal your data but seizes the chance after discovering your vision issues.

Here are some steps to protect any consumer, but especially those with visual impairments or low vision:

1. Do not take anything at surface value, whether it’s a phone call, letter, or email.

Those can easily be spoofed or falsified, so make it a good habit to never give out your personal data to someone who requests it.

2. Shred all junk mail, health insurance statements, medical and credit card bills, and more.

If you need to rely on a volunteer or trusted friend to help you decide what needs to be shredded, make sure your items are in a safe place until you can seek that help.

3. Install a robust security suite on your computer and mobile devices.

Remember, antivirus isn’t enough anymore, but there are some very affordable products that protect you from a broader range of threats.

4. Request a free copy of your credit report each year. 

And be sure to study it carefully for suspicious activity. Take action immediately if something is uncertain or out of place.

5. If you do suspect you’ve been the victim of identity theft, get help immediately.

The ITRC and the Federal Trade Commission both have avenues for assistance, and specialty organizations like AARP and the Better Business Bureau can also start you in the right direction.

Again, these things and other security steps are good habits for any consumer, so make it a practice to protect yourself at all times.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The Government Shutdown is Hurting Crime Victims

SAN DIEGO – Jan 14, 2019 – The Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, is available to assist victims during the Federal Government shutdown. Heading into its fourth week of federal agency closures, consumers continue to experience long-term consequences due to the aftermath of the lack of availability of integral government services. The ITRC, a trusted non-profit partner of the Federal Trade Commission and the Internal Revenue Service, can provide those that need immediate assistance help through their toll-free call center (888-400-5530) if they suspect they have fallen prey to identity theft or a scam.

The FTC announced that filing reports of fraud, scam and identity theft is suspended at this time – with not just the filing unavailable but necessary forms and informational resources are also offline. Always available to help consumers but especially during the current shutdown crisis, the ITRC provides valuable plans for victims to begin the remediation of an identity theft or fraud case as well as the necessary steps to take during the government shutdown to be prepared to provide the necessary agencies documents when they reopen. Advisors can also provide alternative remediation plans, where available, based on case specifics and the jurisdiction of the victim.

“The core of our mission is helping victims of identity crime and we know that given the Federal Government shutdown, our free services are needed now more than ever,” said Eva Velasquez, president and CEO of Identity Theft Resource Center. “Victims can use any of the available channels of communication for assistance not only during this time of uncertainty, but year round.”

Knowledgeable ITRC advisors can assist victims with any questions they have about identity crime, as well as help them appropriately plan for reporting an identity theft case, filing a scam or fraud complaint, setting victims up for success as soon as the relevant agencies reopen (FTC, IRS, Social Security Administration). Assistance includes one-on-one live help, forms and other resources, along with a detailed remediation plan for each victim’s unique case.

“In my role as ITRC’s chairman of the board, I have been able to experience the collaborative relationship between the FTC and ITRC,” said Matt Cullina, chairman of the board of the ITRC and CEO of CyberScout. “Both of these organizations have a mutual mission to provide victims access to resolve their identity theft cases, but work together to support each other. During this challenging time for both victims and the federal agencies impacted, it’s good to know that the ITRC is available to provide support in the wake of the shutdown.”

The ITRC provides identity theft victims with United States identity credentials assistance free of charge. An advisor will work with a victim to provide best-in-class assistance in compiling the necessary resources and documents, as well as offer step-by-step instructions on how best to remediate a case. Consumers can also receive information and assistance by visiting the Identity Theft Resource Center’s website at https://www.idtheftcenter.org/ and utilizing the “Live Chat” feature. The site also contains the necessary forms and fact sheets regarding identity theft. The free app from the ITRC, ID Theft Help, is available to manage your cases progress, get pertinent resources, contact a call center advisor and access information on how to protect your identity – for those that prefer a self-directed mobile application.

###

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help. For more information, visit: http://www.idtheftcenter.org

Contact: Charity Lacey, VP of Communications

CLacey@idtheftcenter.org

o: 858-634-6390

c: 619-368-4373

By ITRC CEO, Eva Velasquez

For victims of identity crimes there are emotional, physical and lost opportunity costs experienced even when resources are provided quickly and competently. The government shutdown will make the aftermath for these victims worse.  The Identity Theft Resource Center’s AftermathTM series sheds light on the less obvious but equally devastating effects of various identity crimes.  It also highlights the downstream impacts regularly faced by victims.  Right now, we are dealing with an obvious challenge on a national scale with the federal government shutdown. In keeping with our mission of advocating for victims, and increasing awareness of the complexity of the identity crime issue, I want to highlight some of the less obvious downstream effects our team is seeing impact not only victims but all citizens during this shutdown.

There is considerable attention being paid to the obvious consequences, and rightly so. Many folks, from federal employees to those that rely on government assistance to meet their basic needs, are certainly enduring hardship. However, there are other impacts, which are less obvious, and I feel compelled to share this perspective. This is not to make the point that these impacts are greater, or causing more harm than the ones previously mentioned, rather it is to shine some light on these less obvious consequences so that decision-makers and the public realize this is happening, and understand both the short term and long-term effects.

Currently, many departments of the federal government are shutdown. This includes the Federal Trade Commission.  The FTC and the ITRC share similar mission, and a strong collaborative relationship.  We have worked together on many initiatives to better the outcomes for identity crime victims. The individuals that we have worked with at the agency are amazing people, dedicated to helping victims and stopping the identity thieves. The resources that the FTC provides are an invaluable part of the remediation process.

What is notable about the shutdown for this department is that while ftc.gov remains fully functional, the identity theft assistance arm, identitytheft.gov and the associated call center are non-operational. That’s right; the website that victims go to for these invaluable resources is dark. Victims currently cannot obtain the FTC identity theft affidavit that is a critical first step for many, if not most, identity theft remediation plans.

Government shutdown advisory from identitytheft.gov

Until identitytheft.gov comes back online victims will need to go to their local police department and get a police report to move forward with proving their innocence. This is creating an increased workload for these local departments, a burden that was only recently lifted due to changes in the Fair Credit Reporting Act that allowed the FTC affidavit to serve as the report from a law enforcement agency in lieu of a police report.

If you believe that is not a big deal and at least there is some type of workaround, please realize that law enforcement agencies are not equipped to provide robust victim services for financial crimes victims (generally), which means they are not providing victims with remediation plans or helping them to put their lives back together.  Their job is to investigate, get the bad guy, and hopefully stop the thief from harming others. Those plans come from the FTC and the Identity Theft Resource Center. As second tier responder, the ITRC receives referrals from the FTC, but with them unavailable, we’re now in the position to have to assist those victims as a first responder.

If for some reason there’s a belief that identity crimes are not a big deal, listen to what the victims are saying to understand that is not the case. You can read our Aftermath study and hear it directly from them.

The ITRC and all its resources are here for victims. We can be reached through our website www.idtheftcenter.org and our call center at 888-400-5330. Bear in mind that the shutdown has created an increase in our call volume, so please be patient.

In addition to the short term consequences, there are several long-term impacts that one will only be able to measure fully when this crisis has passed and we can unpack it using hindsight and data. One of the questions is has there been an increase in the actual number of incidents during this time period. The temporary closure of the investigative bodies that act as a deterrent will have some impact and decades of personal experience working with law enforcement and observing criminal behavior leads me to the conclusion: “Of course there will.” Identity thieves are opportunistic. Who actually believes they are not talking with each other and managing their efforts to capitalize on LESS oversight?

Another question: how much worse will the impact be for those that fall victim to identity crime during this window of closure? The ITRC knows from experience that early detection of this crime leads to quicker remediation and lessens the trauma, not to mention the total impact. We also know that consumers experience intense fear upon discovery of being a victim of identity theft. The availability of a plan of action allows them to feel empowered; giving them the ability to fight back against the powerlessness they might be feeling. Some will minimize this reaction and continue to see victims of economic crimes as overreacting, but I assure you that it’s not an overreaction. Those feelings are real. Moreover, when they cannot access the assistance they need, when they need it, it increases that feeling of powerlessness. Imagine that you come home to find that your home burglarized. It is obvious that the burglars are long gone, but all of your belongings have been touched and gone through, and many are missing. You feel violated. You need help and you need to get this reported and resolved. You call the police to get that help and are told they are closed, until further notice, so you just have to wait and try to wade through it. You think, can I clean things up? Do I have to take pictures? What if I mess something up and it creates more problems down the road. That’s exactly what identity crime victims are feeling when they get to the inoperable FTC website. Powerless.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

Ah, another year has passed and we’re ready to jump into the future of 2019. First, let’s take a look back at our predictions from 2018 that came true. We discussed the potential of AI to stop hacking, scammer’s new techniques to take advantage of social media users and transparency in IoT devices.  Of course with the emergence of technology and cybercriminals evolving their techniques, unanticipated challenges have arisen.

2019’s focus will be on data: Data breaches, data abuses, data privacy.  Even though ITRC is first and foremost a victim service and consumer education organization, we know that the thieves need our data in order to perpetrate their fraud and identity theft.

Data breaches: Consumers will gain more clarity (about how a specific breach actually effects them.  Breached entities will be pushed to be more transparent and less vague about the specifics of the type of data that has been breached.  Vague terms such as “and other data” or “client records”, that appear on data breach notification letter currently will no longer be tolerated by breach victims. Thieves are always looking to get their hands on our data and with a little technique called “credential cracking,” we think we’re going to be seeing more security notifications, not just breach notifications in 2019. Here’s what’s going on: following a large-scale data breach, and in order to gain access to your online accounts, a hacker simply uses a large database of usernames and allows the computer to “guess” the passwords for each account they are attempting to log into. We’re beginning to see companies send security notifications to their customers that their username/email credentials are being used – possibly by an unauthorized user – to login to their platform even if there is no account (i.e. Warby Parker & Dunkin Donuts).

Data Abuses: The public will gain more insights into data abuses, not just breaches.  More incidents, like the Facebook/Cambridge Analytica event will come to light.  As we as consumers demand more transparency, and as regulators probe deeper, the ongoing act of using our data for other than the purpose for which we have given consent will come out of the shadows.  Consumers will also start paying more attention to the notifications they receive from businesses that say their information was shared with third parties and what that means for them.

Data Privacy:  Consumer empowerment around privacy and data privacy is top of mind in a way that it has never been before.  Other states will follow California’s lead and pass their own data privacy legislation in the hopes of empowering consumers and keeping industry in check. Especially seeing as California, Florida, Texas, New York and Pennsylvania (in that order) had the highest numbers of cybercrime reports last year.  This will likely not provide the much needed long term solution, or the necessary cultural shift.  Just look at the condition of the state by state data breach notification laws, and the years-long discussion (that’s at a stalemate by the way) of a more universal regulation and process.  Will we start that cycle over again here?  Probably. Until the public has a concrete understanding of the complex relationship between data creators (consumers), data owners (the platform on which the data was created, generally) and data users (every industry currently operating in the US) these statewide measures will fall short of making any real headway into actually giving us more control over our data or more privacy.

Even though it has been discussed for over 13 years, there is a good chance that 2019 will be the year that a federal data breach notification law will become a reality.  Of course, predictions are just an educated guess based on previous events and information. Industry, policymakers and the public alike will have to wait and see how 2019 will be impacted by identity theft, cybercrime, hacking and data breaches. One thing we can be sure of though is that the ITRC will be here, working to fight back against the latest techniques to commit identity theft and scams.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

As the holidays approach, savvy consumers should already be on the lookout for scams and fraud. But what about at work? Do you know how to avoid one of the newest twists on an old scam?

Boss phishing—sometimes called CEO phishing or spearphishing, since the message appears to come from someone high up in the company—has been around for a long time, and its targets can be both financial and data-driven. Usually, in the form of a genuine-looking email, the request asks someone to send over sensitive information, change account numbers and move money around, or even change things like usernames and passwords.

It works for one very simple reason… when the boss says to do something, you do it. However, this kind of trust in following orders means the consequences can be very serious for the company and lead to blowback for the employee who was tricked. This newly reported spearphishing scam, though, is particularly horrible since the innocent employee might be the one who’s most profoundly harmed.

In the new variation, the “CEO” emails someone and directs them to buy thousands of dollars’ worth of gift cards for the employees’ holiday bonuses; this could be with their personal credit card or with a company credit card. After the cards are purchased, the “CEO” emails again and says to scratch off the protective strip then submit the card numbers so the boss can email all of the employees their gift car codes.

In a real report of this crime to the Identity Theft Resource Center, a few hours after sending the gift card codes to the scammers, the victim learned the company computer had been hacked. The emails weren’t genuine, and the scammers made off with $5,000 in gift cards.

Fortunately, you can avoid this scam rather easily, but it does require you to get in the good habit of questioning orders. Hopefully, any company leader whose employee receives a strange request won’t be too put out that they took the initiative to verify it before complying.

1. Never click a link or open an attachment in an email unless you know you can trust it. This applies to both your personal email and your business account.

2. Never follow through with strange requests from anyone within the company—like sending over all the payroll records (which contain Social Security numbers), W2s, sensitive account information, or funds—without picking up the phone and verifying the request.

3. Never hit “reply” to share sensitive information. Instead, create a new email with the requested information in case the initial email was hacked or spoofed.

Of course, it can be daunting to “second guess” the boss but that’s what scammers are counting on when they target someone within your company. Think of it this way: it’s far better to ask a silly question and risk a little awkwardness in the workplace than to put your company in a bad situation. Failing to verify a request that turns out to be a phishing attempt can have serious financial consequences for the business, especially if sensitive information is shared.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What do you do with your scam awareness?”

Identity theft and security experts have warned for years that consumers need to stay on top of the latest news about scams and fraud in order to protect themselves. But there’s no need to keep those details a secret!

A retail employee in Illinois saved the day when she and other workers stopped a senior citizen from becoming the victim of a scam. The customer was trying to buy a high-dollar amount of gift cards to bail her grandson out of jail. According to the story, a far-flung police department had called her to let her know her grandson was in custody and needed $500-worth of gift cards to post his bail. Fortunately, she was prevented from buying the cards and called the local police department instead. Sadly, another customer wasn’t so lucky. She proceeded to buy the gift cards despite the warnings from employees.

Even worse, a Walmart employee in another state tried to be a good Samaritan and prevent a man from purchasing a $2,500 wire transfer to send to a scammer. The employee, who is now being honored by the company’s board of directors for her repeated help stopping other customers from becoming victims, was originally threatened with a lawsuit by the would-be victim since she put up some fuss about processing the wire transfer. Fortunately, once the police were called, the customer learned the truth and thanked the employee for saving him from a crime.

These examples illustrate a very serious issue: scam activity is on the rise and more consumers are sitting up and taking notice. However, as these real scenarios demonstrate, it can be difficult to intervene when you see something taking place, even if you’re certain something isn’t right. You don’t know how your help will be received.

So how do you put your knowledge of scams and fraud to good use and help your fellow consumers while avoiding any negativity? First, just know that no matter how your attempt to help is received, you were trying to do the right thing. Also, you can try this:

1. Spread the social word – Social media can be a powerful force for good, especially if the content you’re sharing is relatable and genuine. It’s tempting to forward every alarming hoax that pops up, but if you craft a sincere warning about scams and fraud, you just might prevent someone else from becoming a victim. Don’t forget to make your post sharable!

2. Host a fraud prevention event – There are a number of organizations that host awareness events throughout the year, but you don’t have to wait for a specific time. You can host your own get-togethers, community action meetings, senior center events and more, then use those as a time to help get the word out about different kinds of fraud.

3. Follow news from the Identity Theft Resource Center online – The ITRC has a Twitter account, Facebook account, weekly newsletter and many other resources that can keep you informed. Sharing their news is as simple as clicking a button. Helping others recognize a potential scam doesn’t have to mean putting yourself out there.

If you see a scam taking place, you can enlist the help of retail employees, store managers, law enforcement officers or anyone else who can stop someone from becoming a victim. No matter how you choose to help, just know that you’re working to make life better for others when you stop a scam in its tracks.


Read next: “Your New Medicare Card Could Lead to a Scam”

Job Title:  Communications Assistant

Reports To:  Vice President of Communications

FLSA Status:  Hourly

Summary:  Provides support for Identity Theft Resource Center’s Communication team. Activities will encompass public relations, digital marketing, social media, development, community outreach and research. Additional duties will also be relevant to meeting mission directive and sponsor deliverables.

Duties and Responsibilities include the following:

1. Work with members of the Communications team to meet goals related to organizational mission and goals. *

2. Assist with planning and implementing online marketing campaigns that drive engagement, traffic and call center volume across digital media*

3. Provide support to the Research Analyst in researching necessary key data for inclusion in deliverables*

4. Research, manage and maintain media lists for use by the Communications team in their engagement with external media stakeholders*

5. Assist with social media management including content creation, scheduling, and reporting *

6. Proofread content, including but not limited to social media posts, blog articles, email newsletters and press releases*

7. Manage the email newsletter including list management, content implementation, scheduling, delivery and reporting*

8. Assist in website management including the updating of existing content, uploading new content and graphic support*

9. Assist in graphic development for all properties*

10. Perform any duties as requested by executive team*

Qualifications:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Education/Experience:

Completion of lower division college classes, Junior or Senior in one of the following disciplines: communications, journalism, marketing, New Media, public relations advertising; or one to two years related experience and/or training; or equivalent combination of education and experience. Understanding of AP Style and social media best practices are a plus.

Language Ability:

Ability to read and comprehend simple instructions, short correspondence, and memos.  Ability to write detailed, tailored correspondence.  Ability to effectively present information in one-on-one and small group situations to customers, clients, and other employees of the organization.

Reasoning Ability:

Ability to apply common sense understanding to carry out detailed but uninvolved written or oral instructions.  Ability to deal with problems involving a few concrete variables in standardized situations.

Computer Skills:

To perform this job successfully, an individual should have knowledge of Microsoft Office programs, capable of mastering use of CRM platform, Acrobat creative suite, social media platforms, project management tools and other programs necessary to operation of the organization. 

Work Environment:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The noise level in the work environment is usually moderate.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The employee must occasionally lift and/or move up to 20 pounds.  While performing the duties of this job, the employee is regularly required to sit, type, and use hands.  The employee is frequently required to talk or hear.  The employee is occasionally required to stand; walk and reach with hands and arms.

To submit a resume, email to clacey@idtheftcenter.org