Posts

There’s a very specific danger looming online right now, one that seeks to steal both its victims’ money and identifying information. Under the wrong circumstances, this particular threat can even land the victims in jail—romance scams.

What is a Romance Scam?

They prey on people who are lonely or feel unsuccessful at finding love. Victims of romance scams can come from every income level, educational background, gender, age, sexual identity and ethnicity. There’s no single target demographic for this crime because anyone can be tricked by a sweet talker who says exactly what they need to hear.

Unfortunately, with the commercialism of Valentine’s Day all around us, this is the time when scammers up their game. No one wants to be alone on the most romantic day of the year. It’s why it is the time when the bait is thrown out there and the nets are cast, hoping to snare a willing victim.

With that said, romance scams strike at all times of the year. According to the Federal Bureau of Investigation (FBI), people in the U.S. lost over $100 million to romance scams between January 1 and July 31 of 2021.

Different Types of Romance Scams

There are a few different ways that romance scams can manifest, including:

1. Out of towner needs money

One common approach is the social media message from a pleasant-looking person who is “intrigued” by your profile picture. You start talking and learn that this person is an offshore oil rig worker, deep-sea fisherman or even a deployed member of the military. The job is important, as it provides the excuse to be away from a computer and phone, away from their own funds for long periods of time. That way, it’s much more plausible when they need you to send money for some reason. Some reported excuses have included a new engine for the boat since the scammer claims to be stranded at sea and plane tickets home from another country when the scammer says his mother is in the hospital.

2. I want to come see you, but

Some reported romance scams have included victim stories about losing a lot of money because the other person was supposed to come to visit. When they supposedly arrived at the airport, their ticket was for the wrong flight, and they had to pay a fee. Then it was the need for a visa to enter the country. After that, it was more fees – and the game continued.

3. Money laundering romance scams

How do victims end up in criminal trouble for their part in all this? The scammer gets the victim to accept a deposit in their bank account, withdraw the money, and then turn around and wire that money to someone else. The victim is now complicit in stealing money from other victims and forwarding it to other bad guys. Just because they’re also a victim, that doesn’t erase their criminal role in the scam.

4. Crypto romance scams

Scammers trick the victims into thinking they’re investing in cryptocurrencies. They typically target victims on dating apps and other social media sites. Once the criminal gains the victim’s trust, they claim to know about cryptocurrency investment or trading opportunities that will result in substantial profits. The scammer directs the victim to a fraudulent website for an investment opportunity. Once they trick the victim into investing on the platform, they can withdraw a small amount of money to further gain the victim’s trust.

The FBI says after a successful withdrawal, the scammer tells the victim to invest larger amounts of money. When the victim is ready to withdraw more funds, the scammers create reasons why it cannot happen, enticing the victim to provide additional funds. Sometimes a customer service group gets involved, which is also part of the scam. When victims can no longer withdraw any money, scammers typically stop communicating.

What You Can Do to Stay Safe

The internet is filled with authentic opportunities to meet someone special. However, it’s also a breeding ground for scammers. By using reputable dating sites, you might avoid a lot of heartaches. However, the companies who run the sites cannot vet every single profile or message for authenticity. At the same time, social media has made it all too easy for criminals to contact victims with sincere-sounding promises in hopes they will fall for a romance scam.

It’s vital to adopt an air of caution about anyone you meet online to safeguard your heart and your money. A good rule of thumb is this: if you wouldn’t fall for it in person, don’t fall for it online. If the offer seems too good to be true, it probably is. Anyone who declares undying love too early in the relationship or asks for over-the-top favors too soon should not be trusted. If the person’s background story is a little too shady or falls into the stereotype of the romance scammer, be careful. Most of all, keep your personal information and your money close, and don’t be quick to share either one. Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530 or via live-chat on our website www.idtheftcenter.org.  

The post was originally published on 2/11/18 and was updated on 9/28/21

  • The Identity Theft Resource Center (ITRC) teams have seen an uptick in subscription renewal scams as a way of stealing your identity. Criminals send emails about auto-renewals for subscriptions in hopes you will click on a malicious link.
  • Identity criminals are after your personal information so they can use it to commit different forms of identity theft and identity fraud.
  • To avoid a subscription renewal scam, ignore any messages about auto-renewals claiming to be from a company where you don’t have a subscription. If it appears to be from a company where you do have a subscription, check the sender’s email address to ensure it’s from the correct company.
  • Don’t click on any links until you confirm the email is legitimate. If the email is a spoof, report it as spam, block the sender and delete the email.
  • To learn more, or if you believe you have received subscription renewal scams, contact the ITRC. Call toll-free by phone (888.400.5530) or live-chat at www.idtheftcenter.org to speak with an expert advisor.

Subscription renewal scams aren’t new. However, ITRC team members have seen a rise in the number of phishing emails claiming it’s time to renew an annual subscription. The phishing attempt pictured below is a subscription renewal scam one ITRC team member received, claiming to be from Geek Squad.

Scammers use emails like these to get you to click on a malicious link and steal your personal information so they can commit identity crimes with it. Many subscription renewal scams look legitimate. It is important you know how to spot one and the steps to stay safe so your sensitive information isn’t compromised.

Who are the Targets?

Text and email users

What is the Scam?

Criminals pose as a recognized company and send texts and emails to people informing them that their annual subscription has been renewed. The phishing emails go on to ask people to click on a link to review the summary details of their renewal. However, the link is malicious and either installs malware on your computer, steals your personal information or takes you to a fake website.

What They Want

Cybercriminals want you to respond to the subscription renewal scams or click on the malicious link in the message so they can steal your personal information. Identity criminals may proceed to use your information to commit an array of identity crimes.

How to Avoid Being Scammed

  • If you receive a text or email about a subscription renewal from a company you do not have a subscription with, ignore it. Don’t click on any links because they could contain malware. If you receive emails you are not expecting, go directly back to the source to see if the message is real.
  • Check the email sender’s address to make sure it is legitimate if you get an email from a company about a subscription renewal with which you have a subscription. If you are still unsure, reach out to the company directly to confirm the validity of the message.
  • If you know the email is a subscription renewal scam, report it as spam, block the sender and delete the email.

Contact the ITRC toll-free by calling 888.400.5530 or using the live-chat function at www.idtheftcenter.org if you’ve received any subscription renewal scams. ITRC expert advisors will help you create a resolution plan with the steps you need to take.

  • Criminals claiming to be with the Internal Revenue Service (IRS) are targeting people with emails as taxpayers continue to receive the third round of Economic Impact Payments (EIP) that began in March 2021.
  • Identity criminals send messages claiming you can receive an EIP Payment. They say the IRS is sending payments each week to qualified individuals as they continue to process tax returns.
  • However, messages like these are IRS scams seeking your personal and financial information to commit identity theft and fraud.
  • The IRS will never email, text, call or send a message on social media to anyone. If you receive a message claiming to be from the IRS, ignore it. You are also encouraged to forward it to the IRS at phishing@irs.gov and note that it seems to be a phishing scam seeking your personal information.
  • To learn more, or if you believe you have received IRS scams by email, contact the Identity Theft Resource Center (ITRC) toll-free by phone (888.400.5530) or live-chat at www.idtheftcenter.org to speak with an expert advisor.

The third round of Economic Impact Payments (EIP) from the Internal Revenue Service (IRS) began to go out in March 2021. However, the Identity Theft Resource Center (ITRC) continues to receive messages about IRS scams by email, like the one below.

According to an official IRS notice, the Service is still sending EIP Payments weekly as 2020 tax returns are processed. Criminals have been striking with scams since the first stimulus package was passed in 2020. While many EIP Payments have been received, you should beware of scams asking for payment to receive compensation and remember that the IRS will never call, message or email anyone.

Who are the Targets?

U.S. Taxpayers

What is the Scam?

In the latest IRS scams by email, identity criminals send emails to inboxes claiming that they are eligible to receive a payment after the last annual calculation of their “fiscal activity.” The email goes on to say that each week the IRS will continue to send the third EIP Payments to eligible individuals as they process tax returns. The phishing emails also include a button to “claim my payment.”

What They Want

Scammers want you to either respond or click on a malicious link so they can steal your personal and financial information to commit different forms of identity crimes, including financial identity theft.

How to Avoid Being Scammed

  • Ignore emails, texts or social media messages claiming to be from the IRS. Do not respond to the messages or click on any links or attachments because they could be malicious. Acting on the IRS scams by email, text or social media could lead to having your information stolen. The IRS will not email or message anyone. Do not share any personal information, including credit card and bank account numbers, except on the official www.IRS.gov website or the representative you contacted by calling the IRS.
  • Ignore calls claiming to be from the IRS. While IRS scams by email continue to circulate, identity criminals could call you, too. If you receive an unsolicited call claiming to be from the IRS, ignore it. The IRS will not call anyone unsolicited, either.
  • Send phishing emails to the IRS. The IRS asks anyone who receives a phony email to forward it to phishing@irs.gov and note that it seems to be a phishing scam seeking your information.
  • Report the identity crime. You can report any identity fraud to the Federal Trade Commission (FTC) by visiting www.IdentityTheft.gov.

If you have received IRS scams by email, text message, social media or by phone, you can also contact the ITRC toll-free by calling 888.400.5530 or using the live-chat function at www.idtheftcenter.org. ITRC expert advisors will help you create a resolution plan with the steps you need to take.

  • The one-year anniversary of the California Consumer Privacy Act (CCPA) and CCPA enforcement has come. According to the California Attorney General (AG), 75 percent of complaints were resolved within 30 days. The other 25 percent are still within the 30-day grace period or are still under investigation.
  • The California AG’s report also includes 27 examples of complaints and what companies did to fix the potential violations.
  • California also released a tool that will make it easier for consumers to file complaints about businesses that do not have a clear and easy-to-find “Do Not Sell My Personal Information” link on their website’s homepage.
  • To learn about recent data breaches consumers and businesses should visit the ITRC’s data breach tracking tool, notified.
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

The Right Tool

Welcome to the Identity Theft Resource Center’s Weekly Breach Breakdown for July 23, 2021. Our podcast is possible thanks to support from Experian and Sentilink. Each week we look at the most recent events and trends related to data security and privacy. This week we look at the California Consumer Privacy Act (CCPA), the state law that gives consumers a way to push back against data breaches, and the one-year anniversary of CCPA enforcement.

I’m sure most of us have heard a parent or mentor say at one time or another, “You need the right tool for the right job.” When it comes to protecting privacy and personal information, the Mac-Daddy of protection tools is the CCPA.

News Statistics Released About CCPA Enforcement

California Attorney General (AG) Rob Bonta recently published statistics about the number of complaints his office has received alleging CCPA violations, including some examples. Seventy-five (75) percent of the complaints were resolved within the 30 days the law gives a business to comply once they are notified of a potential violation. The other 25 percent are still within the 30-day grace period or are still under investigation.

The most interesting part of the AG’s report is the 27 examples of complaints and what companies did to fix the potential violations. Notices to cure have been issued to data brokers, marketing companies, businesses handling children’s information, media outlets and online retailers. Some businesses prompted hundreds of CCPA enforcement complaints, while others generated millions.

Potential violations that have been cured include:

  • A business that manufactures and sells cars failed to notify consumers of how personal information was used as part of a vehicle test drive in addition to other omissions in its privacy policy. 
  • A grocery chain required consumers to provide personal information in exchange for participation in its company loyalty programs. The company did not provide a Notice of Financial Incentive to participating consumers.
  • A social media app was not timely responding to CCPA requests, and users publicly complained that they were not receiving notice that their CCPA requests had been received or acted on. 
  • An online dating platform that collected and sold personal information did not have a “Do Not Sell My Personal Information” link on its homepage or adequately explained its data-sharing practices.

Tool Released to Make It Easier for California Residents to File Complaints

AG Bonta also released a tool that makes it easy for California residents to directly complain to a business that does not have a clear and easy-to-find “Do Not Sell My Personal Information” link on their website’s homepage. That’s required by the CCPA, and the direct consumer complaints can trigger the process that can lead to CCPA enforcement action by the state AG.

More tools that allow consumers to help police the CCPA’s provisions, including damages paid directly to consumers for certain data breaches, may be offered in the future.

Contact the ITRC

If you have questions about CCPA enforcement, or how to keep your personal information private and secure, visit www.idtheftcenter.org, where you will find helpful tips.

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during normal business hours (6 a.m.-5 p.m. PST).

Thanks again to Sentilink and Experian for supporting the ITRC and this podcast. Be sure to check out our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.

  • Advanced child tax credit payments are being sent by the Internal Revenue Service (IRS) as part of the American Rescue Plan. However, scammers may try to take advantage of the funds with child tax credit scams.
  • The IRS will not call, text, email or message you about a child tax credit. If you receive an unsolicited message, it is a scam.
  • To avoid a child text credit scam, do not respond to any unsolicited messages or click on any unknown links or attachments. Also, report the fraudulent activity to the Federal Trade Commission (FTC) by emailing reportfraud@ftc.gov and the IRS by calling 800.829.4933.
  • For more information on the child tax credit, who is eligible, how to submit your information and more, click here.
  • If you believe you are the victim of a child tax credit scam or another form of identity theft, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

The Internal Revenue Service (IRS) has sent approximately $15 billion to around 35 million families eligible for the advanced child tax credit. With the process underway, parents should look out for child tax credit scams. No eligible taxpayer has to do anything to receive the money, but criminals may try to say otherwise.

What You Need to Know About the Advanced Child Tax Credit

The advanced child tax credit was included in the American Rescue Plan, and it provides $250 to $300 per month per child to most families from July through December 2021. The IRS is paying half the total credit amount in advance monthly payments. The payments will come via direct deposit, paper check or debit card (more than 85 percent of the funds have been sent by direct deposit). Parents will claim the other half when they file their 2021 income tax return.

The IRS urges taxpayers who usually aren’t required to file federal income tax returns to file a return if they are eligible for Economic Impact Payments or advance payments of the Child Tax Credit. Learn more from the IRS about the advanced child tax credit, who is eligible, how to submit your information and much more.

Child Tax Credit Scams

Criminals are aware of the payments and will likely launch child tax credit scams. Criminals may impersonate IRS representatives just to steal your personally identifiable information (PII) like a Social Security number or bank account information. PII can be used to pose as you on the IRS website and reroute your money to the cybercriminals.  

The ITRC’s CEO Eva Velasquez recently told NerdWallet: “Do not rely on incoming communications. If you didn’t initiate the contact, don’t engage. Caller I.D. cannot be trusted; even if a government agency’s name is listed, thieves may have originated the call and spoofed the caller I.D. display.”

What Should You Do?

The IRS says parents do not have to take any action to receive the advanced child tax credit funds. If you want to opt-out of the IRS payments or change your information, you can do that at www.irs.gov. Here are other tips on how to avoid an advanced child tax credit scam:

  • Don’t respond to solicited communication. The IRS will not call, text, email or message you. If you receive a message claiming to be from the IRS, ignore it. The IRS will mail you anything that is legitimate, and there are ways you can make sure it is from the Service.
  • Don’t click on any unknown links. If you receive a message claiming to be from the IRS, it is important not to click on any links or attachments because they could be malicious and used to steal your personal information. They could also lead you to a fraudulent website that asks you to input sensitive PII.
  • Know who is supposed to receive the check. If you share custody of a child, make sure you know who is supposed to receive the check because sometimes a “missing” check has actually been delivered.
  • Report child tax credit scams and fraud. If someone tries to take advantage of you with a child tax credit scam, you can report it to the Federal Trade Commission (FTC) by emailing reportfraud@ftc.gov. If you believe someone stole the check from your mailbox, contact the IRS (800.829.4933) because they can trace the check and replace the money.
  • Track your check. If it is mailed to you, go to www.USPS.com and sign up for Informed Delivery, which emails you photos of your mail before it is delivered. When your check is expected, pick up your mail or have someone do it for you as quickly as possible to avoid a repeat of earlier problems with government check deliveries.

Contact the ITRC

For more information on child tax credit payments, or if you believe you were the victim of a child tax credit scam, contact us. You can speak with an expert advisor at no cost by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

  • Businesses are re-hiring team members after COVID-19 lockdowns. However, the Identity Theft Resource Center (ITRC) is also seeing a rise in online job scams, particularly mystery shopper scams. The ITRC has seen a 250 percent increase in mystery shopper scams from June to July.
  • Job scams are not uncommon. According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million.
  • Law enforcement agencies across the country are also seeing the rise. The St. Martin Parish Sheriff’s Office in Louisiana is asking its citizens to be on the lookout for online job scams. The FBI wants people to watch for fake job listings.
  • To avoid a job scam, only use a reputable website for employment opportunities, be careful how much personal information you share and don’t pay upfront costs.
  • To learn more about online job scams, contact the ITRC toll-free by phone (888.400.5530) or live-chat by visiting www.idtheftcenter.org.

With many people vaccinated for COVID-19, most businesses are reopening and rehiring team members. Criminals are also looking to take advantage of the surge in hiring. The Identity Theft Resource Center (ITRC) has seen a rise in the number of online job scam reports to its contact center, particularly mystery shopper scams. In fact, the ITRC has seen a 250 percent increase in mystery shopper scams from June 2021 to July 2021.

The ITRC is not the only organization to see the job scam uptick. The St. Martin Parish Sheriff’s Office in Louisiana is urging its citizens to be on the lookout for online job scams. The FBI wants people to keep an eye out for fake job listings.

Work-From-Home Job Scams

While vaccinations are on the rise, the pandemic is still ongoing, meaning many people are still looking for jobs where they can work from their homes. According to the Federal Trade Commission (FTC), criminals are aware of this and are posting the “perfect” work-from-home jobs, claiming you can be your own boss and set your schedule. They claim you can make a lot of money in a short amount of time and with little effort.

Mystery Shopper Scams

Mystery shopping has been around for a long time. Mystery shoppers help businesses, retailers and restaurants get information on the quality of their stores in exchange for money. In the past, scammers have found ways to turn the service into a mystery shopper scam, also known as a secret shopper scam. The ITRC saw a spike in 2020, and is seeing a rise again. There are different forms of mystery shopping scams. Click here to learn more.

Tips to Avoid an Online Job Scam

According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million. While you are looking for the right job, there are a few things to remember:

  • Know the source of the job listing and only use reputable websites to find employment opportunities. This will require you to do some research. Look online for independent sources of information. While the company’s website or advertisement may show testimonials or reviews from satisfied employees, they could still be fake. Instead, you should search the name of the company or the person who’s hiring you and add a word like “scam,” “review” or “complaint.” Searching for “Acme Co Scams” will give you search results that show if the company is legitimate and if it has been associated with fraud. You will often see what other employees and customers think of the would-be employer.
  • If it seems too good to be true, it probably is. Be mindful of unsolicited emails and offers with outrageous claims, such as “Earn $3,000 a week working from home.”
  • Once you find a job posting, be careful how much personal information you share, at least during the application period. If a company claims they want to do a phone, Skype or Zoom interview due to social distancing and safety, that’s okay. However, it does not mean you should turn over sensitive personal information like your Social Security number (SSN) until you have been given a job offer contingent on passing a background check (which requires an SSN). Also, before you accept an offer or send a potential employer your personal information, run the job offer or posting by someone you trust.
  • Legitimate jobs don’t usually require any upfront fees or costs. Even things like company uniforms or specialized equipment like steel-toed shoes are often deducted from the first paycheck or purchased by the employee through an outside company. Typically, a form of payment is not requested. If an employer asks for a finder’s fee, administrative fee, background check fee or other funds, it is probably a scam. Even for legitimate actions like submitting a bank account number and routing number for direct depositing of paychecks, it’s vital to ensure the company is legitimate and the job has already been awarded before submitting the information. Also, don’t pay for the promise of a job. Only scammers will ask you to pay to get a job.
  • Don’t send money to your new boss. If a potential employer or new boss sends you a check, asks you to deposit it and then buy gift cards, it is a scam. While the check may look like it cleared and the funds look available in your account, the check is still fake and you will be responsible for any purchases.
  • Never pay to be a mystery shopper. Don’t wire money or send a “deposit” via PayPal, Venmo or Zelle. Also, to avoid a mystery shopper scam, cash the check at an issuing bank or wait until the money has not just posted but cleared the other account. If the check is not good, the victim can return the cash into their account.

Contact the ITRC

There are many different job scams, particularly online job scams. If you have questions, want to learn more or if you believe you were the victim of an online job scam, contact us. You can speak with an expert advisor by phone (888.400.5530) or live-chat. Just visit www.idtheftcenter.org to get started.

The post was originally published on 6/30/21 and was updated on 7/21/21

Police frequently warn Facebook users about the Federal Government Empowerment Money Grant Program scam that circulates in inbox messages. It is important you can spot the scam and know what to do when you encounter it.

Who are the Targets?

Facebook users

What is the Scam?

Scammers pose as an individual’s friend on Facebook and send them messages about a “Federal Government Empowerment Money Program.” However, it is a Federal Government Empowerment Money Grant Program scam. Scammers say they have received a large amount of money from the program after sending in a small “transaction” fee. The scammer also sends a form requesting personal and financial information. Individuals are more likely to fall for the scam because it comes from a Facebook friend.

What They Want

Personal information, account information, payment

How to Avoid Being Scammed

If you receive a message about this program, do not respond because it is a Federal Government Empowerment Money Grant Program scam. Instead, immediately report the message to Facebook through the platform’s “report” link at the top of the message and then block the person. Never click on suspicious links.

If you think you are a victim of identity theft, or want to learn more about this scam, contact the Identity Theft Resource Center for toll-free, no-cost assistance. You can speak with an expert advisor by phone (888.400.5530) or live-chat on the company website. Just visit www.idtheftcenter.org to get started.

This post was originally published on 9/9/16 and was updated on 7/14/21