Posts

CashApp scams have seen an uptick since COVID-19 began impacting the United States. In April, we wrote about scammers out in full force trying to get consumers to fall for CashApp scams by clicking on fraudulent and malicious links that could steal people’s money and identity, taking advantage of the economic hardships. Now, the Identity Theft Resource Center (ITRC) is receiving multiple calls and live-chats about a twist on the CashApp scam: a CashApp customer support scam.

Who Is Targeted

CashApp users

What It Is

A CashApp customer support scam where scammers act as CashApp customer support on a hotline to gain access to users CashApp accounts or ask users to download software to allow remote access to their mobile device.

What They Are After

Scammers are after money and personal information using a fake customer support hotline. In one CashApp scam case reported to the ITRC, a scammer stole all of the victim’s money and changed their username and password. In another case, a scammer was able to get a hold of the victim’s bank account number and access the victim’s bank account.

How You Can Avoid It

  • As of right now, CashApp only offers customer service via email or through the app, not by telephone. Reach out to customer support directly through the company’s website or app.
  • Never give out personal information over the phone if you do not know who is on the other end.
  • Do not download software to allow third parties to have access to any of your mobile devices.
  • Only use CashApp to transfer money to people you know.
  • Add additional security measures, including multi-factor authentication.

If you think you may have fallen victim to a CashApp customer support scam, you can call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest blogs below

Fortnite Gaming Data Being Sold for Hundreds of Millions of Dollars Per Year

“Meow” Attacks Lead to 4,000 Deleted Databases and Perplexed Security Experts

Cense.Ai, Freepik and ArbiterSports Headline Recent Data Breaches

With some businesses opening back up after temporarily closing due to the COVID-19 pandemic, scammers are trying to capitalize using online job scams to steal people’s personal information.

Recently, Scripps Health found hackers exploiting job seekers through phishing emails with Scripps Health-themed “lures.” Scripps sent the following email to warn their community members:

Image provided to the Identity Theft Resource Center by public

ATA Engineering, another San Diego-based company, reports they also are seeing similar-type online job scams.

The Identity Theft Resource Center (ITRC) has seen a rise in victims contacting the organization about online job scams, including phishing emails. Some of the particular job scams reported to the ITRC include ones from Indeed, Zip Recruiter, and Facebook. The ITRC has had more than 40 victims reach out about online job scams the last three months.

Who Is It Targeting

People looking for work amist the COVID-19 pandemic

What Is It

Either a fake listing posted on a job board or a phishing email, robocall, social media message, or text message looking for a response.

What Are They After

While scammers attack in different ways, they are all looking for one thing: personal information. They hope they can trick people who are desperate or vulnerable into giving up sensitive data like usernames and passwords, financial data, or Social Security numbers. Once scammers have that information, they can commit many different forms of identity theft.

How You Can Avoid It

  • Never click on a link or open an attachment from an email you are not expecting. Instead, go directly to the source to verify the validity of the message.
  • Review all emails and websites carefully to make sure there are no suspicious addresses, subject lines or URLs.
  • Be careful about how much personal data you share, at least during the application process. Do not turn over information like your Social Security number until you are hired.
  • Make sure you have the job, and it is legitimate, before giving away financial information like a bank account number or routing number for direct depositing of paychecks.

If you think you may have fallen victim to an online job scam, you can call the ITRC toll-free at 888.400.5530. You can also live-chat with an expert advisor on the company website.


Read more of our latest articles below

Another week has gone by, and there are new data compromises for the Identity Theft Resource Center (ITRC) to educate businesses and consumers on. Since 2005, the ITRC has tracked publicly-notified U.S. data breaches and has tracked over 10,000 breaches since then; more recently, using 25 different information fields and 63 different identity attributes that are updated daily. On last week’s Weekly Breach Breakdown, we talked about the market price for consumer data in the dark corners of the internet where identities are bought and sold. This week, we are looking at the average cost of a data breach exposed to the public. We will also talk about the latest data breaches that reflect the trends in the new research. 

The 15th IBM Report on the average cost of a data breach was recently released, conducted by the Ponemon Institute. Reflecting some of the same trends the ITRC has reported, the IBM study shows that the global average cost of a data breach has dropped to $3.8 million – with the average being defined as a breach of 100,000 records or less. That is a drop of nearly a half-million dollars.

However, when you focus on the U.S. alone, the average cost of a data breach has gone up almost the same amount to an average of roughly $8.6 million. That continues the long-term trend of costs steadily increasing beyond the rate of inflation since 2005.

In regards to the calculation of the cost, costs include the following:

  • The actions required to detect and respond to a data breach
  • The costs of notifying the people whose information was stolen
  • Lost revenue and the costs of marketing and sales activities required to regain consumer trust lost as a result of the data breach
  • Legal fees, fines and settlement costs
  • Increased customer care support

Lost revenue is the single largest component at 40 percent of all breach-related costs. With all of that said, what is not included are the expenses associated with fixing the problem that caused the breach in the first place, and the changes needed to ensure it does not happen again. While it stands to reason that the bigger the breach, the bigger the costs, they are exceptionally bigger – 100 times bigger – if the number of records compromised is over one million records. If a data breach of 100,000 U.S. records costs $6.8 million, a one million record event could cost close to $900 million.

According to the IBM report, the number one cause for data breaches in 2020 at 19 percent is lost and stolen credentials – logins and passwords – which is also tied with misconfigured cloud environments. In other words, someone forgot to add the password to the cloud account, leaving information exposed on the web for anyone to see. Unpatched software accounts were in third place at a little over 15 percent, while malicious employees accounted for only seven percent of breaches reviewed by the Ponemon Institute. It is also worth noting that some security and human resource experts believe the number of attacks will only go up if pandemic-related layoffs increase.

Other key findings from the 2020 IBM Report regarding the average cost of a data breach include: 

  • 53 percent of the attacks in the 2020 report was financially motivated
  • The most expensive attacks occurred in the healthcare sector 
  • The average length of time between when a malicious attack starts and ends is 315 days – 10 and half months
  • Threat actors want consumer information – especially logins and passwords – more than any other data (80 percent of the time.) However, that is not the only data they want. Nearly a third of breaches in the IBM study were thefts of company intellectual property. 

Looking back at the top breaches this past week, Nintendo, the company that gave us Donkey Kong Mario Brothers, was the victim of a cyberattack where thieves dumped a large amount of data onto the web. While there was no personal information exposed, screenshots and prototypes of games were posted online. The Nintendo data breach reflects the IMB report’s findings that company intellectual property is also a target for cybercriminals. Intellectual property theft can have a significant impact on a company’s business performance.

A recent Garmin ransomware attack shut down customer access to multiple products and services, as well as manufacturing. It took Garmin, which makes GPS devices and fitness trackers, nearly a week to publicly acknowledge the attack, and services are still in the process of being restored. According to Garmin, no consumer information was compromised, and the ransomware involved is not known to steal data. Rather, the ransomware used in the Garmin ransomware attack is known just to hold data hostage.

Finally, there’s Drizly, the popular service for ordering adult beverages for delivery. The company was hacked, and information from an estimated 2.5 million accounts was placed into the dark web’s identity marketplaces. According to Drizly, no payment information or other sensitive customer data was breached. However, the cybercriminals say otherwise and are selling the stolen data for $14 per account. That makes all of the information worth at least $35 million.

For more information about the latest data breaches, people can subscribe to the ITRC’s data breach newsletter. Also, keep an eye out for the ITRC’s new data breach tracker NotifiedTM. It is updated daily and free to consumers. Businesses that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the ITRC’s three paid subscriptions. Subscriptions help ensure the ITRC’s free identity crime services stay free. Notified launches in August.

If someone believes they are the victim of identity theft or believes their information has been compromised in a data breach, they can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also use live-chat. Finally, victims of a data breach can download the free ID Theft Help app to access advisors, resources, a case log and much more.

Join us on our weekly data breach podcastto get the latest perspectives on the last week in breaches. Subscribe to get it delivered on your preferred podcast platform.


You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

EDP Ransomware Attack and Twitter Data Breach Put a Price Tag on People’s Personal Information