Posts

When a disaster strikes, there’s often a heart-tugging sadness that comes from the powerless feeling to do something useful. As distanced bystanders, we’re left reeling from the news footage of the horrific events, both human-made and natural. Often, we think to ourselves, “If only there were something I could do to help.” Unfortunately, identity criminals use it as an opportunity to prey on people while they are vulnerable and commit disaster relief scams.

Technology has empowered us to support people in their time of need. Charitable giving websites, crowdfunding campaigns, and even the ability to text a donation for a specific cause and then pay it on the following month’s bill have enabled us to lend a hand when needed.

Disasters Strike Everywhere

In the instance of the 7.0 magnitude earthquake that struck Haiti in 2010, nearly three million people were killed, injured or left homeless. Relief efforts were mobilized within mere minutes. The Red Cross immediately set up a text-to-donate option, and more than $43 million came in via text.

Flooding in Louisiana in 2016 left tens of thousands of people to take up residence in emergency shelters due to severe flooding. Sixty people died, and more than 40,000 people lost their homes. Many were rescued by boat with nothing more than their clothes, and citizens outside the flooded area were ready to respond in a big way. Celebrities also vowed to help in fundraising efforts.

In 2021 Haiti was hit with another earthquake, this one a 7.2 magnitude earthquake. Over 2,000 people died, and nearly 53,000 houses were destroyed. Volunteers and others at the Haitian-American Community Coalition of SW Florida in Fort Myers shipped hundreds of pounds of food, medical supplies and other items for victims.

Hurricane Ida struck Louisiana, leaving many people stranded and over one million people without power. U.S. Coast Guard members and National Guard units from Alabama, Louisiana, Mississippi and Texas conducted search-and-rescue operations. The Red Cross also set up different ways for people to donate to those in need.

Scammers Take Advantage of the Vulnerable

Sadly, the same technology that lets kind-hearted people participate in helping out has also made it possible for scammers to commit disaster relief scams and bill innocent, well-intentioned people out of their money. They can also steal your personally identifiable information (PII), something that’s far more valuable than a donation of a few dollars.

In 2016, Louisiana authorities warned the public to watch disaster relief scams that crop up online. Only a matter of hours after the attack on the World Trade Center on 9/11, scammers were already soliciting donations for relief efforts, but pocketing the money. It’s the same with nearly every high-profile incident that affects large numbers of victims. Scammers take advantage of people when they are most vulnerable and commit disaster relief scams.

How to Avoid Disaster Relief Scams

  • Only work with trusted sources and legitimate agencies. Many times, people will hit the streets claiming to be with an agency offering help. However, they take off with your PII or money.
  • Only use trusted and known charities to donate. If you do not recognize the name of a charity soliciting funds, or if it’s a name that’s too “sudden” to be believed, be cautious. Trustworthy charities will have long-standing reputations of meeting the government’s guidelines for a charitable organization. Other new sites should be treated as suspect and possible disaster relief scams.
  • Verify all phone numbers for charities. If you need to contact a charity by phone, check the charity’s official website to see if the number you have is legitimate. If you’re using text-to-donate, check with the charity to ensure the number is legitimate before donating.
  • Verify the information in social media posts. Double-check any solicitation for charitable donations before you donate. Crowdfunding websites may host individual requests for help. However, they are not always vetted by the site or other sources.
  • Ignore suspicious emails and messages. If you receive a suspicious email or message requesting donations or other assistance, ignore it because it is probably a disaster relief scam. Do not click on any links or open any attachments. Scammers regularly use email and messaging platforms for phishing attacks and to spread malware.
  • Report any fraud. To report suspected fraud or disaster relief scams, call the Federal Emergency Management Agency (FEMA) Disaster Fraud Hotline toll-free at 866.720.5721. You can also file a complaint with the Federal Communications Commission (FCC) about phone scams or the Federal Trade Commission (FTC) about fraud.

Contact the ITRC

If you believe you were the victim of any disaster relief scams, or want to learn more, contact the Identity Theft Resource Center (ITRC). You can speak with an expert advisor toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

The post was originally published on 8/16/16 and was updated on 8/31/21.  

It can happen to anyone, anywhere. You’re going about your business when suddenly you’ve found a lost wallet on the ground. You look around to see if you can spot the person who lost the found wallet, but they don’t seem to be nearby. You pick it up, open it carefully and are shocked by what you see inside.

This scenario happens every day, and some of the best, most responsible people can be either the wallet loser or the wallet finder. Unfortunately, picking up someone’s personal—and possibly even valuable—property can come with both risks and benefits.

Steps to Take If You Found a Lost Wallet

The very first benefit of a found wallet is the opportunity to be a Good Samaritan, to be a bright spot in someone’s day. After all, they’ve just lost something essential. The consequences for them can range from aggravating to terrible. Returning the found wallet to them in the condition in which they lost it can make you feel good.

At the same time, if you found a lost wallet, you could be opening yourself up to a few risks. What if the owner claims there was a lot of money in it, money that was long gone before you ever found it? What if the owner later accuses you—either innocently or maliciously—of identity theft or financial account takeover? Maybe this chance to help someone is just too big of a burden after all.

Your next steps in a situation like this can vary depending on where you located the wallet.

If you’re in a store or business, your gym, a doctor’s office, or any other location that has a surveillance camera, you’re probably in the clear from accusations.

  • Remain visible while picking the found wallet up, and turn it in at the front desk immediately. If you feel it’s necessary, you can wait while the attendant tries to locate the owner. The driver’s license, credit cards and any retail rewards cards can help. Just call the number on the credit cards or rewards cards and provide the name or account number. They should have a contact number for the owner and can pass along the location of the wallet.

What if you’re out in the open?

A wallet can easily fall out of someone’s pocket, briefcase or handbag. There might not be security cameras to help you prove that you had every innocent intention.

  • It’s best in this case to dial the local police department’s non-emergency number—don’t tie up the 911 dispatch system for something like this—and tell them that you found a lost wallet and are standing near it. Ask for a patrol vehicle in the area to come and take over, and wait with the found wallet if you can.

What should you do if someone comes up and claims to be the owner?

  • Let it go. Whether or not they are the owner is not in your wheelhouse. You are not responsible for someone who may or may not have criminal intentions. Getting into an argument over the property is not worth it in the end.

Should you post it on social media?

  • It’s very tempting to post about the found wallet on social media sites like Facebook in order to track down the owner, but that is not a good idea. You have no way of identifying the real owner. You could risk compromising that person’s identity if you post a photo containing part of the driver’s license, a credit card, a checking account number or other details.

Contact the ITRC

If you found a lost wallet, it is important to take the proper steps to protect it and what is inside it. If you have additional questions, contact the Identity Theft Resource Center. You can get toll-free, no-cost assistance by phone (888.400) or live-chat on the company website www.idtheftcenter.org.

This post was originally published on 7/9/18 and was updated on 8/24/21

  • President Joseph R. Biden signed an executive order extending a pause on student loan payments to January 31, 2022. However, some borrowers are already reporting a rise in student loan forgiveness scams where people pose as loan providers that can help pay off student loans.
  • Identity thieves ask for information like Social Security numbers (SSNs), federal student aid I.D.s, bank account information and credit card information to commit different forms of identity theft and fraud.
  • Some loan forgiveness solicitations are not attempts to steal your information. However, they are designed to steer you into high-cost loan repayment programs with high interest rates or fees.
  • Be skeptical of anyone who calls or emails you offering to pay off your student loans. Call your loan provider to see if the message was legitimate, and do research on the loan provider the caller claims to represent.  
  • If you fall victim to an identity scam, call your bank or credit card provider to stop payments or close your accounts. Also, contact your loan servicer so they can monitor your account. Finally, check your credit report for any suspicious activity and strongly consider freezing your credit.
  • To learn more about student loan forgiveness scams, or to create a resolution plan, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat on the company website www.idtheftcenter.org.

Student loan forgiveness scams have been around for a long time. However, they have spiked during the COVID-19 pandemic. President Joseph R. Biden recently issued an executive order extending student loan relief until January 31, 2022. While the extension is welcome news to many borrowers, it also means student loan forgiveness scams will continue for the foreseeable future. CNBC reports an uptick in student loan forgiveness scams. The Identity Theft Resource Center (ITRC) has also received inquiries about the scams, like the one below:

While the voicemail might not be a scam, people who receive voicemails like these should use caution. The same advice applies to emails received about student loans resuming, especially if the sender claims to be from a loan provider that was not used to take out the loan. COVID-19 has given criminals and unethical loan processors more ways to take advantage of people who have been hurt financially over the last year and a half. It could be a scammer looking to exploit the pause in payments due to COVID-19, and any potential confusion it brings.

Who are the Targets?

Former and current college students who are paying off student loans

What is the Scam?

Identity thieves call or email people with student loans claiming to be a loan provider or the U.S. Department of Education. They offer to reduce and help pay off monthly payments. Scammers ask for all sorts of personally identifiable information (PII) over the phone so that they can commit different forms of identity crimes like account takeover.

However, not all of the unsolicited student loan calls and emails are identity scams. Some are reported to be attempts to steer borrowers into repayment programs with high fees and high interest rates.

What They Want

Criminals ask for PII like Social Security numbers (SSNs), federal student aid I.D.s, credit card information and bank account information to commit identity theft. Unethical loan processors attempt to enroll borrowers in high-cost loan repayment programs.

How to Avoid Being Scammed

  • To avoid student loan forgiveness scams, be skeptical of anyone who calls you to help you pay off your student loans. Google the name of the loan provider the caller claims to be working for and see if there are any complaints. Also, if you have any doubts, contact your loan provider directly about the inquiry.
  • Look for the name of the program that is being offered to you. CNBC says, in some scams, criminals have claimed they are part of “Biden loan forgiveness” or “CARES Act loan forgiveness,” two programs that do not exist.
  • If you receive an email about student loan forgiveness, check the sender’s email address to make sure the email is coming from an address that ends in .gov.
  • If you provide a scammer with bank account or credit card information, call your bank or credit card provider to stop the payments immediately, and close your accounts if needed. It’s also a good idea to contact your student loan servicer, especially if you provided information such as your federal student aid I.D., so they can monitor your account, and check your credit report for suspicious activity. The ITRC strongly recommends you also freeze your credit.
  • Finally, report the student loan forgiveness scams to the Federal Trade Commission (FTC) at www.IdentityTheft.gov.

To learn more about student loan forgiveness scams, or if you believe you were the victim of a scam, contact the ITRC toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • According to IBM’s new report on data breach costs, breached businesses in 2020 paid ten percent more than companies in 2019.
  • In the U.S., the country with the highest number of cyberattack-related data breaches, the average data breach costs a company a little more than $9 million.
  • However, there’s also good news in the report. If an organization has deployed modern security tools and automation, the average breach costs drop by about 80 percent.
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC’s) data breach tracking tool, notified.
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

The Cost of Living

Welcome to the Identity Theft Resource Center’s (ITRC)Weekly Breach Breakdown for August 6, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we talk about the ever-increasing data breach costs, direct costs to businesses that are breached and the indirect expenses to consumers who are the ultimate victim of the breaches.

Mark Twain once wrote the “the cost of living hasn’t effected its popularity.” The same can be said of data breaches. Despite the billions of dollars spent on improving cybersecurity, the number of cyberattacks that lead to data breaches continues at a high pace.

Breached businesses also continue to see the cost of recovery continue to rise, too. There is nothing in sight that leads experts to believe the costs associated with data breaches will level off or decrease anytime soon.

IBM Releases New Report on Data Breach Costs

The benchmark report of data breach costs is published by IBM Security based on research from the Ponemon Institute. The 2021 report, the 17th annual edition, is based on 537 breaches across 17 countries in 17 different industries – backed by nearly 3,500 interviews.

What’s the bottom line? There are several key findings:

  • Nearly 18 percent of 2020 breaches involved remote workers. Those companies paid $1 million more on average in total data breach costs than organizations where remote work was not a factor.
  • The biggest share of breach costs is attributed to lost business, including customer turnover, lost revenue and the increased costs of new customer acquisition thanks to reputation damage.
  • The average cost per record lost jumped to $161, up from $146 in the previous year. If the record involved Personally Identifiable Information (PII), the average cost was $180 per record.
  • The average number of days to find and fix data breaches grew by one week in 2020 to 287 days. Think of that this way: if a breach started on January 1, it would take until October 14 to stop it.
  • There is some good news in the IBM report. If an organization has deployed modern security tools and automation, the average breach costs drop by about 80 percent.

Average Data Breach Costs in the U.S. Over $9 Million

Remember the bottom line mentioned earlier? In the U.S., the country with the highest number of cyberattack-related data breaches, the average data breach costs a company a little more than $9 million.

These are average figures based on data breaches that range from 1,000 to 100,000 records lost. The costs go up by a factor of 100 when you get above one million records lost, which is not uncommon these days. Other factors that increase data breach costs include ransom payments and the complexity of a company’s IT infrastructure.

Not included in the report is how much of these increased data breach costs are passed along to consumers in the form of higher fees or prices. The report also does not quantify the impact on small businesses that don’t have the technical or financial resources that large enterprises do.

In October, the ITRC plans to publish a report on just that, how identity crimes impact small businesses, and how they recover. Stay tuned for more about our first Business Aftermath Report.

Also, listen next week to our sister podcast, The Fraudian Slip, when the ITRC CEO and the Founder of privacy protection company Abine discuss how consumers can protect themselves and their data while online.

Contact the ITRC

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org, where you will find helpful tips. 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during normal business hours (6 a.m.-5 p.m. PST). 

Thanks again to Experian for supporting the ITRC and this podcast. We will be back in two weeks with another episode of the Weekly Breach Breakdown

  • The California Attorney General announced a new California Consumer Privacy Act (CCPA) regulation that bans a business practice that makes it more difficult for consumer privacy opt-out.  
  • The new CCPA regulation means businesses will not be able to direct consumers to different web pages or to sit through explanations of why they should not opt-out. It also means the addition of a new button for companies to use to guide people where they can opt-out of having their data sold. 
  • The American Medical Collection Agency (AMCA) settled with 41 state Attorney Generals over the 2019 AMCA data breach. If AMCA does not live up to the settlement terms, it could lead to $21 million in fines to be paid to the states. 
  • For more information on the new CCPA regulation, consumer privacy opt-outs, and the AMCA data breach settlement, listen to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown podcast. 
  • To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.   
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org

But Wait, There’s More! 

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 19, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. 

Back in the early days of infomercials, there would come the point in a television ad selling the latest knife set or blender when the person making the pitch would stop, look earnestly into the camera, and shout, “but wait, there’s more!” That’s the title of this week’s episode, where we look at a new California Consumer Privacy Act (CCPA) regulation and provide an update on a major 2019 data breach.  

New CCPA Regulation and its Effect on Consumer Privacy Opt-Outs 

Even though the CCPA has been in effect for more than a year, there’s an important part of the legislative process that tends to be left out of civics lessons. Most laws require regulations to be adopted to enforce them. 

The new CCPA regulation formally adopted this past week was proposed in response to a practice known as “Dark Patterns.” This practice makes exercising one’s right so confusing or frustrating that people give up trying.  

Consumers may be directed to another web page, forced to click on multiple pages, or scroll through a series of screens. People may even have to sit through a long explanation of why they shouldn’t opt-out of allowing a company to sell their data. 

That’s not what the California legislature had in mind when it passed the law in 2018. There were promises it would be easy for Golden State residents to exercise their new-found privacy rights. Chief among those rights was a requirement for businesses governed by the CCPA to put a “Do Not Sell My Information” button in a prominent place on the web pages.  

Along with banning practices that impede a consumer privacy opt-out of data sales, the new CCPA regulation also includes a new button that companies can use to help guide consumers to where on their website they can go to exercise their privacy rights.  

Known as the Privacy Options icon, the blue website button was designed by Carnegie Mellon University’s Cylab and the University of Michigan’s School of Information. It was tested against other icons to determine the best design for communicating consumers’ privacy choices. 

Look for those coming to a website near you. 

But wait, there’s more! 

American Medical Collection Agency Settles with States over 2019 Data Breach 

In 2019, medical debt collection company, American Medical Collection Agency (AMCA), revealed the company had been the target of an eight-month-long cyberattack. It resulted in a data breach of information regarding at least seven million people and possibly as many as 21 million people. Shortly after announcing the security and data breaches, AMCA filed for bankruptcy. 

Forty-one state attorney generals intervened in the bankruptcy proceeding recently and received the court’s permission to enter into a settlement with AMCA. No financial penalties apply because of the financial condition of the company. However, AMCA agreed to a series of cybersecurity upgrades and ongoing audits. If AMCA fails to live up to the terms of the agreement, it will trigger $21 million in fines to be paid to the states. 

As Steve Jobs would say, just one more thing. 

Contact the ITRC 

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics.  

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.  

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown. 

  • The U.S. Food and Drug Administration (FDA) warns consumers that while a vaccine is closer to distribution, so are COVID-19 vaccine scams. 
  • The FDA fears misleading products could cause Americans to delay or stop appropriate medical treatment, leading to life-threatening harm. 
  • There is also a fear that the COVID-19 vaccine scams could lead to many people having their personally identifiable information (PII) and personal health information (PHI) stolen. 
  • Consumers should only get vaccines from approved medical providers, not respond to any calls that ask for PHI or PII, and not click on any links claiming to sell cures. 
  • For more information, contact the Identity Theft Resource Center toll-free by live-chat on the company website or by calling 888.400.5530.  

coronavirus vaccine is closer to reality, with companies like Pfizer and Moderna seeking permission to distribute their vaccines to Americans. However, the U.S. Food and Drug Administration (FDA) and investigators warn that scammers are also waiting, ready to take advantage of those desperate for the vaccine by tricking them with a COVID-19 vaccine scam.  

The FDA fears deceptive and misleading products might cause Americans to delay or stop appropriate medical treatment, leading to serious and life-threatening harm. There is also a fear that bogus claims about vaccines and treatments could lead to people having their personally identifiable information (PII) and personal health information (PHI) stolen by cybercriminals.  

Who is the Target 

Vulnerable & high-risk populations; individuals waiting for the vaccine 

What is the Scam 

COVID-19 vaccine scams could come in many different forms. Investigators expect scammers to create fake websites, try to sell fake vaccines and treatments, and try to get people’s PII and PHI along the way. Identity thieves used similar tactics while trying to take advantage of a shortage of COVID-19 tests and personal protective equipment (PPE) like masks, gloves and gowns near the beginning of the pandemic.

How You Can Avoid Being Scammed 

  • Homeland Security investigators say you should only get vaccinated from an approved medical provider. 
  • Do not respond to any calls about COVID-19 vaccines that ask for your personal information like Social Security Number and “promise to reserve you a vaccine.”
  • Do not click on any posts or ads claiming to sell cures. Remember, if it seems too good to be true, it probably is. 
  • Never click on any links, open any attachments, or download any files in an email claiming to offer a COVID-19 vaccine.  

To learn more about COVID-19 vaccine scams, or if you believe you are a victim of a vaccine scam, contact the Identity Theft Resource Center toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.

  • The 2020 COVID-19 holiday season is upon us. This year, consumers should be on the lookout for job scamsgiving scamsgrandparent scams and online shopping scams, to name a few.  
  • If anyone comes across an unknown message regarding the COVID-19 holiday season, they should ignore it and go directly back to the source to confirm the message’s legitimacy. 
  • People should take steps to protect their personal information when shopping online, taking part in holiday gatherings (both in person or via a video platform), at the gas pump, and when receiving electronic gifts. 
  • To learn more, contact the Identity Theft Resource Center toll-free at 888.400.5530 or via live-chat on the company website.  

COVID-19 has changed the way people live. Many people are working from home, there are restrictions on what people can do in public, and many businesses remain shut down or open at a limited capacity. It has also changed the way scammers attack consumers. 

The 2020 holiday season will also be much different than year’s past. According to IBM’s latest U.S. Retail Index Report, COVID-19 has accelerated the shift away from physical stores to digital shopping by roughly five years. 

Criminals may adopt new tactics to take advantage of the pandemic, but what will not be different is scammers’ and identity thieves’ ability to find ways to strike.  

Watch for COVID-19 Holiday Scams   

Here are some scams to watch for this COVID-19 holiday season. 

1. Job Scams – Much of the economy remains shut down or open in a limited capacity. Millions of people are looking to gig economy jobs like Uber, Lyft and DoorDash to get by. People could rely on gig economy jobs even more during the holidays to make extra cash. The Federal Trade Commission (FTC) reported losses of $134 million in 2019 to social media scams.

In the first half of 2020, the FTC already reported $117 million, with most scams coming from viewing an ad. Scammers may claim in advertisements that they can get shoppers access to premium jobs for the holidays with big tips in exchange for an upfront fee. Gig economy scams can also lead consumers to phishing websites that steal login credentials. 

2. Giving Scams – People typically give more to charities around the holiday season. However, with more families in need of help in 2020, we may see an even bigger increase in people making donations. Expect criminals to attack with giving scams, looking to steal people’s money and personal information. In fact, scammers have used giving scams to take advantage of people since the beginning of the pandemic.  

3. Grandparent Scams – Another popular holiday scam is the grandparent scam. A grandparent scam is where scammers claim a family member is in trouble and needs help. With the holidays here, scammers could pose as sick family members. 

4. Online Shopping Scams – Many more people will be shopping online this holiday season. According to the Better Business Bureau (BBB), 65 percent of people shopped online last year. This year, online shopping is expected to increase by 10 percent to 75 percent. With the increase in web traffic, consumers should be wary of messages claiming they have been locked out of their accounts. Scammers may send phishing emails making such claims while looking to steal usernames, passwords and account information.  

How to Protect Yourself from COVID-19 Holiday Scams 

While scammers will try to trick consumers, there are things people can do to protect themselves from a COVID-19 holiday scam. 

  • If someone comes across an ad for a job or a deal online that seems too good to be true, it probably is. Consumers should go back to the source directly by contacting the company to confirm the message’s validity. 
  • If someone receives an email, text message or phone call they are not expecting, ignore it. If any of the messages contain links, attachments or files, do not click or download them because they could have malware designed to steal people’s personal information or lead to a phishing attack. Again, consumers should reach out directly to who the caller, email sender or text message sender claimed to be or the company they claimed to be with.  
  • People should only donate to legitimate charities and organizations registered with their state.   Consumers can determine if a charity, non-profit or company is legitimate by searching for the charity’s charitable registration information on the Secretary of State’s website, looking for online reviews and Googling the entity with the word “scam” after it. 
  • No one should ever make a payment over the phone to someone they do not know or were not expecting to hear from. Scammers will try to trick people with robocalls to steal their sensitive information and commit identity theft. 

How to Protect Your Personally Identifiable Information (PII) This Holiday Season 

Identity Thieves will try different ways to steal people’s PII. It is crucial consumers can protect their PII during the holidays, and year-round, to make sure it does not end up in the hands of a criminal.  

1. At the Pump – More people will travel by car this year than usual. Travelers on the road should keep an eye out for gas station skimmers. Skimmers insert a thin film into the card reader or use a Bluetooth device at a gas pump to steals the card’s information that allows the thief to misuse the payment card account. If the pump looks tampered with, pay inside. Newer gas pumps use contactless technology and chipped payment cards that are very secure. Use those pumps if possible.  

2. Holiday Gatherings – It is always important to protect all personal information at holiday gatherings. While no one ever imagines a trusted friend or family member will go through their stuff, people fall victim every year. Keep wallets or purses with financial cards or I.D. cards within reach.  

3. Zoom and Other Online Video Platforms – Not all family gatherings will be in person in 2020 due to COVID-19. Some families will meet virtually via a video platform. When people use a video platform, it’s important they remember to secure the call by using strict privacy settings and not sharing any personal information with someone they don’t know.  

4. Shopping Online – With more people shopping online for the 2020 holiday season, people need to practice good cyber hygiene. Make sure to navigate directly to a retailer’s website rather than click on a link in an ad, email, text or social media post. Phishing schemes are very sophisticated these days and spotting a spoofed website of well-known and local brands can be difficult even for trained cybersecurity professionals. 

Consumers will still need to do their due diligence to ensure a business website is legitimate. There is inherently less risk of falling for a scam website by shopping at well-known retailers. It only takes a bit of homework to separate the scams from legitimate small online businesses. Using search terms like “Scam” or “Complaints” along with the website or company name can give people insight into the experience of other customers. 

When setting up a new online account, be sure to use multi-factor authentication. Multi-factor authentication creates a second layer of security to reduce the risk of a criminal taking over someone’s account. 

5. Electronic Gifts – With the advent of smart home devices, many gifts connect to the internet, presenting security risks. It is important consumers update the software on the device. It is also a good idea to have antivirus software installed on any computer, tablet or internet device if possible, along with a secure password on the home network router.  

For more information on how to stay safe during the COVID-19 holiday season contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an identity theft advisor at no-cost.

For access to more resources, download the ITRC’s free ID Theft Help app.  


COVID-19 Could Lead to Increase in Travel Loyalty Account Takeover

Travel Safe with These Cybersecurity Protection Tips

Mystery Shopper Scams Resurface during COVID-19