Posts

SAN DIEGO – Jan 14, 2019 – The Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, is available to assist victims during the Federal Government shutdown. Heading into its fourth week of federal agency closures, consumers continue to experience long-term consequences due to the aftermath of the lack of availability of integral government services. The ITRC, a trusted non-profit partner of the Federal Trade Commission and the Internal Revenue Service, can provide those that need immediate assistance help through their toll-free call center (888-400-5530) if they suspect they have fallen prey to identity theft or a scam.

The FTC announced that filing reports of fraud, scam and identity theft is suspended at this time – with not just the filing unavailable but necessary forms and informational resources are also offline. Always available to help consumers but especially during the current shutdown crisis, the ITRC provides valuable plans for victims to begin the remediation of an identity theft or fraud case as well as the necessary steps to take during the government shutdown to be prepared to provide the necessary agencies documents when they reopen. Advisors can also provide alternative remediation plans, where available, based on case specifics and the jurisdiction of the victim.

“The core of our mission is helping victims of identity crime and we know that given the Federal Government shutdown, our free services are needed now more than ever,” said Eva Velasquez, president and CEO of Identity Theft Resource Center. “Victims can use any of the available channels of communication for assistance not only during this time of uncertainty, but year round.”

Knowledgeable ITRC advisors can assist victims with any questions they have about identity crime, as well as help them appropriately plan for reporting an identity theft case, filing a scam or fraud complaint, setting victims up for success as soon as the relevant agencies reopen (FTC, IRS, Social Security Administration). Assistance includes one-on-one live help, forms and other resources, along with a detailed remediation plan for each victim’s unique case.

“In my role as ITRC’s chairman of the board, I have been able to experience the collaborative relationship between the FTC and ITRC,” said Matt Cullina, chairman of the board of the ITRC and CEO of CyberScout. “Both of these organizations have a mutual mission to provide victims access to resolve their identity theft cases, but work together to support each other. During this challenging time for both victims and the federal agencies impacted, it’s good to know that the ITRC is available to provide support in the wake of the shutdown.”

The ITRC provides identity theft victims with United States identity credentials assistance free of charge. An advisor will work with a victim to provide best-in-class assistance in compiling the necessary resources and documents, as well as offer step-by-step instructions on how best to remediate a case. Consumers can also receive information and assistance by visiting the Identity Theft Resource Center’s website at https://www.idtheftcenter.org/ and utilizing the “Live Chat” feature. The site also contains the necessary forms and fact sheets regarding identity theft. The free app from the ITRC, ID Theft Help, is available to manage your cases progress, get pertinent resources, contact a call center advisor and access information on how to protect your identity – for those that prefer a self-directed mobile application.

###

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help. For more information, visit: http://www.idtheftcenter.org

Contact: Charity Lacey, VP of Communications

CLacey@idtheftcenter.org

o: 858-634-6390

c: 619-368-4373

The Federal Trade Commission announced that it will be closed due to a lapse in its funding until the government shutdown ends. That means a number of critical services for consumers, businesses, law enforcement agencies, and other organizations will be temporarily unavailable. Some services—as outlined on the FTC’s website and the announcement on the shutdown—will still be in operation but with reduced staff numbers; this can have a big impact on those services and the timeliness of the support.

Consumers will not be able to file reports or notify the FTC of scams, fraud, or other similar issues during this time. Identity theft reports will also be on hold, as will the National Do Not Call Registry, the Consumer Sentinel Network for law enforcement, and other critical functions.

In the meantime, the non-profit partner Identity Theft Resource Center is ready and willing to help consumers in need and provide valuable insights to any law enforcement agencies or policymakers. The toll-free helpline (888) 400 – 5530 and live chat feature provide immediate answers to questions and concerns about your data, your privacy, and your first steps in the event of suspected identity theft.

ITRC resources can also help keep you informed about the latest scams, fraud, and cybersecurity trends, as well as provide you with actionable steps to avoid becoming a victim. Should you find yourself snared by this kind of criminal activity, our knowledgeable staff can help you take action. The website is also filled with helpful documents that are categorized by the type of consumer issue to assist you in finding the right resources. The Identity Theft Resource Center also has a free ID Theft Help app, which gives you access to resources and tips to protect your identity, a case log feature to help remediate your case as well as the ability to contact our call center advisors.

Fortunately, the FTC’s website and social media channels will still be available with past information, although these outlets will not continue to be updated during the shutdown. The ITRC will continue to post updates and new information at IDTheftCenter.org as well as on its Facebook and Twitter accounts.

During this time, it’s vital that consumers and businesses be extra vigilant about protecting themselves. There’s never a good time to let your guard down when it comes to your identity or your privacy, but at a time when the safeguards are suspended, it’s even more important that individuals use an air of caution when it comes to consumer interactions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

Year after year, cybercrimes like scams, fraud, identity theft and data breaches make a global impact on consumers and businesses alike. Organizations like the Federal Trade Commission and the Identity Theft Resource Center keep tabs on the statistics and the aftermath of these events in order to form a clearer picture of their effects. With only days to go until we reach the end of 2018, here’s a look at some of the numbers from this year.

Top Scams of the Year

According to a report by Heimdal Security, phishing attempts continue to be one of the more prevalent ways scammers connect with their victims. Phishing usually arrives as an email that entices someone to take action; the action might be to send money, hand over sensitive data, redirect to a harmful website, or even download a virus from a macro contained within the email. No matter what the story the scammers use, one-third of all security incidents last year began with a phishing email.

What happens to consumers when they fall for a phishing email? One in five people reported losing money, around $328 million altogether. That’s about $500 per victim on average, but that’s also only from the victims who reported the scam. Interestingly, new data this year found that Millennials were more likely to fall for a scam than senior citizens, although seniors still lost more money on average than these younger victims.

Different Industries Impacted by Data Breaches

The ITRC’s annual Data Breach Report highlights the organizations that have been impacted by data breaches throughout the year, along with the number of consumer records that were compromised. While the year isn’t over, the data compiled through Nov. 30 is already worrisome.

There have been more than 1,100 data breaches through the end of November 2018, and more than 561 million consumer records compromised. Those breaches were categorized according to the type of industry the victim organization falls under: banking/credit/financial, business, education, government/military and medical/healthcare.

The business sector saw not only the highest number of breaches but also the highest number of compromised records with 524 breaches and 531,987,008 records. While the medical and healthcare industry had the second highest number of breaches at 334 separate events, the government/military’s 90 breaches totaled more compromised records at 18,148,442. The financial sector only had 122 data breaches this year, but those events accounted for more than 1.7 million compromised records. Finally, while education—from pre-K through higher ed—only reported 68 data breaches, there were nearly one million compromised records associated with schools and institutions.

The Crimes that Made Headlines

There were quite a few headline-grabbing security incidents this year. While Facebook and the Cambridge Analytica events were not classified as traditional data breaches, they were nonetheless an eye opener for social media users who value their privacy. The Marriott International announcement of a 383 million-guest breach of its Starwood Hotels brand has opened consumers’ eyes about the types of information that hackers can steal, in this case, 5 million unencrypted passport numbers. The breach of the government’s online payment portal at GovPayNow.com affected another 14 million users, demonstrating that even the most security-driven organizations can have vulnerabilities. Finally, separate incidents at retailers and restaurants like Hudson Bay and Jason’s Deli reminded us (and those breaches’ combined 8.4 million victims) that attacking point-of-sale systems to steal payment card information is still a very viable threat.

What Do Criminals Really Steal?

In every scam, fraud, and data breach, criminals are targeting some kind of end goal. Typically, it’s money, identifying information or both. But recent breaches this year of websites like Quora—which provides login services for numerous platforms’ comment forums—also show that sometimes login credentials can be just as useful.

After all, with the high number of tech users who still reuse their passwords on numerous online accounts, stealing a database of passwords to a fairly innocuous site could result in account access to so-called bigger fish, like email, online banking, major retail websites, and more. Furthermore, it showed that a lot of users establish accounts or link those accounts to their Facebook or Gmail logins without really following up; a lot of people who learned their information was stolen in the Quora breach may have forgotten they even had accounts in the first place. The number of victims in that breach is expected to be over 100 million.

Moving Forward into the New Year

The biggest security events of 2018 may pale in comparison to criminal activity next year. After all, there was a time when the Black Friday 2013 data breach of Target’s POS system was considered shocking. One thing that cybercriminals have taught us time and time again is that there’s money to be made from their activities, and they aren’t going to give up any time soon.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Honeyboys Keeping Internet Users Safe”

As the holidays approach, savvy consumers should already be on the lookout for scams and fraud. But what about at work? Do you know how to avoid one of the newest twists on an old scam?

Boss phishing—sometimes called CEO phishing or spearphishing, since the message appears to come from someone high up in the company—has been around for a long time, and its targets can be both financial and data-driven. Usually, in the form of a genuine-looking email, the request asks someone to send over sensitive information, change account numbers and move money around, or even change things like usernames and passwords.

It works for one very simple reason… when the boss says to do something, you do it. However, this kind of trust in following orders means the consequences can be very serious for the company and lead to blowback for the employee who was tricked. This newly reported spearphishing scam, though, is particularly horrible since the innocent employee might be the one who’s most profoundly harmed.

In the new variation, the “CEO” emails someone and directs them to buy thousands of dollars’ worth of gift cards for the employees’ holiday bonuses; this could be with their personal credit card or with a company credit card. After the cards are purchased, the “CEO” emails again and says to scratch off the protective strip then submit the card numbers so the boss can email all of the employees their gift car codes.

In a real report of this crime to the Identity Theft Resource Center, a few hours after sending the gift card codes to the scammers, the victim learned the company computer had been hacked. The emails weren’t genuine, and the scammers made off with $5,000 in gift cards.

Fortunately, you can avoid this scam rather easily, but it does require you to get in the good habit of questioning orders. Hopefully, any company leader whose employee receives a strange request won’t be too put out that they took the initiative to verify it before complying.

1. Never click a link or open an attachment in an email unless you know you can trust it. This applies to both your personal email and your business account.

2. Never follow through with strange requests from anyone within the company—like sending over all the payroll records (which contain Social Security numbers), W2s, sensitive account information, or funds—without picking up the phone and verifying the request.

3. Never hit “reply” to share sensitive information. Instead, create a new email with the requested information in case the initial email was hacked or spoofed.

Of course, it can be daunting to “second guess” the boss but that’s what scammers are counting on when they target someone within your company. Think of it this way: it’s far better to ask a silly question and risk a little awkwardness in the workplace than to put your company in a bad situation. Failing to verify a request that turns out to be a phishing attempt can have serious financial consequences for the business, especially if sensitive information is shared.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What do you do with your scam awareness?”

Identity theft and security experts have warned for years that consumers need to stay on top of the latest news about scams and fraud in order to protect themselves. But there’s no need to keep those details a secret!

A retail employee in Illinois saved the day when she and other workers stopped a senior citizen from becoming the victim of a scam. The customer was trying to buy a high-dollar amount of gift cards to bail her grandson out of jail. According to the story, a far-flung police department had called her to let her know her grandson was in custody and needed $500-worth of gift cards to post his bail. Fortunately, she was prevented from buying the cards and called the local police department instead. Sadly, another customer wasn’t so lucky. She proceeded to buy the gift cards despite the warnings from employees.

Even worse, a Walmart employee in another state tried to be a good Samaritan and prevent a man from purchasing a $2,500 wire transfer to send to a scammer. The employee, who is now being honored by the company’s board of directors for her repeated help stopping other customers from becoming victims, was originally threatened with a lawsuit by the would-be victim since she put up some fuss about processing the wire transfer. Fortunately, once the police were called, the customer learned the truth and thanked the employee for saving him from a crime.

These examples illustrate a very serious issue: scam activity is on the rise and more consumers are sitting up and taking notice. However, as these real scenarios demonstrate, it can be difficult to intervene when you see something taking place, even if you’re certain something isn’t right. You don’t know how your help will be received.

So how do you put your knowledge of scams and fraud to good use and help your fellow consumers while avoiding any negativity? First, just know that no matter how your attempt to help is received, you were trying to do the right thing. Also, you can try this:

1. Spread the social word – Social media can be a powerful force for good, especially if the content you’re sharing is relatable and genuine. It’s tempting to forward every alarming hoax that pops up, but if you craft a sincere warning about scams and fraud, you just might prevent someone else from becoming a victim. Don’t forget to make your post sharable!

2. Host a fraud prevention event – There are a number of organizations that host awareness events throughout the year, but you don’t have to wait for a specific time. You can host your own get-togethers, community action meetings, senior center events and more, then use those as a time to help get the word out about different kinds of fraud.

3. Follow news from the Identity Theft Resource Center online – The ITRC has a Twitter account, Facebook account, weekly newsletter and many other resources that can keep you informed. Sharing their news is as simple as clicking a button. Helping others recognize a potential scam doesn’t have to mean putting yourself out there.

If you see a scam taking place, you can enlist the help of retail employees, store managers, law enforcement officers or anyone else who can stop someone from becoming a victim. No matter how you choose to help, just know that you’re working to make life better for others when you stop a scam in its tracks.


Read next: “Your New Medicare Card Could Lead to a Scam”

The U.S. government began changing the information that Medicare cards contain, and not a moment too soon. Ever since the program was created in 1965, Medicare’s familiar red-white-and-blue paper identification contained the beneficiaries’ Social Security numbers. Even handing your card over in a doctor’s office or pharmacy could lead to identity theft and fraud, let alone the consequences if you lost your wallet or purse.

Now, Medicare cards contain a unique patient identifier number. The administration allowed itself a calendar year to make the switch, and they’re about halfway through the process of issuing new cards to all of the beneficiaries. If you don’t receive your new card by April 2019, contact the Medicare agency for an update.

Wouldn’t it be nice if identity thieves and scammers simply thought, “Gee, guess I can’t steal SSNs anymore!” and threw in the towel? Instead, they’ve come up with new ways to take advantage of their victims, especially those who currently possess one of the new cards.

First, some scams have centered around the cards themselves. Claims from a phone caller that you need to verify your identity, activate your card, pay a fee to upgrade your paper card to a (non-existent) plastic card, or other similar stories are completely false.

Other scams have involved “matching” your identity to your card. A caller claiming to be from the Medicare agency checks to see if you’ve received your new card. If not, they ask for your Social Security number to make sure you’re still covered and receiving benefits. If you have received it, they ask for your SSN to match your patient identifier number to your account and make sure you’re covered. In either case, it’s not true.

One of the more outrageous scams involves your bank account info. This version claims that you have to move all the money out of your current bank account to a temporary “safe” account to avoid scammers who’ve targeted you as a Medicare recipient. Providing your account info obviously leads to the caller draining your bank account.

There are some things to keep in mind about the scams associated with these new cards:

1.You can provide your SSN to receive medical care—even if you’ve received your new card—through December 2019. There’s nothing you need to do to “extend” your coverage or move it over to your new card

2.Your new card is completely free, despite claims that you have to pay a $25 fee to get it; no, you cannot upgrade to a plastic card instead of paper, either.

3.Never verify your identifying information or account information to anyone who contacts you. They called you, remember? They should already have it, and a legitimate caller would never ask you to provide it.


Read next: “Are Scammers Trying to Give You Money?”

There’s no limit to the many ways a scammer will try to separate you from your money. One of the most common tactics is a phishing attempt, which happens when someone contacts you via phone, text, or email with a legitimate-looking request. Many of these attempts copy a well-known business’ logo, web address, email domain, and other realistic features.

Email phishing attempts are so common you may not even notice any more if you get several of them a day. Many spam filters have gotten good at catching them, but the ones that slip through into your inbox can look pretty convincing.

The goal of a phishing attempt is pretty straightforward: just click the link. That’s usually all the scammers need you to do. From there, it will either install harmful software on your computer that lets the scammer snoop around, or it will take you to a fake website where you must input your sensitive information: either way, the scammer benefits.

A new twist on these messages actually offers you money for clicking, though. The email contains a very common, official-looking receipt for a purchase you made via PayPal. When you scroll through and think to yourself, “No! I didn’t buy a virtual reality gaming headset!” you’ll quickly see the numerous links and buttons to dispute the charge.

Think about it: how many real receipts have you ever actually received that say, “You didn’t make this purchase? Click here for a refund!” What kind of company puts three or four refund offers on your receipt?

Not a real company, that’s for sure. The scammers are just after your clicks in order to move forward with their next malicious steps.

Instead of falling for it, scroll up to the top of the email and hover your mouse over the sender’s name. Their email address should pop up. Pay close attention to the letters if it still looks like a real email address, and notice subtle changes, like the letter O is actually a zero or a letter L is actually an uppercase I. Once you’ve figured out it’s a fake—or even if you’re still not convinced—exit out of the email and go to your actual PayPal.com or Amazon.com account, for example, and look into it. You’ll most likely see that you have not made a purchase.

But just in case… what if there really is a purchase for something you didn’t want? That email still can’t help you, but the customer service reps can. Use the contact information listed in the verified email to get in touch with someone who can help.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What to do When Your Passport Number is Breached”  

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

When news breaks of a data breach, consumers might envision a network of Dark Web hackers infiltrating a major target and stealing their files. However, a large number of data breaches are the work of a company’s employees. Sometimes, those employees have set out to steal information from the business, while other inside job data breaches are purely accidental.

That appears to be the case in yet another data breach that can be traced back to an unsecured Amazon S3 web hosting server. Many breaches have already occurred as a result of user error in password protecting these hosted file storage databases, but this time, the compromised information was voter registration records.

A data breach involving voter records might automatically make the public assume the worst in today’s political climate, so it’s important to point out that the compromised information includes a lot of data that is already publicly available to researchers, journalists and other interested parties.

In this event, an unsecured server allowed anyone who “stumbled” on it online to see information that includes full names, phone numbers, complete mailing addresses, political affiliations, birth dates and genders, demographic information that has been gathered and more. The database included records for more than 26,000 voters, according to a report by Bob Diachenko, head of communications for cybersecurity firm Kromtech Alliance Corp.

Diachenko found the information online after conducting a sweep for unsecured S3 web servers. The information belonged to a political robocalling company named Robocent, who sells individual voter records to anyone who wants them for three-cents apiece. The only thing Diachenko had to do to find this exposed database was search for the keyword “voter” in his hunt for unsecured servers.

Unfortunately, another service had already found the information. According to a report on this incident by Cyberscoop, “By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets.”

When Diachenko reached out to Robocent to report the compromised data, the response was less than satisfactory: “We’re a small shop (I’m the only developer) so keeping track of everything can be tough.” The information is now secured, but there is no way of knowing who else has already seen it.

Looking back at the information that was exposed, it might seem like fairly harmless, common knowledge-type data. After all, names and addresses need more protection. However, this type of database exposure is a gold mine for identity thieves who commit synthetic identity fraud; that type of fraud occurs when the criminal pairs existing identifying information with a made up or unissued Social Security number, essentially creating a fake person who has the victim’s name, address, and other data points.

Since members of the public have very little recourse when it comes to knowing if someone compromises their information, it’s more important than ever to monitor your account statements and credit reports, secure all of your accounts with strong, unique passwords and stay on top of anything suspicious that happens with your identifying information.

ith harsh comments, pleas for help, and any other statement to get the money out of you. Don’t fall for it, and don’t let love turn into heartache and loss by giving in.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.