Posts

Phishing scams are a low effort way for scammers to trick consumers into revealing personal information. Communication from payment platforms can be convincing with a Stripe email now making the rounds.

Phishing scams have been around for years, and with the ability to send out millions of phony emails a day, scammers don’t have much legwork to do. All they have to do is send a plausible email, get you to click the link or follow the instructions, and their work is done. One widespread form of attack involves pretending to be a high-profile company like Amazon, PayPal, or your bank in order to trick you into following their instruction and landing in their trap.

The latest front for this type of phishing attack is mobile payment company Stripe. Many small business owners, charities, and everyday consumers rely on Stripe for processing everything from payments to donations to cash from friends or relatives. The “Stripe” email claims that your account has been compromised and any money you are expecting will not be transferred to you, scammers hope to lure you into clicking and entering your info.

See real example sent to an ITRC employee:

An email typically with a subject line, “Stripe: deposit will not be made to your bank account,” has been circulating and frightening the site’s users, so much so that the company issued a scam watch statement. This post tells users what to do if they receive a strange communication that appears to come from the company. For instance, misspellings in the message or uncapitalized use of the company name are some red flags, as is an unknown email address or one that does not include the “stripe.com” domain name. Other telltale signs are listed in the website’s post.

There are some steps that tech users can follow to protect themselves from this kind of low-tech crime.

  • Never click a link, open an attachment, or download a file in an email or message unless you were specifically expecting it; even if you think you recognize the sender, it is a good idea to verify it with the sender first.
  • Next, never submit any kind of sensitive information based on a communication about your account. This includes usernames, passwords, account numbers, or any other details. Instead, go directly to the company’s website and log into your account. If there is a problem, it will be visible on the screen.
  • If all else fails, contact the company directly using a verified phone number or email address.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There are two specifically related but not interchangeable threats to your identity, and the terms can often get confused. Credential cracking and credential stuffing both involve someone getting their hands on your personal data, especially your usernames and passwords, but how those two things take place are somewhat different.

Credential Cracking

Credential cracking happens when a hacker targets you or your company specifically. They spend a significant amount of time and tech resources on breaking into your accounts by undermining your password defenses. While victims of credential cracking can absolutely be random citizens caught up in a hacker’s trap, the effort behind it often means that the victim was targeted specifically. It might be a business account or a company’s social media accounts, financial accounts, or even the personal finances for someone within a company.

Credential Stuffing

Credential stuffing, on the other hand, usually occurs when a hacker casts a wider net. They either steal a database filled with information, buy it on the Dark Web, or even stumble upon it in an unsecured web-based storage server. Then, they use software that lets them attempt thousands of “matches” at a time, cross-referencing the stolen usernames and passwords that work on one website with many other websites. When they land on a match—meaning the victim’s username and password from PayPal, for example, are the same one they use on Amazon—they can use that information to steal money and even more identifying information.

Read next: TurboTax Security Breach Cause by Credential Stuffing

Who’s Targeted

Another major difference between these two forms of attack is in how the tech-using public can take action. Credential cracking is potentially in your own hands, unless a cybercriminal targets your place of employment; a lot of your preventive strategy will involve practicing good password hygiene. Credential stuffing, on the other hand, is a result of finding a treasure trove of information that someone else did not properly secure. You often have no way of knowing whether or not your information was included in such a database until you receive a notification letter from the company who allowed it to become compromised.

How to Protect Yourself

As always, one of the best defenses against either of these attacks is to use strong, unique, unguessable passwords that you change routinely. Changing your password can actually prevent credential stuffing since your old (and stolen) information would no longer be valid; by keeping your passwords unique—meaning they are valid on one account only—you can also work to avoid credential stuffing since they will not work on any other account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When news of yet another data breach comes out, the reaction can range from panic to “blah.” At the one of end of the spectrum, consumers can be left with documented feelings of stress, fear and even paranoia about further attacks to their identity. At the same time, a very real phenomenon known as “data breach fatigue” occurs when there are so many attacks that consumers stop taking them seriously.

Fortunately, a new tool can help consumers make sense of a data breach; while neither overreaction nor inaction is an appropriate response, this tool can help people who are affected by the breach understand their options and take corrective action.

The Identity Theft Resource Center and Futurion have partnered and launched a tool called Breach Clarity, which takes publicly-available data breach information and breaks down both the threat and that actionable steps for consumers.

Watch Our New Free Webinar: Deciphering the Code of Data Breach Notifications

Unfortunately, far too many consumers do not check up on these kinds of attacks until it is too late. Even then, many victims of data breaches do not follow up on the support that notification letters offer, including things like identity theft protection or credit monitoring.

Breach Clarity lets users type in a general search term for a known breach and see a graphic representation of the threat level based on a number of factors. These include things like understanding whether or not financial information was exposed or if Social Security numbers (or other sensitive PII) were accessed. From there, a one-to-ten risk score is provided so consumers understand just how seriously this could affect them. The Home Depot breach in 2014 only receives a 3 out of 10 because of the nature of the information that was stolen; the 2015 attack on the US government’s Office of Personnel Management was far more serious and received a 10 out of 10 risk score as a result.

Breach Clarity was unveiled at the 2019 KNOW Conference in Las Vegas where it won first place in the third annual Identity Startup Pitch Competition. The criteria for selecting a grand prize winner included factors like the degree to which the entrant meets the customer’s needs and expectations, innovation, originality, and more.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When it comes to avoiding a scholarship scam or financial aid scam is that there really are some obscure and even bizarre scholarships out there. There’s a scholarship for being left-handed, one for being above average in height or below average in height, one for being a redhead, and so much more. That means it’s easy to accidentally fall into a trap of applying for a scholarship from a company or organization that you’ve never heard of.

Fortunately, avoiding a scholarship scam only takes a little bit of attention and precaution.

Stick to reputable scholarship links

Many colleges and high schools will link to safe, trustworthy sources of financial aid on their websites. Start with your school’s site or your guidance counselor to find these and other sources.

Watch out for emailed offers

Once you begin engaging in activities that can be linked to college life—such as signing up for updates, filling out online applications, even searching for housing or shopping for dorm room essentials—that can trigger scammers who are looking for victims. When your email inbox begins filling up with scholarship offers and even “congratulations, you’ve been awarded a grant!” messages, it can be tempting to open them and click the link but you don’t want to do that. Opening the email and finding out if it’s legitimate is fine, but clicking a link or downloading an application can be dangerous if the sender isn’t genuine and can lead to a malicious virus or another compromise of your data.

There’s no such thing as free money

 It might sound like the opposite of a scholarship search—since scholarships are, by nature, free college money—but no one will hunt you down to give you money. Scholarships are funded by many different sources, and they are to reward hard-working students with the means to afford their tuition. No one sends out emails begging students to take the money, though. Many scholarships involve a rigorous selection process, so any claims that something is free or already yours should be a red flag.

You can’t win if you don’t play

Another important truth about scholarships is you cannot receive one if you don’t apply for it. That means you’ll never receive a scholarship that you didn’t submit your application for. If you are contacted by email, text, social media message, or some other way and told you’ve won a scholarship, make sure it’s one you applied for before you engage with the message. Furthermore, don’t fall for any hidden “fees” like paying $40 to process your new $400 scholarship; you never have to pay money to receive money.

Protect your data

With very few exceptions, you should not have to submit your Social Security number in order to apply for a scholarship. The exception may be scholarships that are awarded directly by your university (and even then, they should already have that information) or government grants and aid. A club, team, community organization, or other company should not need it, so don’t turn it over without investigating why it’s necessary.

It’s hard to believe that someone would stoop so low as to steal from a young college hopeful with a scholarship scam, but it’s true. Safeguard your identifying information and be very careful of what information you share.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Criminals have developed DNA test scams targeting victims to retrieve medical and sensitive information. DNA test kits have grown in both popularity and affordability in recent years. While not claiming to be foolproof or accurate, they can provide a glimpse into the genetic makeup of your family tree. There have been stories about these swab-at-home test kits providing more important information as well, such as the likelihood of certain medical issues.

Attorneys general in two states have already issued warnings about DNA test scams that steal the victims’ sensitive information. The caller claims to be from a testing agency and offers the victim a free DNA test kit if they meet specific criteria. In one victim’s case, the criteria was a family history of cancer. You would be hard-pressed to find an individual who does not have a relative who has had cancer, so of course, the victim instantly qualifies.

All they have to do to receive their free kit is answer some general questions and provide their medical coverage information. Some experts believe that DNA test scams may have grown out of the recent announcement that Medicare would cover the cost of genetic screening for cancer patients if the kit is an FDA-approved tool.

In some of the reports of these scams, individuals were actually going door to door and offering victims a free kit plus $20 in exchange for their medical coverage information. The kits are easy and cheap to replicate, as they only require some cotton swabs and a mailer envelope. Victims were easily fooled into thinking they were receiving real testing kits.

The best advice for avoiding DNA test scams is remembering that no one will ever call you and offer you something that is genuinely free. Whether it is medical services or anything else, the only reason to offer you anything is because the other person is getting something in return. In this scam victims sensitive data or medical identity is compromised. Remember to always speak with your physician about any potentially necessary tests, or contact your health coverage provider directly to see if there are services or treatments you can use that they cover. Otherwise, steer clear of anyone who wants access to your records or data.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

No matter where your spring break plans have taken you, it is important to remember that the security practices you use while at home are even more important when you are on the road. Also, those same good habits that protect you while traveling are just as crucial when you are relaxing at home.

Booking Your Trip and Hotel

No matter when you plan to go, finding affordable travel arrangements can be a minefield of potential scams and fraud. Do not be swayed by flashy sidebar ads or “act now” special offers, as these are rarely a good deal and can lead to identity theft. Of course, old-fashioned scams like bait-and-switch schemes in which your condo does not actually exist or your reservation is not real are still a major threat.

Check Your Tech

Your technology can leave you very vulnerable during an out-of-town getaway. From connecting over unsecured public Wi-Fi to having your device stolen and infiltrated, there are a lot of ways that malicious actors can get their hands on your sensitive information. Make sure you turn off the Wi-Fi on your mobile devices when you do not need it, only go online over a secured, password protected connection and make sure you have passcode protected your phone or tablet. When you are not using your important apps like email and social media, it is a good idea to log out of those too.

Bring the Receipts

Make sure you hang onto receipts while you are out of town. First, it will help you stay money-aware and avoid overspending if you keep tabs each day on how much you have spent. More importantly, you’ will have paper proof to compare to your bank or credit card statement when you get home. If anyone has copied your card and used your information, you will know at a glance.

Activate Alerts from Your Bank

By taking advantage of security tools offered by your financial institution, you can be informed the second any unusual activity occurs with your cards or your account. Card Not Present alerts, for example, will text or email you the moment someone uses your card number online. Some banks will even call if a physical card transaction occurs in a location too far outside your billing zip code. These can help you take immediate action against theft and fraud.

Old School Understanding

Remember, depending on where you travel there are a lot of scams that have been around for decades. You do not want to take extreme action to protect your identity, then fall for something as simple as a common pickpocket. Stay on top of the kinds of threats you are likely to encounter so you can avoid them.

The most important security step you can take happens when you get home. That is the time to post any photos and videos online—not while you are still away—but it is also the time to take inventory of your financial accounts and your identity. It cannot hurt to order one of your three free annual credit reports a few weeks after your trip is over, just to look for suspicious activity. If you begin receiving a higher volume of scam calls and emails, that may also be a sign that something has happened to your security. Check out the available tools to monitor your identity and reach out to the Identity Theft Resource Center for help if necessary.  


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

SAN DIEGO – Jan 14, 2019 – The Identity Theft Resource Center® (ITRC), a national non-profit organization established to support victims of identity crime, is available to assist victims during the Federal Government shutdown. Heading into its fourth week of federal agency closures, consumers continue to experience long-term consequences due to the aftermath of the lack of availability of integral government services. The ITRC, a trusted non-profit partner of the Federal Trade Commission and the Internal Revenue Service, can provide those that need immediate assistance help through their toll-free call center (888-400-5530) if they suspect they have fallen prey to identity theft or a scam.

The FTC announced that filing reports of fraud, scam and identity theft is suspended at this time – with not just the filing unavailable but necessary forms and informational resources are also offline. Always available to help consumers but especially during the current shutdown crisis, the ITRC provides valuable plans for victims to begin the remediation of an identity theft or fraud case as well as the necessary steps to take during the government shutdown to be prepared to provide the necessary agencies documents when they reopen. Advisors can also provide alternative remediation plans, where available, based on case specifics and the jurisdiction of the victim.

“The core of our mission is helping victims of identity crime and we know that given the Federal Government shutdown, our free services are needed now more than ever,” said Eva Velasquez, president and CEO of Identity Theft Resource Center. “Victims can use any of the available channels of communication for assistance not only during this time of uncertainty, but year round.”

Knowledgeable ITRC advisors can assist victims with any questions they have about identity crime, as well as help them appropriately plan for reporting an identity theft case, filing a scam or fraud complaint, setting victims up for success as soon as the relevant agencies reopen (FTC, IRS, Social Security Administration). Assistance includes one-on-one live help, forms and other resources, along with a detailed remediation plan for each victim’s unique case.

“In my role as ITRC’s chairman of the board, I have been able to experience the collaborative relationship between the FTC and ITRC,” said Matt Cullina, chairman of the board of the ITRC and CEO of CyberScout. “Both of these organizations have a mutual mission to provide victims access to resolve their identity theft cases, but work together to support each other. During this challenging time for both victims and the federal agencies impacted, it’s good to know that the ITRC is available to provide support in the wake of the shutdown.”

The ITRC provides identity theft victims with United States identity credentials assistance free of charge. An advisor will work with a victim to provide best-in-class assistance in compiling the necessary resources and documents, as well as offer step-by-step instructions on how best to remediate a case. Consumers can also receive information and assistance by visiting the Identity Theft Resource Center’s website at https://www.idtheftcenter.org/ and utilizing the “Live Chat” feature. The site also contains the necessary forms and fact sheets regarding identity theft. The free app from the ITRC, ID Theft Help, is available to manage your cases progress, get pertinent resources, contact a call center advisor and access information on how to protect your identity – for those that prefer a self-directed mobile application.

###

About the Identity Theft Resource Center

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cybersecurity, scams/fraud, and privacy issues. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its call center, website, social media channels, live chat feature and ID Theft Help. For more information, visit: http://www.idtheftcenter.org

Contact: Charity Lacey, VP of Communications

CLacey@idtheftcenter.org

o: 858-634-6390

c: 619-368-4373

The Federal Trade Commission announced that it will be closed due to a lapse in its funding until the government shutdown ends. That means a number of critical services for consumers, businesses, law enforcement agencies, and other organizations will be temporarily unavailable. Some services—as outlined on the FTC’s website and the announcement on the shutdown—will still be in operation but with reduced staff numbers; this can have a big impact on those services and the timeliness of the support.

Consumers will not be able to file reports or notify the FTC of scams, fraud, or other similar issues during this time. Identity theft reports will also be on hold, as will the National Do Not Call Registry, the Consumer Sentinel Network for law enforcement, and other critical functions.

In the meantime, the non-profit partner Identity Theft Resource Center is ready and willing to help consumers in need and provide valuable insights to any law enforcement agencies or policymakers. The toll-free helpline (888) 400 – 5530 and live chat feature provide immediate answers to questions and concerns about your data, your privacy, and your first steps in the event of suspected identity theft.

ITRC resources can also help keep you informed about the latest scams, fraud, and cybersecurity trends, as well as provide you with actionable steps to avoid becoming a victim. Should you find yourself snared by this kind of criminal activity, our knowledgeable staff can help you take action. The website is also filled with helpful documents that are categorized by the type of consumer issue to assist you in finding the right resources. The Identity Theft Resource Center also has a free ID Theft Help app, which gives you access to resources and tips to protect your identity, a case log feature to help remediate your case as well as the ability to contact our call center advisors.

Fortunately, the FTC’s website and social media channels will still be available with past information, although these outlets will not continue to be updated during the shutdown. The ITRC will continue to post updates and new information at IDTheftCenter.org as well as on its Facebook and Twitter accounts.

During this time, it’s vital that consumers and businesses be extra vigilant about protecting themselves. There’s never a good time to let your guard down when it comes to your identity or your privacy, but at a time when the safeguards are suspended, it’s even more important that individuals use an air of caution when it comes to consumer interactions.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

Year after year, cybercrimes like scams, fraud, identity theft and data breaches make a global impact on consumers and businesses alike. Organizations like the Federal Trade Commission and the Identity Theft Resource Center keep tabs on the statistics and the aftermath of these events in order to form a clearer picture of their effects. With only days to go until we reach the end of 2018, here’s a look at some of the numbers from this year.

Top Scams of the Year

According to a report by Heimdal Security, phishing attempts continue to be one of the more prevalent ways scammers connect with their victims. Phishing usually arrives as an email that entices someone to take action; the action might be to send money, hand over sensitive data, redirect to a harmful website, or even download a virus from a macro contained within the email. No matter what the story the scammers use, one-third of all security incidents last year began with a phishing email.

What happens to consumers when they fall for a phishing email? One in five people reported losing money, around $328 million altogether. That’s about $500 per victim on average, but that’s also only from the victims who reported the scam. Interestingly, new data this year found that Millennials were more likely to fall for a scam than senior citizens, although seniors still lost more money on average than these younger victims.

Different Industries Impacted by Data Breaches

The ITRC’s annual Data Breach Report highlights the organizations that have been impacted by data breaches throughout the year, along with the number of consumer records that were compromised. While the year isn’t over, the data compiled through Nov. 30 is already worrisome.

There have been more than 1,100 data breaches through the end of November 2018, and more than 561 million consumer records compromised. Those breaches were categorized according to the type of industry the victim organization falls under: banking/credit/financial, business, education, government/military and medical/healthcare.

The business sector saw not only the highest number of breaches but also the highest number of compromised records with 524 breaches and 531,987,008 records. While the medical and healthcare industry had the second highest number of breaches at 334 separate events, the government/military’s 90 breaches totaled more compromised records at 18,148,442. The financial sector only had 122 data breaches this year, but those events accounted for more than 1.7 million compromised records. Finally, while education—from pre-K through higher ed—only reported 68 data breaches, there were nearly one million compromised records associated with schools and institutions.

The Crimes that Made Headlines

There were quite a few headline-grabbing security incidents this year. While Facebook and the Cambridge Analytica events were not classified as traditional data breaches, they were nonetheless an eye opener for social media users who value their privacy. The Marriott International announcement of a 383 million-guest breach of its Starwood Hotels brand has opened consumers’ eyes about the types of information that hackers can steal, in this case, 5 million unencrypted passport numbers. The breach of the government’s online payment portal at GovPayNow.com affected another 14 million users, demonstrating that even the most security-driven organizations can have vulnerabilities. Finally, separate incidents at retailers and restaurants like Hudson Bay and Jason’s Deli reminded us (and those breaches’ combined 8.4 million victims) that attacking point-of-sale systems to steal payment card information is still a very viable threat.

What Do Criminals Really Steal?

In every scam, fraud, and data breach, criminals are targeting some kind of end goal. Typically, it’s money, identifying information or both. But recent breaches this year of websites like Quora—which provides login services for numerous platforms’ comment forums—also show that sometimes login credentials can be just as useful.

After all, with the high number of tech users who still reuse their passwords on numerous online accounts, stealing a database of passwords to a fairly innocuous site could result in account access to so-called bigger fish, like email, online banking, major retail websites, and more. Furthermore, it showed that a lot of users establish accounts or link those accounts to their Facebook or Gmail logins without really following up; a lot of people who learned their information was stolen in the Quora breach may have forgotten they even had accounts in the first place. The number of victims in that breach is expected to be over 100 million.

Moving Forward into the New Year

The biggest security events of 2018 may pale in comparison to criminal activity next year. After all, there was a time when the Black Friday 2013 data breach of Target’s POS system was considered shocking. One thing that cybercriminals have taught us time and time again is that there’s money to be made from their activities, and they aren’t going to give up any time soon.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Honeyboys Keeping Internet Users Safe”

Identity theft and security experts have warned for years that consumers need to stay on top of the latest news about scams and fraud in order to protect themselves. But there’s no need to keep those details a secret!

A retail employee in Illinois saved the day when she and other workers stopped a senior citizen from becoming the victim of a scam. The customer was trying to buy a high-dollar amount of gift cards to bail her grandson out of jail. According to the story, a far-flung police department had called her to let her know her grandson was in custody and needed $500-worth of gift cards to post his bail. Fortunately, she was prevented from buying the cards and called the local police department instead. Sadly, another customer wasn’t so lucky. She proceeded to buy the gift cards despite the warnings from employees.

Even worse, a Walmart employee in another state tried to be a good Samaritan and prevent a man from purchasing a $2,500 wire transfer to send to a scammer. The employee, who is now being honored by the company’s board of directors for her repeated help stopping other customers from becoming victims, was originally threatened with a lawsuit by the would-be victim since she put up some fuss about processing the wire transfer. Fortunately, once the police were called, the customer learned the truth and thanked the employee for saving him from a crime.

These examples illustrate a very serious issue: scam activity is on the rise and more consumers are sitting up and taking notice. However, as these real scenarios demonstrate, it can be difficult to intervene when you see something taking place, even if you’re certain something isn’t right. You don’t know how your help will be received.

So how do you put your knowledge of scams and fraud to good use and help your fellow consumers while avoiding any negativity? First, just know that no matter how your attempt to help is received, you were trying to do the right thing. Also, you can try this:

1. Spread the social word – Social media can be a powerful force for good, especially if the content you’re sharing is relatable and genuine. It’s tempting to forward every alarming hoax that pops up, but if you craft a sincere warning about scams and fraud, you just might prevent someone else from becoming a victim. Don’t forget to make your post sharable!

2. Host a fraud prevention event – There are a number of organizations that host awareness events throughout the year, but you don’t have to wait for a specific time. You can host your own get-togethers, community action meetings, senior center events and more, then use those as a time to help get the word out about different kinds of fraud.

3. Follow news from the Identity Theft Resource Center online – The ITRC has a Twitter account, Facebook account, weekly newsletter and many other resources that can keep you informed. Sharing their news is as simple as clicking a button. Helping others recognize a potential scam doesn’t have to mean putting yourself out there.

If you see a scam taking place, you can enlist the help of retail employees, store managers, law enforcement officers or anyone else who can stop someone from becoming a victim. No matter how you choose to help, just know that you’re working to make life better for others when you stop a scam in its tracks.


Read next: “Your New Medicare Card Could Lead to a Scam”