Posts

  • A recent GEICO data breach led to fraudsters gaining access to nearly 132,000 GEICO customer’s driver’s license numbers. GEICO says they believe threat actors could use the information to apply for unemployment benefits fraudulently.
  • The Pennsylvania Department of Health’s third-party contact tracing vendor, Insight Global, failed to secure phone numbers, email addresses and personal information like gender, age, sexual orientation, COVID-19 diagnosis and exposure status of more than 72,000 Pennsylvania residents. Third-party breaches continue to be a growing trend.
  • Like the Pennsylvania Department of Health, ParkMobile Parking App also suffered a supply chain attack. The ParkMobile data incident exposed the non-sensitive information of 21 million users, putting them at risk of falling victim to social engineering.
  • For more information about April data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC) data breach tracking tool, notified.  
  • If you believe you are a victim of identity theft from a data breach, contact the ITRC toll-free at 888.400.5530 or through live-chat on the company website www.idtheftcenter.org.

Notable April Data Breaches

Of all the data breaches the Identity Theft Resource Center (ITRC) tracked in April, three stand out: GEICO, Pennsylvania Department of Health and the ParkMobile Group. All three data events are notable for unique reasons. In one, the company is very detailed in how criminals are misusing the information and what people should look out for; another event includes a contact tracing service failing to secure the private information of some residents in Pennsylvania – re-affirming a trend identified by the ITRC; the third compromise led to the exposure of data for 21 million people – stemming from a supply chain attack.

GEICO

A security bug led to threat actors stealing personally identifiable information (PII) from approximately 132,000 GEICO customers between January 21 and March 1. According to the GEICO data breach notice, fraudsters used the information they acquired about customers elsewhere to obtain unauthorized access to people’s driver’s license numbers through the online sales system of their website. GEICO says that they believe the information from the breach could be used to apply for unemployment benefits fraudulently. Unemployment benefits fraud continues to impact consumers all over the U.S. There could be over $200 billion lost to the fraud. The ITRC has received over 1,400 cases of unemployment benefits fraud in 2020 and 2021, compared to only 12 cases in 2019.

The GEICO data breach is notable because the insurance company is very detailed in how the information could be used and what people need to keep an eye on. It is not often the ITRC sees this level of detail in a data breach notice.

Pennsylvania Department of Health

Insight Global, a company that has provided COVID-19 contact tracing services for the Pennsylvania Department of Health since 2020, failed to secure the private information of more than 72,000 people.  According to WSKG, a health department spokesman said they recently learned workers at Insight Global disregarded security protocols established in the contract and created unauthorized documents outside the state’s secure data system.

The information exposed in the Pennsylvania Department of Health data compromise includes phone numbers, email addresses and personal information such as gender, age, sexual orientation, COVID-19 diagnosis and exposure status. The Pennsylvania Department of Health does not know how many people may have viewed or downloaded the documents. Officials say notifications will be mailed to all affected Pennsylvania residents.

The Pennsylvania Department of Health data compromise is the latest third-party exposure to occur. According to the ITRC’s Q1 2021 Data Breach Report, there’s been a 42 percent increase in supply chain attacks, including 27 at third-party vendors impacting 137 U.S. organizations, and 19 supply chain attacks in Q4 2020.

ParkMobile Group

The parking app, ParkMobile, also suffered a data compromise due to a vulnerability in third-party software, affecting 21 million people. According to the ParkMobile notification letter, they became aware of the vulnerability and launched an investigation, which is still ongoing. Information exposed includes license plate numbers, email addresses, phone numbers, mailing addresses and vehicle nicknames. According to KrebsOnSecurity, the data appeared for sale on a Russian-language crime forum.

Anyone who uses the ParkMobile parking app, used by cities and universities across the U.S., could be at risk of falling victim to social engineering. While no sensitive information was exposed, if hackers get enough information about people, they can put all of the information they have gathered together to commit identity fraud.

What to Do if These Breaches Impact You

Anyone who receives a data breach notification letter should follow the advice offered by the company. The ITRC recommends immediately changing your password by switching to a 12+-character passphrase, changing the passwords of other accounts with the same password as the breached account, considering using a password manager and keeping an eye out for phishing attempts claiming to be from the breached company.  

GEICO encourages its customers to check their account statements and credit reports regularly for any suspicious activity.

The Pennsylvania Department of Health has set up a hotline (855.535.1787) for those concerned about the security of their information.

notified

For more information about April data breaches, or other data breaches, consumers and businesses should visit the ITRC’s data breach tracking tool, notified, free to consumers. 

Organizations that need comprehensive breach information for business planning or due diligence can access as many as 90 data points through one of the three paid notified subscriptions. Subscriptions help ensure the ITRC’s identity crime services stay free.    

Contact the ITRC

If you believe you are the victim of an identity crime or your identity has been compromised in a data breach, you can speak with an ITRC expert advisor at no cost by phone (888.400.5530) or live-chat. Just go to www.idtheftcer.org to get started. 

  • The U.S. Attorney’s Office for the District of Maryland, working with the Homeland Security Investigations (HSI) in Baltimore, recently seized the fake COVID-19 vaccine website “Freevaccinecovax.org.”
  • The website collected personal information from people who visited it by asking them to download a PDF file to their device to apply for more information.
  • Interacting on a malicious website offering COVID-19 vaccines could lead to an array of identity crimes, including a phishing attack, malware attack and different forms of social engineering.
  • COVID-19 vaccines are not being sold online. Any link that claims to take someone to a website to purchase one is fake. To find a vaccine appointment online, people should go through their local department of health, pharmacy or health care provider.
  • For more information on fake COVID-19 vaccine websites, or if you believe you are a victim of a COVID-19 vaccine scam, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat on the website www.idtheftcenter.org.

Federal officials shut down a fake COVID-19 vaccine website after discovering the website was stealing people’s personal information for cybercriminal activity. According to Threatpost, the U.S. Attorney’s Office for the District of Maryland, working with Homeland Security Investigations (HSI) in Baltimore, seized “Freevaccinecovax.org,” “which purported to be the website of a biotechnology company developing a vaccine for the COVID-19 virus,” according to a news release on the office’s website.

Since the U.S. began administering the COVID-19 vaccines, cybercriminals have tried to take advantage of consumer’s desire for vaccinations. According to NBC 4 Washington, BrandShield, a global cybersecurity firm protecting some of the world’s largest pharmaceutical companies from cyberthreats, found a 4,200 percent increase in potentially fraudulent COVID-19 vaccine websites from January 2020 through the end of February 2021. The news of the latest malicious website highlights the importance of being cautious with COVID-19 vaccine websites and how to use them.

Who are the Targets?

People looking to receive the COVID-19 vaccine

What is the Scam?

Threat actors created “Freevaccinecovax.org” to collect personal information from people who visited the website to commit identity crimes like fraud, phishing attacks or to deploy malware. Threatpost says the fake COVID-19 vaccine website used trademarked logos for Pfizer, the World Health Organization (WHO) and the United Nations High Commissioner for Refugees (UNHCR) on its homepage to trick people into believing it was a legitimate site. The malicious website had a drop-down menu that asked users to apply for information by downloading a PDF file to their device.

What They Want

Identity criminals are after people’s personal information to commit phishing attacks, malware attacks, social engineering and other forms of identity-related fraud.

How to Avoid Being Scammed

To avoid a fake COVID-19 website:

  • Ignore websites trying to sell a vaccine. COVID-19 vaccines are not being sold online. Any link that claims to take you to a website to purchase one is fake.
  • Do not click on any posts or ads claiming to sell cures. Remember, if it seems too good to be true, it probably is.
  • If you are checking for a vaccine appointment online, make sure you do it through your local department of health, pharmacy or health care provider. Never follow a link randomly sent to you.

To learn more about COVID-19 vaccine scams, malicious websites, or if you believe you were on a fake COVID-19 vaccine website, contact the Identity Theft Resource Center toll-free by calling 888.400.5530. You can also visit the company website to live-chat with an expert advisor. Go to www.idtheftcenter.org to get started.  

  • The data of 533 million Facebook users has been published on a low-level hacker forum.
  • The information is believed to have been copied in 2019 or earlier from Facebook user pages and includes phone numbers, Facebook IDs, full names, birthdates, bios and email addresses.
  • The leaked data could help cybercriminals commit different forms of phishing attacks and other social engineering-based identity scams.
  • LinkedIn also recently suffered a similar attack, affecting over 500 million users and exposing user IDs, names, email addresses, phone numbers, professional titles and other work-related data.
  • The LinkedIn and Facebook data leaks are a great reminder to be careful what you share online. Users willingly posted all of the information copied from LinkedIn and Facebook into cybercriminal markets. If you don’t want to see the data in a hacker forum, don’t post it online.
  • To learn more, or if you believe you a victim of identity theft, contact the Identity Theft Resource Center toll-free by phone (888.400.5530) or live-chat. Just go to www.idtheftcenter.org to get started.

A recent Facebook data leak resulted in the personal data of more than 500 million users being copied (an often-legal process known as scraping) and later posted on a hacker forum. A similar attack happened with LinkedIn, leaving users to wonder what they could have done to prevent their personal information from being copied by data thieves. While the data was scraped from Facebook in 2019 because of a software flaw that the company says was patched the same year, the incident serves as a good reminder to be careful what you share online.

What Happened

According to Business Insider, a user in a low-level hacking forum scraped the phone numbers and personal data of 533 million Facebook users in 109 different countries – enough people to qualify as the third largest nation on Earth. The data file, published in a forum where identity information is bought and sold, includes more than 32 million records on users in the U.S. Information exposed in the Facebook data leak includes phone numbers, Facebook IDs, full names, birthdates, bios and email addresses.

What Does This Mean for You?

The scraped data from the LinkedIn and Facebook data leaks could help cybercriminals commit different forms of identity fraud, including phishing attacks and scams that require social engineering to convince you to give up even more personal information. Users should be on the lookout for phishing schemes or fraud using their own data.

Be Careful What You Share Online

While there is not a lot that Facebook and LinkedIn users can do to protect themselves from the latest incidents now, it is a great reminder to be careful what you share online to help prevent future identity fraud. The data thief did not gain access to the systems and steal private data. Instead, they copied (or scraped) information that people willingly posted on their own profiles and combined the information in a database that can be bought, sold or shared in criminal marketplaces.

If you post enough information about yourself online, hackers can connect the dots about your life, relatives and friends to commit identity fraud by pretending to be you. Be careful what you share online, including what you write in your posts and include in your profile. Also, check your privacy settings to ensure you are not sharing personal information with people you do not know or trust. A good rule of thumb is, “If you don’t want to see the data in a hacker forum, don’t post it online.”

Contact the ITRC

If you believe you were the victim of the latest Facebook data leak and want steps on how to protect yourself, or if you want to learn more about how to be careful what you share online, contact us. You can reach a contact advisor toll-free by phone (888.400.5530) or live-chat. You can find the latest resources on an array of identity-related topics. Just visit www.idtheftcenter.org to get started.

By Identity Theft Resource Center CEO, Eva Velasquez & Synchrony CISO, Gleb Reznik

The 2020 holiday season will certainly be one of the most unusual ones we have seen, thanks to the biggest holiday shopping trend – a dramatic shift in online transactions prompted by the COVID-19 pandemic. Online shopping involves non-cash transactions using digital payment methods. While the most obvious are debit and credit cards, there are also peer-to-peer payment apps, digital wallets and online versions of contactless payments like Apple Pay and Google Pay.

There is a truism in cybercrime as there is in bank robbery: thieves go where the money is. There are many opportunities for bad actors to take advantage of consumers and businesses during the shopping season. We expect the identity thieves will look to take advantage of the rise in online shopping.

Tune in to our latest podcast

Historic and Current Holiday Shopping Trends

Holiday shopping has always been a busy time for consumers. Last year, there was an estimated $1.1 trillion spent on the shopping frenzy.

According to the Better Business Bureau (BBB), approximately 65 percent of consumers shopped online during the holidays in 2019.

Online retailers have seen sales grow steadily over the years. According to the U.S. Department of Commerce, sales have risen between one to two percent each year.

Online Holiday Shopping Trends So Far in the 2020 Holiday Season

With all of that said, 2020 looks to be a watershed year. In just the first ten days of the holiday shopping season, U.S. consumers spent $21.7 billion online, a 21 percent year-over-year increase, according to Adobe Analytics.

There is no surprise in this online holiday shopping trend. The same Adobe Analytics report shows 63 percent of consumers are avoiding stores and buying more online, with health concerns due to the pandemic driving the decision for 81 percent of shoppers.

Advice for Consumers

  • Have strong password management – If someone has strong password management, an identity thief will not be able to access multiple accounts if they gain access to one account with stolen credentials from a scam or shoulder surfing. It is especially important to ignore “customer service representatives” who call about online orders or accounts. At the Identity Theft Resource Center (ITRC), we recommend using at least a twelve-digit passphrase because they are easier to remember and harder for an identity thief to crack.
  • Beware of phishing emails with emotional triggers – People should keep an eye out for shopping discounts sent to their phones claiming huge store discounts if they download an app and enter their credit card information. Another popular phishing email is package tracking scams that offer to track someone’s packages after making their purchase with a link to open or download. No one should ever click on a link, attachment or file from an unknown email because that is how scammers strike with malware, ransomware and steal people’s personal information.
  • Use credit cards and not debit cards – Credit cards provide more protection than debit cards. One of the biggest reasons is because debit cards are linked with bank accounts. If an identity thief compromises a debit card, the victim’s bank account can be immediately drained of all available funds. It may take time to restore the stolen funds, leaving the cardholder without access to the money.
  • Shop on secure websites – People need to do their homework before providing any of their payment information or other data. Consumers can check a business’s reputation at third party review organizations like the BBB and Yelp. Using search terms like “Scam” or “Complaints” along with the website or company name can give someone insight into the experience of other customers. 
  • Do not use public Wi-Fi – No one should ever use public Wi-Fi to check their bank account information or to make purchases. Some public Wi-Fi connections are not secure, and a hacker could have the ability to position themselves between the user and the connection point to steal their data. If someone wants to use public Wi-Fi to kill time while in the store or to check on products they want to buy, they need to avoid entering any personal information.

Advice for Businesses

  • Secure your information – Businesses need to take all of the necessary steps to ensure customers’ personal information is secure. It starts by making sure all systems are protected with properly configured cybersecurity tools. Time and time again, we see businesses and technology providers fail to configure passwords, resulting in exposed sensitive data for anyone to see online.
  • Have security software – Businesses need to protect their networks from cyberattacks. If a system does not have appropriate security software like network and application firewalls, malware protection and a program to patch known security flaws, identity thieves will steal whatever customer and company information they want.
  • Talk to the employees about online security – A business can have all the security measures in place, but it does not matter if employees click on links in phishing schemes. Company executives and cybersecurity teams should talk to employees about security, so they do not end up being their weakest link.

What the Post-Pandemic Marketplace Will Look Like

While many things are uncertain about our post-pandemic world, one safe bet is that online holiday shopping will continue to rise. Statistics show online shopping was already on the rise before COVID-19. With the even bigger surge during the pandemic, it will force businesses to get serious, if they are not already, about e-commerce and a digital-first model. In a sense, every day could be Black Friday!

For more information on online shopping during the holiday season or online holiday shopping trends, contact the ITRC at no-cost by calling 888.400.5530 or by live-chat on the company website.

Also, download the free ID Theft Help app, which has access to resources, a case log for an identity theft resolution process and much more.

Synchrony is a proud financial sponsor of the Identity Theft Resource Center.

Updated as of 3/1/2021- The recent social-good relationship management software data breach has nonprofit organizations, educational institutions, healthcare organizations and others left to figure out what to do next. Blackbaud, a cloud software company, used primarily by nonprofits, announced that they were the victim of a ransomware attack. Also, according to a filing with the U.S. Securities and Exchange Commission, Blackbaud acknowledges that a ransomware attack in May that affected its clients could have exposed much more personally identifiable information (PII) – including banking details – than the company initially believed. The number of people affected is still unknown, and more information needs to be gathered to judge the attack’s actual scope.

However, the Identity Theft Resource Center (ITRC) has tracked 536 organizations and close to 13 million people affected. Anyone who engages with organizations that utilize Blackbaud could be at risk of scams, social engineering and more.

What Happened

In May 2020, a ransomware attack was partially thwarted. However, the perpetrator copied a subset of data before being locked out. The hackers then offered to delete the data for an undisclosed amount of money. According to Blackbaud, they paid the ransom and received confirmation that the copy they removed had been destroyed. However, the confirmation was not detailed. Blackbaud says they have no reason to believe that any data went beyond the cybercriminal, was or will be misused.

The information exposed in the breach includes Social Security numbers, driver’s license numbers, passport numbers, personal health information (PHI), financial information, credit card information, telephone numbers, email addresses, dates of birth, mailing addresses, phone numbers, student I.D. numbers, biographical information, donation dates, donation amounts and other donor profile information. Blackbaud is calling the incident a security incident.

How it Can Impact You

Consumers impacted by the Blackbaud data breach could be at risk of scams (particularly giving and donation scams) and social engineering tactics. Multiple sectors were also impacted by the attack.

Healthcare Sector

Healthcare organizations all over the world use Blackbaud as their cloud software company. According to Blackbaud, 30 of the top 32 largest nonprofit hospitals are powered by their solutions. The ITRC has seen multiple data breach notices from healthcare organizations affected by the Blackbaud data breach. Since the breach impacted donors primarily, it could mean those individuals may be more susceptible to being targeted by fraudsters in the future.

Education Sector

Blackbaud plays a significant role in the education sector. They offer school management software to K-12 schools, as well as universities. Some of the management software includes student information, learning management, enrollment management and school websites. Many schools and districts have acknowledged they were impacted by the Blackbaud data breach. Most of the information involved includes donor information, alumni information, student I.D. numbers and student demographic information.

Nonprofit/NGO Sector

Blackbaud is a service that is primarily by nonprofits. Blackbaud offers an array of software services that cater to nonprofits worldwide, but are best known for their customer relationship management (CRM) tools. Many nonprofits use these to nurture their donors and fundraising. The range of types of nonprofits affected by the attack is vast. In fact, some Blackbaud nonprofits continue to come forward about whether or not they may have been impacted. Now, many nonprofits are trying to figure out their next steps for how to securely manage their CRM needs.  

What You Need to Do

The Blackbaud data breach and its impacts on businesses and consumers are specific to each affected entity and customer. Blackbaud has said that it notified its affected customers of the breach, and those customers should be notifying their impacted individuals. Depending on what information was exposed, the steps for those affected individuals could vary. Anyone who receives a notification letter regarding the Blackbaud data breach should not dismiss the letter and take the notice’s recommended steps.

For entities where sensitive PII was not exposed, the biggest threat is social engineering. Employees of the nonprofit organizations impacted by the breach may receive emails that look like they are from an executive, in an attempt at spear phishing. Donors and members of the nonprofit organizations impacted by the Blackbaud data breach may receive messages asking to provide their PII to update their contact or financial information, either directly through the email or through a link that does not actually belong to the nonprofit they are affiliated with. If an employee comes across an email they find suspicious, they should go directly back to the person it claimed to come from and verify the validity of the message if it is internal. If it is someone claiming to be from outside the organization, it should be run by their manager, IT services, or someone familiar with the relationship. More steps may have to be taken for entities where sensitive PII was exposed.

Anyone who believes they were impacted by the Blackbaud data breach can call the ITRC toll-free at 888.400.5530. They can also live-chat with an expert advisor. Another option is the free ID Theft Help app. The app has resources for victims, a case log, access to an advisor and much more.


You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

A recent data breach of Dave, an online banking service, has users of the service searching for answers. Hackers often target digital banking services for their plethora of consumer records. In 2018, hackers leaked the information of 2.8 billion consumer data records, costing $654 billion in damages to U.S. organizations. Additionally, since the start of COVID-19, there has been a 50 percent increase in mobile banking. Dave is a fintech company that allows users to link their bank accounts and loan payments for upcoming bills to avoid overdraft fees. The Dave.com data breach occurred after the company’s third-party service provider, Waydev, was breached, allowing hackers access to over seven million users’ data.

What Happened

Dave suffered an attack, resulting in 7,516,625 user records being published on RAID, a hacker forum. Some of the information that was exposed from the Dave.com data breach included names, emails, birth dates, physical addresses, phone numbers, encrypted Social Security numbers and Bcrypt hashed passwords. The company uncovered the hacker’s access point into the database and has since notified customers of the exposure. After becoming aware of the incident, Dave enlisted law enforcement and the FBI to conduct an ongoing investigation, according to ZDNet.

What Does This Mean for You?

While there is no evidence that hackers have used the data from the Dave.com data breach to gain access to accounts or conduct any unlawful actions, there is still a lot of harm that could potentially be done. One threat is social engineering, where someone manipulates someone else into divulging personal information. Since multiple forms of information were exposed, there is an even higher and potentially more harmful risk for those impacted.

While the threat level is not as high as social engineering, hackers could also target victims with mail-forwarding and sign up for accounts with the victim’s information.

Next Steps to Take

Affected users of Dave should consider taking immediate action to minimize the risks of identity theft. Some important next steps include:

  • Change the usernames and passwords on any accounts that share a username and password with their Dave.com account – opt for a stronger, unique passphrase
  • Look out for account sign-ups and websites which they are not familiar
  • Avoid clicking on any links or opening any attachments in messages they are not expecting or giving out personal information on the phone. Instead, users should reach out directly to verify the validity of the message.

Anyone affected by the Dave.com data breach can call the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 for more information on the next steps they need to take. They can also live-chat with an expert advisor. Finally, victims should consider downloading the free ID Theft Help app for access to resources, a case log to track their activities in managing their data breach case and much more.

You might also like…

Being Able to Identify a Phishing Attack is More Important Now Than Ever

Netflix Email Phishing Scam Could Steal Credit Card Information

Hacked Dating Apps are a Popular Target for Social Engineering Scams

Bitcoin scams come in many different forms. Scammers use different platforms to try and get people to pay them in bitcoin (also known as cryptocurrency or digital money). Bitcoin scams are a popular way for fraudsters to trick people into sending money. Recently, they used Twitter and some of its most notable accounts to target Twitter users.

On July 15, hackers compromised verified Twitter accounts and sent cryptocurrency scam tweets requesting bitcoin donations with the promise of doubling the investments to “give back to the community.” Scammers responsible for bitcoin scams not only aim to steal people’s money, but also collect their personally identifiable information (PII) and sell it to other cybercriminals.

According to Twitter, attackers are believed to have targeted certain Twitter employees through a social engineering scheme. Twitter says the attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through their two-factor protections. While Twitter continues their forensic review, they believe the bad actors may have attempted to sell some of the usernames. The hackers are not believed to have viewed previous account passwords. However, they were able to view personal information, including email addresses and phone numbers.

Twitter says nearly 130 accounts were targeted, and 45 successfully hacked. The Twitter accounts hacked include high profile individuals with verified accounts such as Barak Obama, Kanye West, Elon Musk and Bill Gates. Twitter responded by preventing any blue-check marked accounts from tweeting while security teams responded to the attack. Twitter apologized for the attack; the UK’s National Cyber Security Center, whom Twitter officers reached out to for support, released a statement urging people to treat requests for money or PII on social media with extreme caution.

The recent social-engineering hijack of Twitter accounts highlights a larger issue that has been on the increase since COVID-19 began: the prevalence of cryptocurrency scams. According to the Federal Trade Commission, most bitcoin scams appear as emails trying to blackmail someone, online chain-referral schemes or bogus investment/business opportunities. However, no matter how the scam is executed, a scammer wants the victim to either send money, give-up their PII or a combination of these. Once someone engages, there is usually nothing they can do to get their money back.

The Twitter hack creates a teachable moment – what should consumers do to reduce their risk of falling for a bitcoin scam? It also highlights the need for businesses to ensure their employees are educated on social engineering. This incident proves that even the most technologically-advanced companies are not immune from an employee granting access to bad actors. To avoid a bitcoin scam or other forms of social engineering, people should remember the following:

  • Never share PII through social media channels and always verify the person or business asking. While these scams are designed to steal people’s money, they are also designed to collect PII to sell to other cybercriminals.
  • If someone sees a tweet, email, text message or other social media post that asks for payment in bitcoin, it is – most likely – a scam.
  • High profile individuals will not contact anyone to give away large sums of money – especially in bitcoin – by social media message. There are other methods for informing someone if they are a recipient; if an offer seems too good to be true, it probably is.
  • If a consumer receives a message telling him or her it’s a guarantee to make money, it is probably a scam.
  • No one should ever click a link, download a file or open an attachment if they are unsure of who sent it or what it is; they should be cautious of links that are shared on social media.
  • Keep up with the latest around scams and how they work. The Twitter bitcoin scam employed a lot of common cognitive biases. Understanding how bitcoin or cryptocurrency works reduces the number of people who fall for scams about it.

If someone believes they are a victim of a bitcoin scam or has questions about other scams, they can live-chat with an Identity Theft Resource Center expert advisor. They can also call toll-free at 888.400.5530.


You might also like…

The Unconventional 2020 Data Breach Trends Continue

School District Data Breaches Continue to be a Playground for Hackers

Is This an Amazon Brushing Scam?