Fake merchandise

/in /by

Online shopping is becoming a convenient alternative for those to like to shop in the comfort of their own home, any time of the day or night. But while there are many legitimate companies online, there are also fraudulent sellers out to cheat consumers.

Stay safe. Be Informed.

The fake merchandise scam category covers a wide variety of fraud. Most of them include a seller posting an item online (typically high-dollar clothing, shoes, or electronics) at Craigslist or an auction site such as eBay. These regularly pricey items are being listed for a fraction of the typical price and seem like an attractive deal, but actually turn out to be scams. The unscrupulous seller takes your money but never sends you the item you paid for, because they never had it to begin with! Or worse, the classifieds website only exists to harvest consumers’ payment card or personal information to be used by scammers to purchase merchandise elsewhere or commit identity theft.

Other examples of fake merchandise scams are magazine sales—where someone offers you a great deal on new subscriptions or to renew your current ones. But it could be a con artist trying to trick you into spending more than you realize or paying for magazines that you’ll never receive. Or maybe you find an unbelievable deals on computer hardware and software on the Internet But most likely the offer will turn out to be too good to be true. Since these items are expensive, it pays to play it safe when you buy online.

Follow these tips below to practice safe online buying habits.

  • Do a price-check for similar merchandise before trusting an unknown online retailer, especially one advertising on Craigslist. If the price listed is far below traditional online retailers (think Amazon, Best Buy, Zappos) for a piece of popular merchandise (such as wireless phones, game consoles, sneakers, or designer clothing), the “deal” could easily be a scam.
  • Know who you’re dealing with. If the seller is unfamiliar, check with your state or local consumer protection agency and the Better Business Bureau. Some Web sites have feedback forums, which can provide useful information about other people’s experiences with particular sellers. Get the physical address and phone number in case there is a problem later.
  • Look for information about how complaints are handled. It can be difficult to resolve complaints, especially if the seller is located in another country. Look on the Web site for information about programs the company participates in that require it to meet standards for reliability and help to handle disputes.
  • Be aware that no complaints is no guarantee. Fraudulent operators open and close quickly, so the fact that no one has made a complaint yet doesn’t meant that the seller is legitimate. You still need to look for other danger signs of fraud.
  • Be skeptical about incredibly low prices or rebates that promise to cover the entire cost of the product. The goods may not exist at all, or the seller may be on the verge of going out of business and never deliver the promised merchandise or rebate.
  • Understand the offer. A legitimate seller will give you all the details about the products, the total price, the delivery time, the refund and cancellation policies, and the terms of any warranty.
  • Resist pressure. Legitimate companies will be happy to give you time to make a decision. It’s probably a scam if they demand that you act immediately or won’t take “No” for an answer.
  • Be cautious about unsolicited emails. They are often fraudulent. If you are familiar with the company that sent you the email and you don’t want to receive further messages, send a reply asking to be removed from the email list. However, responding to unknown senders may simply verify that yours is a working email address and result in even more unwanted messages from strangers. The best approach may simply be to delete the email.
  • Beware of imposters. Someone might send you an email pretending to be connected with a business or create a Web site that looks just like that of a well-known company. If you’re not sure that you’re dealing with the real thing, find another way to contact the legitimate business and ask.
  • Guard your personal information. Don’t provide your credit card or bank account number unless you are actually paying for something. Your social security number should not be necessary unless you are applying for credit. Be especially suspicious if someone claiming to be from a company with whom you have an account asks for information that the business already has.
  • Pay the safest way. Credit cards are the safest way to pay for online purchases because you can dispute the charges if you never get the goods or if the offer was misrepresented. Federal law limits your liability to $50 if someone makes unauthorized charges to your account, and most credit card issuers will remove them completely if you report the problem promptly. There are new technologies, such as “substitute” credit card numbers and password programs, that can offer extra measures of protection from someone else using your credit card.
  • Check out who’s behind the website you’re shopping at. Take a look at the “contact us” page. If there’s no telephone number to call, or if the number doesn’t work when you call, it could be a scam. Check out the registration details of the web domain at WHOIS.net. Is the website registered in the U.S.? Try calling the phone numbers for the domain’s administrative and technical contacts. If they don’t work, or you are routed to a domain registration company’s support line, it could be a scam.
  • Don’t shop at a website that lacks the SSL padlock. Legitimate online retailers should protect the information you share on the site with Secure Socket Layer (SSL) encryption. You can tell if a site uses SSL by the padlock that shows up to the left of the website’s URL in your browser’s address bar. If you don’t see the padlock, shop somewhere else.

If you’ve been scammed, or suspect the person you’re dealing with online is a scammer, file a complaint. Fraudsters can only be stopped if we all work together to share our experiences and raise the alarm. Filing a complaint at Fraud.org only takes a few minutes, but helps arm our network of more than 90 law enforcement and consumer protection agency partners with the information they need to shut down scam artists.

Find Fraud Alerts related to this scam here.

Unwanted software

/in /by

Unwanted software are programs that are downloaded—often unknowingly—that can cause serious problems for computer users. Examples of unwanted software are spywareadware, and a host of other programs. Sometimes unwanted software comes hidden along with a program that the user actually intended to download.

Stay safe. Be Informed.

Tips on protecting yourself from unwanted software:

  • Get your software directly from the source. When you’re looking for a new program, look for the publisher’s website first. Software download repositories may bundle in unwanted software with legitimate downloads.
  • Avoid clicking on pop-ups or banner ads that warn you of slow performance on your computer. This is often a ruse to lead you to websites that host unwanted software.
  • Make sure everything is up-to-date. To best protect yourself, repeatedly update your browser and operating systems; older systems are more susceptible to being infected by malware.
  • Routinely scan your computer. Use antivirus software to regularly scan your computer for programs that you don’t recognize.
  • Pay attention when installing new software. When downloading programs and extensions, pay attention to the fine print details. In particular, be on the lookout for pre-checked boxes that offer to install things like toolbars or other software in addition to the software you were looking for.
  • Heed your browser’s warnings. Most major Web browsers now have functionality built-in that will warn you when you are about to enter an unsafe website. Chances are that if your browser is telling you to not visit a certain website or download a particular program, you’re better off steering clear.

Despite our best efforts, it’s still possible to inadvertently install unwanted software. Once it happens, there are several steps you can take:

  • Ensure that the latest versions of your browser and operating system are installed. The best way to defend yourself against unwanted software is to ensure that your Internet browser (Safari, Firefox, Chrome, Edge, etc.) and operating system (Windows, OSX, Linux, etc.) are up-to-date.
  • Run a security scan using a reputable antivirus removal tool. While this software isn’t perfect, an antivirus tool can help detect and remove unwanted software. If you suspect you have unwanted software on your computer, make sure your antivirus tool is up-to-date and then run a full scan. The antivirus may help to detect and remove such software.
  • If all else fails, format and reinstall. In extreme cases, unwanted software may be so persistent that it disables operating system or browser updates and resists antivirus removal. If it comes to that, it may become necessary to format your hard drive and reinstall your operating system and Internet browser. Before you do this however, be sure to create backups of important files (like photos, videos, documents). WARNING: This may be a time-consumer process and beyond the skill of some users. If you don’t feel comfortable doing so, you may need to look for outside computer help from your local electronics store or computer manufacturer.

Find Fraud Alerts related to this scam here.

Tech support scams

/in /by

A fraudster, claiming to work for a well-known technology company like Microsoft or Norton, contacts you claiming that viruses have been detected on your computer. The fake tech representative alleges they can remotely remove the virus for a fee (typically between $100-400). Think twice before paying up or allow them access to your computer.

Stay safe. Be Informed.

Sometimes the hacker charges a consumer to download harmless programs that are available for free online to demonstrate the alleged virus. Other times, they install tracking software that gives the fraudster access to personal information on the computer.

Estimates of the scope of this scam vary widely. For example, Microsoft reported that the average victim lost $875 and had to pay $1,700 in repair bills. The Federal Trade Commission (FTC) said it had received more than 40,000 complaints about this scam when it initiated a crackdown in October 2012 and an official with the FTC’s consumer protection bureau said he thought the number of victims was probably “substantially higher.”

Although scams of this sort started in 2008, it has become far more common in the last couple of years, gaining attention from media organizations across the world. The companies that are affected have also noticed, warning their customers and offering tips on how to spot and avoid the scam. PayPal and other payment companies have helped by shutting down the accounts of known fraudsters.

Despite government action to identify and stop scam artists running these schemes, copycats continue to defraud consumers. Consumers should use the following precautions to minimize the risk of falling victim:

  • Do not assume that the person contacting you is legitimately working for the company they say they are. Know that legitimate companies will not call you without solicitation and tell you that you must pay for tech support.
  • Reach out to the tech company yourself. Find a legitimate phone number for the company and ask them whether a representative contacted you.
  • Don’t allow remote access to an unauthorized stranger. Never allow someone to take remote control of your computer unless you are certain that they are actually representing a legitimate company.
  • Don’t share personal information. Do not disclose sensitive financial information such as passwords, credit card, or bank account routing numbers over the phone.
  • Keep a record of your charges. When buying things over the Internet or phone, use a credit card or a debit card so that you can better dispute fraudulent charges.

If you believe that you are the victim of a tech support scam, please take the following actions:

  • File a complaint with Fraud.org so that we can help others avoid falling victim;
  • Call your credit card company and ask to have the charges reversed;
  • Check your bank and credit card statements for inaccuracies. If you find any, ask that those charges be reversed, too;
  • Contact the major credit-reporting agencies (Equifax, Experian, and TransUnion) and notify them of the potential for fraud on your account; and
  • Delete the tracking software from your computer. For tips on how to do this, click here.

Visit the following sites to learn more about tech support scams and ways to protect yourself:

  • This post on the FTC’s Web site provides consumers with a video on how to protect computers and phone audio of a scammer conducting a tech support scam.
  • This section of the FTC’s Web site gives an overview of how these scams work and ways to protect yourself if contacted by a fraudster.
  • The Better Business Bureau has a scam alert that describes an incident in Montana involving this scam.
  • Finally, Microsoft’s posting on its Web site details common scams that falsely use its name and the common indicators that you are not truly talking to a company official.

Find Fraud Alerts related to this scam here.

Phishing

/2 Comments/in /by

In a scheme called “phishing,” ID thieves trick people into providing their Social Security numbers, financial account numbers, PIN numbers, mothers’ maiden names, and other personal information by pretending to be someone they’re not.

Stay safe. Be Informed.

  • Watch out for “phishy” emails. The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to “confirm” your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts.
  • Don’t click on links within emails that ask for your personal information. Fraudsters use these links to lure people to phony Web sites that looks just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
  • Beware of “pharming.” In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you’re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
  • Never enter your personal information in a pop-up screen. Sometimes a phisher will direct you to a real company’s, organization’s, or agency’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
  • Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to OnGuardOnline.gov and StaySafeOnline.org to learn more about how to keep your computer secure.
  • Only open email attachments if you’re expecting them and know what they contain.Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
  • Know that phishing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.
  • If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually, they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Get the main number from the phone book, the Internet, or directory assistance, then call to find out if the person is legitimate.
  • Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.
  • Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.
  • Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, use the Federal Trade Commission’s Identity Theft web site.
  • Report phishing, whether you’re a victim or not. Tell the company or agency that the phisher was impersonating.

Find Fraud Alerts related to this scam here.

Malware

/in /by

You can download programs on the Internet to look at pictures, play games, listen to music, and enjoy other activities. But, beware of dangerous downloads that may result in serious computer problems and expenses that you did not anticipate.

Stay safe. Be Informed.

  • Some downloads contain viruses. These could wipe out your computer files. Get a good virus software program and regularly update it to protect your computer.

  • You may be downloading a dialer program without realizing it. This would enable it to “highjack” your modem and connect it to a foreign telephone number, resulting in expensive phone charges. Some programs turn off the volume so you can’t hear the dialing take place.

  • Don’t download programs from Web sites you don’t know and trust. Make sure that everyone in your household or business checks with you first before downloading programs.

  • Be cautious about emails offering information or entertainment services. Many unsolicited emails are fraudulent and sometimes even opening the email or clicking on an attached link will send a virus through your computer.

  • Read the user agreement carefully. There may be important information buried in the agreement about costs or other aspects of the program.

  • Supervise children when they’re surfing the Internet. Lured by promises of fun, children may ignore the user agreement or other warnings. Family members who are worried about children surfing the internet should take advantage of the ability to block Web sites and programs.

  • Limit the people who know the password needed to go online on your computer. This is an easy way to keep friends, babysitters, and others from downloading dangerous programs onto your system.

  • Increase the amount of time a site is kept in your browser history file. Usually a site is erased from the history folder after 20 days, but it may take longer for you to discover that you have been victimized. Increase the time to 45 days. Your browser’s help folder can provide instructions on how to do this.

  • Install monitoring software on your system. This software keeps a log of all programs installed on your computer and sites visited on the Internet. It will help you enforce the “no downloading” and “no unsupervised surfing” rules and track down any problems. Monitoring software also allows you to sweep your computer for any viruses using the instructed program.

  • Look at your phone bill carefully before you pay it. If you find charges for foreign phone calls you did not knowingly make, your long distance company may agree to remove them or adjust the amount. Your service could be shut off for refusal to pay unless you can work something out.

Find Fraud Alerts related to this scam here.

Sweetheart swindles

/in /by

Online dating can be fun and convenient, but falling for a sweetheart swindle can be costly. Be wary of “friends” you meet online who develop a relationship with you only to con you out of hundreds or even thousands of dollars.

Stay safe. Be Informed.

Falling in love with a con artist has consistently been ranked as one of, if not, the most expensive scams for the victims who have shared their stories with Fraud.org. It’s not hard to see why. Love is a powerful emotion. Most of us would do practically anything to help out a friend or loved one in need. Fraudsters know this, which is why they devote significant time and energy to developing friendships and “love” with their marks. However, these criminals aren’t looking for a soulmate. They’re looking for victims that they can wring every last cent out of.

In many of the stories we hear from consumers, the scams begin the same way. The victim is first approached on an online dating website (Match.com was frequently mentioned in our complaints), a social media platform such as Facebook, or another type of online forum. The con artist may claim to be interested in the victim romantically. When the victim responds, their new “friend” tells them a story about how they are located far away from the victim, often overseas.

As the relationship develops and false trust is built, the “friend” asks the victim to send money to help them out of some fake situation. The “friend”—who is, in reality, a con artist who is likely running the same scheme on other victims—may claim that they need the money to come visit the victim, for medical bills, to get out of jail, or some other reason. If the victim agrees to pay, there will inevitably be more requests for money to cover other fictitious expenses until the victim comes to realize it is a scam and stops paying, or worse, runs out of money to give.

How can you spot a romance scam and avoid falling victim? Here are red flags that the person you’re dealing with is after your cash, instead of your heart:

  • She requests that you wire money or cash a check or money order for them.
  • The “relationship” becomes romantic extremely quickly, with quick pronouncements of love or close friendship.
  • He claims to be a U.S. citizen who is abroad, very wealthy or a person of important status.
  • He claims to be a contractor and needs your help with a business deal.
  • She makes excuses about not being able to speak by phone or meet in person.
  • He quickly asks you to communicate via email, instant messaging, or text messaging instead of online dating sites’ messaging services.
  • She claims to be American but makes frequent spelling or grammar mistakes that a native English speaker wouldn’t.

If you’ve been approached by someone you think could be a romance scammer or if you’ve already fallen victim, DON’T keep speaking with the person who approached you. Ignore their emails, phone calls, IMs, or other communications. Instead, use the online dating site’s abuse flagging system to mark the account as suspicious and file a complaint at Fraud.org.

Find Fraud Alerts related to this scam here.

Pet adoption scams

/in /by

Fraudsters are going after future pet owners by placing a false ad for pets online then scamming them into more money after they are emotionally invested in the cuddly ball of fuzz.

Stay safe. Be Informed.

First, a consumer searching for a pet sees a desirable animal listed for sale online, often on a classifieds website like Craigslist.org or Oodle.com. Next, the consumer reaches out to the prospective seller and expresses interest in acquiring the animal. After a consumer sends money to the alleged owner to pay for the pet, she is told that additional funds are needed to cover the cost of things like “a ventilated shipping crate,” “insurance,” or other reasons. Regardless of how much money is sent, the alleged seller will find new reasons to ask for additional payment. This continues until the victim, now often out hundreds or thousands of dollars catches on and stops sending money.
In reality, the entire act is a farce. The cute pet pictures that prompted the initial outreach by the consumer are usually simply pulled off the Internet and used to create attractive (but fake) listings. The alleged sellers don’t own any actual pets and are just out to milk victims of all the cash they can.

A Massachusetts woman we’ll call “Sue” (not her real name) recently sent us a complaint that is typical of this scam. Sue writes:

“I was looking to purchase a Yorkshire terrier puppy for my 2 little kids. I found one that I was really interested in. It was a 9-week-old female Yorkie. I emailed ‘the owner’ … The puppy was $500 and he told me that was already included with shipping and everything. He told me to put the $500 on a Reloadit card, which I did, and I gave him that. He sent me an email of a flight ticket, which I now know that it was not real because I called American Airlines and the flight ticket was a fake.

An agency started emailing me stating that I had to send them $970.00 for a ‘crate’ for the puppy to arrive to me safe while on flight due to the weather. I was told it was refundable when my puppy would arrive. I was told to send it by Western Union, which I did. Once that happened … I was asked to send $1,500 now for the pets insurance to get sent to me, which was also supposed to be refunded to me. I sent that money through MoneyGram. I was supposed to receive my puppy on March 7, 2015 in the morning and I never received the puppy.

Then I received another email stating I had to send ANOTHER payment of $760.00 to update her shots before she takes off. It was already sounding a little bit too good to be true to me but that’s when I finally realized that this was a scam.”

It’s easy to get emotionally attached to the idea of acquiring an adorable new pet. Consumers in the market for a new furry friend, can protect themselves by following these safe pet-buying tips:

  • Never send money for a pet purchase unless you have seen the animal in person (as opposed to simply online).
  • Beware of any seller who says she’s located out-of-town (or worse, overseas). Dealing with local sellers is usually the smart move.
  • Requests for payment via wire transfer (Western Union or MoneyGram) or prepaid debit card (Green Dot MoneyPak, Reloadit, or similar cards) are often a red flag for potential fraud. Payment sent via these methods is practically the same as sending cash.
  • Consider adopting from a local shelter instead of a private seller. There’s likely to be a lower cost to obtain the pet, and you’ll be dealing with a reputable non-profit organization.
  • Do your due diligence on the seller BEFORE sending money. Ask for detailed information on the seller, including full name, phone number and mailing address. Search online for information on the seller. If no information comes up in the search, or you see negative reviews, it could be a scammer instead of a legitimate seller.
  • Watch out for offers of “free” pets. While it may seem like a good deal, scammers have been known to use these to lure unwary consumers in to paying for “shipping” and other costs for nonexistent pets.

If you’ve been a victim of one of these scams or been approached by someone you suspect of being a scammer, file a complaint at Fraud.org so that we can share your information with our network of law enforcement and consumer protection agencies.

Consumers can see additional examples of these scams at the ASPCA’s Pet-Related Scams website.

Find Fraud Alerts related to this scam here.

Tax ID theft

/in /by

Tax day may be a date that few consumers look forward to. However, there is one group that uses the day to scam their victims: identity thieves.

Stay safe. Be Informed.

Tax ID fraudsters file early because they have a treasure trove of stolen personal information (names, dates of birth, Social Security numbers), and they’re eager to use that information to steal other people’s tax refunds. Tax identity theft is the use of someone else’s personal information to file a fraudulent tax return or claim tax benefits. This fraud is particularly pernicious because the legitimate taxpayer may have no way of knowing that fraud has been committed. The scam only works for returns that haven’t been filed by legitimate consumers, so fraudsters are highly motivated to file as early as possible. Often, the fraud will only be detected when a taxpayer receives a notice from the Internal Revenue Service (IRS) or state tax authorities of a problem with her return.

Tax identity theft was the single biggest type of identity theft complaints to the Federal Trade Commission in 2014. Conservative estimates put the cost of this fraud to the nation’s taxpayers at $5.2 billion annually.

Here’s how tax identity theft works: Most workers receive their W-2 forms from their employers by the end of January. Since many consumers wait until April to file, a scammer who has access to compromised personal information (such as a Social Security Number, full name, and street address) can take advantage of the delay to file in someone else’s name. Some tax ID thieves even specialize in using children’s identities to fraudulently claim them as dependents. Since the IRS tries to process refunds in as little as three weeks, the scammers receive their fraudulent refunds in the mail or electronically and quickly turn it into untraceable cash. The legitimate taxpayer often only finds out they’ve been a victim when the IRS refuses to process the real return because—according to its records—they’ve already filed a return.

How to spot tax identity fraud

Tax identity fraud is difficult to catch before the fraud occurs. However, consumers who fall victim to tax identity fraud often discover it in one of the following ways:

  •  If someone else has already filed a tax return using your personal information (such as a Social Security Number), they may get your refund. When you later file your own return, the IRS will send you a notice letter indicating that your refund has already been sent out.
  •  When someone else uses your Social Security Number to obtain employment, the employer will report those earnings to the IRS. When you file your tax return, you won’t include the identity thief’s earnings in your return. When the IRS notices the discrepancy, they will send you a letter stating that you’ve failed to declare all your income.
  • If your income does not meet a certain threshold, you may not be required to file taxes. However, if someone else using your Social Security Number to obtain employment fails to file taxes, your account may end up in collections. A collections notice from the IRS may be a sign of tax identity theft.

If you receive one of these notices from the IRS or state tax authorities, contact the agency immediately. The IRS Identity Theft Protection Specialized Unit can be reached at 1-800-908-4490. A list of state tax authorities’ contact information is available from the Federation of Tax Administrators here.

Reducing your risk

Unfortunately, there is no foolproof way of avoiding tax identity fraud. Since Social Security Numbers and other personal information are so widely available on cyber black markets, chances are that scammers already have the information they need to commit tax identity fraud against many, if not most, American consumers.

However, there are steps that can be taken to reduce risk to the extent possible. These include:

  • File your taxes as early as possible during tax season. Scammers depend on the fact that many taxpayers wait until late in tax-filing season to file. Filing early reduces the risk that a tax ID thief will be able to use your personal information to file fraudulently ahead of you.
  • Review your credit report for any suspicious activity (such as lines of credit opened without your knowledge). Free credit reports for all three major credit reporting bureau can be obtained at annualcreditreport.com.
  • Protect your personal information. When asked to provide a Social Security Number to a business or other entity, ask if there is another form of identification that can be used (such as a driver’s license ID number, phone number or mailing address). This will help slow the spread of the critically important SSN to potential ID thieves.
  • Check your annual Social Security Administration earnings statement carefully. If there are earnings listed that you don’t recognize, someone else could be using your identity to obtain employment.
  • Don’t give out personal information, such as your SSN, date of birth, or bank account information in response to unsolicited emails, postal mail, over the phone or via text message, social media or other platform.
  • Install antivirus software and personal firewalls on your computer and make sure to install all operating system and browser patches promptly.
  • Change passwords on online accounts regularly. Be sure to use different passwords on each account. If an online service (like email, social network, bank accounts, etc.) offers more secure technology, such as multi-factor authentication, turn it on.

What to do if you are a victim

Identity theft is a serious crime that can significantly and negatively affect your ability to obtain credit, get a job, or obtain medical care, just to name a few results. Recovering from tax identity theft is not easy, but it can be done through a combination of quick action and careful follow-up. The Internal Revenue Service and Federal Trade Commission recommend the following step-by-step process for addressing tax identity fraud.

  1. Report the fraud by calling the IRS Identity Protection Specialized Unit at 1-800-908-4490 immediately. You will likely be asked to obtain a police report, fill out an IRS Theft Affidavit Form 14039 and send proof of your identity (such as copy of a Social Security Card, driver’s license, or passport).
  2. File a complaint with the FTC at https://www.ftccomplaintassistant.gov. At the end of this process, you should receive an Identity Theft Affidavit and a complaint reference number. Save or print the Identity Theft Affidavit. Remember to record the date you filed your complaint. Consumers can also file a complaint by phone at 1-877-438-4338.
  3. Go to your local police department to obtain a police report. Remember to bring a) a copy of the FTC Identity Theft Affidavit; b) any other proof of the theft (such as an IRS notice); c) a government-issued photo ID; d) proof of address (such as a rental agreement, pay stub, or utilities bill); and e) the FTC’s Memo to Law Enforcement (printable at the link). If your local police department is unable or unwilling to take your identity theft report, ask if you can file a “miscellaneous incidents” report. You can also try filing at a different police station, the local sheriff’s department, state police, or federal authority.
  4. Contact one of the three major credit reporting bureaus and ask them to place a “fraud alert” on your credit report. A “fraud alert” placed with one credit reporting bureau should automatically be placed on your credit report with the other two bureaus. A fraud alert does not prevent identity thieves from misusing your identity, but it will result in credit reporting bureaus taking additional steps to verify a credit applicant’s information. These alerts generally expire after 90 days, so you may need to renew it periodically. Numbers to call are as follows:
  5. Resolving tax identity theft with state and federal tax authorities may require many months, or longer. While this process is ongoing, continue to file your taxes, even if you must do so by paper.
  6. Tax identity theft may be a precursor to other forms of identity theft. Therefore, consumers who wish to take an additional security step may want to consider requesting a “security freeze” on their credit report from each of the three major credit reporting agencies. This step will make it impossible for identity thieves to open new lines of credit in your name. However, it will also prevent you from opening new lines of credit unless you contact the credit reporting agencies to temporarily (or permanently) lift the freeze. There may also be fees levied for placing, lifting, or removing a security freeze depending on the state you live in and whether or not you have proof that you are a victim of identity theft.
  7. Additional information on spotting and avoiding identity theft is available from the Federal Trade Commission at www.ftc.gov/IDTheftTaking Charge: What To Do If Your Identity Is Stolen is a free publication from the FTC that offers step-by-step guides, sample letters, and other information that can help you to recover from identity theft. It is available online at https://1.usa.gov/Seg8Oz.

NCL thanks Intuit for the unrestricted educational grant that helped make this guide possible.

Find Fraud Alerts related to this scam here.

Medical ID theft

/in /by

Medical identity theft is a lesser known form of identity theft, but the consequences can be just as devastating. It not only affects the patient or consumer, but also has ramifications on healthcare and insurance providers.

Stay safe. Be Informed.

Medical identity theft occurs when a fraudster illegally obtains and uses a patient’s Personally Identifiable Information (PII), such as name, Social Security number, and/or medical insurance identity number, to fraudulently obtain or bill for medical goods or services. This kind of fraud also includes the unauthorized personal gain of insurance benefits, prescription drugs, employment, government benefits, or other financial gain acquired through the theft of another individual’s PII. Hackers have also been known to sell stolen health care records on the black market.

Health care data is increasingly becoming a top target for scammers and hackers in the United States and globally. According to Bitglass, one in three Americans were affected by health care breaches in 2015. The Department of Health and Human Services reported 253 health care breaches that affect 500 individuals or more with a combined loss of over 112 million records in 2015. A reason why fraudsters may be going after health care data more is because of its longer shelf life and rich potential for identity theft. Financial data has a finite lifespan and loses its worth as soon as the consumer notices the frauds and cancels their accounts or cards. However, health care data contains information that can’t be cancelled or changed as easily as a credit card. This information includes Social Security numbers, medical records, and prescription accounts.

Follow these tips to help protect yourself against medical identity theft:

  • Review the Explanations of Benefits (EOB) statement or Medicare Summary Notice that your health plan sends after treatment. Immediately report any mistakes or unfamiliar charges, such as a doctor’s visit you did not make or prescriptions that you did not fill.
  • Check in with your doctor(s) to ensure your medical records are accurate. Make sure the records contain your procedures, treatments, prescriptions, and other medical activities. If you notice inaccurate health details such as the wrong blood type, pre-existing conditions, or allergies, it may be a sign that an identity thief has accessed your records.
  • Do not share your medical or insurance information with other individuals. Especially do not provide your medical information over the phone or via email unless you initiated the contact and have verified the entity you are contacting.
  • Treat your medical identity with the same care and caution you do any of your other sensitive information, such as your financial credentials. Dispose or shred health documents you no longer need.
  • Read the Privacy Policy on a website before you provide your Personally Identifiable Information. Find out why your Social Security number or insurance account numbers may be needed and how the website will keep it safe, or if it will be shared, and if so, with whom. (Websites with “https” in their URL are secure.)
  • If you are unsure about sharing your personal information with someone who says they are from your health plan—DON’T. Directly contact the Member Services number on your ID card so you can be sure the person is a verified health representative.
  • Be cautious when you get offers for “free” health services or products that require you to provide your personal health information. Often times, this is a scam targeted to steal your medical identity.
  • Do not provide your medical information to someone who contacts you about a “recent breach.” This is a tactic scammers use to capitalize on actual data breaches to “phish” for additional personal information to steal your identity. Know that legitimate companies will never ask for your information through unsecured channels such as phone calls or emails.
  • Do not be afraid to ask questions. Ask your health care provider about how your data is treated, protected, and shared. You have the right to find out with whom your insurance company and medical providers have shared your information with. You are entitled to one free copy of the “accounting of disclosures” every year from each of your providers.

If you have been a victim of medical ID theft, contact either ExperianEquifax, or TransUnion and have them place a fraud alert on your account. The credit reporting agency you contact is legally required to notify the other two agencies. A fraud alert will flag your account as a potential victim of fraud and that creditors should take extra steps to verify your identity before issuing credit. Be sure to monitor your credit reports on an ongoing basis. And be on the lookout for a confirmation letter from each bureau that your fraud alert has been processed. This is not a complete solution for medical ID theft, but it’s a precaution to take to look for medical collection notices.

Additional resources

Visit Fraud.org’s Identity theft section for more information.

You can also visit the FTC’s IdentityTheft.gov website to report any instances of fraud, including medical ID theft.

The Medical Identity Fraud Alliance has more information on how to avoid medical ID theft and more steps you can take if you area victim.

Find Fraud Alerts related to this scam here.

Identity theft

/in /by

Identity fraud (also known as ID fraud or ID theft) refers to types of crime in which someone wrongfully uses another person’s personal data fraudulently or deceptively. Identity fraud is typically used for economic gain by the fraudster.

Stay safe. Be Informed.

If you know that your identity has been stolen as a result of a data breach, take these steps to contain the damage. More information on identity fraud can be found in our Data Breach HQ.

  • File a complaint with the FTC with its online form or call 1-877-438-4338. They will create a FTC Identity Theft Affidavit for you that you will need throughout the rest of the process. Remember to print and save your affidavit for future reference because you will not be able to retrieve it from that page again.
  • File a report with your local police department. Combine your FTC Identity Theft Affidavit with your police report for your Identity Theft Report. This will prove to businesses and financial institutions that your identity has been stolen.
  • Call the fraud departments of the companies where you know identity theft occurred. Have them freeze or close your accounts. Change all your login information for these companies.
  • Contact either ExperianEquifax, or TransUnion and have them place a fraud alert on your account. The credit reporting agency you contact is legally required to notify the other two agencies. A fraud alert will flag your account as a potential victim of fraud and that creditors should take extra steps to verify your identity before issuing credit. Be sure to monitor your credit reports on an ongoing basis. And be on the lookout for a confirmation letter from each bureau that your fraud alert has been processed.
  • Get your free credit report from annualcreditreport.com or call 1-877-322-8228. If you have already ordered your one free credit report per year, you can pay to get your report immediately. Review your report as soon as possible and note fraudulent charges that you can report to the police and FTC.

After you have your Identity Theft Report, take the following steps:

  • Find new accounts that you did not open and call the fraud department of each business to have them close your fraudulent accounts and remove any fraudulent charges. Ask for a letter from the business to confirm that you aren’t liable for the fraudulent charges, the fraudulent account is not yours, and that it was removed from your credit report. Use the FTC’s sample letter.
  • Write to each of the credit bureaus (ExperianEquifaxTransUnion) to correct your credit report. Use the FTC’s sample letter and include your Identity Theft Report and proof of your identity. You have the legal right to have fraudulent activity voided from your credit report if your identity has been stolen, which is called blocking. Once the faulty information is blocked, it won’t affect your credit report and companies can’t try to collect debt from you.

Find Fraud Alerts related to this scam here.

NCL’s Programs

fraud-org
1746770534_HAC-Logo

Fraud.org is a project of
The National Consumers League.

info@nclnet.org
(202) 835-3323

1701 K St NW
Suite 1200,
Washington, DC 20006

© Copyright 2025. All rights reserved.