Frauds & Scams
Frauds and scams have become increasingly prevalent in our interconnected world, posing significant risks to individuals, businesses, and society. Understanding the different types of fraudulent activities and the tactics employed by scammers is crucial in protecting ourselves and our communities. This page provides an overview of some common types of fraud and scams, shedding light on their characteristics and how to protect yourself.
BE AWARE OF LAW ENFORCEMENT IMPOSTER SCAMS
Law enforcement and the courts will never solicit money or gift cards from residents for any purpose. If you receive a call from someone claiming to be an officer, sheriff's deputy, or court official, be cautious...THIS IS A SCAM! Never provide any personal, financial, or otherwise private information to an unknown person. Scammers use pressure tactics, "spoof" their phone number to replicate a legitimate organization, and use ruses to indicate a loved one is hurt or jailed. The best course of action is to immediately hang-up, and contact the agency directly through phone numbers on officials sources if you have concerns, or to verify information you received.
COMMON FRAUDS & SCAMS
Expand all- Business Impersonation Fraud
Criminals can pose as legitimate businesses to exploit their customers' trust. Fraudsters obtain sensitive information, money, or other valuable assets through bogus transactions.
Signs of Business Impersonation Fraud
- Unexpected and unsolicited emails or calls from supposed business contacts.
- Emails requesting change of deposit/payment routing methods
- Pressure to act quickly - often involving urgent financial transactions like a missed payment or sharing sensitive information.
- Fraudsters often ask for payment through unconventional methods such as wire transfers, gift cards, or cryptocurrency. Genuine businesses and government agencies never ask for payment via gift card. Any such request is a sure sign of fraud.
- Email addresses and phone numbers that are similar but slightly different from the legitimate ones. Even know to spoof the legitimate business’ name or email address
- Suspicious emails containing links or attachments that ask for login credentials or other personal information.
Prevention Tips
- Don’t click any links or call phone numbers they give you. Always verify the sender's email address and phone number using reliable sources independent from the incoming message. Caller IDs can be spoofed using electronic tools. Contact the business directly using known contact details, not the information possibly from a scammer.
- Verify all changes to routing deposits/payments using reliable sources independent from the incoming message.
- Train staff to recognize the signs of fraud and to follow verification procedures.
- Install and regularly update antivirus and anti-phishing software.
- Implement multi-factor authentication for financial transactions and other sensitive operations.
- Keep up-to-date with common scam tactics and remain vigilant.
- Safeguard personal data and share it sparingly, especially when unsolicited requests are made.
- Check Forgery
Check forgery involves the unauthorized alteration or creation of a check with the intent to deceive and obtain funds illegally. Perpetrators may alter the payee's name, the amount of money, or other crucial details to divert funds to themselves or others. Checks are commonly stolen out of the mail, washed in chemicals, forged, and cashed leaving the victim out the funds as well as what the payment for what they originally wrote the check for. If you want to make check washing incredibly difficult or impossible, experts like Better Business Bureau recommend switching to a black gel pen.
Prevention Tips
- Secure Checks: Store blank checks in a secure location and monitor their usage regularly.
- Switch to online payments: Eliminate using checks all together
- Use Security Features: Employ checks with built-in security features such as watermarks, microprinting, and chemical-sensitive paper.
- Review Statements: Routinely review bank statements for any unauthorized transactions or discrepancies. Report suspicious activity to the bank immediately.
- Avoid Sharing Sensitive Information: Never share sensitive financial information, such as debit card details and PINs, in response to unsolicited messages or offers.
- Organizations and businesses should:
- Train employees to recognize signs of check forgery and encourage them to report any suspicious activity.
- Require dual authorization for large transactions and sensitive check-related activities.
- The US Postal Service recommends that you:
- Drop off mail in blue collection boxes before the last scheduled pick-up time or directly at your local Post Office.
- Regularly check your mail. Do not leave your mail in your mailbox overnight.
- If you’re heading out of town, have the Post Office hold your mail or ask a trusted friend or neighbor to pick up your mail.
Recovering from this scam
- Report to Bank: Immediately report suspected check forgery to your bank or financial institution to freeze the account and prevent further losses.
- File a Police Report Online
- Provide Documentation: Provide copies of forged checks, bank statements, and any other relevant documentation to authorities and your bank.
- Cooperate with Investigations: Cooperate with bank investigations and law enforcement agencies to identify the perpetrator and recover lost funds.
- Monitor Accounts: Continuously monitor your accounts for any additional unauthorized activity and follow up with your bank regarding any concerns.
- Credit Card Fraud
Credit card fraud is a form of identity theft that involves unauthorized use of someone else's credit card information to make fraudulent purchases or withdrawals. It can occur through various means, including stolen cards, card-skimming devices, phishing, self-disclosure, or hacking into corporate databases.
Signs of Credit Card Fraud
- Unauthorized Transactions: You may notice unauthorized transactions, withdrawals, or suspicious account activity after sharing your card information. Unfamiliar charges appear on your statement because thieves are using your credit card.
- Unexpected Declines: Your card is rejected unexpectedly because thieves have made charges reaching your card limit.
- Missing Statements: If your credit card statements suddenly stop arriving, felons might have changed the mailing address to prevent you from reviewing them.
- Unusual Account Activity: Unexpected changes in your credit report or account details.
- Unsolicited Offers: Individuals receive unsolicited messages or advertisements promising quick cash or financial rewards in exchange for providing their debit card details.
- Requests for Card Information: Fraudulent email or SMS messages explicitly request sensitive information, including debit card numbers, PINs, and online banking credentials.
Prevention Tips
- Monitor Account Activity: Review bank statements and account activity for unauthorized transactions. Report suspicious activity to the bank immediately.
- Enable Alerts: Set up transaction alerts to receive notifications of unusual activity.
- Use Secure Websites: Only make online purchases from reputable and secure websites (check for "https://").
- Secure Social Media Accounts: Adjust privacy settings on social media platforms to limit personal information exposure and reduce the likelihood of being targeted.
- Avoid Sharing Sensitive Information: Remind individuals never to share sensitive financial information, such as debit card details and PINs, in response to unsolicited messages or offers.
- Two-Factor Authentication (2FA): Enable 2FA on online banking accounts to add an extra layer of security, requiring additional verification beyond passwords.
Recovering from the scam
- Contact Your Bank or other Financial Institutions: Report the incident to your bank or credit card issuer immediately. Provide details of unauthorized transactions and any relevant information.
- File a Police Report: If necessary, file a police report to document the fraud. This report may be required by the bank or relevant authorities during the investigation. File a Police Report Online.
- Credit Bureaus: Contact major credit bureaus (Equifax, Experian, TransUnion) to place a credit freeze on your credit report.
- Monitor Accounts: Keep a close eye on your accounts for any additional unauthorized transactions.
- Monitor Credit Reports: Keep a close eye on credit reports for any signs of identity theft. Report any suspicious activity to the credit bureaus.
- Install Security Software: Use reputable antivirus and anti-malware software to protect devices from potential threats that may have been introduced during the card cracking scheme.
- Secure Your Accounts: If you share personal information with the scammer, change your passwords and enable two-factor authentication where possible.
- Cryptocurrency Scams
A cryptocurrency scam is a fraud involving digital currencies that aims to deceive investors with false promises or to trick them into giving away access to their digital wallets. Scammers "fatten up" victims with fake trust, affection, and promises of huge investment returns over weeks or months before stealing their money. Losses can be catastrophic, with Americans losing billions.
Signs of a Cryptocurrency Scam
- Research and Due Diligence: Thoroughly research any cryptocurrency project, exchange, or investment opportunity before participating. Do not rely solely on materials provided by the organization.
- Beware of Unsolicited Offers: Be cautious of unsolicited messages or emails offering cryptocurrency investments or giveaways.
- Check Website URLs: Verify website URLs for accuracy, as scammers often create convincing fake websites.
- Use Trusted Platforms: Only use reputable cryptocurrency exchanges and wallets with a track record of security. Most of the time the platform you are using that the organization instructed you to download is completely controlled by the scammers and you are seeing a fake investment portfolio that you believe to be growing.
- Fake Investment: They may allow you to pull a small amount of money out of the portfolio leading you to believe it’s legit so you will investment more money. When you try to transfer larger sums, you are generally hit with a ‘fee’ in order to have your money released to you. Once you pay the ‘fee’, the scammers will come up with another ‘fee’ when you try to transfer your funds. This is generally when people realize they are being scammed.
- Analyze Investment Offers: Be skeptical of investment opportunities that promise guaranteed high returns; if it sounds too good to be true, it probably is.
Prevention Tips
- Educate Yourself: Learn about common cryptocurrency scams and stay updated on new tactics.
- Ignore Pressure: Don't succumb to pressure or urgency in cryptocurrency deals; scammers often use these tactics.
- Secure Wallets: Use hardware and software wallets from reputable sources with strong security features. DO NOT share your wallet information, especially at the instructions of the organization trying to ‘assist’ you with transferring your funds.
- Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts with 2FA.
- Avoid Public Wi-Fi: Don't access your cryptocurrency accounts or transact on public Wi-Fi networks.
Recovering from the scam
- Report the Attack: If you lost money, File a Police Report Online.
- Alert Cryptocurrency Exchanges: Inform cryptocurrency exchanges involved in the scam to prevent further transactions.
- Trace Transactions: Use blockchain explorers to trace the movement of stolen funds.
- Share Information: Share details of the scam on cryptocurrency forums and social media to warn others.
- Regularly Monitor Accounts: Continuously monitor accounts and systems for suspicious activity.
- Extortion
Extortion preys on individuals by leveraging intimate or compromising content. These criminals coerce victims into providing money, valuables, or additional explicit material under the threat of exposing personal and private images or information.
Signs of Extortion Scams
- Unsolicited Requests: Avoid unsolicited requests for explicit images or personal information.
- Threats and Demands: If you receive threatening messages demanding money or additional material, it may be a sextortion attempt.
- Blackmail Tactics: Sextortionists often use fear and intimidation to manipulate victims. Recognize these tactics.
- Suspicious Contacts: Investigate and verify the identity of the person making demands, especially if they're a stranger.
Prevention Tips
- Online Privacy: Be cautious about sharing explicit content or personal information online, even with trusted individuals.
- Limit online activity: Limit your online activity and avoid posting or sharing sensitive information, such as your location or financial information.
- "Friend" only the people you know in real life.
- Secure Social Media Accounts: Adjust privacy settings on social media platforms to limit personal information exposure and reduce the likelihood of being targeted.
- Monitor your accounts: Regularly monitor your social media accounts, email, and other online accounts for any signs of cyberstalking or hacking.
- Trust Your Instincts: Don't engage with the requester if something feels off or suspicious
- Educate Yourself: Learn about common online scams and tactics used by extortionists to recognize potential threats.
- Security Measures: Use strong and unique passwords for your online accounts and enable two-factor authentication.
Recovering from this scam
- End Communication: Cease all communication with the extortionist immediately to prevent further victimization.
- Document Evidence: Preserve any evidence of the extortion, including messages, emails, or images.
- Seek Support: Reach out to friends, family, or a therapist to help cope with the emotional impact.
- Online Reputation: Consider professional help to mitigate damage to your online reputation.
- Legal Assistance: Consult with an attorney, especially if you need assistance with legal action against the perpetrator.
- File a Police Report Online to local authorities.
- Fake QR Code or Link Shorteners Scams
Scammers use link shorteners like bit.ly to defraud others by sending victims to a fake website created by the scammer. When you click on a fake shortened link, you are taken to a website that looks legitimate, such as Google or Facebook. Scammers can use any information you enter to steal your identity or commit fraud.
Scammers can create deceptive QR or Quick Response codes that lead to malicious websites, phishing attempts, or unauthorized transactions. Scammers may also trick you into downloading malware or viruses by redirecting you to malicious websites through QR codes. Fraudulent QR codes can make unauthorized payments or transfers from your mobile payment accounts.Signs of a Fake QR Code
- QR codes in unexpected or unusual locations, such as on public walls, random flyers, or unsolicited emails or messages.
- QR codes that ask for sensitive information, such as login credentials, payment details, computer commands, or personal data. Legitimate QR codes usually do not require such actions.
- QR codes applied as stickers on top of the original QR code
Prevention Tips
- Only scan QR codes from trusted sources or those you expect to encounter in legitimate settings, such as reputable businesses or official marketing materials.
- Avoid entering sensitive information when prompted by QR codes unless you are confident in the source’s legitimacy.
- Run your fingernail across the QR code. If there's a detectable edge or thickness, it could be hiding another sticker.
- Lift a corner of the QR code. If it lifts away from the surface, don’t use it.
- Recovering from the scam
- If you suspect a fraudulent QR code has led you to a malicious website, disconnect from the internet or turn off your device's Wi-Fi and mobile data to prevent further unauthorized access or malware downloads.
- Install and run reputable antivirus or anti-malware software on your device to detect and remove any potential threats.
- If you entered login credentials or personal information through a fake QR code, immediately change the passwords for the affected accounts and monitor your financial and online accounts for any suspicious activity. Notify your financial institutions promptly of these activities. See Identity Theft for additional measures.
- Implement multifactor authentication (MFA) for those accounts. See https://www.cisa.gov/MFA for more about MFA.
- Report the fake QR code to the business establishments where you encountered it and to the organizations it was posing as.
- You can report internet crimes, including scams, to the FBI’s Internet Crime Complaint Center (IC3) at https://www.ic3.gov/ . This will assist in FBI investigations and help prevent others from falling victim to this scam.
Signs of Fake Link Shortener
- Like the fake QR code scam, this scam can be difficult to detect because the normal cues for identifying malicious websites are missing from the link shortener’s abbreviated name.
- The purveyor of the link is unknown, unfamiliar, or does not look quite legitimate.
Prevention Tips
- Only use link shorteners from trusted sources, such as reputable businesses or official marketing materials.
- You should also be careful about clicking links in emails or social media.
- If you are unsure whether a link is legitimate, contact directly the company or organization the link is supposed to be from to verify it.
- Avoid entering sensitive information prompted by link shorteners unless you are confident in the source’s legitimacy.
Recovering from this scam
- Install and run reputable antivirus or anti-malware software on your device to detect and remove any potential threats.
- If you entered login credentials or personal information through a fake link shortener, immediately change the passwords for the affected accounts and closely monitor your financial and online accounts for any suspicious activity.
- Review your bank statements, credit reports, and other financial accounts for unauthorized activity. Report any suspicious charges or accounts to the respective institutions.
- If you suffered a financial loss File a Police Report Online.
- Family Member Kidnapped or in Distress Scam
You get a call: “Grandma, I need money for bail.” Or maybe an email from someone claiming to be a relative or a friend who says they’re in trouble. They need money for a medical bill or another emergency. The caller says it’s urgent — and tells you to keep it secret.
Signs of this Scam
- Urgent Distress Call: Scammers make urgent calls claiming to be someone you care about, facing legal, travel, or medical issues.
- Request for Secrecy: Scammers insist on secrecy to prevent the target from consulting other family members.
- Payment Requests: Fraudsters ask for in-person cash pick-ups, cryptocurrency, wire transfers, or gift card payments to resolve the supposed crisis quickly.
- Inconsistencies in Story: Be wary of inconsistencies in the caller's story, such as changes in details or vague information about their identity.
Prevention Tips
- Verify Caller's Identity: Confirm the caller's identity by asking personal questions only the real grandchild would know.
- Call the alleged victim or family member via another means of communication.
- Stay Calm and Collected: Resist emotional manipulation; think critically before taking action.
- Avoid Immediate Transactions: Refrain from making immediate financial transactions; take time to verify the situation.
- Educate Elderly Family Members: Inform grandparents about the scam and advise skepticism towards unexpected calls requesting money.
- Agree on a Safe Word: If you have reason for heightened concern about this scam, agree on a safe word to alert the target that the call is legitimate.
Recovering from the scam
- Report to Authorities: Contact local law enforcement and provide details of the scam, including information about the scammer.
- Inform Financial Institutions: If money was transferred, report the incident to the bank or financial institution used for the transaction.
- Gift Cards & Other Untraceable Payment Methods
If a stranger asks for payment in gift cards or cryptocurrency, it is a scam! Thieves go to stores and surreptitiously scratch off the film strip on the back of the gift card to get the PIN, which they cover back up with easy-to-obtain replacement stickers… The crook can then spend it before the buyer or gift recipient can use it.
STOP THE CONVERSATION anytime a stranger asks you to pay with a gift card, cryptocurrency, or other hard-to-trace payment methods. These payment methods carry significant risks, so it's essential to use them cautiously, especially when making large purchases or transactions. Even disclosing the card number over the telephone or via video call can allow the thief to drain the card immediately, leaving you with worthless pieces of plastic. Government agencies never ask for payment via these methods; businesses rarely use them. Any such payment method should be seen as a sign of fraud.
- Home Improvement Scams
Home improvement scams target homeowners by offering services such as repairs, renovations, or upgrades at attractive prices. Scammers may use substandard materials, provide poor-quality work, or disappear after receiving payment up front, leaving homeowners with unfinished or shoddy work.
Signs of Home Improvement Scams
- No or poor Credentials: The contractor has no license, insurance, references, reputation, or reviews.
- Be Wary of Door-to-Door Sales: Be cautious of unsolicited offers for home improvement services, especially from door-to-door salespeople.
- Get Multiple Quotes: Obtain multiple quotes from different contractors to compare prices and services.
- Avoid High-Pressure Sales: Refuse to make quick decisions or payments under pressure.
- Watch for Red Flags: Be alert to red flags such as contractors who ask for full payment upfront or who refuse written contracts.
Prevention Tips
- Research Contractors: Thoroughly research and check references for contractors before hiring them. Look for reviews and ratings by trusted sources.
- Written Contracts: Always insist on a written contract that outlines the scope of work, timelines, costs, and payment terms.
- Payment Schedule: Establish a payment schedule that links payments to the completion of specific project milestones.
Recovering from the scam
- Cease Work: If you suspect a scam, stop work immediately and notify the contractor of your concerns.
- Document Everything: Document all communication, including agreements, invoices, and photos of the work.
- Report the Scam: Report the scam to local consumer protection agencies, the Better Business Bureau, or law enforcement.
- Seek Legal Help: Consult with legal professionals to explore options for recovering lost funds or addressing legal issues.
- Contact Your Insurance: If applicable, contact your homeowner's insurance to inquire about coverage for damages or losses.
- Educate Others: Alert your friends and neighbors to raise their awareness and prevent others from falling victim to similar scams.
- Housing Scams
Housing scams, whether for rental or purchase, deceive individuals into paying money or providing personal information for properties that do not exist, are misrepresented, or are not available for sale or rent.
Rental Scams:
- Phantom Rentals: Scammers create listings for properties that don't exist or aren't available for rent.
- Hijacked Ads: Legitimate rental ads are copied and altered by scammers.
- Fake Landlords: Scammers pose as property owners or agents to collect deposits or rent.
Purchase Scams:
- Foreclosure Scams: Scammers promise to rescue homeowners from foreclosure for an upfront fee but fail to deliver.
- Title Fraud: Scammers steal the homeowner's identity to sell or mortgage the property without the owner's knowledge.
- Real Estate Investment Scams: Fraudulent schemes promising high returns on real estate investments.
Signs of Housing Scams
- Prices are significantly below market value. If it seems too good to be true, it likely is.
- The scammer wants the victim to send money or personal information immediately. The scammer doesn't want to give the victim time to think about the flaws in the offer or research the offeror.
- Inability to provide proper documentation or verification of ownership.
- Requests for deposits or rent before seeing the property or signing a lease.
- Poor grammar, spelling mistakes, and generic email addresses.
- Refusal or excuses to avoid in-person meetings or property viewings.
Prevention Tips
- Research the Property and Owner: (Do not use the information provided by the scammer to verify these points.)
- Verify the property exists and is available for rent or purchase.
- Check the owner's identity and contact information.
- Use official channels to verify property records.
- Use Reputable Websites and Agents:
- Use well-known and trusted real estate websites and agents with reputations for honesty.
- Avoid listings on free, unverified websites.
- Do Not Send Money Without Verification:
- Never send money or personal information without verifying the legitimacy of the listing and the landlord or seller.
- Use secure payment methods and avoid wire transfers or prepaid cards.
- Always visit the property in person or have a trusted representative do so on your behalf.
- Avoid sharing sensitive personal information until you are certain of the transaction's legitimacy.
- Again, beware if something feels off or too good to be true.
Recovering from the scam
- Inform your bank or financial institution immediately to stop or reverse the payment.
- Notify credit reporting agencies to monitor for fraudulent activities.
- Consider placing a fraud alert or credit freeze on your accounts.
- Seek legal advice to understand your options and rights. If title fraud is involved, consult with a real estate attorney.
- Reach out to support groups or counseling services to manage the emotional impact of being scammed.
- File a Police Report Online.
- Identity Theft
Identity theft involves the unauthorized acquisition and use of someone's personal information, such as their name, Social Security number, or financial data, with the intent to commit fraud. Scammers can use this stolen information to open credit accounts, make unauthorized purchases, or even commit crimes in the victim's name.
To protect against identity theft, individuals are advised to be cautious with their personal information, regularly monitor their financial statements and credit reports, use strong and unique passwords, enable two-factor authentication, and be wary of suspicious emails or phone calls requesting personal information.
Identity thieves use various methods to obtain your personal information, including:
- Phishing: Sending deceptive emails or creating fake websites to trick individuals into revealing their personal information.
- Data Breaches: Gaining unauthorized access to personal information databases, often through hacking or security vulnerabilities.
- Skimming: Illegally capturing credit or debit card information by tampering with card readers, ATMs, or point-of-sale systems.
- Social Engineering: Manipulating individuals through deceptive tactics to obtain their personal information, often through phone calls, impersonation, or pretexting.
Once identity thieves obtain someone's personal information, they can engage in a wide range of fraudulent activities, such as:
- Opening fraudulent bank accounts or credit cards in the victim's name.
- Making unauthorized purchases or withdrawals using stolen credit card or bank account details.
- Filing false tax returns to fraudulently claim refunds.
- Applying for loans, mortgages, or other forms of credit using the victim's information.
- Committing healthcare fraud using the victim's insurance information for medical services or prescriptions.
Identity theft can have severe consequences for the victims, including financial losses, damaged credit scores, legal complications, and emotional distress. Victims often spend significant time and effort resolving fraudulent activities, disputing charges, and restoring their identities.
Detecting identity theft can be challenging, but there are several signs and indicators that individuals can look out for. Here are some ways to detect identity theft:- Monitor Financial Statements: Regularly review bank statements, credit card statements, and other financial accounts for unauthorized transactions or unfamiliar charges. Pay attention to even small or seemingly insignificant transactions; these are used to test the feasibility of exploiting your account.
- Check Credit Reports: Obtain free copies of your credit reports from the major credit bureaus (Experian, TransUnion, and Equifax) and review them for any unfamiliar accounts, loans, or inquiries. Look for any discrepancies or errors in your personal information. The credit bureau contact information is below.
- Monitor Account Activity: Keep a close eye on your online accounts, including email, social media, and financial accounts. Look for suspicious activity, such as unauthorized password changes, account lockouts, or unfamiliar login locations.
- Be Alert to Missing Mail: If you stop receiving expected mail, particularly bills or financial statements, it could be a sign that an identity thief has redirected your mail or changed your address.
- Notice Unexpected Communications: Be wary of calls, emails, or letters requesting personal information, passwords, or financial details. Legitimate organizations typically do not request sensitive information through unsolicited means.
- IRS Notification: If you receive a notification from the Internal Revenue Service (IRS) about multiple tax returns filed under your Social Security number or other tax-related discrepancies, it could indicate identity theft.
- Collection Calls or Notices: If you receive calls or letters from debt collectors regarding unfamiliar debts, it could be a sign that your identity has been used for fraud.
- Medical Statements: Review medical billing statements carefully for any services or treatments you did not receive. Unfamiliar charges or insurance claims could indicate medical identity theft.
- Credit Score Changes: Monitor your credit score regularly. A sudden and unexplained drop in your credit score could be a red flag for identity theft.
- Notification from Financial Institutions: Pay attention to any notifications from your bank, credit card issuer, or other financial institutions about suspicious activity or potential data breaches.
If you suspect identity theft, it is important to take immediate action. Contact the relevant financial institutions, credit bureaus, and law enforcement authorities to report the identity theft and initiate the necessary steps to protect your identity and resolve any fraudulent activities. Here are the steps you should take:
- Act Quickly: As soon as you suspect or confirm identity theft, immediately address the issue. The sooner you act, the better your prospects for mitigating the potential consequences.
- Contact Financial Institutions: Notify your bank, credit card issuers, and any other financial institutions where you have accounts about identity theft—request to freeze or close any compromised accounts and open new ones with enhanced security measures. Use the contact information provided by your bank or credit card company, not the information provided by the criminals.
- File a Police Report: File a Police Report Online. Obtain a copy of the police report, which may be required for future steps.
- Contact Credit Bureaus: Reach out to the major credit bureaus—Experian, TransUnion, and Equifax—to report the identity theft and request a credit freeze on your credit reports. By law, you can start and stop a freeze for free. This helps prevent further unauthorized access to your credit information when thieves apply for credit using your identity. We recommend placing a credit freeze with each of the credit bureaus. You may find the online link more convenient.
- Equifax at 1-866-478-0027 or 1-800-525 6285
- Experian at 1-888-397-3742
- Transunion at 1- 800-680-7289 or 1-800-680-7289
- Review Credit Reports: You should obtain a free copy of your credit report at each nationwide credit bureau once every 12 months online. Review the report for credit cards or other accounts you did not create. Carefully review them for any fraudulent accounts, inquiries, or discrepancies. Dispute any unauthorized entries and work with the credit bureaus to remove them from your reports. You may also correct errors that can negatively impact your credit.
- Report to the Federal Trade Commission (FTC): File a complaint with the FTC through their website or by phone at 1-877-438-4338. The FTC can provide guidance and resources for recovering from identity theft and assist in creating an Identity Theft Report. You can fill out the identity theft affidavit online.
- Notify Other Relevant Parties: Inform other organizations that may be affected by the identity theft, such as utility companies, insurance providers, and government agencies. Follow their instructions for resolving the issue and securing your accounts.
- Keep Detailed Records: Maintain a record of all communications, documents, and actions taken regarding identity theft. This documentation will be valuable for future reference and as evidence if needed.
- Stay Vigilant and Monitor Accounts: Monitor your financial accounts, credit reports, and personal information for any further signs of fraudulent activity.
- Imposter/Phantom Scams
Imposter scams (including those posing as law enforcement) involve fraudsters impersonating trusted entities, such as government agencies, financial institutions, or tech support, to deceive individuals into surrendering money, personal information, or both. These scams present serious risks to your finances and personal security.
The Phantom Hacker Scam is a sophisticated fraud where criminals impersonate tech support, bank representatives, or government officials to trick victims into believing their computer or bank account is compromised, often by an alleged foreign "hacker." These scammers ask victims to turn their assets into gold bars or cryptocurrency to protect their funds from this so-called Phantom Hacker. Once the victim purchases the gold bars, they are told an Agent acting as a courier will meet them and pick up the gold to take it to a "secure location." Once the exchange is made, couriers take off with the gold, and the victim has now lost their financial assets to the scam.
Signs of Imposter Scams
- Watch for Red Flags: Be cautious if pressured to act immediately, asked to provide personal information, or if the offer seems too good to be true.
- Demands for payments: Fraudsters claim to be law enforcement or government officials and threaten arrest if you don’t pay a fine, typically in gift cards and cryptocurrency. Genuine businesses and government agencies never ask for payment via gift card. Any such request is a sure sign of fraud. Never use ATM Bitcoin machines, if you are asked to go to an ATM Bitcoin machine, it is a scam.
- Press for Details: Request specific information about the supposed issue or service to verify legitimacy.
Prevention Tips
- Caller ID and Email Verification: Confirm the authenticity of callers or senders through official channels, such as official websites or customer service numbers. Beware that email addresses and caller IDs can be spoofed using electronic tools.
- Stay Informed: Keep up-to-date with common scam tactics and remain vigilant.
- Secure Personal Information: Safeguard personal data and share it sparingly, especially when unsolicited requests are made.
Recovering from the scam
- Cease Contact: Stop communicating with the scammer to prevent further damage.
- File a Report: Report the scam to the government or organization the con artist claimed to represent.
- Secure Accounts: Change passwords, monitor your accounts, and consider credit monitoring to mitigate potential identity theft. If you reveal personal information, see the recovery steps for identity theft .
- Document Everything: Keep records of all communications, payments, and documents related to the scam.
- Job Offer Scams
The "job offer scam" or "employment scam" involves fraudulent individuals or organizations posing as employers to deceive job seekers into providing sensitive identity and financial data. Providing personal information like your Social Security number, bank account details, or copies of identification documents can put you at risk of identity theft or further fraudulent activities. Scammers may also utilize the victim as a means to launder fraudulently obtained money through a bank account owned by the victims as a means to throw off law enforcement and potentially have the victim investigated for fraud.
Signs of a Job Scam
Job seekers should look out for:
- Unsolicited job offers without interviews or applications. Legitimate employers typically follow a standard recruitment process.
- Early requests for personal data (e.g., Social Security number, banking information). See Identity Theft for details on how scammers can exploit your personally identifiable information (PII).
- Recruiters using free email accounts like Gmail, Outlook, or Yahoo.
- Requests for upfront payments for training, equipment, or background checks.
- Attachments (e.g., coding challenges) that contain malware.
- The interviewer's video is off, malformed, or has odd visual or audio artifacts.
- Vague job descriptions or unusually high pay offers.
- Fake checks followed by refund requests.
- Pressure to buy tools from scam-controlled websites. Sometimes, scammers may ask you to order supplies or equipment through a site they control, charging your credit card and delivering inferior or no goods at all.
Employers should look out for:
- Candidate's video is off, malformed, or has AI artifacts.
- Candidate qualifications and salary expectations are too good to be true.
- Resumes containing malicious attachments.
- Applicants using false or stolen credentials.
- Requests to update payroll or banking information.
- Fake staffing firms submitting bogus invoices.
- Inconsistencies in work history, such as gaps, overlapping roles, or unverifiable companies, may indicate a fraudulent application.
- Advanced certifications, elite university degrees, or prestigious positions that seem inconsistent with the applicant's age or experience should be verified independently.
- Resumes sent in unusual formats (e.g., .exe, .scr, .js) or password-protected files may conceal malware.
- Unnatural phrasing or keyword stuffing without meaningful context can indicate the use of generative tools or template manipulation.
- The file properties may contain suspicious author names, software used, or unusual timestamps.
- A person claiming to represent a staffing agency or hiring company should be verifiable through corporate directories or LinkedIn.
- Fraudulent recruiters often pressure HR staff to make quick decisions, bypass vetting, or approve payments.
- Official recruiters rarely use Gmail, Yahoo, ProtonMail, or other personal email services.
- Any recruiter or hiring manager unwilling to follow your established HR policies or documentation practices may be suspect.
- Watch for attempts to redirect background checks, salary negotiation, or equipment purchases to unfamiliar third parties.
Prevention Tips
For job seekers:
- Contact the employer through official company email addresses, websites, or phone numbers. Avoid communicating with "recruiters" who use personal email accounts or messaging services.
- Research companies on LinkedIn, Glassdoor, etc.
- Demand video interviews with cameras on.
- Never send money or sensitive info without validating the requester.
- Verify recruiters via official company websites, not provided links.
- Verify the company's legitimacy through online reviews and reputable sources. For example, find the company on Glassdoor or other sites to verify its authenticity and obtain the contact information for its human resources department. Then, visit the company’s website and locate the phone number of their HR or Security Office. They should match.
- Next, explain that you're a candidate for a position with the company, verify that the recruiter you have been talking to is truly a recruiter for that organization, and verify that the person is actually handling your specific recruitment action (vs. an imposter posing as that recruiter).
- If you cannot confirm the validity of the recruiter and recruitment action, you will need to continue with steps to protect your identity and finances.
- If the recruiter works for an independent recruiting firm, contact the recruiter's company to verify their employment and that they are handling your specific recruitment.
For Employers:
- Use secure platforms to collect resumes.
- Verify applicant identities and perform background checks.
- Contact the applicant via out-of-band communications (e.g., social media) to confirm their identity.
- Scan attachments for malware.
- Train HR professionals to recognize the subtle signs of fraud and malicious behavior during hiring interactions.
- Conduct monthly security awareness briefings with real-world examples of resume and recruiter scams.
- Use phishing simulations that include fake job applications to test internal vigilance.
- Maintain an up-to-date HR fraud response checklist for staff to reference during suspicious interactions.
- Encourage staff to verify independently and escalate unusual behavior to your IT or cybersecurity team.
Recovering from the scam
- File a Police Report Online.
- If you have disclosed personally identifiable information during a fake job interview process, review related bank statements, credit reports, and other financial accounts for unauthorized activity. Report any suspicious charges or accounts to the respective institutions.
- Lottery & Sweepstakes Scams
Lottery and sweepstakes scams entice individuals with false promises of winning a large sum of money or valuable prizes. Victims are instructed to pay taxes, processing fees, or other charges to claim their winnings. In reality, there is no prize, and the scammers simply aim to collect money from unsuspecting victims.
Prevention Tips
- Be Skeptical: Approach unexpected prize claims with skepticism. If it sounds too good to be true, it probably is.
- Verify Legitimacy: Research the lottery or sweepstakes organization independently. Contact them through official channels to confirm your winnings. Consult that organization's website or published information, not the message from the sender.
- Don't Share Personal Information: Avoid sharing personal or financial information with unsolicited contacts.
- Ignore Requests for Money: Do not send money or make payments to claim a prize. Legitimate winnings do not require upfront payments.
- Educate Yourself: Educate yourself and others about the common tactics used in lottery and sweepstakes scams.
Recovering from the scam
- Contact Your Bank: If you've sent money, contact your bank immediately to report the fraudulent transaction.
- Monitor Your Accounts: Regularly monitor your financial accounts for any unusual activity or unauthorized transactions.
- Change Passwords: If you shared personal information, change your passwords and enable two-factor authentication where possible.
- File a Police Report Online.
- Mail Theft
Mail theft takes various forms, including mailbox theft, porch piracy, and breaking into mail drop boxes. Porch piracy is prevalent due to online shopping, as packages are stolen from doorsteps. Stolen mail often contains personal information, financial statements, credit card details, or sensitive data exploitable for illegal purposes. Checks are commonly stolen out of the mail, washed in chemicals, forged, and cashed leaving the victim out the funds as well as what the payment for what they originally wrote the check for. If you want to make check washing incredibly difficult or impossible, experts like the Better Business Bureau recommend switching to a black gel pen.
If you are a business, contact your bank to see if they offer ‘Positive Pay’. Positive pay is a fraud prevention service offered by banks to help businesses detect and prevent fraud. It works by matching checks and ACH payments presented for payment against a list of approved checks issued by the business. If there is a mismatch in the dollar amount, check number, or account number, the check is flagged for review. This automated service helps safeguard businesses against payment fraud and the financial losses it can incur.
Prevention Tips
- Avoid using USPS blue collection mailboxes when mailing any type of payment. Use online banking for e-payments. If you need to mail a payment, drop it off at a post office or hand it directly to a postal employee.
- Secure Mailbox: Use a locked mailbox or a mailbox with a secure lockable compartment for incoming mail.
- Collect Mail Promptly: Retrieve your mail as soon as possible after it's delivered to minimize the time it spends in your mailbox.
- Handle with Care: Take your mail with checks or other sensitive information to the post office or give it directly to a mail carrier.
- Hold Mail When Away: If you're away for an extended period, request the post office to hold your mail until your return.
- Shred Sensitive Documents: Shred documents containing personal information before discarding them to prevent dumpster diving.
- Use Direct Deposit: Opt for direct deposit for paychecks and sensitive financial transactions to reduce the amount of mail containing valuable information.
Recovering from the scam
- Report Theft: Report the mail theft to your local post office and law enforcement. You should also file a report directly with the United States Postal Inspection Service and complete the mail theft questionnaire.
- Monitor Financial Accounts: Regularly monitor your financial accounts for unauthorized transactions or suspicious activity and report it to your bank or financial institution.
- Contact Affected Parties: If you suspect identity theft, contact your bank, credit card companies, and other relevant institutions to alert them to the situation.
- Credit Monitoring: Consider enrolling in credit monitoring services to receive alerts about any suspicious credit activity.
- Change Locks: If your mailbox lock was tampered with, change the lock to prevent further theft.
- Online Shopping Scams
Online marketplace and shopping scams refer to fraudulent activities that occur during online transactions on e-commerce websites, online marketplaces, or classified ad websites. Scammers may take payment for products or services but never actually deliver them. Scammers may use any data you enter for identity theft or unauthorized transactions. This scam is very common on Facebook Marketplace as many profiles are ‘hijacked’ and used by scammers to sell products or services without delivering them.
Signs of Online Shopping Scams
- Scammers will offer products at significantly lower prices than market value. If a deal seems too good to be true, it probably is.
- Be wary of sellers with a history of negative feedback or suspiciously positive ratings.
- If the seller insists on unconventional payment methods such as cryptocurrencies, wire transfers, or prepaid gift cards, it is a red flag.
- A fraudulent seller may suggest paying them directly by gift card or wiring money. That's a sign of a scam; getting your money back is nearly impossible if you pay that way.
- Exercise caution if the information provided seems incomplete, inconsistent, or unclear.
- The platform has no dispute-resolution process, or it is poorly described.
- Avoid sellers who only provide email addresses or do not respond to inquiries promptly.
- The seller asks for personal information unnecessary for the transaction. This may indicate an attempt at Identity Theft.
Prevention Tips
- Check the seller's ratings, feedback, and reviews before purchasing.
- Legitimate sellers offer secure payment options like checks and credit cards.
- Preferably use secure payment methods, such as credit cards or reputable payment platforms, that offer buyer protection and the ability to dispute transactions if needed.
- Use the marketplace’s established payment methods so that your money can be refunded should you be unsatisfied with the purchase.
- Pay attention to product descriptions, images, and specifications.
- Before purchasing, research the seller's reputation, read customer reviews, and check if the platform has a robust dispute resolution process.
- Stick to reputable and well-known online marketplaces and websites.
- Ensure the seller provides legitimate contact information, such as a physical address and customer support channels.
- Avoid sharing unnecessary personal information or financial details unless you are confident in the seller's legitimacy and website security.
- Phishing Emails
Phishing email scams typically involve fraudulent emails, text messages, or websites that mimic legitimate organizations or individuals to deceive recipients into revealing sensitive information, such as passwords, credit card details, or account numbers. These scams often rely on social engineering techniques, manipulating victims into taking actions compromising their security. A phishing email attack is a type of cyberattack in which malicious actors send deceptive emails to individuals or organizations to trick recipients into revealing sensitive information, such as usernames, passwords, financial data, or personal details. These emails often impersonate legitimate sources, such as banks, government agencies, or reputable companies, to gain the recipient's trust.
Phishing attacks can take various forms and may involve multiple tactics, including:
- Email Spoofing: Attackers forge the sender's email address to make it appear that the message comes from a trusted source.
- Deceptive Content: Phishing emails typically contain urgent or enticing content to provoke an immediate response. This may include fake invoices, security alerts, or offers.
- Malicious Links: Phishers include links that lead to fake websites that mimic legitimate ones. These sites capture login credentials or install malware on the victim's device.
- Attachments: Some phishing emails contain malicious attachments, such as infected documents or executable files, which can compromise the recipient's system.
- Phone Scams
To perpetrate phone scams, criminals use caller ID spoofing to make the phone call appear legitimate and official. Caller ID spoofing allows someone to display a phone number different than the actual number from which the call was placed. Thus, it appears that they are calling from a specific location or a legitimate government agency such as the IRS, law enforcement, border protection agency, Amazon, PayPal, Wells Fargo, or anyone the fraudster wants to impersonate. These Caller ID spoofing apps are readily available on smartphones.
Signs of Phone Scams
- Callers go to great lengths to keep you on the phone.
- Callers make the event or opportunity extremely urgent.
- Callers say someone will pick up the money.
- Callers direct the victim to mail the money, deposit the money into an unknown bank account, cash app, or cryptocurrency wallet.
Prevention Tips
- Just hang up. Or don't answer and let the caller leave a message so you can decide whether to call them back.
- Register your phone number on national and state Do Not Call lists to reduce unwanted calls.
- Use caller ID and call-blocking apps to screen and block unwanted calls.
- Do not assume the number displayed on your Caller ID is accurate.
- Ask for the caller's name, organization, and contact information, and verify their identity independently.
- Don't share personal or financial information unless you made the call using contact information from official publications, correspondence, or websites.
- Be skeptical of high-pressure sales tactics, urgent demands for payment, or offers that seem too good to be true.
- Don't make hasty decisions or payments during a call. Take time to research and consider offers.
- Discuss the call with friends and family before making any decisions.
- Educate yourself and family members about common tactics used in fraud.
Recovering from the scam
- Cease Communication: Immediately cease all communication with the scammer and block their contact.
- Contact Your Bank: If money was sent, contact your bank or financial institution to report the fraudulent transaction.
- Monitor Accounts: Regularly monitor your financial accounts for any unusual activity or unauthorized transactions.
- Secure Your Accounts: If you share personal information, change your passwords and enable two-factor authentication where possible.
- File a Police Report Online.
- Romance Scams
Romance scams exploit individuals seeking companionship or romantic relationships through online dating platforms or social media. Scammers create fake profiles, establish emotional connections, and then manipulate victims into sending money or providing financial assistance under false pretenses.
Romance scams are online fraud where individuals with malicious intent create fake personas, often pretending to be romantic interests, to exploit victims emotionally, psychologically, and financially. These scams involve building a romantic or emotional connection with the victim, gaining their trust, and eventually requesting money or personal information under false pretenses. Romance scam victims often refuse to believe that the nice person (perhaps the love of their lives) is a crook.
- Victims can lose significant money to scammers who exploit their trust.
- Falling for such scams can cause emotional distress and embarrassment.
- Scammers may also attempt to gather personal and financial information, putting victims at risk of identity theft.
Signs of Romance Scams
- Be Cautious of Online Relationships: Exercise caution when forming online relationships, especially if the other party is reluctant to meet in person.
- Verify Identity: Verify the identity of the person you are communicating with by conducting reverse image searches, checking social media profiles, and using video calls.
- Watch for Red Flags: Be alert to red flags such as requests for money, inconsistencies in stories, reluctance to share personal details, and refusal to meet in person.
- Trust Your Instincts: Trust your instincts if something doesn't feel right in the relationship. Scammers often use emotional manipulation to keep victims involved.
- Communicate with Trusted Friends: Share details of your online relationship with trusted friends or family members who can provide objective advice.
Prevention Tips
- Guard Personal Information: Avoid sharing personal and financial information with someone you've met online, especially if they request it early in the relationship.
- Stay Skeptical: Be skeptical of anyone who rushes the relationship, declares love quickly, or asks for money or financial assistance.
- Report Suspicious Activity: Report any suspicious profiles or messages to the platform you're using and to relevant authorities.
- Educate Yourself: Educate yourself and others about the common tactics used in romance scams.
- Slow Down: Take your time building online relationships and seek advice from trusted individuals.
Recovering from the scam
- Cease Communication: Immediately cease all communication with the scammer and block their contact.
- Seek Support: Seek emotional support from friends, family, or support groups, as victims often experience significant emotional distress.
- Monitor Financial Accounts: Regularly monitor your financial accounts for any unauthorized transactions.
- Be Wary of New Contacts: Be cautious of new online contacts, and use the lessons learned to avoid falling victim to similar scams in the future.
- Secure Your Accounts: If you shared personal information, change your passwords and enable two-factor authentication where possible.
- File a Police Report Online.
- SIM Swapping
SIM swapping, SIM hijacking, or SIM jacking occurs when a cybercriminal fraudulently transfers a victim's phone number to a SIM card under the attacker's control. This allows the attacker to receive all incoming calls and messages intended for the victim, bypassing security measures that rely on multi-factor authentication (MFA) via SMS.
Why do cybercriminals perform this attack?
- Identity Theft: SIM swapping can be a precursor to identity theft. By gaining control of a victim's phone number, attackers can intercept authentication messages and access the victim's online accounts, financial information, and personal data.
- Account Takeover: With control over the victim's phone number, attackers can reset passwords and take over various online accounts, including email, social media, and financial accounts. This gives them the ability to conduct fraudulent activities or steal sensitive information.
- Financial Fraud: Criminals may use SIM swapping in financial fraud schemes, such as unauthorized bank transfers, cryptocurrency theft, or fraudulent purchases using linked payment methods.
- Extortion: In some cases, attackers may use SIM swapping to extort money from victims by threatening to release sensitive information obtained from compromised accounts or by holding accounts hostage until a ransom is paid.
- Espionage and Surveillance: In targeted attacks, SIM swapping can be used for espionage or surveillance purposes to monitor the victim's communications, track their location, or gather sensitive information for blackmail or manipulation.
Signs of SIM Swapping
- Victims may suddenly lose cellular service or notice an inability to make or receive calls and texts.
- Unauthorized changes to account settings, such as passwords or security questions, can indicate a SIM swap.
- Victims might receive notifications about SIM card changes or new account logins that they did not initiate.
- SIM swapping is often a precursor to identity theft or other forms of fraud, so victims should be vigilant for any unusual account activity.
Prevention Tips
- Be wary of someone instructing you to use the *21 or *72 or something similar followed by a 10-digit forwarding number. This will forward your calls to a number the scammer is controlling in order to access your accounts and/or reset passwords.
- Use authentication apps like Google Authenticator or Authy instead of relying on SMS-based MFA whenever possible.
- Enable additional security measures such as account PINs, security questions, or biometric authentication where available.
- Regularly check account settings and activity for any suspicious changes or unauthorized access.
- Be cautious about sharing personal information online or over the phone, as attackers may use it to impersonate you.
Recovering from SIM swapping
- Immediately contact your mobile service provider to report the issue and request assistance in regaining control of your phone number.
- Change passwords for all affected accounts and enable additional security measures such as multi-factor authentication.
- Review and update security settings for all online accounts to prevent further unauthorized access.
- Monitor your accounts for suspicious activity and consider placing a credit freeze on your report.
- File a Police Report Online.
- Smishing
SMS scams, also known as smishing, involve fraudulent attempts to deceive individuals through text messages. Scammers use various tactics, such as posing as legitimate entities, to trick recipients into disclosing personal information, clicking on malicious links, or making unauthorized payments. These text messages often impersonate legitimate sources, such as banks, government agencies, or reputable companies, to gain the recipient's trust. Many of the characteristics of phishing attacks will appear in smishing attacks. Smishing attacks can take various forms and may involve multiple tactics, including:
- Spoofing: Attackers forge the sender's phone number to make it appear that the message comes from a trusted source. Scammers may choose country and area codes that appear familiar or less likely to raise suspicion among the recipients. This could include numbers associated with well-known businesses or services.
- Deceptive Content: Smishing messages typically contain urgent or enticing content to provoke an immediate response. This may include fake traffic/parking violations, security alerts, or offers.
- Malicious Links: Smishers include links that lead to fake websites that mimic legitimate ones. These sites capture login credentials or install malware on the victim's device.
- Attachments: Some smishing messages contain malicious attachments, such as infected documents or executable files, which can compromise the recipient's system.
- Artificial Intelligence: Cybercriminals are utilizing AI to create highly persuasive and personalized smishing content. This poses an increased risk, especially during the holidays when online activities peak.
- SNAP or EBT Fraud
Supplemental Nutrition Assistance Program (SNAP) Electronic Benefits Transfer (EBT) cards can be stolen, the card numbers used, or the cards skimmed or cloned. Perpetrators can also exploit system vulnerabilities to commit fraudulent activities, such as selling or trading benefits, misrepresenting eligibility, or using fraudulent information to obtain benefits.
Prevention Tips
To prevent future theft of your benefits, USDA encourages SNAP participants to take the following actions:
- Keep your PIN secret. Do not share your PIN with anyone outside your household. Cover the keypad when you enter your PIN on a machine.
- Check your EBT account regularly for unauthorized charges. If you notice any, change your PIN immediately to stop the thief from making new purchases.
- Check card reading machines to ensure nothing suspicious is overlaid or attached to the card swiper or keypad. Skimmer devices can be difficult to detect and may hide parts of the machine.
- Lock your card when not in use: You can lock and unlock your EBT card online.
Recovering from the scam
- Report the Fraud to Virginia Department of Social Services.
- Cooperate with Investigations: Victims should fully cooperate with any investigations conducted by SNAP authorities by providing necessary documentation and information. Affected SNAP recipients should collect and provide as much detail as possible regarding the fraudulent activity to aid investigations.
- File a Police Report Online.
- Tax Refund Fraud
Using the stolen information, scammers file fraudulent tax returns early in the tax season and direct the refund to an account they control, often through prepaid debit cards or other untraceable financial instruments.
Scammers obtain personal information such as Social Security numbers (SSNs), birthdates, and other sensitive data through data breaches, phishing, or other forms of identity theft. Using the stolen information, the scammers file fraudulent tax returns with the IRS early in the tax season. They often use falsified income data and deductions to maximize the refund amount. Next, the scammer directs the refund to an account they control, often through prepaid debit cards or other untraceable financial instruments. The legitimate taxpayer may only discover the fraud when they file their tax return and learn that a return has already been filed under their SSN.
Signs of Tax Refund Fraud
- Receiving an unexpected notice or letter about a tax return you did not file.
- Notice that more than one tax return was filed for you.
- Agency records of income from an employer you did not work for.
- Not receiving an expected tax refund due to a fraudulent return sent to the scammer instead.
Prevention Tips
- Be cautious with personal information, especially online. Use strong, unique passwords for financial accounts and enable two-factor authentication.
- Regularly check bank statements, credit reports, and IRS accounts for unusual activity.
- File your tax return as early as possible to reduce the window of opportunity for scammers to file a fraudulent return.
- Obtain an Identity Protection PIN (IP PIN) from the IRS. This six-digit number helps prevent someone else from filing a tax return using your SSN.
Recovering from Tax Refund Fraud
- If you suspect tax-related identity theft, immediately contact the IRS Identity Theft Protection Specialized Unit at 1-800-908-4490.
- If your identity was used to steal your state tax refund, promptly contact the Virginia Taxpayer Service online or at 804.404.4185.
- Place a fraud alert on your credit reports and consider a credit freeze to prevent further misuse of your personal information.
- Follow up with the IRS or Virginia Taxpayer Service to monitor the status of your tax return.
- Tech Support Scams
Tech support scams involve fraudsters posing as legitimate technical support representatives to deceive individuals into paying for unnecessary services or gaining access to their computers for malicious purposes. A tech support scammer can install malware to steal sensitive information, steal your passwords, monitor your online activities, or cause other damage.
Signs of Tech Support Scams
- Unexpected calls claiming to be from tech support, especially if they state that your computer has issues, can be a sign of a scam.
- Fake pop-up messages on your computer warning of viruses or system errors and providing a phone number for assistance indicate scams.
- Scammers often create a sense of urgency, pressuring individuals to make immediate payments or provide remote access to their computers.
- In many cases, scammers request remote access to the victim's computer under the guise of fixing the alleged issues. Once they gain access, they can install malicious software or steal personal information.
- Scammers may create fake websites or pop-up messages that appear to be from legitimate tech support services. These often contain phone numbers or links for victims to click.
Prevention Tips
- Be skeptical of unsolicited calls, emails, or pop-ups claiming to be from tech support. Criminals can spoof phone numbers, so you can’t rely on Caller ID. Legitimate tech support companies normally won't make unsolicited phone calls. If in doubt, hang up and contact the company directly using official contact information.
- Do not click on pop-up messages claiming your computer has issues.
- Enable two-factor authentication for your accounts to add an extra layer of security.
- Do not give control of your computer to an unsolicited caller. If remote desktop protocol (RDP) is enabled, consider disabling it.
- Use reputable security software to protect your computer from malware and viruses.
- Keep your operating system, software, and security programs up to date.
- If in doubt, contact the company's actual customer support channel using contact information from their official website or documentation.
Recovering from Tech Support Scams
- If you suspect a scam, cease communication with the fraudsters immediately. This will terminate the session with the fake technician and prevent them from doing further damage to your computer.
- Run a full system scan using reputable antivirus or anti-malware software to ensure your computer is clean.
- Change passwords for sensitive accounts to prevent unauthorized access.
- Contact your bank and other affected financial institutions to report the fraudulent transaction.
- File a Police Report Online.
