Identity Theft and Phishing

By Crystal Baldwin

When I presented on the topic of identity theft a decade ago, the concept seemed somewhat distant, impacting few individuals with identity thieves using dated and laborious tactics to steal identities.  A section of my presentation was devoted to informing about dumpster diving—the fact that people can get a lot of information about your identity from the trash you discard—and encouraging shredding as an identity theft prevention step.  Another section focused on phishing and educating about what phishing is; not to be confused with fishing, except metaphorically of course. 

Protect yourself from Identity Theft! Safeguard your personal information.  Verify requests for information. Shred documents using a cross cutting shredder.

In the age of the robocall and the internet, phishing and identity theft have become more sophisticated in that scammers can make the same automated call to many people at once and data security breaches expose consumers to widespread identity theft.   

Even with advances in technology, identity thieves can still obtain your personal information by rummaging through your trash and phishing.  To demonstrate, let’s take a quiz: 

What do you do with your expired credit card when a replacement arrives in the mail? 

A. Cut it down the middle and throw it out.  The card cannot be used once the magnetic strip is severed.  

B. Run it through a straight-line shredding machine. The card will be of no use when made into little strips.  

C. Cut it into as many small pieces as possible, either with scissors or a cross-cutting shredder. Throw out the pieces in different trash bags. It will be virtually impossible to decipher the card with it in so many pieces and places. 

D. Discard as it is.  Without additional instruction from the bank, no additional steps are necessary.  The card is of no use once it expires. 

My answer is C: Cut the card into a million pieces and discard in multiple places.  Why?  Because even though the card is expired, with card updates the card number stays the same.  Once a determined scammer has obtained the card, all they need to do is follow up with a strategic phishing phone call to you.  When they call, they may claim to be your financial institution and ask a series of phishing questions, which exposes other important numbers about the valid card in your possession: the expiration date and the CCV.   

What exactly is phishing?  

A. A sport of catching fish, using a fishing pole. 

B. A fun excursion with Vermont Phish Phans.  

C. The fraudulent attempt to obtain your personal information or data. 

D. Testing the water pH before ice fishing.  

Hopefully this quiz question was easier.  The answer is also C.   

Identity thieves phish for information about you, your Social Security number, your bank account number, your credit card and debit card numbers, your birthday, and more in order to use the information for their own financial gain.  When an email purports to be your bank, saying you have been locked out of your account and you must login using the enclosed link, a scammer hopes you provide them all of your personal information by completing their realistic-looking bogus form.  Once you have, they can access and use your account.  And, depending on the information you have provided, they may also open up new lines of credit in your name without your knowledge or consent.  Identity thieves have opened home loans, car loans and credit cards.  They usually don’t pay the bills they run up, creating a mountain of work for you to dispute debts you do not owe.  

Phishing scammers may contact you by email, phone, text message, and any other communication mechanism you use currently, including social media.  Phishing scams often present a problem that must be solved by you disclosing some personal information.  They may even pretend to be your computer company, warning about viruses that need to be repaired on your computer.  They offer to help you resolve your virus problem, if you grant them access to your computer and, unknowingly, your personal information stored on your computer.  Phishing scammers may also say a package will soon be delivered to you and you must reply if you did not order a product, or else your credit card will be charged. Then when you call, they ask for your credit card number. 

Protect yourself from phishing scams! Scammers claim to be someone you know. They present a problem that can only be resolved by providing personal info or money, they may contact you by phone, email, text, mail, and even social media.

Phishing scams can be tricky, because there are scenarios in which a bank institution may contact you, such as if there has been fraudulent activity on your credit card. Scammers take advantage of this and try to replicate it.  Rather than trying to determine the difference between a scam call and a call from your bank, take out the guesswork by disconnecting the contact and calling your bank directly on a number you know to be valid.   

Resist the impulse to reply to urgent requests of phishing scammers.  By slowing down and taking steps to verify, you can stop phishing scammers from reeling you into their trap. 

Help CAP prevent scams by sharing this information with your community.  Have a scam to report? Use CAP’s online scam reporting form

For more information about identity theft, visit our website

Help us stop these scams by sharing this information with those you care about. Get notified about the latest scams: Sign up for VT Scam Alert System alerts.  

Vermont’s Top Ten Scams of 2020

Vermonters filed 5,021 scam reports with the Attorney General’s Consumer Assistance Program (CAP) in 2020. The Social Security number phishing scam, which typically involves calls claiming that your Social Security number has been compromised, suspended, or linked to criminal activity, remained the most commonly scam for the second year in a row with 1,160 reports filed. Claiming the number two spot on the list of top ten scams in 2020 were “free money” scams. Six-hundred-eighty-three Vermonters reported receiving “free money” scam calls where they were told that they had won a prize or money and needed to pay fees or taxes upfront to collect. With scam attempts remaining high, Attorney General T.J. Donovan urges Vermonters to Take it Slow: scammers will pressure you to act fast, demanding personal information and payment, while threatening extreme consequences if you do not comply. Don’t let them pressure you!

“If you get a suspicious call, remember to slow down, hang up the phone, and take notes on the interaction,” warned Attorney General Donovan. “If you still need help identifying if something is a scam, call us at CAP at 800-649-2424.”

Unfortunately, many scam encounters result in monetary loss in Vermont. In 2020, 249 Vermonters lost approximately $1.5 million, in total, to scammers. The most common scams associated with monetary loss were imposter scams (scammers posing as friends, family members, or romantic interests) and online classified listing scams (scams perpetrated on sites such as Craigslist or Facebook Marketplace). Scammers ask their victims to send money using a variety of methods, including gift card transactions, peer-to-peer payments apps like Venmo or CashApp, wire transfers, and cash or checks in the mail.

Vermonters can report a scam or sign up for the Scam Alert system by going to ago.vermont.gov/cap or by calling the Consumer Assistance Program at 1-800-649-2424. 

The top 10 scams of 2020 are

  1. Social Security number phishing 
  1. Free money 
  1. Amazon and package deliveries phishing 
  1. Computer tech support 
  1. Phony relationships (not grandchild) 
  1. Debt collection  
  1. Online classified listings 
  1. Extortion emails 
  1. Grandchild imposter 
  1. Bank/financial institution phishing 
Vermont’s Top Ten Scams of 2020 by the Consumer Assistance Program of the Vermont Attorney General’s Office and the University of Vermont
  1. Social Security number phishing 

The scam: You receive a phone call (usually a robocall) stating that there has been criminal or fraudulent activity involving your Social Security number. The scammer may also claim to be a government agency or law enforcement, threatening arrest or serious consequences. The scam often begins as a robocall. 

How to spot the scam: If Social Security (or any official agency) wanted to contact you, they would not call to ask for your personal information, especially your Social Security number, over the phone. These agencies mail communications and would never threaten you for information or payment over the phone. 

What to do: Be wary when responding to unsolicited contacts and never provide personal information to unknown contactors, especially over the phone.  

  1. Free money 

The scam: You receive a phone call, email, or mailing that claims you have won money or a prize—but there’s a catch: you have to pay money up front for taxes or fees. Sometimes the outreach includes a realistic-looking fake check. The check bounces and no “winnings” are ever dispersed. Often, they claim to be Publishers Clearing House. Scammers may also claim to offer government grants or stimulus money, getting touch via social media. 

How to spot the scam: If you actually win a major prize from Publishers Clearing House, they will contact you in person. For smaller prizes (less than $10,000), winners are notified by overnight delivery services (FedEx, UPS), certified mail, or email in the case on online giveaways. They never make phone calls. An unsolicited check in the mail from an unknown sender is usually a scam. 

What to do: If it sounds too good be true, then it’s not true. Never pay an upfront fee to receive winnings or a grant. If you win something, they will pay you – not the other way around. No actual contest or sweepstakes would you make you pay first to receive money. 

  1. Amazon and package deliveries phishing 

The scam:  An automated phone call or email claiming that your credit card has been charged by Amazon or that you have an outstanding balance on your account. The scammer instructs people to call them to get a refund or resolve the charge, at which point they request your card number and attempt to gain remote access to your computer. You might also receive a text message or email claiming that you have a package, but they need to verify your information. 

How to spot the scam: Amazon will not call you unless you request that they do so. If you have legitimate concerns about your Amazon account, or other accounts, contact the company directly through a trusted contact, such as through the customer portal within your account. 

What to do: Hang up the phone and do not call back. Furthermore, you should not allow remote access to your computer to unknown parties. If you are concerned about charges made to your credit card, contact your credit card company directly. If you receive a text regarding a package delivery, don’t click any links or reply.  

  1. Computer tech support 

The scam: A phone call or pop-up message on your computer claiming to be from Microsoft, Apple, or another well-known tech company. They will say there is a virus or other problem with your computer and try to persuade you to give them remote access to resolve the issue. They may also ask for immediate payment for their services. 

How to spot the scam: Legitimate customer service information usually won’t display as a pop-up. Companies like Microsoft, Apple, and Google do not call you to notify you of malware on your computer. 

What to do: Never provide remote access to your computer to a stranger or click links from an unknown sender in an e-mail or pop-up message. If you get a call from “tech support,” hang up. Also, be careful when searching for tech support numbers online. Some users have been scammed by calling illegitimate numbers for legitimate companies. 

  1. Phony relationships 

The scam: There is a wide variety of phony relationship scams. Sometimes, the scammer pretends to be someone you know, like a love interest, friend, relative, or even a religious leader. They typically reach out to you online or on the phone, claiming to need money.  

How to spot the scam: They ask you to send money immediately, often in the form of wire transfers or gift cards. If you met the person online, but they refuse to video-chat or talk on the phone.  

What to do: If they claim to be someone you know, call the person using a verified phone number. If you receive a suspicious email, be sure to double-check the email address. If you’re feeling suspicious, get the real story and talk to someone you trust. Cut off communication with the scammer. If you receive an email from a friend or coworker asking for money, do not send money. Be sure to call that person directly—it’s most likely a scam. 

  1. Debt collection 

The scam: Scammers pose as debt collectors or law enforcement and say legal action will be taken against you if you don’t pay them what you owe. Some may claim to be familiar businesses or the government, such as utility companies or the IRS. 

How to spot the scam: If you did owe a debt, collectors are not allowed to threaten you with arrest over the phone. You can request verification of the debt, which has to be sent to you in writing. If you ask them to stop calling you, they are generally required to stop. 

What to do: Hang up the phone, and if they call again, let the call go to voicemail. If you think you do actually owe money to a debt collector or other agency, make sure you call using a trusted number. 

  1. Online classified listings 

The scam: Sometimes the scammer responds to a seller’s post, overpays with a check, and asks for the remainder to be wired back. Sometimes the post is for a fictitious rental property and the scammer is looking for the deposit and first month’s rent to be sent immediately. Scams even happen when you are looking for that perfect puppy or pet to expand your family, but the transport of the animal is supposedly held up at the airport or elsewhere. 

How to spot the scam: If you feel suspicious, stop the sale or purchase. The scammer may ask you to wire them money, send a bank transfer, or pay using gift cards. They may not want to talk on the phone or meet in person. Remember, you should not provide a rental deposit before signing the lease or contract in-person. 

What to do: Complete your transactions in cash and preferably in-person. If they refuse to meet in-person or talk on the phone, ignore them and end communication. 

  1. Extortion emails 

The scam: You receive an email that threatens exposure of compromising home video and pictures, unless you pay, usually in Bitcoin. The email claims you have been hacked and may reference a current or former password you may have used. The sender claims that they have access to your computer and webcam and threatens to release embarrassing photos and video unless you send them money. 

How to spot the scam: The scammer is using scare tactics to make you act fast. Don’t take the bait! The email message will often include threats and hurtful language. 

What to do: Do not reply to the email or click on any links or attachments included on the message. Do not send money. If you find that your current password is listed in the email, change your passwords from another computer and run virus scans. Delete the email or add it to your spam/junk folder. 

  1. Grandchild imposter 

The scam: Scammers pose as grandchildren and claim to be in serious trouble, such as in prison or at the hospital. They urgently request money in the form of wired funds or prepaid gift cards. They may also claim that their voice sounds unfamiliar due to injury. After the initial call, they may claim you will be hearing from an attorney or officer. 

How to spot the scam: Call your grandchild or family members on known phone numbers to ensure your grandchild is safe. 

What to do: Never wire or otherwise send funds unless you can verify the emergency. Take it slow and contact someone you trust.  

  1. Bank/financial institution phishing 

The scam: You receive an email or phone call claiming to be from a bank. Emails might claim that your account is in danger or has been suspended, or that your card is on hold due to suspicion activity. The email also includes links to phony websites. Phone calls may claim that there has been fraudulent activity involving your account, and the scammers demand personal information about you and your account.  

How to spot the scam: Scammers mask their actual identity by changing the sender name to the name of the financial institution. Look at the email address before opening the email. You will often find an account not affiliated with your bank. Similarly, scammers can spoof phone numbers of financial institutions. If you answer a call that appears to be from your bank and they ask for your personal and/or account information, hang up and call your bank directly on a number you trust to verify their attempt to contact you.  

What to do: Do not reply to the email or click on any links or attachments included on the message. If you receive a call, hang up the phone. To correspond directly with your bank or financial institution, use verified contact information, such as information listed on your statement. 

Don't Get Scammed: Slow Down and Follow A Plan: Slow Down, Log the Call, make One Call to a primary contact, report to Who Cares; CAP cares, call 800-649-2424.
Don’t get scammed, slow down and follow a plan. SLOW method by the Consumer Assistance Program.

Social Security Number Phishing Scams

Since August 1, the Consumer Assistance Program has received approximately 275 reports of the Social Security number phishing scam!

Here’s how the scam works:

  1. You receive a phone call stating that there has been criminal or fraudulent activity involving your Social Security number. The scammer may also claim to be a government agency or law enforcement, threatening arrest or serious consequences. The scam often begins as a robocall.
  2. If you “press 1”, you are connected to a live person, who claims to be a detective or law enforcement agent. They spin a detailed story about a crime committed involving your Social Security number.
  3. Then, the scammer attempts to obtain your personal information and money. Never provide your Social Security number or bank account numbers over the phone, especially to an unknown caller.

If you receive a Social Security number phishing scam call, hang up the phone! Do not press 1 or attempt to connect to a live person.

The Social Security Administration will contact you via official letters in the mail if necessary. If you receive a call threatening arrest, it’s a scam.

Take it SLOW: Scammers pressure you to act fast, demanding personal information and payment, while threatening extreme consequences if you do not comply. Don’t let them pressure you! Remember to slow down, hang up the phone, and log the call. All it takes is one call to someone in your life to talk it through. If you still need help identifying the scam, make an additional call to someone who cares. You can always call CAP, we care and can discuss scams with you.

If you do provide personal information to the scammers over the phone, here are some proactive steps you can take to protect your information and your finances:

  1. Report the scam to CAP: (800) 649-2424 or ago.cap@vermont.gov
  2. If you provided your Social Security number to the scammers:
    1. File an identity theft report with the Federal Trade Commission and your local police.
    2. Check your credit reports and place a fraud alert or freeze on your credit.
    3. Watch out for identity theft warning signs.
  3. If you provided financial information, such as bank account numbers or credit card numbers, contact the involved financial institutions right away.
  4. If you provided the scammers with a payment via gift card, call the phone number on the back of the card.

Open Enrollment Medicare Card and Social Security Number Phishing Scam Alert

Scammers are posing as Medicare saying they need your Medicare card number or Social Security Number to issue a new card or to verify medical information to keep your coverage active. The calls may also claim that coverage is expiring or in need of renewal. During Medicare Open Enrollment and all year, hang up on these unsolicited calls!

Listen to Attorney General Donovan’s Scam Alert call

Why they are calling:  This scam attempts to gain access to your Medicare card number or social security number to commit Medicare fraud and identity theft. 

What to do:  Never provide personal information or payment to unknown callers. Vermonters must be particularly cautious about this scam as the calls originate from a spoofed number, appearing as a local phone number on your caller ID, and the scammer is a live caller.

With open enrollment ending this Saturday, scammers may be trying to capitalize on consumers who are reevaluating or adjusting their Medicare coverage. Fortunately, consumers don’t have to navigate the Medicare process alone. In Vermont, representatives of the State Health Insurance Assistance Program (SHIP) at 1-800-642-5119 through local Area Agencies on Aging can help. Other questions and concerns about Medicare coverage can be directed to Medicare at 1-800-MEDICARE.

Please help us stop these scams by sharing the information with someone you know. If you have questions about this scam, or have provided personal information to the scammers, please call the Consumer Assistance Program at 1-800-649-2424.

More Resources:
Federal Trade Commission: Protect Yourself Against Medicare Scams
Medicare Open Enrollment Scam Alert by the Vermont Department of Financial Regulation
Medicare.gov

Contributing Writer: Crystal Baldwin

Vermont’s Top Scams of 2018

Top 10 Scams of VT 2018

Vermonters filed 5,471 scam reports with the Attorney General’s Consumer Assistance Program (CAP) in 2018 according to the Attorney General’s list of top 10 most commonly reported scams of the year. This amounts to a 4.55% increase in scams from 2017. As new scams emerged, old scams persisted. The IRS scam, which involves scammers claiming to be government officials collecting back taxes, was the most common scam for the fifth year in a row. Vermonters filed 1,429 reports regarding the IRS scam.

Spoofing, when scammers falsify information on Caller ID to appear as though the call comes from a local number, is on the rise. One type of this call is the “reflector” scam, which involves repeated calls coming in from ones’ own number. Another new scam this year reported by more than 100 Vermonters was a threatening email containing an old password and demanding money. The number of social security number phishing scams also increased, rising sharply at the end of the year.

“Scam calls are everywhere and affect everyone,” Attorney General T.J. Donovan said. “I urge Vermonters to stay alert and know the common scams. And please continue to report scams to my office so we can work to educate and protect Vermonters.”

Scam reports total over one-third of all contacts to CAP, making them one of the most common consumer issues affecting Vermonters. To counter the overwhelming number of scams, Attorney General T.J. Donovan, in partnership with the Department of Public Safety, launched a new scam alert system in 2017 to warn Vermonters about new or widespread scams. Vermonters can report a scam or sign up for the Scam Alert system by going to ago.vermont.gov/cap or by calling CAP at 1-800-649-2424.

The top 10 scams of 2018 are:

  1. IRS imposter
  2. Social security number phishing
  3. Computer tech support
  4. Grandchild imposter
  5. Debt collection threats
  6. Spoofing
  7. Reflector (claim to be Microsoft)
  8. Email extortion
  9. Publishers clearinghouse sweepstakes claims
  10. Sweepstakes claims (general)

Information about each scam:

  1. IRS Imposter

 The scam: A phone call claiming you owe “back taxes” or payments to the government allegedly from the IRS or “US Treasury and Legal Affairs.” They may threaten you with arrest or investigation.

How to ID the scam: The IRS will never call you at home to threaten legal action.

What to do: Don’t respond to these callers. If you think you may actually owe back taxes, hang up and contact the IRS directly at 1-800-829-1040.

  1. Social Security Number Phishing

The scam: An attempt to obtain your social security number by posing as the Social Security Administration or a business. They may try to get access to your social security number by telling you it has been compromised or stolen.

How to ID the scam: If social security (or any official agency) wanted to contact you, they would not call to ask for your personal information, especially your social security number, over the phone.

What to do: Be wary responding to unsolicited contacts and never provide personal information to unknown contacts.

  1. Computer Tech Support

The scam: A phone call or pop-up message on your computer claiming to be from Microsoft/Windows or another well-known tech company. They will say that there’s a virus or other problem with your computer and try to persuade you to give them remote access to resolve the issue.

How to ID the scam: Legitimate customer service information usually won’t display as a pop-up. Companies like Microsoft, Apple and Google do not call you to notify you of malware on your computer.

What to do: Never provide remote access to your computer to a stranger or click links from an unknown sender in an e-mail or pop-up message. If you get a call from “tech support,” hang up. Also, be careful when searching for tech support numbers online. Some users have been scammed by calling illegitimate company numbers.

  1. Grandchild Imposter

The scam: Scammers pose as grandchildren and claim to be in serious trouble, such as in prison or at the hospital. They urgently request money in the form of wired funds or prepaid gift cards.

How to ID the scam: Call your grandchild or family members on known phone numbers to ensure your grandchild is safe.

 What to do: Never wire or otherwise send funds unless you can verify the emergency.

  1. Debt Collection Threats

 The scam: Scammers pose as a debt collector or government official and say legal action will be taken against you if you don’t pay them what you owe.

How to ID the scam: If you did owe a debt collector or official agency money, they are not allowed to threaten you with arrest over the phone.

What to do: Hang up the phone, and if they call again let it go to voicemail. If you think you do actually owe money to a debt collector or other agency, make sure you call and check using a trusted number.

  1. Spoofed Calls

 The scam: Spoofed calls come from a number that appears local to Vermont – or even your town. But in reality, the scammer is often calling from overseas, and “spoofing” the number to make it show up on caller ID as a neighbor so you’ll be inclined to answer.

How to ID the scam: The call comes from a number you don’t recognize and/or happens repeatedly at all hours. It may be your own number.

What to do: Ignore the call. Don’t call the number back – chances are the person you are calling has nothing to do with the scam.

  1. Reflector (claim to be Microsoft)

 The scam: Similar to other spoofed calls, these scammers will call you on what appears to be your own number. Upon picking up, the scammer tells you that your Microsoft software or your computer IP address has been compromised. They will ask you to pay them immediately over the phone to protect your computer data.

How to ID the scam: Nobody from Microsoft would call you to say that your data has been breached or your IP address compromised. They especially wouldn’t ask you to pay immediately using Google Play gift cards or your credit card.

What to do: Never give personal or financial information to an unverified person or service that contacts you.

  1. Email Extortion Scams

The scam: You may receive a threatening email from a person you don’t know saying that they have an old password of yours or some other personal information. They use that against you in order to scare you into paying them.

How to ID the scam: Legitimate actors would never threaten you, even if they had access to your old information.

What to do: Never click on links that are in the email because they may give the scammer remote access to your computer or download viruses. Don’t reply to the email or interact with it in any way and delete it from your inbox. If they refer to a valid password, go to your account directly and change your password.

  1. Publisher’s Clearinghouse Sweepstakes Claims 

 The scam: A call, email or letter claiming that a consumer has won big from Publisher’s Clearinghouse and needs to pay a fee to collect winnings. Sometimes this will include a realistic-looking check.

How to ID the scam: If you actually win a major prize from Publisher’s Clearinghouse, they will contact you in person. For smaller prizes (less than $10,000), winners are notified by overnight delivery services (FedEx, UPS), certified mail, or email in the case on online giveaways. They never make phone calls.

What to do: Never pay an upfront fee to receive winnings. If you win something, they will pay you – not the other way around.

  1. Sweepstakes Claims (general)

 The scam:  A phone call or mailing claiming that you won money or a prize but have to make a payment in order to receive it. Sometimes the outreach includes a realistic fake check. The check bounces and no “winnings” are ever dispersed.

How to ID the scam: If it is a well-known organization, try contacting them to verify the information. If it is an unknown organization, chances are the winnings are fake. An unsolicited check in the mail from an unknown sender is usually a scam.

What to do: Never pay upfront to receive winnings. If you win something, they will pay you – not the other way around. No actual contest or sweepstakes would you make you pay first to receive money.

Contributing Writer: Sarah Anders
Content Editor: Crystal Baldwin