d3sign | Moment | Getty Images
Since the beginning of 2020, consumers have lost about $886 million in fraud specifically linked to Covid-19, as criminals have leveraged the pandemic to steal from online shoppers and in other forums, according to FTC data through Aug. 30.
Scams involving government benefits like unemployment assistance also surged during the pandemic, for example. In such instances, criminals used consumers’ personal data — much of it stolen in past data breaches — to file for unemployment benefits in others’ names.
“That was a huge driver of a lot of the fraud” last year, according to Eva Velasquez, chief executive of the ITRC.
Because unemployment benefits are taxable, victims often discover the fraud during tax season and must take steps to rectify their standing with the IRS — as well as prevent future impacts like damaged credit or having financial accounts opened in their name.
“The explosion of identity crimes within government benefits and government services platforms has decreased in 2022, but it is nowhere near pre-pandemic levels,” Velasquez said. “We’re definitely seeing a much higher baseline in that area.”
Identity theft linked to social media accounts also surged in 2021, with the number of reported incidents jumping 1,044% relative to 2020, according to the ITRC.
These scams generally involve thieves taking over a social media account — using stolen credentials — and leverage the user’s followers to perpetuate additional fraud, Velasquez said.
For example, a scammer may post about a fake charity on an Instagram user’s account, providing an air of legitimacy and trust; followers may then donate to this fake charity or somehow divulge personal information that leads criminals to hack their account, too, Velasquez explained.
“It’s like this wildfire that started and all these sparks keep igniting new wildfires,” she said.
Here are some tips for consumers to protect themselves from identity-related scams, according to Velasquez.
- Go to the source. Don’t engage if you receive an urgent- or official-seeming e-mail, text message or a direct message on social media but didn’t initiate contact — especially if they ask for any account credentials, a Social Security number or financial account information. “That’s a huge red flag,” Velasquez said. “I don’t care if they said it’s the IRS, your friend, the Department of Homeland Security or your utility provider.” Log into that organization’s app or website, call their official phone number or contact the entity in any other way you would typically do so in order to verify they are indeed the ones reaching out to you.
- Enable multi-factor authentication. Multi-factor authentication, also called two-step verification, offers an additional layer of account security in the event a fraudster has obtained your login or other credentials. After a successful login, the user will be prompted for a second identity verification such as a six-digit code that’s texted to the cell phone number on file. However, it’s not enough to merely opt into two-step authentication — account holders also shouldn’t share their one-time passwords with anybody. Scammers can successfully obtain those codes — and then break into users’ accounts — by pretending to be someone you know.
- Choose a complex password. Consumers can prevent account hacking by using a complex and unique login password. It may sound simple, but individuals clearly don’t follow the advice: 123456 is the most common password leaked on the dark web. Choose a password that’s 12 characters or longer, and don’t use the same one twice; use a password manager or write down passwords. For those who fear losing that piece of paper: This approach isn’t nearly as risky as re-using simple passwords for all accounts, Velasquez said.