Scam of the day – October 19, 2017 – Congress forces IRS to suspend multi-million dollar Equifax contract

In the Scam of the Day for October 8th, I reported to you about the recent announcement that Equifax, the company responsible through its own negligence for 145 million Americans becoming in serious danger of identity theft for the rest of their lives, was awarded a 7.25 million dollar contract to provide security and fraud detection services to the IRS.  Making the problem even worse was the fact that the contract was a no-bid contract.

Now under pressure from numerous members of Congress the IRS has temporarily suspended the contract while the IRS investigates Equifax’s systems and security.  The suspension of the contract means that taxpayers wishing to set up accounts with the IRS through its Secure Access program which enables taxpayers to access certain online services will be unable to do so.  Taxpayers who already had set up accounts with the IRS to use the Secure Access program, however,  will still be able to use their accounts.



Relying on the IRS to protect the security of our data is somewhat problematic because the IRS itself has had a number of instances where its security practices have been lacking.  When it comes to protecting ourselves from identity theft there are numerous simple steps we should all take in order to protect ourselves.  I provide them in great detail in my book “Identity Theft Alert.”  However, here are a few of the things we all should do:  Freeze your credit, monitor your credit reports and all of your accounts, use complex passwords, use nonsensical security questions, use dual factor authentication, use security software on all of your devices and keep the software updated with the latest security patches,  never click on links or download attachments unless you have verified that they are legitimate and limit the places you provide your Social Security number as much as possible.  Your doctor, for instance,  may ask for it, but he or she doesn’t need it.

Scam of the day – October 31, 2014 – Free credit score scams

Based on the information contained in your credit reports, your credit score can have a significant effect on whether you are granted a loan and at what interest rate, whether you will be hired for a job, whether you will be sold insurance, whether you can rent an apartment or many other purposes.  We all have a right to an annual free credit report from each of the three major credit reporting agencies, however, your free credit report will not provide you with your credit score.  Recently many people are receiving emails with offers to provide a free copy of your credit score.  Unfortunately, as with any other email or text message that requires you to provide personal information such as your Social Security number which is required to obtain your credit report or credit score, you cannot be sure that the offer is legitimate.  In some instances, companies offering to provide “free” credit reports or scores are actually signing you up for a continuing service that you may not either desire or need.  These sites generally ask for your credit card number, but tell you that they only need the credit card number for verification purposes.  Of course, that it is a lie.  If you were getting something free, you would not need to provide a credit card number.   They are getting your number to use it to charge you monthly fees for services that you may not have thought you ordered.  Even worse however, are scams in which the company offering to provide you with your free credit score is actually just scamming you in order to get your Social Security number which they will use to make you a victim of identity theft.


As I always say, you cannot trust any email or text message to be legitimate.  Never click on links, download attachments or provide personal information in response to unsolicited emails or text messages.  The risk is too great.  If you want your free credit reports from each of the three major credit reporting agencies, Equifax, Transunion and Experian, the only place to go is the website  It is important to monitor your credit report not just to find evidence of identity theft, but also to find mistakes that may appear on your report that can adversely affect your credit score.  As for your credit score, the website is a legitimate website that you can trust, that encrypts your data and provides your credit score for free.

Scam of the day – October 28, 2014 – Healthcare worker pleads guilty to identity theft

Florida medical assistant La Toya Yvette Tillman has been convicted of aggravated identity theft and sentenced to three years in prison.  Through her work at Gastroenterology Consultants she was able to access the database for the entire Memorial Healthcare System, one of the largest health care systems in the country.  Tillman stole personal information including patients’ names, dates of birth and Social Security numbers which she sold by the thousands to identity thieves who, in turn, used the information to file fraudulent income tax returns and commit income tax identity theft.  The lack of security in the health care industry nationwide is far worse than that of retailers such as Target, Home Depot and others that have been the victims of major data breaches.  This case in particular points to the problem of insider identity theft where rogue employees, having access to personal information of patients are able to steal that information.   Regardless of how strong a company’s security is to withstand an attack from outside of the company, it is necessary to combine that security with strong security from threats within the company.


This should be a wake up call to many companies and not just those in the health care industry to better protect the privacy of their data banks from threats within the companies as well as outside of the companies.  Too much information is readily accessible in many companies to too many people in the companies with no need to have access to that information.  However, this case also is a good example of companies having access to Social Security numbers, the key to identity theft when they don’t need this information.  People think that medical care providers need your Social Security numbers, when in fact the main reason medical care providers and others demand the number is to make collection of overdue bills easier for them.  Try to limit as much as possible the companies to which you provide your Social Security number to those that truly have a need for it.  The information stolen by La Toya Yvette Tillman would not have been sufficient for her accomplices to file fraudulent tax returns if the Social Security numbers were not included in the stolen data.


Scam of the day – April 15, 2014 – Attorney General, Eric Holder victim of income tax identity theft

Today being the deadline for filing your federal income tax return is also a good time to remind you that identity theft and income tax identity theft can happen to anyone.  It can even happen to the Attorney General of the United States.  Recently convicted of this crime were Yafait Tadesse and Eyaso Abebe, a man whose Facebook page describes him as an importer/exporter for Vandelay Industries, which if it sounds familiar is because it was a fictional company created by the George Costanza character in the old Seinfeld television show.  Obtaining the Social Security number of a real person and then filing a phony income tax return on behalf of that person before the potential victim files his or her legitimate federal income tax return is the key to income tax identity theft.  In this case Tadesse and Abebe purchased Social Security numbers including that of Attorney General Holder on black market websites and used the information to file phony returns and collect refunds.


The two keys to protecting yourself from income tax identity theft are to protect the privacy of your Social Security number as best you can and file your federal income tax return as early as you can.  Even if an identity thief has managed to get your Social Security number, if you file your income tax return before he or she can file a phony return using your Social Security number, you will suffer no harm.  If an identity thief does manage to file a return using your Social Security number before you do, it can take many months before you can straighten the matter out and get your true refund.

Scam of the day – May 31, 2013 – Department of Homeland Security data breach

It was somewhat distressing to recently learn that the Department of Homeland Security (DHS) had suffered another (yes, I did say another) data breach.  The most recent data breach at the DHS which was only recently discovered affects thousands of employees of the DHS going back all the way to 2009.  The breach of data includes the names of employees, their Social Security numbers and dates of birth.  This is exactly the type of information that is desired by identity thieves because it can readily be turned into identity theft of the people whose data is stolen.  The particular data breach involved records of a third party vendor who works with the DPH, however that is of little comfort to the DPH employees and potential victims of identity theft.  In fact, according to a report by the Government Accountability Office (GAO) last July, federal agencies have reported more than 15,000 data breaches in 2011, which was an increase of 19% from the previous year.  It should also be noted that these are just the data breaches that have been discovered.  Others are undoubtedly going on undiscovered at this time.


So what does this mean to you and what can you do about this?  This data breach points out again, as recognized in the GAO report that both government and the private sector are still not doing enough to keep our personal information secure.  Hopefully, this will change, but in the meantime, you should limit, as much as possible, the personal information that you provide both to governmental agencies and private companies.  In many instances, you must provide personal information, but in other situations, you can limit the amount of information you provide.  For instance, many medical care providers ask for your Social Security number, but do not need it.  In that instance, you can provide another identifying number, such as your driver’s license.  You also should consider putting a credit freeze on your credit report which will prevent an identity thief, who may get access to your Social Security number or other personal information about you from getting access to your credit report for the purposes of making large purchases.  You can find in the archives of Scamicide, instructions for how to get a credit freeze.

Scam of the day – March 14, 2013 – Michelle Obama and 22 other public figures hacked – what it means to you

News about a website that has put on line huge amounts of personal information about 23 famous politicians, celebrities and sports figures including, Beyonce, Vice President Joe Biden, Hillary Clinton, Hulk Hogan, Attorney General Eric Holder, Kim Kardashian, FBI Director Robert Mueller, Michelle Obama, Sarah Palin, Arnold Schwarzenegger, Donald Trump and Tiger Woods has been everywhere.  What happened was that hackers were able to hack into the website and get access to the credit reports of each of these people which contained large amounts of personal information that in the hand of an identity thief could bring serious harm to the people whose information was accessed.  Instead of quietly using this information to victimize these people,these particular hackers chose to make all of the information public and put these people in serious jeopardy.  But what does this mean to you?  It is another example of how you are only as safe as the place storing your information with the weakest security.  In this case, an obvious flaw in the verification process permitted the hacker to pose as each of the victims and get their no longer private information.


Getting access to the Social Security number of each of the victims was an important first step in the hacking.  The Social Security number is a key to identity theft and it is something that you should try to keep private, as much as possible.  There are plenty of ways that a determined hacker can get a Social Security number, but don’t make it easy for them.  Don’t provide it to places that do not need it and do not carry your Social Security card in your wallet or purse.


Scam of the day – October 29, 2012 – New IRS scam

The IRS is warning people about a new scam that uses a website that appears to be the IRS’ e-Services online registration page.  The real IRS e-Services website does not provide anything for taxpayers, but does provide web-based products and information for professional tax preparers.  Many people are fooled by phony IRS websites that have URLs that are close to the IRS’ URL of  Some may have IRS in the URL, but end in .com, .net or .org.  The only official IRS website is, but even there if you get an email that appears to be from the IRS you should disregard it because the IRS does not contact taxpayers by email and under no circumstances will the the IRS contact you by email, social media or text messages requesting personal information such as your bank account information or your Social Security number.


Never click on links in emails, texts or  social media messages unless you area absolutely sure that the link is legitimate.  And even then you should consider not clicking on a link until you have verified that indeed it was sent by a legitimate sender and even then you cannot be sure that the link is being sent to you by someone who is passing on a tainted link.  The link may take you  to a legitimate website that requests personal data from you, however, if the communication is from a scammer, the information you provide can lead to identity theft.  Remember, if it is the IRS contacting you, they would already have your Social Security number and they don’t need or ask for you bank account information.  By clicking on links from scammers, you also risk downloading dangerous keystroke logging malware programs that can steal all of the information from your computer and lead to you becoming a victim of identity theft.

Scam of the day- October 9, 2012 – Latest employment scams

Searching for a job online has become the norm for many people seeking employment and there are many legitimate online employment websites such as and, however, merely because an ad for a job appears on a legitimate website does not mean that the job is for real.  It may be just a scam seeking either personal information to make you a victim of identity theft, your money or both.  Do not assume because you see an ad for a job on a legitimate employment website that the ad is legitimate.  Although Career, and other online employment agencies do their best to screen their ads, they can’t be even close to perfect.  Some of the things to be on the lookout for are companies that want you to wire fees as part of the job application or those asking for personal information early in the process.  Make sure that the company has a brick and mortar location and is not just an online scam.  Also be wary of ads that appear to be from companies that you know are legitimate because the scammer may be faking that as well.


Never spend money to apply for a job.  Legitimate employers do not require them.  Google the address, telephone number and name of the company to see if they match what you have been told.  Don’t send a resume with personal information, such as your Social Security number that can be used to make you a victim of identity theft.  If the ad appears to be from a company that you know is legitimate, confirm by a telephone call to the real company’s HR department that the ad you are answering is legitmate.  A legitimate company will eventually need your Social Security number, but not early in the process.  Make sure that you have confirmed that the job is legitimate before providing this information.

Scam of the day – September 21, 2012 – AOL phony billing scam

Many people using AOL for email have been receiving legitimate looking, but phony emails purporting to be from AOL billing them for services.  Sometimes the phony messages come in the form of phony pop-ups that ask for personal information such as your Social Security number for “verification purposes.”  Either way, these are phony phishing scams merely looking to steal your money and your identity.  Ignore them.


AOL uses what it calls AOL Certified Mail for actual communications which will come in the form of a blue envelope in your inbox and will have an AOL seal on the border of the email.  AOL will never ask for your Social Security number although scammers and identity thieves will because this number is the key to identity theft.  If you believe that an email communication from AOL or any other company may or may not be legitimate, go directly to the company at either its website or by telephone making sure that you use URLs and phone numbers that you know are accurate.  Never trust a link in an email that may be phony.  It can only lead to your downloading keystroke logging malware that can steal information from your computer and make you a victim of identity theft.