Resource Center

There are privacy laws being passed seemingly every day; however, there is no comprehensive national U.S. law and current laws are largely a patchwork of state and federal laws. Since there are no federal privacy laws regulating the actions of many companies, they’re pretty much free to do what they want with your data, unless there is a state law governing its use. In most states, companies can use, share, or sell any data they collect about you without notifying you that they’re doing so. No national law standardizes when (or if) a company must notify you if your data is breached or exposed to unauthorized parties. If a company shares your data, including sensitive information such as your health or location, with third parties (like data brokers), those third parties can further sell it or share it without notifying you. Yikes! So why isn’t someone doing something about this? Well, California has what is probably the most comprehensive privacy law. The regulations allow a person to sue a company for violations. California also requires a “global opt out” to remove one’s data from sharing by device or browser, instead of being forced to opt out on each site individually. California is one of only three states with a comprehensive privacy policy. The others are Colorado and Virginia. Beyond these, there is a hodgepodge of state privacy laws. Federal laws encompass an alphabet soup of laws covering specific data and situations, including: The Health Insurance Portability and Accountability Act (HIPAA) covers only communication between you and “covered entities,” which include doctors, hospitals, pharmacies, insurers, and other similar businesses. People tend to think HIPAA covers all health data, but it doesn’t. The Fair Credit Reporting Act (FCRA) covers information in your credit report. It limits who is allowed to see a credit report, what the credit bureaus can collect, and how information is obtained. The Family Educational Rights and Privacy Act (FERPA) details who can request student education records. This includes giving parents, eligible students, and other schools the right to inspect education records maintained by a school. The Gramm-Leach-Bliley Act (GLBA) requires consumer financial products, such as loan services or investment-advice services, to explain how they share data, as well as the customer’s right to opt out. The law doesn’t restrict how companies use the data they collect, as long as they disclose such usage beforehand. The Electronic Communications Privacy Act (ECPA) restricts government wiretaps on telephone calls and other electronic signals (though the USA Patriot Act redefined much of this). Since ECPA was written well before the modern internet, it doesn’t protect against modern surveillance tactics. The Children’s Online Privacy Protection Rule (COPPA) applies to data collection practices regarding children under 13 years old. The Video Privacy Protection Act (VPPA) prevents the disclosure of VHS rental records. VPPA does not apply to streaming companies, though. The Federal Trade Commission Act (FTC Act) empowers the FTC to go after an app or website that violates its own privacy...

There is no question that in our increasingly tech-driven world, concerns over dangers to our security have never been greater—or more appropriate. The good news is that with increased awareness and common-sense steps, consumers can protect themselves as well as their data. This article will address the dangers of the most pernicious smartphone malware to help users to monitor their devices. Here are the top five ways that your device could be at risk: 1. Vulnerabilities in your operating system Depending on whether or not your OS is up to date, your device could be more at risk for different strains of malware even when your phone is off. No matter how fast cellular companies are able to discover potential data breaches, users need to do their due diligence to ensure that their phones are as protected as possible. Just like you would your laptop or desktop computer, it is critical to maintain the most up-to-date OS to give your defenses a fighting chance. 2. Downloading malicious apps One of the most common methods used by hackers to spread malware is via apps and downloads. Whereas apps that you discover in official app stores are rarely at risk, any pirated apps you download can easily contain malware. These apps will appear legitimate while hiding spyware or other types of malware behind their interface. It’s important to choose wisely when downloading an app and to think twice before looking for apps in unofficial sources: What might seem like a handy piece of tech could easily become a devastating headache. 3. Using unsecure WiFi and URLs Another way your smartphone can be compromised is through unsecure websites and WiFi networks. To protect yourself from bad faith actors who could be waiting for you on an unsecure network, make sure to install antivirus protection and a VPN. And if at all possible, use secure networks! 4. Opening suspicious emails Let’s face it: If it wasn’t for our spam folder, we would be drowning in a sea of emails from displaced kings and long-lost relatives. Because of the high-filter ability of our spam folders, we rarely consider what happens when one slips through. And while you ought to avoid opening suspicious emails as much as possible, the good news is that so long as you don’t download any attachments, respond to unknown parties with personal data, or click on suspicious links, you’re in the...

Throughout the most challenging moments of COVID-19, we saw firsthand what happens when our healthcare systems are overwhelmed and stretched to the brink. This breaking point is tested even further when these systems are forced to defend against cyberattacks at their weakest moments. At the highpoint of COVID, multiple healthcare systems were hit with cyberattacks, and the impact was sizable.Cyberattacks are not only devastating to healthcare systems, they can also have an adverse effect on patient outcomes. In a recent survey by the Ponemon Institute, more than 20% of the healthcare organizations surveyed reported that patient mortality rates increased after cyberattacks. Additionally, ransomware attacks had an outsized impact on patient care: over 60% of the organizations surveyed said that these attacks resulted in testing delays and roughly the same number reported longer patient stays. Taken all together, this means that in the health care sector, the greatest threat to the privacy and security of protected health information is cyberattacks.Recently, one of the largest non-profit healthcare systems in the country, Banner Health, reached a settlement of $1.25 million for a cybersecurity breach that affected nearly 3 million patients. This makes Banner Health the latest healthcare provider to settle or suffer from a cybersecurity attack. The U.S. Department of Health & Human Services Office for Civil Rights had been investigating Banner, even before the start of COVID, due to evidence of Banner Health’s long-term, pervasive noncompliance with the HIPAA Security Rule. Luckily, the HHS is looking out for individual patients and protecting their information by forcing healthcare organizations into privacy compliance.According to the HHS, there are specific checklists that healthcare systems must follow in the event of a cyber-related security breach. Here are a few of the key details: Organizations must execute the HHS’ response and mitigation procedures as well as their contingency plans. This means that organizations must take steps to fix the resolve of the attack, then mitigate any impermissible disclosure of protected information. Next, they must report any attacks to law enforcement agencies (such as the FBI or local/state departments). These reports should not contain your protected health information. They must also report all cyber threat indicators to federal and information-sharing and analysis organizations (including the Department of Homeland Security). Similarly, these reports should also not contain your protected health information. Finally, any attack affecting more than 500 people must be reported to the HHS Office of Civil Rights, and all impacted individuals must be notified as soon as possible. If less than 500 individuals have been affected, they must be notified without unreasonable...

You have probably heard the television and radio ads warning about how your home can be stolen out from under you by title thieves. Is it true? Can bad guys claim your home equity, and even your home, with title fraud? Although there is some truth to the scare tactics, the danger is not as bad as they want you to believe and the solutions they are selling are not necessary. Here is what you need to know about how title fraud works and how you can protect your home. Title thieves search publicly available electronic property records to find a home with built up equity. They often look for homes that are empty, so second homes such as vacation homes can be attractive targets. Once a target has been identified, the thief creates a new identity with supporting documentation such as fake IDs, a Social Security card, etc. They then forge the homeowner’s signature onto a fraudulent bill of sale and transfer ownership of the house to the bad guy. This is not, as the ads would have you believe, as simple as filling out a single page form, and it is not as common as the companies selling “title lock” services would like you to believe. The FBI has estimated that 9,600 U.S. homeowners have been victims of title fraud. That’s slightly more than 0.0001% of the roughly 87 million U.S. homes owned. The television and radio commercials you hear are advertising what they call a “title lock” service. The name title lock is somewhat misleading in that your title isn’t actually “locked.” These services simply monitor property records and notify you if anyone attempts to register a change. You can do essentially the same thing by periodically monitoring your property records online. Instead of doing it yourself, many county clerks offer a simple and (often) free service that notifies you if any change is registered to your property records. Contact the office where your property is registered (usually the county clerk’s office) to find out about your options. Other steps you can take to protect your property include: Lock your credit account at each of the three major credit reporting agencies. Periodically do a free online search of your county’s deed records. Make sure you receive your annual notice of appraised value and tax invoice for property taxes. If you don’t receive them, call the county tax assessor to ask why. Call your utility provider if you fail to receive any of your utility bills. If you receive correspondence or payment coupons from an unknown mortgage company, immediately contact them for an explanation. Check your credit report periodically and make sure everything on it is accurate. This is not only for your primary residence. It also applies to vacation or rental property. Make sure you’re getting utility and tax bills and rent payments. If the property is vacant, check on it in person periodically to make sure unauthorized persons aren’t living there. When you purchase property, always go through a licensed title company to make sure the title to the property you are purchasing hasn’t been the subject of a previous fraudulent...

There are positive benefits to be obtained from being connected to others via social media, but there is a downside as well. We will examine the negative effects that may be experienced by both adults and children from exposure to social media and the unrealistic expectations that can develop. Expert: Dr. Kelly McBride  Dr. McBride has more than 21 years of experience in the field of communications. She is a published author and is working on completing her next book on The Six Spheres of Social Media: An Integrated Marketing Approach. Dr. McBride has presented scholarly essays on social media in Singapore, Belfast, London, and Honolulu and has taught in the US and internationally....

With the rollout of COVID-19 vaccines, you know that scammers and their dirty tricks won’t be far behind. As with many scams, the bad guys are after both your money and your personal information. Along with claiming to sell early access to vaccines and saying that you are required to get a COVID test or antibodies test before getting a vaccine, scammers are offering unproven treatments and “cures” for the virus. All of this for a price, of course. According to the Federal Bureau of Investigation (FBI) some indications that you may be dealing with a scam include: Advertisements or offers for early access to a vaccine upon payment of a deposit or feeRequests asking you to pay out of pocket to obtain the vaccine or to put your name on a COVID-19 vaccine waiting list Suggestions of additional medical testing or procedures (for a fee or in exchange for Medicare or insurance information) when obtaining a vaccine Marketers offering to sell and/or ship doses of a vaccine, domestically or internationally, in exchange for payment Unsolicited emails, telephone calls, or personal contact from someone claiming to be from a medical office, insurance company, or COVID-19 vaccine center requesting personal and/or medical information to determine eligibility to participate in clinical vaccine trials or obtain the vaccine Unverified claims of FDA approval for a vaccine Advertisements for vaccines through social media platforms, email, telephone calls, online, or from unsolicited/unknown sources Individuals contacting you in person, by phone, or by email telling you that the government requires you to receive a COVID-19 vaccine The Department of Health and Human Services suggests you remember the following to keep yourself and your family safe from COVID-related scams: You will not be asked for money to enhance your ranking for vaccine eligibility. Government and State officials will not call you to obtain personal information in order to receive the vaccine, and you will not be solicited door to door to receive the vaccine. Medicare beneficiaries should be wary of unsolicited requests for their personal, medical, and financial information. Medicare will not call to offer COVID-19 related products, services, or benefits. Do not trust unexpected callers or visitors offering COVID-19 tests or supplies. If you receive a suspicious call, hang up immediately. Do not respond to, or click links in, emails or text messages about COVID-19 from unknown individuals. Ignore offers or advertisements for COVID-19 testing or treatments on social media sites. If you make an appointment for a COVID-19 test online, make sure you are dealing with an official testing site. Do not give your personal or financial information to anyone claiming to offer HHS grants related to COVID-19. Be aware of scammers pretending to be COVID-19 contact tracers. Know that legitimate contact tracers will never ask for your Medicare number or financial information. They will not attempt to set up a COVID-19 test for you and collect payment information for the test. If you suspect COVID-19 health care fraud, report it immediately online or call 800-HHS-TIPS...

You know the routine: you set up a new account and you are asked for a password. The password you choose must be suitably complex or you can let the site choose a password for you, full of numbers and special characters and impossible to remember. What if you were to use a series of unrelated words instead of a password such as “%wT65g17&”? The Federal Bureau of Investigation (FBI) thinks that could be a better choice. They recommend combining multiple words into a long string of at least 15 characters. For example, the site https://www.useapassphrase.com/ says that the passphrase “embassy praising expire owl” would take hackers 34,084,573 centuries to crack, as opposed to seconds or milliseconds for most commonly used types of passwords (e.g., 18 milliseconds to crack “december”). The site features a password generator that will generate a four-, five- or twelve-random word password, and tell you how long it would take to crack. Why do they think this approach would work? You might picture a hacker as a guy in a hoodie, hunched over a keyboard entering password attempt after password attempt; but in reality, the bad guys actually use scripts that quickly run through massive numbers of passwords. According to the site, the method for cracking passwords might look something like this: The hackers start with a bunch of wordlists. The top 10 million passwords is one. Also, lists of all English words, all names, dates, and so on. In less than one second, 30% of all passwords will be cracked.
The next step is to try all of the words again with common substitutions: capitalizing the first letter (december → December), making common letter-for-number swaps (december → d3cemb3r), and other common variations.
After that, they start combining the previous wordlists. Name + date (doug3251983). Name + [separator] + date (doug.3251983). If all else fails, the final step is a brute force attack, i.e., try every combination of characters. Try a, then b, then c … eventually aa, ab, ac … eventually 6j2b#hi8, 6j2b#hi9, 6j2b#hi0, et cetera.As the online comic strip xkcd says, “Through 20 years of effort we’ve successfully trained everyone to use passwords that are hard for humans to remember but easy for computers to guess.” Of course, some sites will not let you use a password that doesn’t include capital letters, numbers and/or special characters. In that case, your best bet is probably to use a password manager. Password managers will generate secure passwords as needed and store all of your passwords for you so that you can use them across devices. Many people find this to be the easiest solution. However, if you need to generate a password that, for whatever reason, you need to remember, you would be wise to follow the advice of the FBI and create passphrases of about four words and at least 15 characters. “mambo tango mister denim” would take 2,303,286 centuries to crack. That seems pretty secure to...

As online users become more sophisticated, hackers are becoming more sophisticated as well. Early phishing attacks relied on users clicking links without paying attention to where the links took them. For example, a hacker would create a page that looked just like the PayPal login page, but it was actually a fake page used by the bad guys to capture log in information from people who believed they were signing into their PayPal accounts. Today, there are new twists to the old phishing scams. The usual tipoff in a phishing scam is that the user is sent to a domain impersonating the real one. It might be paypal.log-in.com instead of paypal.com, for example. In one recent scam, however, users who clicked on a malicious link to login.microsoftonline.com were taken to Microsoft’s actual login page. The catch is that there is code appended to the link that tells Microsoft to forward an authentication token to officesuited[.]com, a site controlled by the hackers. The user is then sent to a page that grants permissions to access the user’s email, contacts, files, mailboxes, and more. This same approach could be used with other cloud providers. In fact, Gmail was targeted by a similar tactic in 2017. Why would users grant these permissions? If they do not know there is a malicious actor involved, users may not be concerned. We have been conditioned to click and agree when presented with options. According to Michael Tyler of Phishlabs.com, “We can look at the reason phishing is still around and it’s because people are making decisions they shouldn’t be making or shouldn’t be able to make. Even employees who are trained on security are trained to make sure it’s a legitimate site before entering their credentials. Well, in this attack the site is legitimate and at that point their guard is down. I look at this and think, would I be more likely to type my password into a box or more likely to click a button that says ‘okay’?” Because the login happens at Microsoft’s website, two-factor authentication would not protect users. And once access has been given to this malicious app, even changing the password would not prohibit the hackers’ access.Microsoft provides instructions for rescinding illicit consent grants, but the best way for users to avoid this issue is to carefully review the entire URL when installing apps and granting permissions. Look for links to unfamiliar sites and odd URLs. System administrators can block users from installing any apps or limit them to apps from the official Microsoft...

On June 15, 2021, the FBI’s Internet Crime Complaint Center (IC3) released its 2020 Elder Fraud Report. According to the report, IC3 received a total of 791,790 complaints in 2020, with reported losses exceeding $4.1 billion. About 28% of the total fraud losses were sustained by victims over the age of 60, and seniors suffered approximately $1 billion in losses. This represents an increase of about $300 million in losses in 2020 over what was reported by victims over 60 in 2019.The FBI Elder Fraud Report also said the “average victim over 60 lost nearly $9,200 and that nearly 2,000 senior victims lost more than $100,000 each.” The largest increase came in tech-support scams, which exceeded $116 million in 2020 from less than $38.5 million in 2019. According to the Federal Trade Commission, younger people reported losing money to fraud more often than older people (44% of victims were aged 20 – 29 vs 20% aged 70 – 79); however, when people aged 70+ suffered a loss the median loss was much higher ($635 for ages 70 – 79 and $1300 for ages 80+, vs $324 for ages 20 – 29).The FBI reports that the most common types of identity theft and fraud scams encountered by individuals 60 years of age and over included: Tech support scam: Criminals access victims’ devices by posing as support representatives offering to repair issues. Romance scam: Bad guys approach victims on online dating sites and form relationships to extract money.Investment fraud: Promises of high returns on investments are offered online or at in person events.Grandparent scam: Criminals pretend to be a family member in distress needing immediate funds.Government impersonation scam: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide payments.Sweepstakes/charity/lottery scam: The bad guys claim to represent charities and solicit donations. Or they claim that the victim has won a prize and needs to pay a fee to collect their winnings.Home repair scam: Criminals charge homeowners in advance for home improvement services that they never provide.TV/radio scam: Hearing it on the radio or TV doesn’t make it legitimate. Crooks may advertise to find victims.Family/caregiver scam: The people closest to the victim may be the ones who steal from them, including relatives or caregivers. Know how to protect yourself, and let family members know that they can protect themselves by: (1) learning to recognize common scams; (2) resisting pressure to act quickly, as scammers create a sense of urgency to avoid letting victims have time to think or get more information; (3) being wary of unsolicited phone calls, mailings, and door-to-door service offers; (4) protecting your identity by never sharing your personally identifiable information (PII); and (5) making sure your computer anti-virus, security software and malware protections are up to...

How many emails do you receive in a typical day? If you are like most people, the answer is probably, “Too many!” Some are emails you want, others you no longer find useful and some are just plain spam. Obviously, the ones you want to receive are not a problem, but what can you do about the others? First let’s define what “spam” is. Spamhaus defines it this way, “Spam is an issue about consent, not content. Whether the Unsolicited Bulk Email (“UBE”) message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant – if the message was sent unsolicited and in bulk then the message is spam.” That means that if you subscribed to an email newsletter or agreed to receive sale notices from an online retailer those messages are not spam, even if they are no longer of interest to you. If you are receiving such emails from reputable organizations and want them to stop, clicking the unsubscribe link is the way to go. You should not, however, mark these emails as spam. Depending on your email service, marking legitimate emails as spam may affect how the email service treats them and people who want to receive them may find the messages directed to their spam box instead of their inbox. So what about the stuff you didn’t ask for and do not want in your inbox? You can’t stop spam. Anyone who has your email address can send email to you. And blocking an email sender seldom works as the spammers use lots of random email addresses to send their junk to you. Unsubscribing is not a good idea in these cases, as all this does is confirm to the spammers that they are sending to a valid address. They will send more spam or even sell your email address as a live address. Although you can’t stop spam, you can manage it. Spam filters are an important tool in keeping spam out of your inbox and relegating it to the junk or spam folder, where it belongs. Most email platforms use some kind of spam filtering, but none of them are perfect. You will have the occasional spam message slip through or even some false positives, where messages that are not spam get sent to the spam folder. You can train your spam filters and improve the results by marking messages that are improperly filtered. The best thing to do is take steps to keep your email address from falling into the hands of spammers in the first place: Do not post your email address publicly on websites, social media or other places.Do not respond to spam by unsubscribing or clicking on a link in the email.Disable images on email going to your spam folder. (When the image is accessed, it is like clicking on a link in an email and lets the spammers know they have a live one.)Do not give your email address to just anyone. When dealing with a new company, use a “throw-away” email address. Of course, another source spammers use to harvest email addresses are those emails your Aunt Bea sends of cute kitten pictures that she cc’s to everyone on the planet. You can ask Aunt Bea not to do that, but chances are she is going to keep right on sending them anyway. So, have a throw-away email for Aunt Bea to use,...

Your friends and family members may love receiving gift cards, but scammers love them, too. Gift cards are the preferred currency for many criminals as they can easily be converted to cash. And, once the scammers have the numbers off the cards, it is unlikely that you will be able to recover your money. There are many scams where the bad guys will ask for payment via a gift card. They include: imposters claiming to be from the IRS or a utility company, “tech support” asking ask you to pay to repair your computer, callers claiming to be family members needing cash for an emergency, someone buying something from you who sends a check for more than the purchase price and asks for a refund of the difference by gift card and many more. (Spoiler alert: The ones who overpay by check sent a worthless check.) The nature of these scams can vary, but there is one universal truth: If someone is asking you to pay with a gift card of some kind, it is a sure sign of a scam. One scam that is popular right now involves a scammer pretending to be representing a religious leader. The scammer asks people to send gift cards for a good cause and will often use the name of a local pastor or other known religious leader. The scammers act fast to drain the gift cards as soon as they can, but if you act quickly after realizing you have been scammed you may be able to recover at least some of your money. Immediately call the company that issued the gift card (you can find contact information for many of the gift cards most popular with scammers, here) to report the fraud. Even if you are cautious and believe that you and your family members are unlikely to fall for this type of fraud it is important to stay vigilant as scammers use sophisticated persuasion techniques to try to separate you from your money. Educate yourself, your parents and other family members that government agencies and others will never ask for payment by gift...

More employees than ever are working from home, and 85% of Chief Information Security Officers (CISOs) said that they had to sacrifice cybersecurity to quickly enable them to do so. Cybersecurity vendor Netwrix announced this and other findings from a June 2020 survey conducted to determine how organizations are responding to the work-from-home changes brought by the pandemic. Other findings include: 25% reported suffering a ransomware or other malware attack during the first three months of the pandemic; 47% were able to spot it in minutes. Though only 14% of organizations encountered data theft by employees, 66% are anxious about this scenario, compared to just over half pre-pandemic. 63% reported an increase in the frequency of cyberattacks and 60% found new security gaps as a result of the move to remote work. The most common threats experienced since the transition to remote work share a human factor: phishing (48%), administrative mistakes (27%) and improper data sharing (26%). “Many companies were caught unprepared when cities and states issued mandatory stay-at-home rules,” said Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM). “Now, the rubber is going to meet the road when those companies, which are struggling not to be crippled by COVID-19, try to keep the cash flowing by having employees at home call or email for credit card information, print out invoices on untracked home computers, and send them out on personal Wi-Fi networks.” A study by cybersecurity firm Tessian found that 52% of employees cut corners and engage in riskier online behavior when working remotely. Distractions and pressure to get their work done quickly are affecting how people work. At a minimum, employees working from home should observe these eight best practices for working remotely: Avoid public Wi-Fi. If you must connect from a public location, use personal hotspots or a VPN. Keep work data on work devices. It is unlikely that your personal devices have the same levels of security as those maintained by your company IT department. By using your personal devices on your company’s network, you may be putting the integrity of the company network at risk. When working near others, block the sight lines so they cannot see your screen. A few bits of information captured while looking over your shoulder may be all a bad guy needs to hack into your personal or business accounts. Encrypt sensitive information in emails and on your device. Encryption keeps unauthorized persons from intercepting and reading your data. Lock your doors. Part of data security is keeping your devices physically secure to prevent theft. Never leave your devices or laptop in your car. That includes the trunk. Thieves can quickly strike if you step away. Don’t use unknown thumb drives. Hackers are known to drop thumb drives near companies they are trying to attack, knowing that some employees will pick up the malware-loaded drives and use them, giving the hacker access to the company’s data. Use a USB data blocker when charging your device at a public charging station. It is best not to use a public charging station but, if you must, use a data blocker to prevent possible theft of your data or installation of malware on your device. Working from home due to COVID-19 presents both risk and opportunity for employers and employees. It is likely that we will see new technologies develop that will minimize risks while taking advantage of the opportunities. In the meantime, following smart security protocols will go a long way toward maintaining your organization’s...

Every newsworthy event becomes a hook for scammers who want to get our money or our personal information, and scammers have eagerly taken advantage of the confusion, concern and even panic surrounding the Coronavirus (COVID-19) pandemic. The scams being put forth are similar to past frauds, but with a Coronavirus spin. Scammers may approach potential victims via telephone, text or email, or even in person. The specifics of the scams are unique to the pandemic, but underneath the Coronavirus sheep’s clothing the scams themselves are the same wolves we have seen for many years. Some of the most common COVID-19 scams include: Telephone scams telling Medicare recipients they qualify for testing and asking for their SocialSecurity Number and other personal information Scammers asking for donations to fake charities Scams related to potential government payments to businesses and consumers The Identity Theft Resource Center offers these tips to avoid common COVID-19 scams: Go to the source. If you are unsure if something is legitimate, go directly to the company or agency that would be responsible.  Do not rely on the contact information in the communication you received. An email or phone call asking for a Social Security number, driver’s license number, credit card number or bank account information is probably from a scammer. Social media messages claiming to be from the government for anything regarding COVID-19 are likely scams. Report it to the social media platform and block the sender. The government does not contact individuals through social media. COVID-19 phone scams are running rampant, promoting everything from COVID-19 testing to government benefits to bogus “cures” for the virus. Don’t answer calls from unfamiliar numbers and do not return calls from voicemails unless you are certain of the caller’s identity. If you are not certain if a call is legitimate, look up the actual number for the alleged caller and call them back. Keep your wits about you and review these tips as needed to help ensure you do not fall prey to the latest iterations of...

View document here.

View document here.