ALERT: Hackers Are Posing As ID.me To Steal Your Identity

Photo of author

Written by: Thomas Orsolya

Published on:

Identity verification services like ID.me have become indispensable in the digital age. By providing a secure and convenient way to prove your identity online, ID.me opens doors to essential services and benefits. However, as with any popular online platform, scammers are finding ways to exploit these services and trick unsuspecting users.

This article will take an in-depth look at the ID.me scams popping up, how they work, and most importantly, how to avoid becoming a victim. With identity theft and online fraud at an all-time high, awareness is your best defense.

scam 4

Overview of the ID.me Scams

ID.me provides a valuable service as a digital identity network used by government agencies, healthcare providers, and other organizations to securely verify user identities online. By acting as a trusted validator of personal information, ID.me opens the door for people to easily access essential services and benefits.

However, this convenience also creates an opportunity for fraudsters. Scammers are increasingly impersonating ID.me through phishing campaigns in order to steal personal information from victims. Once they have the data, they can hijack identities, drain accounts, and perpetrate other forms of fraud.

These ID.me scams are growing more complex and convincing, making it crucial for users to understand the tactics and stay vigilant. Here are the main types of ID.me scams and frauds being perpetrated:

Phishing Emails

This is one of the most common vectors for ID.me scams. Victims receive emails pretending to be from the legitimate ID.me security team. These emails may:

  • Warn that unusual activity was noticed on your account
  • State that immediate account suspension will occur if no action is taken
  • Provide a fake deadline such as 24-48 hours to re-validate your account
  • Include a “Verify Account” or “Reset Password” button/link to a phishing site

If the user clicks the deceptive call-to-action button or link, they are taken to a convincing but fake ID.me login page designed to steal login credentials as well as other personal data.

Smishing Text Message Scams

Similar to phishing emails, fraudsters send text messages also impersonating ID.me. They state your account is at risk of being locked or needing immediate validation via a link included. If clicked, the link directs victims to a phishing site masquerading as the legitimate ID.me site.

Once on the fake page, any information entered is captured by scammers. Smishing texts use urgency and threats to get users to comply without thinking it through.

Vishing – Phone Call Scams

This technique uses phone calls rather than messages to trick victims. Scammers posing as ID.me support agents call users claiming that suspicious activity means accounts will be suspended without immediate intervention.

The “agents” pressure and persuade victims to provide personal details or even remote access to the victim’s device, enabling installation of info-stealing malware.

Fake ID.me Websites

Beyond phishing pages, scammers also create entire fake websites impersonating the real ID.me site. Links to these fraudulent sites are sent out en masse via email spam campaigns. They are designed to capture login details and personal info from unsuspecting victims who were persuaded the site was legitimate.

Malicious Software Scams

Scammers may also use phone calls, emails, or texts to trick users into downloading malware. This can occur by:

  • Sending a phishing message with an infected file attachment
  • Persuading victims to click a link to download fake “security software”
  • Requesting remote access to devices in order to “diagnose connectivity issues” then installing malware

Once installed, info-stealing malware can harvest data and credentials directly from the compromised device.

Account Takeover Scams

Sophisticated scammers may attempt full account takeover rather than simple phishing. By gathering key details like usernames, passwords, and partial SSNs from data breaches, they can convince ID.me’s system they are the legitimate account owner.

This enables them to bypass identity verification and fully compromise the account. 2FA often thwarts these takeover attempts however.

In summary, ID.me scams aim to exploit trusting users through impersonation and clever psychological manipulation. By understanding the deceptive tactics used in these scams, people can better recognize the warning signs and avoid being victimized.

How the ID.me Scams Work

Fraudsters use clever psychological tactics to manipulate victims in ID.me scams. Here is an inside look at exactly how they operate:

Step 1 – Initial Contact

Scammers initiate contact via:

  • Emails pretending to be ID.me security alerts
  • Texts claiming your ID.me account is at risk
  • Calls posing as ID.me support agents

Their goal is to cause panic so you act without thinking.

Step 2 – Creating Urgency

Next, scammers pressure you to take immediate action by:

  • Stating your account will be frozen if you don’t re-verify
  • Claiming the deadline to avoid suspension is approaching
  • Warning of penalties or losses if you don’t comply

This plants a fear of missing out, causing you to stop questioning.

Step 3 – Requesting Information

Scammers will instruct you to confirm sensitive details such as:

  • Login credentials
  • Social Security Number
  • Bank account info
  • Credit card numbers

They may pretend it’s needed to verify your identity and keep your account active.

Step 4 – Gaining Remote Access

In some cases, scammers will try to gain remote access to your device by making you:

  • Download suspicious files allowing control of your system
  • Enter codes sent to your phone number enabling account takeover
  • Allow screensharing applications giving them access to your data

Step 5 – Leveraging Your Identity

Once scammers have your information, they can:

  • Access and drain your financial accounts
  • Make purchases using your credit cards
  • Commit tax fraud with your SSN
  • Steal your identity to open accounts or apply for loans

The damage can be extensive if scammers successfully exploit your identity.

What to Do if You Fell Victim to an ID.me Scam

If you suspect your ID.me account or identity has been compromised, take these steps immediately:

Step 1 – Lock Down Your Accounts

  • Reset your ID.me password and enable two-factor authentication
  • Contact banks to freeze accounts potentially accessed by scammers
  • Place fraud alerts and monitor your credit reports closely
  • Change passwords on any compromised accounts

Step 2 – Report the Incident

  • File identity theft reports with the FTC and your local police department
  • Notify ID.me directly so they can secure your account
  • Contact companies where your identity was likely abused
  • Report social media and email phishing attempts

Step 3 – Monitor for Suspicious Activity

  • Set up account alerts to notify you of any unusual activity
  • Periodically get free credit reports to catch new fraudulent accounts
  • Review all statements thoroughly for any unauthorized charges
  • Sign up for identity theft protection services to detect misuse

Step 4 – Recover From the Fraud

  • Dispute any fraudulent charges or accounts opened in your name
  • Work with creditors to close fraudulent accounts and reverse damages
  • Update information related to your identity, accounts, and credentials
  • Change compromised account numbers and request replacement cards

Frequently Asked Questions About the ID.me Scam

1. What is the ID.me scam?

The ID.me scam involves fraudsters impersonating the valid ID.me identity verification service in phishing attempts via email, text messages, and phone calls. Their goal is to trick victims into revealing login credentials or sensitive personal information.

2. How do scammers carry out the ID.me scam?

Scammers initiate contact posing as ID.me through:

  • Fraudulent emails warning your account is at risk
  • Smishing texts claiming you must reverify your ID.me account
  • Vishing phone calls pretending there is suspicious activity

They pressure you to act urgently and provide info to avoid account suspension.

3. What techniques do scammers use in the ID.me scam?

Scammers manipulate victims using:

  • Fear – Threatening account suspension or penalties
  • Urgency – Impending deadlines to reverify accounts
  • Social Engineering – Pretending to be ID.me support agents
  • Phishing Links – Fake ID.me login pages stealing credentials

4. What information do scammers attempt to steal with the ID.me scam?

Scammers phish for:

  • Usernames and passwords
  • Bank account and routing numbers
  • Credit card details
  • Social Security Numbers
  • Driver’s license numbers
  • Digital wallet account access

5. What do scammers do with my information from the ID.me scam?

Scammers can use your information to:

  • Drain financial accounts
  • Make purchases with your credit cards
  • Steal your tax refund
  • Apply for loans or credit in your name
  • Access government benefits using your identity

6. How can I avoid falling for the ID.me scam?

To avoid the ID.me scam:

  • Never click links in unsolicited messages
  • Don’t provide info to incoming calls alleging to be ID.me
  • Verify custom URLs before entering login credentials
  • Enable two-factor authentication as an extra layer of security
  • Monitor accounts closely for unauthorized activity

7. What should I do if I fell victim to the ID.me scam?

If you fell for the scam, immediately:

  • Reset your ID.me password and security questions
  • Contact banks to freeze accounts
  • Place fraud alerts on credit reports
  • Report identity theft to the FTC and police
  • Close any accounts opened fraudulently

8. How can I recover from identity theft related to the ID.me scam?

To recover, be sure to:

  • File police reports regarding the identity theft
  • Dispute fraudulent charges with banks and creditors
  • Change compromised account numbers and request new cards
  • Monitor credit reports and financial statements for misuse
  • Sign up for identity theft protection services

9. How can I help others avoid the ID.me scam?

You can help others by:

  • Reporting scams and phishing emails to help shut them down
  • Making family and friends aware of the tactics scammers use
  • Encouraging people to use unique passwords and two-factor authentication
  • Advising caution against unsolicited calls, texts and emails

10. Who can I contact for help after falling victim to the ID.me scam?

Reach out to the following for assistance:

  • ID.me Support – They can secure your account
  • Your bank’s fraud department
  • Federal Trade Commission – To report identity theft
  • IRS – If tax fraud occurred
  • Local police – To file an identity theft report

The Bottom Line

ID.me provides a valuable service, but also opens the door for scammers to steal identities. Stay vigilant against phishing attempts via email, text and phone. Never click unverified links, provide sensitive information to strangers, or allow remote access to your device. If you do fall victim, take steps immediately to lock down your identity and report the fraud before irreparable harm is done. Spread awareness about these scams to help others avoid becoming victims too.

How to Stay Safe Online

Here are 10 basic security tips to help you avoid malware and protect your device:

  1. Use a good antivirus and keep it up-to-date.

    Shield Guide

    It's essential to use a good quality antivirus and keep it up-to-date to stay ahead of the latest cyber threats. We are huge fans of Malwarebytes Premium and use it on all of our devices, including Windows and Mac computers as well as our mobile devices. Malwarebytes sits beside your traditional antivirus, filling in any gaps in its defenses, and providing extra protection against sneakier security threats.

  2. Keep software and operating systems up-to-date.

    updates-guide

    Keep your operating system and apps up to date. Whenever an update is released for your device, download and install it right away. These updates often include security fixes, vulnerability patches, and other necessary maintenance.

  3. Be careful when installing programs and apps.

    install guide

    Pay close attention to installation screens and license agreements when installing software. Custom or advanced installation options will often disclose any third-party software that is also being installed. Take great care in every stage of the process and make sure you know what it is you're agreeing to before you click "Next."

  4. Install an ad blocker.

    Ad Blocker

    Use a browser-based content blocker, like AdGuard. Content blockers help stop malicious ads, Trojans, phishing, and other undesirable content that an antivirus product alone may not stop.

  5. Be careful what you download.

    Trojan Horse

    A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather.

  6. Be alert for people trying to trick you.

    warning sign

    Whether it's your email, phone, messenger, or other applications, always be alert and on guard for someone trying to trick you into clicking on links or replying to messages. Remember that it's easy to spoof phone numbers, so a familiar name or number doesn't make messages more trustworthy.

  7. Back up your data.

    backup sign

    Back up your data frequently and check that your backup data can be restored. You can do this manually on an external HDD/USB stick, or automatically using backup software. This is also the best way to counter ransomware. Never connect the backup drive to a computer if you suspect that the computer is infected with malware.

  8. Choose strong passwords.

    lock sign

    Use strong and unique passwords for each of your accounts. Avoid using personal information or easily guessable words in your passwords. Enable two-factor authentication (2FA) on your accounts whenever possible.

  9. Be careful where you click.

    cursor sign

    Be cautious when clicking on links or downloading attachments from unknown sources. These could potentially contain malware or phishing scams.

  10. Don't use pirated software.

    Shady Guide

    Avoid using Peer-to-Peer (P2P) file-sharing programs, keygens, cracks, and other pirated software that can often compromise your data, privacy, or both.

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.

Leave a Comment

Previous

Wellamps GLP-1 Review: No Evidence Behind the Bold Claims 

Next

Form 4022 Scam: Don’t Fall Victim to This Bogus Tax Letter