If you’re an OPM data breach victim, you probably know to look out for identity theft. But what about impostor scams? In the latest twist, impostors are pretending to be the FTC offering money to OPM data breach victims.
Here’s how it works: A man calls and says he’s from the FTC and has money for you because you were an OPM data breach victim. All you need to do is give him some information.
Stop. Don’t tell him anything. He’s not from the FTC.
One fake name the caller used was Dave Johnson, with the FTC in Las Vegas, Nevada. There’s not even an FTC office in Las Vegas. The FTC won’t be calling to ask for your personal information. We won’t be giving money to OPM data breach victims
either.
That’s just one example of the type of scam you might see. You may get a different call or email. Here are some tips for recognizing and preventing government impostor scams and other phishing scams:
• Don’t give personal information. Don’t provide any personal or financial information unless you’ve initiated the call and it’s to a phone number you know to be correct. Never provide financial information by email.
• Don’t wire money. The government won’t ask you to wire money or put it on a prepaid debit card. Also, the government won’t ask you to pay money to claim a grant, prize or refund.
• Don’t trust caller ID. Scammers can spoof their numbers so it looks like they are calling from a government agency, even when they are not. Federal agencies will not call to tell you they are giving you money.
If you’ve received a call or email that you think is fake, report it to the FTC at www.ftccomplaintassistant.gov/. If it’s an email that relates to the OPM breach, you also can forward it to US-CERT at phishing-report@us-cert.gov.
If you gave your personal information to an impostor, it’s time to change those compromised passwords, account numbers or security questions.
Concerned about identity theft? Visit IdentityTheft.gov. For more information about the OPM breach, visit OPM’s website at https://www.opm.gov/cybersecurity/.