Consumer Protection Tips & Scam Alerts

Bogus Medical Treatments

Beware of scammers selling bogus medical treatments and learn the facts about the coronavirus. Stay informed about the disease by visiting the websites of the:

Report retailers that appear to take unfair advantage of consumers by selling goods or services that are vital to the health, safety, or welfare of consumers for an unconscionably excessive price. Report such incidents to the OAG.


Beware of Phishing Attempts Purporting Emergency COVID-19 Information

There are multiple reports of scammers attempting to use concern about the COVID-19 pandemic as an opportunity for phishing (e.g. an attempt to get an individual to click a link in order to steal passwords, install malware, or otherwise gain access to sensitive information). Individuals should remain vigilant when receiving emails or text messages received claiming to have information about COVID-19 – especially from organizations which they did not sign up to receive alerts from. Some phishing attempts may purport to be from a health authority like the World Health Organization, from someone that makes promises about miracle cures, or asks for donations or other actions. These types of emails may be phishing attempts, where an attacker sends you a message that looks innocent but may contain malware or a link designed to steal an account password. 


For Healthcare Workers and Providers

If you work for a healthcare provider, hospital, or other organization within the health supply chain, you may see more advanced phishing attempts. Apply the same suggestions described in the link above to any outside emails received. Be mindful that you may be at higher risk for phishing attempts. Some scams that have been seen in the wild include:

  • Emails purporting to be from the Centers for Disease Control providing information on treating COVID-19 that contain booby trapped PDFs.
  • An email received by hospital staff saying that important deliveries have been stalled to that hospital and requiring the user click on a link that actually executes malicious code.

Below is an example of a COVID 19 specific phishing email you may receive.

COVID-19 phishing email screenshot

Unemployment Insurance Fraud

The Attorney General’s Office has become aware that some individuals are filing false unemployment claims using social security numbers and other personally identifiable information (PII) belonging to others.

How do I report identity theft related to unemployment insurance?

If you believe you are the victim of identity theft related to unemployment insurance, including someone filing a false claim using your personal information, you can report the fraud to the New York State Department of Labor by submitting an online form, calling toll-free hotline at 1-888-598-2077, or by mail. The best way to contact the New York State Department of Labor is to fill out the online form.

In addition, you can take steps to protect your credit by filing an Identity Theft Report with the Federal Trade Commission (FTC).

Because this scam is perpetrated by gaining access to and using victims’ PII, individuals should be aware of the potential for identity theft. Identity theft is the unlawful use of an individual's PII to, for example, establish credit, make purchases, apply for loans, or, as in this case, to seek unemployment benefits. Click here for more specific information about how to protect your identity.

Visit the Attorney General’s Office for more information about how to protect your identity.


Tips to help protect New Yorkers from invasions of privacy and minimize the risks of falling victim to revenge porn:

Do not include identifying details in any intimate image or chat:

  • Exclude your face and any identifying features, such as a unique tattoo or birthmark, in intimate images. Some users can keep their face off-screen in such images, while others can utilize a blurring or cropping feature.
  • Exclude identifiable information in your image’s background, including anything with your name or your employer’s name or logo on it.
  • Exclude identifiable information from your profile, such as your email address or the handles to different social media accounts. Some users even create separate email addresses or social media accounts to use only with dating profiles.

Use dating apps or websites that have safety features. While these features cannot prevent a recipient from recording the screen with a second device, they do offer some protection, including:

  • Providing warnings that notify you if a recipient has taken a screenshot of an image you shared or of your chat history.
  • An “unsend” option for pictures or messages.
  • The ability to delete images or chats from a recipient’s messages.