Starting September 21, 2018, credit freezes will now be free for all Americans.

Most U.S. consumers have a credit report, whether they know it or not AND whether they use it or not. These reports are generated by the three major credit reporting agencies, or CRAs, based on activity associated with buying and borrowing. When you first start out, you might have “no credit” and therefore not have a credit report, but multiple lender requests into your credit background can generate a report in your name.

A credit report shouldn’t be confused with a credit score; a report is a comprehensive look at your attempts to make large purchases, borrow funds, open lines of credit and more, while your credit score is based on numerous factors, including information from your credit report. It’s more of a look at what kind of credit risk you might be.

For many years, credit reports were a good way to keep tabs on your financial identity; if someone had stolen your identity and tried to open new accounts or lines of credit, you might find that information on there. At the same time, people who were already victims of identity theft have been urged to put “freezes” or “alerts” on their credit reports to keep thieves from opening more accounts in their names.

Freezes mean that the CRA cannot release your credit report to a lender, which is supposed to prevent a new account from being opened. The problem for many consumers is that freezing your account incurred a small fee, one that ranged from $2 to $10 depending on the agency. “Thawing” your account if you wanted to open a legitimate credit line also could result in a fee, as did refreezing once the process is finished.

Now, Congress has been called upon to take action in light of the recent Equifax data breach. This single event exposed more than 148 million consumers’ complete identities to hackers. As a result, Equifax offered free credit freezes for a limited time, but lawmakers came up with another solution. Thanks in part to grassroots advocacy efforts, the House has passed a bill that will waive the credit freeze fee for all consumers from all three credit reporting agencies.

This bill, which has been signed into law by the White House, will not go into effect until September 21st, so in the meantime, consumers need to remain vigilant about protecting themselves:

  1. If you haven’t already done so, Equifax is still offering free credit freezes until the law goes into effect. Signing up for a freeze is simple and instructions are on their website.
  2. Regardless of whether you have freezes in place, monitoring your credit reports routinely is important for protecting yourself from identity theft crimes. You are entitled to one free credit report each year from each of the three major credit reporting agencies. You can find out more at annualcreditreport.com.
  3. Checking over account statements and using strong passwords on all of your accounts can help minimize the risk and the long-term effects of identity theft.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Equifax After The Fact – One Year Later

With all of the high-tech hacking, malware attacks that cripple entire networks, and new ways to steal or fabricate someone’s complete identity, it’s easy to forget that some of the things that used to be problems in the past are, still a problem.

On Aug. 16, a data breach was discovered that affected multiple Cheddar’s Scratch Kitchen restaurants in numerous states. Investigators believe the operative first launched the breach in early November of 2017 and continued through Jan. 2. More than 500,000 payment cards were compromised in the breach.

The company has sent out notification letters to the victims and offered identity monitoring for the affected customers. They also revamped the payment card system in April of this year, but still advise all of their customers to monitor their account information very closely for any signs of suspicious activity.

This incident clearly demonstrates that “old-fashioned” methods of stealing identifying and financial information are still out there, even if they’re sometimes overshadowed by larger events like the or the cyber attack that hit last year. Even old tactics like dumpster diving for your junk mail or health insurance statements can lead to identity theft crimes, even if they’re on a much smaller scale than a data breach like this one.

To help minimize the risks associated with this kind of incident, there are steps that consumers can take:

1. Enable alerts on your payment cards – If your financial institution offers it, you can set up text or email alerts that tell you any time your card number is used without the physical card being present. If your account info is stolen in a breach like this one, you’ll know if someone uses your card fraudulently. One person who contacted the Identity Theft Resource Center was on her child’s school trip when she received an alert; a quick call to her credit card company showed that someone had used her account number to buy several iPhones at a cellular store. The transaction was promptly canceled and a new card sent to the victim.

2. Monitor your accounts closely – By taking even a quick peek at your account statements on a regular basis (something you can even set up to do online or on your mobile device), you can stay on top of any unusual activity.

3. Place a credit freeze – This event only compromised the customers’ payment card numbers, but in this climate of record-setting data breaches, some consumers are opting for preventive credit freezes. New legislation goes into effect next month that will remove the fee associated with freezing and unfreezing your credit, which helps prevent new accounts from being opened with your identifying information. If more sensitive information is stolen in other data breaches, you’ll be better prepared to fend off identity theft and fraud.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

For quite some time, Social Security numbers have been called the “Holy Grail” of personally identifiable information. With access to your SSN and a few other key data points, an identity thief could open new lines of credit and run up bills for large purchases for years to come. If you discovered the fraudulent card and canceled it, they could simply open up another one.

In any data breach, it was almost a relief to find out that the victims’ SSNs had not been compromised… but that may not be the case anymore.

As a newly announced data breach of T-Mobile’s network shows, our phone numbers can be a hot commodity for hackers. Hackers made off with the names, email address, some of the accounts’ passwords, account numbers and phone numbers for . The cellular provider discovered the incident on Aug. 20 and shut down the hackers’ access, then began the process of investigating and sending out notification letters to affected customers.

You might think a thief can’t really do much for this information, but that’s not true. With just the data compromised, identity thieves can port the affected customers’ phone numbers to a new SIM card, install it in a new handheld device and access any accounts that the user has connected through that phone number.

For example, a hacker can get into your email account, Amazon account, online banking or PayPal account and more by having the password reset link sent to the phone number associated with the accounts, even if two-factor authentication was in place. The thief can then access the victims’ text messaging, receive the one-time-use verification code and use it to change the victims’ passwords on any accounts where they’ve entered their phone number.

T-Mobile has already begun notifying the victims and offered them some key instructions, namely to change their passwords on their accounts. However, it’s also a good idea to change the passwords on any other sensitive accounts—not just the T-Mobile accounts—and to be on the lookout for any unusual activity. This might include notifications of logins from new devices, contacts from your account providers telling you of suspicious activity, any unusual deductions from your financial accounts and more.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

National Grandparents’ Day, proclaimed a holiday by President Jimmy Carter in 1978, falls each year on the Sunday after Labor Day. Thanks to the tireless work of one grassroots organizer—a woman who was also a driving force in legislation that protects and supports the elderly—this holiday is a time focus on one another and on the important contributions that grandparents make in the lives of the family.

And what better present could you give than to spare your relatives the headache and heartache of falling victim to a scam? Some scams, frauds and identity theft crimes specifically target senior citizens, so Grandparents’ Day is the perfect time to spread the news.

1. Grandparent Scam – This crime is actually called a “grandparent scam” because back before cell phones were a widespread device, senior citizens were often targeted. They were believed to have no way to verify whether this was a scam or not. Now, the scam has evolved to target anyone, but grandparents are still high on the list of potential victims.

In a grandparent scam, the victim receives a phone call that says a friend or loved one (as in, a grandchild) is in some kind of trouble and needs help. Stories over the years have included someone who was in the hospital, had been arrested, was stranded with car trouble or even had been kidnapped, and the only way to help was to send money.

2. Medicare/Healthcare Scams – Our aging population is thankfully living longer, and that has meant changes to programs like Medicare. With every new change—such as the recent issuance of new Medicare cards that no longer contain the holder’s Social Security number or the enrollment in various add-on plans—scammers attempt to steal money and identifying information from Medicare users.

It can be hard to spot a Medicare scam, especially if the caller already knows some information about you. To fight back, you have to develop a habit of never giving out your sensitive information to someone who contacts you. If there’s any doubt about your coverage or your plan, take the caller’s information and hang up. Then, using a verified phone number for your local administration, contact the Medicare office and find out what’s going on.

3. Tech Support Scams – As older adults join the digital revolution, more seniors are enjoying things like smartphones, laptops and tablets, social media and many other connected resources. Scammers assume that these “digital newcomers” might be naïve enough to fall for a technology-related scam, so seniors are prime targets for tech support scams.

A tech support scam occurs when someone contacts you by phone, email, text message or even a popup box on your computer and tells you that your computer is infected with a virus. They offer to clean out the virus for a fee, but actually steal your money while installing a virus on your computer. The virus will root around and find out your account information, login credentials and more. Remember, software companies do not sit at workstations and monitor your computer; anyone who tells you otherwise is lying.

4. Untraceable Payment Scam – There is one major unifying factor in scams that steal your money: the scammers don’t want to get caught, so they rely on untraceable, non-returnable forms of payment. If you’re ever told that you owe money for an unpaid parking ticket, a court fine, back taxes to the IRS or any other bill that must be paid with a prepaid debit card, iTunes gift card, wire transfer or similar method, it’s a scam!

Any entity that you legitimately owe money to will accept your personal check, your credit card, or even cash; in rare exceptions, something like a parking ticket or court fee might have to be paid by cashier’s check, but also that will have a traceable number on it. Never make a payment to someone who claims the only accepted form are those listed above.

5. Romance Scams – There’s a perception that senior citizens might be lonely—after all, it’s what the creator of Grandparents’ Day was working to prevent—and scammers are counting on that. The frightening thing about romance scams is that they work too well and can impact any age.

However, there’s one unique thing about senior adults that makes them an especially hot target: the fear that they will lose their independence. Not only have some older victims of romance scams opted not to report the crime to anyone, some have even continued to pay their scammers after suspecting something wasn’t right. Make a firm decision to never give money to someone you only know online and never involve yourself in their crime, such as cashing a check for them.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

Info Sheet: Credit Freeze Laws for Protected Consumers 

To date, 33 states have passed laws for allowing consumers to place a freeze on credit reports for protected consumers.  The definition of a protected consumer differs by state but generally includes children under 18 years old or children under 16 years old, and any individual who has a legal guardian or conservator.  While most states allow you to place a freeze if a credit report already exists due to identity theft, the following 33 states will allow you to create a credit report for your child proactively when no credit report exists, then freeze it:

  1. Arkansas
  2. Arizona
  3. California
  4. Connecticut
  5. Delaware
  6. Florida
  7. Georgia
  8. Hawaii
  9. Illinois
  10. Indiana
  11. Iowa
  12. Kansas
  13. Kentucky
  14. Louisiana
  15. Maine
  16. Maryland
  17. Michigan
  18. Minnesota
  19. Montana
  20. Nebraska
  21. New York
  22. North Carolina
  23. Ohio
  24. Oregon
  25. South Carolina
  26. South Dakota
  27. Tennessee
  28. Texas
  29. Utah
  30. Virginia
  31. Vermont
  32. Washington
  33. Wisconsin

The National Conference of State Legislatures has a chart that lists each state and the corresponding laws/fees.  Please note that most states allow for no fees if the individual requesting a freeze (or his/her parent or guardian) can prove he/she is a victim of identity theft.  If you have questions about checking to see if your child has a credit report and how to freeze a report with each credit reporting agency, read our how-to here.

Due to Senate Bill 2155, as of September 21, 2018 residents in all 50 states will be able to place a credit freeze on their, and their child’s, credit report and request that a credit report for a protected consumer (which includes children under the age of 16) be created and frozen if a credit report does not exist.

This info sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to itrc@idtheftcenter.org. Copyright, Identity Theft Resource Center®, all rights reserved.

Identity Theft Resource Center® Sees Major Consumer Impacts One Year After the Equifax Breach. Read the full report here.

For decades, consumers have been told to monitor their credit reports as a way to stay on top of their identities and to maintain general financial well-being.

The sources of those credit reports are three major reporting agencies: TransUnion, Experian, and Equifax. As the gatekeepers of all your sensitive information, they are charged with keeping up-to-date records on the financial activity associated with your unique identity.

Obviously, that can make them a major target for hackers, as Equifax has learned in recent weeks. A data breach of their servers was discovered on July 29, 2017, and the complete identities of more than 148 million US consumers were stolen. These identities include names, birthdates, Social Security numbers, and more.

In addition, Equifax has said that hundreds of thousands of credit card numbers were stolen, along with documents about credit disputes which contained sensitive personal identifiable information.

The Aftermath: Equifax One Year Later discovered that nearly 90 percent of respondents reported that they experienced adverse feelings or emotions – beyond the financial impacts.

The next step is for Equifax to notify the victims of the breach by mail. Presumably, since the stolen information contained everything that a thief needs to steal someone’s identity, Equifax will be offering credit monitoring service to the victims, however, that remains to be seen.

Should consumers receive a notification letter, it’s important that they take the following steps:

  1. Read the letter carefully and determine what information was compromised. If it’s just your credit card number, that might be easily fixed with a phone call to your financial institution. If it was more invasive information, then further action could be necessary.
  2. If you’re offered credit monitoring service as part of this or any data breach, do not disregard the letter. That offer indicates that your most sensitive information is believed to have been put at risk. Typically, offers of credit monitoring span one to two years and that can give you a lot of peace of mind following the breach.
  3. Save the notification letter in a safe place. It is not an official document for legal reasons, but it can help serve as proof that your identity was compromised in the event that someone ever uses your information fraudulently.

As a consumer, you’re entitled to one free credit report each year from each of those three credit agencies, so it’s important that you stay on top of your credit reports for the foreseeable future. If your complete identity was stolen, then there’s a very real chance that new accounts and lines of credit can be opened in your name at any time. Monitoring your credit is a good idea anyway, but is certainly necessary if your data has been stolen.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Parents instinctively protect their children from any danger that might come their way, but what do parents tend to overlook? Child identity theft.  Given the prevalence of this crime – more than one million cases of child identity theft cases were reported last year alone – it’s crucial that parents and legal guardians start taking the necessary steps to help minimize their children’s risks. To help encourage this thinking, Experian has deemed September 1 as Child Identity Theft Awareness Day to generate more attention around this prolific crime in hopes that it will reduce the amount of victims.

Children’s identities are seen as desirable because they are often left unmonitored for many years, giving thieves ample time to wreak havoc. For example, a recent survey conducted by Experian found that 45 percent of respondents didn’t discover they were a victim of identity theft until they were between the ages of 16 and 18.  Additionally, more than half of those surveyed didn’t discover they were a victim of child identity theft until they applied for credit as an adult or when they received a bill or credit card in the mail.

The emotional toll this crime takes on its victims is also worth noting. The survey discovered that 35 percent of the child identity theft victims surveyed sought professional help in dealing with related stress, anxiety, anger or depression related to the theft; 68 percent said they are fearful it could happen to them again; and 65 percent are angry about the credit roadblocks they have faced. Furthermore, 10 years later, 1 out of 4 victims surveyed are still dealing with the issues and 81 percent of them remain concerned about their ability to get approved for credit in the future.

As illustrated in the survey, the effects of child identity theft can be long lasting and although this crime is not completely unpreventable, parents and legal guardians can take the necessary steps to minimize their children’s risks. For starters, many parents/legal guardians don’t realize that they might be unintentionally putting their child at risk of identity theft by carrying their Social Security card, giving out this number to entities that don’t legally need it (doctor’s office/hospital) and by not being proactive.

Interestingly enough, the survey revealed that when the parents discovered the child identity theft, their children were 14 years old on average, whereas if the child found out about the theft themselves, they were 19 years old on average. What parents don’t often realize is that they might be able to discover this theft even sooner, which could potentially save their children years of headache.  First, parents need to be on the lookout for signs of child identity theft, which include the following: protecting their Social Security number, monitoring their children’s personal information, social media and online activity, paying attention to privacy policies and teaching them about identity theft risks. Second, they might consider doing Experian’s free Child ID Scan, which is a one-time service for parents or guardians to check if an Experian credit report exists for their child. If you do find out that your children’s information has been compromised, we recommend contacting the Identity Theft Resource’s toll-free number at 888-400-5530 to speak to an experienced advisor who can inform you about the necessary steps to take to resolve the issue. You can also use their live chat feature on their website at: www.idtheftcenter.org

Taking small steps to protect your child’s identity can not only greatly reduce their risk of becoming a victim but it can also help them in the long run.

Experian proudly provides financial support to the Identity Theft Resource Center.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

One of the great mysteries of social media—apart from why people need to share photos of their dinner—is what makes someone post false information without hoping to gain from it. These hoaxes sometimes end up going viral and taking on a life of their own, and the original sender only gets a little temporary boost in their visibility online.

There have been a lot of Facebook scams over the years and more than a few hoaxes, too. The key difference between the two is that scams and fraud seek to steal your identity, your money, access to your computer or account or some other criminal gain. Hoaxes, on the other hand, seem to only bring joy to the creator when they watch how many people share the misleading or false information.

A recently reported double-hoax playoff of changes to Facebook’s algorithms, while also requiring the “copy-paste” behavior to make it spread. Earlier this year, Facebook announced that it would adjust what types of posts and content showed up in your feed to make less relevant, commercially-based posts appear less frequently. It didn’t take long for people to assume Facebook was censoring posts and blocking some of your friends.

This hoax takes that fear to a new level and urges participants to “sneak” into a separate Facebook news feed, accessible only by copying and pasting their message into a new post. The message specifically states that you will be able to “bypass” Facebook’s algorithms and see posts from friends you haven’t heard from in years.

Unfortunately, it’s not true. There is no secret backdoor Facebook newsfeed hidden beneath fancy computer code, and copying the message to share with all of your friends will only highlight the fact that you  fell for a phony message. Sadly, engaging in comments to inform your friends that their post is a hoax will have the same engagement effect and cause the hoax to continue to spread.

Whenever you come across a social media hoax, it’s better left untouched. Don’t click “like” or any of the angry/frustrated emojis, don’t comment on it and don’t share it, even accompanied by a message that warns people of the hoax. Any engagement you give it simply gives it more visibility and power. If there is anything dangerous or compromising about the post that could lead to loss of money or data, try to message the person who shared it privately and explain the issue.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

With its global crime-fighting efforts, the FBI can monitor potential criminal activity in an effort to take preventive action. One of the many important industries that the agency can protect this way is the financial sector. Recent discoveries have already prompted the FBI to issue a warning to banks and financial institutions: we have reason to believe a global-scale cybercrime is about to happen.

Specifically, this cybercrime targets ATMs, forcing what’s known as an “unlimited operation,” or “ATM cash payout scheme.” Essentially by combining malware infections at various banks with stolen card information onto magnetic stripe card blanks, thieves can bypass the usual account balance limits and daily withdrawal limits to steal millions of dollars through ATMs.

These kinds of attacks aren’t new, and law enforcement agencies have even managed to arrest a bad guy or two for this specific category of crime. The real obstacle, though, is that global crime syndicates can enable the theft of millions of dollars from ATMs before anyone notices what’s happening.

Many banks stock their ATMs with a fresh supply of cash for the weekend or a holiday since the bank won’t be open to help customers, so the FBI has already warned that an attack could take place at times like these.

The FBI had some vital tips for banks concerning this possible incident. While you can’t stop a global crime syndicate, there are a lot of things you can do to help:

1. Don’t panic – Your gut instinct might be to run to the bank and withdraw a lot of cash as a safety net, but that doesn’t help anything. It’s far more important to keep your head and continue with your everyday financial behaviors.

2. Monitor your accounts – After any kind of POS or data breach, consumers are urged to check their account statements. This time, we mean it! Checking your accounts right now—literally, right now—for any signs of suspicious behavior and then reporting that behavior to your bank could mean that your stolen card information (the one thieves transferred onto a blank magnetic stripe card) won’t work when a thief tries to use it. You could be one less card that gives them access to the bank’s money. So check your accounts and spread the word!

3. Report strange activity – Take immediate action if you find anything out of the ordinary in your account statements as this could indicate someone has been in your account. If someone accesses your account, they might copy it onto a blank card.

Again, one of the most important things you can do is not panic. As word spreads, there may be social media posts that end up spreading misinformation to a viral audience. Help others know fact from fiction when it comes to the impact of this crime.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

Labor Day is just around the corner, and perhaps no one is looking forward to the long weekend more than scammers and identity thieves. The three-day holiday lends itself to a wide variety of ways to steal your money, your personal data or both, so it’s important to brush up on how to spot a possible scam in order to avoid it.

Travel Scams

This particular holiday is traditionally a time for families to take one last quick getaway for the season. In 2015, travel and road service organization AAA said that an expected 35.5 million Americans travel over the three-day weekend. Unfortunately, another statistic can put a damper on those plans: according to the Better Business Bureau, vacation scams cost U.S. consumers around $10 billion per year.

While the internet has grown into an excellent resource for finding steep discounts and bonus packages on travel, accommodations and meals, it’s also a snare that can lead straight to a scammer. It’s important to be on the lookout for flashy pop-up ads, awkward or incorrect wording and spelling in emails or deals that are so cheap that they’re not believable. Remember, just clicking a link and looking into some of these deals can have repercussions if the website the scammer created installs malicious software on your computer.

Play it safe and only use trusted companies to book your hotel, flight or other vacation needs.

 

Skimming

Thieves can insert skimming film into the card reader of a gas pump, point-of-sale system, even a restaurant payment card machine, and that film can nab all of the account information off your card. It’s then transferred onto a blank magnetic stripe card and used in physical locations (which will not necessarily trigger a “suspicious purchase” alert from your card since the card was present at the transaction). You need to be on the lookout for this common holiday travel pitfall, even if your travel plans don’t take you any farther than the local lakeside or park.

If a gas pump or POS payment machine looks tampered with, you might consider using a different pump, going into the store to pay or even using a different payment method. If you’re eating out and the server has to leave with the card to make payment, you could also fall victim to skimming. It’s always a good idea to look over your account statements routinely, but especially after any kind of holiday or major event.

 

Shopping Scams

Are you staying home this year? Labor Day might be a great time to take advantage of a number of sales and discount specials, but buyer beware, phishing emails that offer you massive discounts can redirect you to phony websites. Once there, you enter your personal information and payment card account, only to have it stolen by a scammer.

Fortunately, many retailers—both physical and online—advertise their upcoming holiday specials in advance. If you’re buying a high-end item, you should have plenty of time to look for the best deal and find the most reputable retailer.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media