In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

Securing Our Nation’s Critical Infrastructure Is Everyone’s Responsibility

In Week 4 of #CyberAware Month we’re emphasizing the importance of securing our critical infrastructure and highlighting the roles the public can play in keeping it safe.

A nation-wide pizza chain made news in 2018 by announcing a new contest: nominate your town for pothole repair. The very endearing marketing tactic asked customers around the country to explain why their town deserves a little roadway TLC in order to keep pizzas from bouncing around the car on the way to their tables. One winner would be chosen, and the chain would fund pothole repair for that city.

As fun as that sounds, maintaining and protecting our infrastructure isn’t a game, especially when it comes to the real threat of cyber attacks. These coordinated attacks can disable anything from our power grid, telecommunications and E-911 systems, water supply and sewage and more. Taking down even one of these vital utilities with a cyber attack would have devastating consequences while targeting more than one system could cripple entire sections of the country.

October is National Cyber Security Awareness Month, a project hosted by StaySafeOnline. This year’s theme is “Our Shared Responsibility,” and each weekly theme focuses on how consumers, businesses, and stakeholders can play key roles in protecting against hacking, data breaches, and other related crimes.

But how are members of the public supposed to prevent a large-scale hacking event that aims infrastructure? It’s one thing to update your home computer’s antivirus or log out of your sensitive accounts when you’re not using them, but those behaviors will hardly stop highly-skilled operatives from threatening a country’s water supply.

Or can they? Can the security behaviors you adopt prevent the next widespread cybercrime? StaySafeOnline certainly thinks so, and will offer crucial information to the public on ways that they can take an active role in securing our country’s infrastructure: “Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic consequences for our nation.”

One of the most obvious ways that consumers can protect these necessary resources starts with protecting their own networks. Your home computer, your smartphone, and your Internet-of-Things connected devices are all sources of potential vulnerabilities. If you’re in any way connected to the public utilities—even theoretically something as mundane as paying your electric or water bill online—it could result in fraudulent access to the utilities if hackers gain access through your computer.

By securing your own devices and networks first, you’re possibly preventing a cybercriminal from compromising your device and using that connection to gain access to a “bigger fish.” Third-party attacks, commonly associated with small businesses who have connections to larger corporations, are a recognized avenue of attack. The Black Friday data breach that affected Target in 2013, for example, was eventually traced back to a third-party vendor who worked on the refrigeration units for a small number of Target locations.

Safeguarding your own network and devices is always a smart thing to do, and it can prevent a lot of headaches for you down the road. In today’s connected digital climate; however, your own security steps just might protect us all.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

October is National Cybersecurity Awareness Month, and there’s no bigger “holiday” for those who work in information technology, digital safety and tech security. Okay, that might be a tiny exaggeration; However, it is safe to say this: cybersecurity professionals keep our internet and networks safe from hacking, data breaches, scams and fraud, and there simply aren’t enough cyberheroes doing the job.

Just in 2017, data breaches hit a new record high of 1,579 breaches, indicating a drastic upturn of 44.7 percent increase over the record high figures the year before. Fortunately, there’s never been a better time to pursue a career in computer security or data protection. The theme for week two of NCSAM is to highlight the intense need for highly-skilled, dedicated professionals who are interested in the landscape of modern crime and warfare known as our computers and the internet.

But who has the chance to become a superhero? Anyone! Only two years ago, there were an estimated one million unfilled jobs in the U.S. in the cybersecurity field, and that number is expected to be 3.5 million by 2021. There has never been a better time to consider this field, and there may have never been a more critical need than right now.

1. Middle school and high school – It’s never too early to begin learning about data breaches, information technology, cybersecurity and other tech-related subjects. Unfortunately, you’d be hard-pressed to find more than a few high schools even offering this type of course. There are some really dynamic online sources for teens, though, and the first step is simply to get students interested in the field and talking about the subject.

2. College and career – More and more colleges are offering cybersecurity degrees, and many of those schools even offer a fully online bachelor’s degree in the field (after all, you’re going to be working online a lot, you might as well earn your degree that way!). The programs have grown in number to the point that multiple sources have already ranked colleges’ and universities’ cybersecurity degree programs according to best value, best education, highest number of graduates working in their field and more.

3. Returning learners – For one reason or another, the average person changes careers between five and seven times during the span of their work life. Some of the reasons include better pay or benefits, more flexibility, a lack of opportunity in their previous field, or simply the chance to reinvent themselves after years in a fulfilling career. Cybersecurity is relatively new, it’s constantly evolving, it’s an incredibly high demand, and for some, it’s a job that a professional could do as a freelancer or from home. All of those factors make cybersecurity and information technology exciting possibilities for older, non-traditional or returning students.

No matter why you consider the cybersecurity field, there’s never been a better time to take on the challenge. It’s a widely recognized and highly sought after area of study while also serving the greater good and protecting the public. (The $100,000+ average annual salary doesn’t hurt, either.) If you’re looking for an exciting opportunity that can offer you variety mixed with longevity, talk to a college, university or career counselor about cybersecurity.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Our Shared Responsibility Begins at Home

National CyberSecurity Awareness Month, an annual cybersecurity experience hosted by Stay Safe Online, has officially kicked off its 15th year. This October event, which brings together stakeholders from every level of online security, is geared towards everyone from top-tier cybercrime analysts to the most vulnerable everyday internet users. The goal remains the same each year: to ensure that the most up-to-date information on cybersecurity is accessible to all users and is at the forefront of their tech decision-making.

This year’s month-long theme is “Our Shared Responsibility,” but the focus of week one is how cybersecurity begins at home. Lessons on every aspect of our physical and emotional safety begin with those who care about us the most, and internet safety is no different. Creating an environment of secure internet access and understanding leads to life-long Cyber Aware users.

To know what lessons to impart, parents and other caregivers need to understand the changing needs for all users within the home. Young children might only enjoy a few minutes of screen time on a tablet with specifically chosen apps, while older teens gain more and more responsibility—and exposure—through social media, browsing, the “latest” app that everyone’s talking about, and more.

At every age and for every user in a household, the privacy and security pitfalls can change. That’s why it’s essential to remain in the know about the kinds of cybersecurity issues that different people may face:

  1. Young children – For most youngsters, it may be up to Mom and Dad to enter their information into an age-appropriate account, so it’s also up to the parents to understand what information they’re sharing, what permissions they’re granting, and where that information can end up. Understanding what kinds of data breaches have taken place in the past can also help, such as the VTech breach or ones involving public schools and doctors’ offices.
  1. Preteens and Tweens – Every generation has thought that kids were growing up too fast these days, but when it comes to technology—especially unsupervised access to it—that may be truer now more than ever before. The average age for US kids to get their first smartphone is now ten years old, and that can mean unprecedented access to the internet, downloadable apps, social media, and more.
  1. Teens and Young Adults – One of the most commonly associated cybersecurity issues for young adults is probably cyberbullying, especially on social media, but that’s just one of the many dangers this age group can face. While it’s important to discuss proper behavior online as well as what to do if they’re targeted, it’s also vital that parents discuss scams, fraud, identity theft, hoaxes, and more. One staggering statistic, for example, has shown that senior citizens may be more likely to be targeted by a scammer, but Millennials are the ones who lose more money to online scams and fraud.

No matter what age your family members may be, NCSAM is an excellent time to explore your privacy, security, and overall digital safety.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

With its global crime-fighting efforts, the FBI can monitor potential criminal activity in an effort to take preventive action. One of the many important industries that the agency can protect this way is the financial sector. Recent discoveries have already prompted the FBI to issue a warning to banks and financial institutions: we have reason to believe a global-scale cybercrime is about to happen.

Specifically, this cybercrime targets ATMs, forcing what’s known as an “unlimited operation,” or “ATM cash payout scheme.” Essentially by combining malware infections at various banks with stolen card information onto magnetic stripe card blanks, thieves can bypass the usual account balance limits and daily withdrawal limits to steal millions of dollars through ATMs.

These kinds of attacks aren’t new, and law enforcement agencies have even managed to arrest a bad guy or two for this specific category of crime. The real obstacle, though, is that global crime syndicates can enable the theft of millions of dollars from ATMs before anyone notices what’s happening.

Many banks stock their ATMs with a fresh supply of cash for the weekend or a holiday since the bank won’t be open to help customers, so the FBI has already warned that an attack could take place at times like these.

The FBI had some vital tips for banks concerning this possible incident. While you can’t stop a global crime syndicate, there are a lot of things you can do to help:

1. Don’t panic – Your gut instinct might be to run to the bank and withdraw a lot of cash as a safety net, but that doesn’t help anything. It’s far more important to keep your head and continue with your everyday financial behaviors.

2. Monitor your accounts – After any kind of POS or data breach, consumers are urged to check their account statements. This time, we mean it! Checking your accounts right now—literally, right now—for any signs of suspicious behavior and then reporting that behavior to your bank could mean that your stolen card information (the one thieves transferred onto a blank magnetic stripe card) won’t work when a thief tries to use it. You could be one less card that gives them access to the bank’s money. So check your accounts and spread the word!

3. Report strange activity – Take immediate action if you find anything out of the ordinary in your account statements as this could indicate someone has been in your account. If someone accesses your account, they might copy it onto a blank card.

Again, one of the most important things you can do is not panic. As word spreads, there may be social media posts that end up spreading misinformation to a viral audience. Help others know fact from fiction when it comes to the impact of this crime.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

When new technology comes along, it might take a matter of years or only a matter of days for a highly-skilled hacker to figure out a way to break in. With any luck, the person who breaks into the system is what’s known as a “white hat hacker,” or someone whose expert-level skills are put to use helping stop criminal activity instead of benefitting from it.

When security analyst Ryan Stevenson breached Comcast’s Xfinity website portal, it seemed like a frighteningly easy task. It simply required him to match up readily available IP addresses—basically, your computer’s code name onto the internet—with the in-home authentication feature that lets users pay their bills on the telecom provider’s website without having to go through the sign-in process. Another vulnerability allowed Stevenson to match users to their Social Security numbers by inputting part of their home mailing addresses—something that the first vulnerability exposed—and guessing the last four digits of their SSN.

Guessing the last four digits of someone’s SSN might not sound that easy, but it only takes seconds for a computer to do it with the right software. The flaw in the website allowed the computer to make an unlimited number of guesses for a corresponding mailing address, so it took very little time for the code to reveal complete Social Security numbers.

This vulnerability is believed to have affected around 26 million Comcast customers.

Comcast issued a patch a few hours after the report of the flaws. The company responded to requests from news outlets with an official statement to the effect that they have no reason to believe anyone other than Stevenson accessed this information. They also don’t believe that the vulnerabilities are related to anyone with malicious intent. Just to be safe, though, the company is continuing an investigation into how the flaws originated and how they might possibly have been used.

In the meantime, Xfinity customers would do well to monitor their accounts closely. This could potentially affect other accounts, not just their telecom service accounts, as Social Security numbers, names and mailing addresses were visible.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Social media has changed the way people interact with each other in both good ways and bad ways. It’s amazing to connect with people all around the world or to find a long-lost classmate from seventh grade. It’s something else altogether, though, to find yourself in a compromising situation because of something you posted online.

One of the more recent features of different social media sites like Facebook, Instagram or Twitter is the ability to broadcast live video to your followers. This feature can be fun and entertaining or even educational, but if you’re not sure how the platform works or what kind of surroundings you’re broadcasting from, you may be unhappy with the results.

1. How long is my video accessible, and who can see it? – Those questions depend on the platform you’re using. Twitter’s Periscope or the Meerkat platform, for example, are available to anyone who chooses to click on your name. Facebook Live can be limited, meaning you can broadcast to everyone or just to your friend’s list. Instagram Live, though, is by default set to allow anyone to see your video; you have to adjust that setting yourself if you want to keep it private.

As far as how long the video is available, there are key differences you should know before you press the button to go live. Instagram Live videos are gone the moment the camera turns off, but Facebook Live videos can repeatedly be viewed and at a later time.

2. What’s going on around you? – You’ve probably seen some viral videos with hilarious background images, such as an adorable wedding couple sharing the first kiss during their beach ceremony only to have a man in a tiny swimsuit standing behind them. It’s not so funny when the visible area behind your video contains anything incriminating, illegal or simply embarrassing.

Remember, depending on the platform and the settings, you might not control who can see your video. If anything behind you is a dead giveaway for your location, any of your identifying information or even the answers to typical security questions (i.e., posting a video on your birthday and mentioning it), you might be sharing far more than you intended.

3. Is this content allowed? – Each platform has regulations for what is and isn’t permitted, and it’s up to you as the user to know what they are. Obviously, behavior that violates copyright—like broadcasting live from a concert, movie, or other ticket-holder events—is a no-no; even if you don’t necessarily get in trouble, it’s still theft, and it’s wrong. Broadcasting live for anything other than journalistic reasons from a crime in progress can also land you in hot water with both the platform and law enforcement.

If you want to go live on social media, you need to be smart. Know how your platform works, understand your privacy settings and surroundings, and make sure it’s approved, beneficial content… then smile for the camera and enjoy!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you’ve used the internet for any amount of time, there’s a good chance you’ve received plenty of phishing emails. Nigerian prince emails, foreign lottery winner emails and even “if you don’t pay the ransom, you’ll never see your son again” emails, all of which are designed to get you to hand over your identifying information, your money or both.

But now that phishing emails so widely recognized for the scams they are, savvy thieves have a new trick up their sleeves: phishing websites. How do these work? They masquerade as the real deal, tricking you into entering your credit card info, downloading a harmful software, filling out the registration form with your sensitive data or some other similar tactic.

Try this example: You head over to Amaz0n.com or PayPaI (notice the zero instead of an O and a capital letter I instead of a lowercase l) and enter all of your information, update your payment information or bank account, verify your account identity or some other mechanism for stealing from you. You never knew you weren’t on the correct site and the scammers stole everything.

“But I’m never going to type A M A Z (zero) N,” you might be thinking, and you’re probably correct. The hackers know that too, so that’s not how they target you. Instead, they get you to click a link in an email, a social media post or ad, a text message, or some other form of communication. You see what you think is an email from Amazon, either offering you some incredible deal or telling you there’s a problem with your recent order, and you click the link provided in the very professional-looking message. The link redirects to a fake website, though, even though the email domain name and the web address look close enough to the real thing to fool anyone who isn’t paying attention.

Fortunately, avoiding fake websites is almost as easy as ignoring those pleas for help from deposed Nigerian royalty.

  1. Develop the habit of NEVER verifying your identity or account information to someone who contacts you. Whether it’s by phone, email or a website, do not click or enter any personal data or payment details if you didn’t type in the web address yourself. If you think there could actually be a problem due to a message you received, get out of that message altogether and go to the website yourself, typing in the web address (you know, to avoid typing a zero instead of a letter O!).
  2. Check the website designation before doing anything. Even if you’re shopping on your favorite retail site or uploading photos to your favorite social media platform, give a quick glance at the top of the screen. Secure sites will have an HTTPS designation before the “Amazon.com” instead of HTTP. If the S is missing, your data should be missing, too!
  3. Check with the entity directly. Most major websites have had copycats steal their logos and try to convince unsuspecting users to click over to the fake site. Amazon and PayPal are just two common ones, but iTunes, Facebook, Citibank and other major financial providers, and other highly visible names also have similar fake sites.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The high-tech world of hacking means the bad guys have a lot of digital tools at their fingertips. Now more than ever, the automation behind stealing your account access means consumers need to practice the strongest password security they can.

Unfortunately, some consumers have continued to ignore years of expert warnings when it comes to password strength. SplashData, who publishes the annual list of the most commonly used passwords as compiled from leaked credentials, found that in 2017, “123456” was still the world’s most common password. That was followed by “Password,” “12345678” (thanks to websites that are trying to protect their users by requiring longer passwords), “qwerty,” and others, such as “admin” and “letmein.”

“But ‘password’ is so obvious that no hacker would ever think I’d use that… right?” Sadly, that’s not how credential cracking works.

The term credential cracking refers to the systematic, automated breaking of your username and password with the use of high-speed bots. Following a large-scale data breach, a hacker simply uses a large database of usernames and allows the computer to “guess” the passwords for each one. Some credential cracking software can make billions of guesses per second.

In short, no one is sitting at a computer with your username, typing in guess after guess until they reach your password. Their software does it for them and it does it with fairly strong results. There has even been a reported uptick in the numbers of failed login attempts on major consumer websites following large-scale data breaches, indicating that hackers are using the stolen information and their bots to “guess” passwords.

As bad as this development is, it’s not the only bad news. If you’re one of the many consumers who reuses passwords, any cracked credentials that a hacker has on you can lead them right to your other accounts. Using stolen information and cracking tools to guess your email or social media login, for example, would also give the hacker access to your Amazon, PayPal, online banking or other sensitive accounts if you’re reusing your password.

In order to fight back against this high-tech break-in, your account passwords must be strong and unique. Lengthy strings of uppercase and lowercase letters (that do NOT spell a word!) combined with some non-sequential numbers and symbols can help ward off even the most devoted little bot. Using that password on only one account is crucial to preventing multiple accounts from coming under attack.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.