Last August, Facebook released their Facebook Messenger app for smart phones. This app is great for communicating with large groups of people (like party planning) so that everybody is involved, and also for allowing a friend to locate you in case you are lost or are meeting up at an unfamiliar location. In many ways, this app is a great convenience to many people and does make communication easier, but like with all social networking, users need to know about the privacy concerns and what they need to keep in mind to protect themselves.

The number one thing that consumers have shown concern for is the GPS tracking. When messaging somebody you can have it show everybody in the conversation your location via GPS. They all can see where you are messaging from and use GPS to get directions to you. Though is very useful in some situations, it is important to only use this function when necessary. You might not know everybody who is participating on messenger, nor do the people viewing your conversation have to be on your friends list to see your texts. Be sure you know who you are giving your location to and turn the function off if you aren’t sure.

This situation dovetails into another concern many consumers have. This new app does show everybody invited to the conversation. However, until they make their first post, it only shows their first name. This means, if you know 3 people named “Dave” you don’t know which one could be invited to chat until they say something. This can cause some awkward and embarrassing moments to those who aren’t careful. It also means that people you don’t know could be invited to the conversation and you might think it was actually a friend. Be careful with what you post. Make sure you know everybody before stating things or giving away your location.

The last item that has consumers concerned is that you can tell if a message you have sent has been read or not. For general purposes this is useful, but somebody could use this information to spy on you. It is also a way for spammers to know if your Facebook profile is active and if you have connected your phone to it. By knowing if you have read a message, they could then send you more messages in an attempt to trick you and steal your identity. You cannot turn this function off. The best thing you can do is delete anything that looks suspicious.

“Is Facebook’s New Messenger App a Privacy Risk?” was written by Kat Rocha. Kat is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Chances are you have a lot of accounts. Personally I have accounts (and passwords) for sites that I don’t even remember. And while I have more accounts than most due to my profession, I would bet many people deal with the same problem I do: Password Overload. Password overload is when you attempt to use your Pinterest, Twitter, work email and university login passwords (one after another) to get into your Money Market Account only to be locked out. Now you have to go into the branch with photo ID, or endure the dreaded “customer service hotline” (not-line) to prove that you are not indeed a thief. Maybe you haven’t experienced such an ordeal, but everyone has experienced something similar.

The problem seems like it could be easily solved by using the same password for everything. One password to remember, and no more jumbling through your notebook trying to find what password you used for your newest account creation or Facebook app. The problem with this approach is that if you are using the same passwords for all of your accounts, then if someone manages to get the password for say, your Instagram account, they would probably be able to drain your savings account, phish your family for personal information (such as your Social Security Number), or rack up a warrant in your name for writing bad checks…. This could all happen because you logged into Facebook at the internet café and re-use the same password for multiple accounts.

So, what do you do if you don’t want to tattoo 25 passwords on your arm (P.S. You would probably now have a MySpace log-in that would need to be covered up) and you don’t want to end up cuffed for felony check fraud? The answer is a password manager. This new service was created so that users can remember just one password, yet have access to all other passwords. The best part is that you can have access to these passwords from anywhere as most of the new password managers are internet based. As the need for password management increases, the options consumers have grown leaving even the strictest cybersecurity aficionado pleased with the service.

A few things you should look for when finding a password manager are:

  1. Is it cross platform? Will it work on your iPhone and your PC?
  2. How is the information (your passwords) encrypted?
  3. Does the service sync or will the user need to update the database every time they sign up for a new account?
  4. What is the initial authentication process and how strong is it?
  5. How reputable is the company who created the product and what is reported about the product itself?

By asking yourself these questions you should be on your way to making sure that your passwords are protected and you won’t lose your mind trying to keep track of them all. Just make sure you protect your login credentials for your password manager…. like really, really well…

“Too Many Passwords? Handle It…” was written by Nikki Junker. Nikki is the Social Media Coordinator at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Are you considering selling your old laptop or smartphone? As some of us may be aware, deleting files or data from these mobile devices is not enough. The truth is that some of what we think are “files” in these devices are actually “shortcuts,” and deleting these from the devices will not delete the files themselves. Nowadays, personal computers and mobile devices, such as smartphones have replaced the old paper-file method for storing or even doing work. If you are thinking about selling or donating your personal laptop or any of your mobile devices, there are some precautionary steps you may want to take in order to ensure that any personal or sensitive information does not get left behind. Sensitive information left behind can be retrieved and pose a serious problem.

For computers there are two methods for getting rid of files or information stored in hard drives. These two methods are called reformatting and wiping the hard drive. When you format your computer, the files on the disk are not completely erased; it means the address tables are – where a search will prevent the files from being easily located. Formatting the disk is much more than deleting files, however, it is important to understand that it is not completely secure. Reformatting a drive may still allow your data to be recovered, making you susceptible to data theft.

So, it will all depend on the data you have stored in your device. Think about what you have used your computer for. If you have used your computer for online banking, paying bills online, personal email, storing income tax return forms, and/or other important documents – you may want to consider disk wiping. Disk wiping is the other alternative for computers – it removes software and data from the hard drive. The process of disk wiping overwrites your hard drive. If you are getting rid of your laptop, you may want to consider performing a disk wipe service. If unfamiliar how to perform it, there are technical support groups who may be able to perform this task for you.

Here is a link to an excellent short article on this practice: http://enterprisefeatures.com/2012/02/disk-formatting-vs-disk-wiping/

On the other hand, let’s talk about smartphones. It is said that if you have a Blackberry or Apple device – that data wiping will completely remove any stored data on your device. Therefore, you shouldn’t be worried about the possibility of someone hacking into the operating system and retrieving your data. You may either install wiping software or for these two devices, use the factory settings for data wiping. Now, we know there is a third party missing – the Android operating devices. There has been recently publicized advice that if you are considering getting rid of your Android device, that you are better off keeping it rather than letting it go.

Android devices also offer a factory data reset, where all the data on your phone is erased. While the phone is in use, the user can also setup data encryption, where all personal data on the phone is encrypted. In addition, files can be encrypted to your memory card and internal phone storage – you’ll find this under the storage encryption option. Regardless of the type of smartphone you use, you need to be aware of all the information it harvests, and make certain that data is not given away when you are done with the phone.

Ultimately, the truth of the matter is your security depends on the type of information or data you have stored in your device. Often times, if we store personal identifying information or sensitive information that can lead to identity theft, we should be very concerned of the possible threat if we haven’t taken the measures to appropriately delete or erase the data. Exercise precaution.

“Botnet,” has become commonplace terminology in the world of cyber-security. This term is used to refer to a network of private computers (or bots) infected with malicious software and controlled as a group without the owners’ knowledge. Major breach and hacking events over the past few years have awakened many to the potential dangers created by hackers with the ability to utilize other individual’s computers remotely.

Botnets are commonly used to mass email spam, malware, viruses, or to overload a specific website with so many simultaneous requests that it overloads the site causing it to temporarily shut down (commonly known as a DDoS attack).

Last week, the US Federal Communications Commission (FCC) launched a new voluntary U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs). It creates new opt-in procedures for ISPs who are dealing with the networks of enslaved zombie computers.

According to FCC Chairman Julius Genachowski, “The recommendations approved [last week] identify smart, practical, voluntary solutions that will materially improve the cyber security of commercial networks and bolster the broader endeavors of our federal partners. Among these recommendations, were things such as: increasing end-user education to prevent bot infections; more aggressive and assertive detection of bots; notification to law enforcement government and consumers of potential bot infections; remediation of bots; and collaboration and sharing of information.”

Many large providers such as AT&T, Sprint, Time Warner Cable, and CenturyLink have all voiced their approval of this approach. They perceive there will be several benefits. The idea is to increase consumer goodwill through taking this active role in anti-bot activities. Some of the expected benefits of this new initiative are fewer calls to help desks from customers with infected machines, reduced upstream bandwidth consumption from denial-of-service (DDos) attacks and spam, and a drop in spam-related complaints.

“Introducing the New FCC Anti-Botnet Code” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

A recent study done by a cyber security firm known as F-Secure, found that 58 new threats to the Mac operating system were discovered between April and December of 2011. It is a commonly perpetuated falsehood amongst consumers that viruses and malware are only issues for PC platforms, not Macs. Unfortunately, this is a fallacy. Viruses are like any program; they have to be written with platform specific languages, with instructions written for that machine, operating system, type of processor, etc. What this means in simple layman’s terms is that in order to infect a Mac, you must develop software designed for a Mac.

Mac malwareSo while it is technically true that Macs have historically been far less likely to become infected with a virus or malware, the reasons for this discrepancy should be examined. Is it really that Macs are so much more secure? The reality is that Macs are only less likely to be infected…so far, because there are less of them in operation as opposed to PC platforms. As such, they represent a lower possible return on any investment in time and money a cyber criminal or criminals may choose to invest in developing and spreading malware. At this point, because the Mac operating system still owns a minority of the market share, it is comparatively safer than PC operating systems…for now. One scenario that could happen to make attacks on Macintosh computers more common: an increase of Market share of MacOS X computers. Macs must control enough of the market to entice profit-driven malware and viruses to be more commonly developed.

As Internet usage and personal computer ownership continues to become more common the world over, it is entirely plausible that niche-market viruses could develop to focus on Mac operating systems. Remember that while the Mac system is – at this point – more secure, it is more a result of being a less common target of cyber-criminals, and not because the system is inherently more secure. Be wary of links from people you don’t know, or spam emails, as one wrong click can expose your Mac to malware in the same fashion it would a PC. As Macs become ever-more popular, expect the number of threats to increase in a linear fashion.

“Think Your Mac is Immune to Malware? Think Again” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

M86 Security, a global expert in real-time threat protection recently published a security review on the most recent trends they are seeing in cyber-threats during the second half of 2011. After probing e-mail threat tendencies and the Web in general the report makes some interesting assertions. Most notably, taking note of spam trends, the study found that while spam emails on average diminished significantly from September to December of last year, the total amount of e-mail junk having malevolent attachments increased to over 5 percent from not even 1.

The study found that incoming amounts of spam declined to 70% of all incoming e-mail traffic during December 2011. While that seems a large number, when compared to the numbers in September, which were over 90%, it is clear that there was a significant down-trend in spam frequency Additionally, the study made note of the largest host countries for spam and malevolent email activity.

It was somewhat surprising to see that the USA at 51.4% was far and away the leader, with Russia in a distant second place at only 6%. The study showed the most prominent botnets were behind the maximum amount of e-mail junk. M86 reports that during 2011, personalized assaults have become increasingly sophisticated.

Direct assaults on national infrastructure and government sites rose through the use of key-logging. The overall gist of the study points to traditional email spam becoming less common. The threat of malevolent effect through email seems to have increased overall however, as targeted breaches and dangerous attachments to email have become more common. The study seems to indicate that email predators are switching tactics rather than reforming their practice. Be wary of emails from people you don’t know, and never under any circumstances download email attachments unless you are familiar with and trust the source of the email. Keep your anti-virus software up to date and contact the authorities if you feel you have been the victim of an email related scam.

“M86 Cyber Threat Security Review” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

In today’s world of commerce and travel, we’re all used to many public places offering free wifi to consumers. Open wifi connections are convenient. They allow us to leave the office and do work outdoors, do homework at a coffee shop rather than at home, or access important information almost anywhere. But though open wifi connections are great in public, they can lead to serious problems at home. Even today, thousands of homes do not have a firewall or security password on their wifi connection. These homes are broadcasting internet access, sometimes as far as a block away. Not only does this allow their neighbors to acquire free internet access, it can allow anybody within range to view the files that are on your computer, and download sensitive information such as your banking formation, tax documents, social security number, stored pictures, and anything else on your computer.

http theftIn rare instances, the thief used the victim’s computer to store illegal material such as child pornography so that the authorities wouldn’t find it on the thief’s computer. But luckily, there are several easy things that you can do to protect yourself from this intrusion.

  1. Install a Firewall – A firewall determines who has access to your family’s network and who doesn’t. Whoever has access can go online and share files between computers. It is always important to make sure your firewall is constantly ENABLED and that it recognizes which computers can have access as well as have a password to enter.
  2. You Need a Virus Scanner – regardless of if you have a Mac, PC, or Lenox based computer, you need to have a virus scanner. There is no such thing as a computer that is “virus-proof”. Hackers and criminals are clever and there is a code for every type of computer and program. A while ago, there was a virus code that could be imbedded in .jpg files. These viruses can open backdoors in your firewall, record everything you type, or allow thieves to insert other malicious programs or files onto your computer.
  3. Be careful about what you download. Some files on the internet may look harmless but actually contain malware such as Trojans. Pay attention to your virus scanner while downloading new products. If it doesn’t like a program, don’t download or install it.

Initial protection from outside intrusion of your wifi based network is relatively easy. If you need assistance setting up your firewall or picking a virus scanner, consult your local computer expert.

“Direct Connections to the Internet Protecting Yourself and Your Information Against Intruders” was written by Kat. Kat is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.

Imagine these scenarios:

You are on vacation and you open your laptop in your hotel room. You log into the public wifi network, and quickly agree to the Terms and Conditions (without reading them of course), and start to do your normal Internet activities. For just a second, you have a fleeting thought: “Is my computer at risk?” And then you begin your normal Internet activities and quickly forget all about it.

You are waiting to catch your flight in an airport and, after grabbing a cup of coffee and opening your laptop, you see that there’s a “Free Public Wifi” network available. You login to your banking account to transfer funds. You have a vague sense that you might not be doing something safe, but you figure that you’re only going to be online for fifteen minutes, so you’re probably okay, right?

How Safe Are Wifi Hotspots?

Many of us assume that using a wifi network at a hotel or airport is the same as logging into our network at home or at the office. But the risks of using wifi networks at a hotel or airport are exponentially greater than those experienced at home or in an enterprise setting.

For example, while sharing folders, printers, desktops, and other services can be useful at home or in the office, doing so is inappropriate on a public network, where competitors or hackers can access this information.

Most private networks use firewalls to defend users against Internet-based attacks. This is not necessarily true in public wireless networks, where security practices vary widely. You may assume you are safe from outside attacks, but you really have no idea whether any firewall lies between your laptop data and the Internet.

Business travelers willing to connect to any network that offers free Internet access are especially vulnerable to such attacks. It is literally impossible to tell the safe networks from the bad ones. Wireless eavesdropping is possible everywhere. Only a small percentage of public networks prevent wireless eavesdropping, and many networks leave wifi users completely responsible for their laptop security, with extensive or complete file and service exposure.

So What Should I Be Worried About?

Okay, so now you are probably aware that using a public wifi network while on the road exposes you to a lot of security risks. But what risks are we talking about exactly?

The following is a list of different types of hacks that can occur in public wifi hotspots:

Sniffers: Software sniffers allow eavesdroppers to passively intercept data sent between your web browser and web servers on the Internet. This is the easiest and most basic kind of attack. Any email, web search or file you transfer between computers or open from network locations on an unsecured network can be captured by hackers. Sniffing software is readily available for free on the web and there are 184 videos on YouTube to show budding hackers how to use them. The only way to protect yourself against wifi sniffing in most public wifi hotspots is to use a VPN, such as PRIVATE WiFiTM.

Sidejacking: Sidejacking is a method where an attacker uses packet sniffing to steal a session cookie from a website you just visited. These cookies often contain usernames and passwords, and are generally sent back to you unencrypted, even if the original log-in was protected via HTTPS. Anyone listening can steal this log-in information and then use it to break into your Facebook or gmail account. This made news in late 2010 because a programmer released a program called Firesheep that allows intruders sitting near you on a public wifi network to take over your Facebook session, gain access to all of your sensitive data and send viral messages and wall posts to all of your friends.

Evil Twin/Honeypot Attack: This is a rogue wifi access point that appears to be a legitimate one, but actually has been set up by a hacker to eavesdrop on wireless communications. An evil twin is the wireless version of the “phishing” scam: an attacker fools wireless users into connecting a laptop or mobile phone to a tainted hotspot by posing as a legitimate provider. When a victim connects, the hacker can launch man-in-the-middle attacks, listening in on all Internet traffic, or just ask for credit card information in the standard pay-for-access deal. Tools for setting this up are easily available (e.g., Karma and Hotspotter). One recent study found that over 56% of laptops were broadcasting the name of their trusted wifi networks, and that 34% of them were willing to connect to highly insecure wifi networks.

ARP Spoofing: Address Resolution Protocol (ARP) spoofing, also known as ARP flooding, ARP poisoning or ARP Poison Routing (APR), is a technique used to attack a wireless network. ARP spoofing allows an attacker to sniff traffic on a LAN and modify or stop the traffic altogether. This attack can only occur on networks that make use of ARP and not another method of address resolution. ARP spoofing sends fake, or “spoofed”, ARP messages to a LAN which associates the attacker’s MAC address with the IP address of the victim. Any traffic meant for the victim’s IP address is mistakenly sent to the attacker instead. The attacker could then forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack). The attacker could also launch a denial-of-service attack against a victim by associating a nonexistent MAC address to the IP address of the victim. A successful APR attempt is invisible to the user.

“Free Public Wifi” Rogue Networks: “Free Public Wifi” networks are ad-hoc networks advertising “free” Internet connectivity. Once you connect to a viral network, all of your shared folders are accessible to every other laptop connected to the networks. A hacker can then easily access confidential data on your hard drive. These viral networks can be used as bait by an Evil Twin. “Free Public Wifi” networks turn up in many airports. Don’t connect to these networks and you won’t infect your laptop. If you find this kind of network on your laptop, delete it and reconfigure your adapter to avoid auto-connecting to any wireless network.

Man-in-the-middle Attacks: Any device that lies between you and a server can execute man-in-the-middle attacks, which intercept and modify data exchanged between two systems. To you, the man-in-the-middle appears to be a legitimate server, and to the server, the man-in-the-middle appears to be a legitimate client. In a wireless LAN, these attacks can be launched by an Evil Twin.

You Should Know What You Are Agreeing To

Remember those Terms and Conditions that you agreed to and didn’t read? Well, we’ve actually read them, and here is what some of them say:

  • Starbucks: It is the Customer’s responsibility to ensure the security of its network and the machines that connect to and use IP Service(s).
  • Boingo Wireless: There are security, privacy and confidentiality risks inherent in wireless communications and technology and Boingo does not make any assurances or warranties relating to such risks. If you have concerns you should not use the Boingo software or service. We cannot guarantee that your use of the wireless services through Boingo, including the content or communications to or from you, will not be viewed by unauthorized third parties.
  • JetBlue: Wireless internet connections such as that provided through the Service are not secure. Communications may be intercepted by others and your equipment may be subject to surveillance and/or damage. Since the wireless connection providing you with access uses radio signals, you should have no expectation of privacy whatsoever when using the service. Accordingly, in providing this service, JetBlue cannot and does not promise any privacy protection when you use the service. It is your sole responsibility to install and deploy technological tools to protect your communications and equipment that may be compromised by use of a wireless network.”

So How Can I Protect My Laptop?

Okay, so now you know how dangerous wireless networks can be, and the various kinds of attacks you may face when using them. So what specifically can you do to protect yourself and your data?

Below are some proactive steps you can take to protect yourself when using such networks, and services you can use that provide laptop security.

Disable or block file sharing

  • Enable a Windows Firewall or install a third party personal firewall
  • Use file encryption
  • Most importantly, use a VPN

The one thing that they all have in common is that it is your responsibility to protect yourself. The best way to protect your sensitive information is to use a Virtual Private Network, or VPN, which encrypts the data moving to and from your laptop. The encryption protects all your Internet communication from being intercepted by others in wifi hotspots. In addition, VPNs can prevent hackers from connecting to your laptop and stealing your data files.

The above article was posted on Friday, July 1st, 2011 by Jared Howe for Private WiFi. Private WiFi is a personal VPN software that encrypts your data in public wireless hotspots. Using our easy software prevents identity thieves from hacking into your emails, online banking, social media accounts, and other personal information. You can check them out at www.privatewifi.com.

When it comes to web browsers, you have options. The ultimate goal of any web browser is to provide people with a better Internet experience. Regardless of your preference, ask yourself what makes for a better Internet experience?

browser security

According to Firefox, they provide an “open community” where the key features are “openness, innovation, and opportunity.” It gives the users the ability to “shape their own online lives.” In terms of privacy and security, Firefox offers the add-on Flagfox 4.1.11 – said to provide several tools like site safety checks, malware checks, Whois (domain search – who owns the website), page code validation, and display of a flag to tell the user the location of the current website’s server, amongst others. This is supposed to add an extra layer of awareness to the user’s browsing experience, and the user has the ability the select these features or customize their own actions. Firefox’s goal is to be “unobtrusive” – thus, Flagfox does not actually track anything, nor does it send the information anywhere.

Google Chrome on the other hand, is dedicated to “help protect you and your computer from malicious websites as you browse the web.” This web search engine features safe browsing, sandboxing, and automatic updates. For Google Chrome’s safe browsing, users are informed with a warning message if the site they are visiting poses a malware or phishing threat – “Warning: Visiting this site may harm your computer!” Like Firefox, which also offers updates, Google Chrome offers automatics updates. These updates check for the latest security features, and require no action on behalf of the user. According to Google, their feature Sandbox adds an extra layer of protection by “protecting against malicious web pages that try to leave programs on your computer, monitor your web activities, or steal private information from your hard drive.” It prevents the self-installation of malware to your computer. Software Engineer, Nicholas Sylvain, notes that Sandbox was meant to be generic; therefore, it is not just limited to Google – which means that it can be used by others if they share Google’s “multi-process architecture.”

Whether your preferred web browser is Firefox or Google Chrome, both seem to place an emphasis on browser security – of course, through different approaches. Yet, nonetheless, they both express a deep concern for their users’ interests – an interest that lies in the power of the internet.

“Google Chrome vs Firefox: Which is safer?” was written by Gabby Beltran. Gabby is the Public Information Officer and a Bilingual Victim Advisor at the Identity Theft Resource Center.

2011 turned out to be a very big year for Twitter. The masses seemed to discover that this platform made it (seemingly) possible to contact their favorite celebrities, news outlets and politicians directly. However, while it will take some time for the dust to settle and see if Twitter will remain the connection powerhouse it became in 2011, one thing is for sure… Today’s Tweeps should think Twice before believing their Tweets.

twitter

By far, the largest Twitter account to be taken over was that of Lady Gaga. Just like everything Ms. Gaga does, her Twitter account hack turned out to be large and dramatic. With more than 7 million followers on the social networking platform, Gaga has an unprecedented public outreach capability. And this December, when her followers (or as she calls them her “little monsters”) were offered free iPads it actually did not seem too good to be true. Alas, her followers learned soon after the hack that the scam was just another phishing attack and that their heroine was not as generous as they had hoped.

Pop stars and screen sirens were not the only target of Twitter account takeovers. Politicians got their fair share of abuse as well. If we learned one thing in 2011 it was to not to transmit scandalous pictures via tweet and/or direct message as was evidenced by the media circus known as “Weinergate”. This event taught us that even if nothing is sent out to our followers publicly, the information within our Twitter accounts can harm us, as was evidenced by a hacker finding and spreading some NSFW images from the congressman’s Direct Message outbox.

Perhaps the most sought after hacks were those of news outlets. Fox News, NBC and USA Today had their streams taken over. A group which called themselves ‘The Script Kiddies’ claimed that they were responsible for the takeover of all three accounts. The damage was minimal, but the hackers did have the opportunity to tweet from NBC’s account, a false report of a high-jacked airliner that had crashed into Ground Zero. Perhaps though the damage was not done by what the hackers posted, but by the possibilities of what they could have posted.

And so in 2012 we are left with trepidation of what hackers have in store for us. The mayhem that could be, should our celebrities, politicians or news outlets become controlled not by popular culture or corporate responsibility, but by a bunch of teenagers lurking behind keyboards. It should be an interesting year.

‘Twitter Takeovers of 2011’ was written by Nikki Junker. She is Social Media Coordinator and Victim Advisor at the Identity Theft Resource Center.