Ah, another year has passed and we’re ready to jump into the future of 2019. First, let’s take a look back at our predictions from 2018 that came true. We discussed the potential of AI to stop hacking, scammer’s new techniques to take advantage of social media users and transparency in IoT devices.  Of course with the emergence of technology and cybercriminals evolving their techniques, unanticipated challenges have arisen.

2019’s focus will be on data: Data breaches, data abuses, data privacy.  Even though ITRC is first and foremost a victim service and consumer education organization, we know that the thieves need our data in order to perpetrate their fraud and identity theft.

Data breaches: Consumers will gain more clarity (about how a specific breach actually effects them.  Breached entities will be pushed to be more transparent and less vague about the specifics of the type of data that has been breached.  Vague terms such as “and other data” or “client records”, that appear on data breach notification letter currently will no longer be tolerated by breach victims. Thieves are always looking to get their hands on our data and with a little technique called “credential cracking,” we think we’re going to be seeing more security notifications, not just breach notifications in 2019. Here’s what’s going on: following a large-scale data breach, and in order to gain access to your online accounts, a hacker simply uses a large database of usernames and allows the computer to “guess” the passwords for each account they are attempting to log into. We’re beginning to see companies send security notifications to their customers that their username/email credentials are being used – possibly by an unauthorized user – to login to their platform even if there is no account (i.e. Warby Parker & Dunkin Donuts).

Data Abuses: The public will gain more insights into data abuses, not just breaches.  More incidents, like the Facebook/Cambridge Analytica event will come to light.  As we as consumers demand more transparency, and as regulators probe deeper, the ongoing act of using our data for other than the purpose for which we have given consent will come out of the shadows.  Consumers will also start paying more attention to the notifications they receive from businesses that say their information was shared with third parties and what that means for them.

Data Privacy:  Consumer empowerment around privacy and data privacy is top of mind in a way that it has never been before.  Other states will follow California’s lead and pass their own data privacy legislation in the hopes of empowering consumers and keeping industry in check. Especially seeing as California, Florida, Texas, New York and Pennsylvania (in that order) had the highest numbers of cybercrime reports last year.  This will likely not provide the much needed long term solution, or the necessary cultural shift.  Just look at the condition of the state by state data breach notification laws, and the years-long discussion (that’s at a stalemate by the way) of a more universal regulation and process.  Will we start that cycle over again here?  Probably. Until the public has a concrete understanding of the complex relationship between data creators (consumers), data owners (the platform on which the data was created, generally) and data users (every industry currently operating in the US) these statewide measures will fall short of making any real headway into actually giving us more control over our data or more privacy.

Even though it has been discussed for over 13 years, there is a good chance that 2019 will be the year that a federal data breach notification law will become a reality.  Of course, predictions are just an educated guess based on previous events and information. Industry, policymakers and the public alike will have to wait and see how 2019 will be impacted by identity theft, cybercrime, hacking and data breaches. One thing we can be sure of though is that the ITRC will be here, working to fight back against the latest techniques to commit identity theft and scams.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

Better than any Oscar nominations or National Basketball Association (NBA) rankings, there’s a different kind list that keeps cybersecurity experts and consumer advocates on the edge of their seats each year. This list, compiled from actual, intentional user mistakes, ranks the worst—make that “least secure”—passwords by how frequently they’re used.

Note: Why do far too many consumers continue to use ridiculously weak passwords? Because of a misunderstanding of how passwords are “guessed” by hackers. Despite what people might think, no one sits at a computer and types in one attempt after another. Instead, they deploy software that is capable of “guessing” random words, phrases and character combinations at literally billions of guesses per second.

(As one tech user said to the Identity Theft Resource Center when justifying the use of “password” as his online banking password, “It’s so easy no one would think to guess that one.” Unfortunately, that’s not how this works.)

This year’s list of worst passwords not only includes some that have been haunting the security industry for years, it also includes a few newcomers.

Taking the number one spot once again was “123456.” Interestingly, after the #2 spot went to “password,” the remaining top seven most commonly used passwords were the number variations “1234566789,” “12345678,” “12345,” “111111,” and “1234567.”

There were some odd choices this year, as the #8 spot went to “sunshine” and #10 was “iloveyou.” Number 9 was no surprise, unfortunately, as the ever-popular “qwerty” landed there.

“Admin” and “football” made the list again this year, as did “123123.” A shockingly high number of tech users thought they could beat the bots by holding down the shift key while hitting those number keys, which means “!@#$%^&*” was the 20th most commonly used password this year. Not to be outdone by the qwerty fans, a few more people tried to outwit the hackers by running their passwords straight up the bottom row of keys: “zxcvbnm” took spot #26.

People’s first names were surprisingly common passwords. Jordan, Joshua, George, Harley, Summer, Thomas, Buster, Hannah, Daniel and more were all in the top fifty.

The complete list of 100 most commonly used passwords is available by clicking here, but remember—it’s a guide of what not to do, not a list of passwords that are so simple no one would think you’d ever use them. So what kind of password should you use?

A strong, unique password is one that you only use on one account (not repeating it on multiple accounts), and that contains a long, virtually unguessable combination of letters, numbers, and symbols. Eight characters is typically considered the bare minimum for security but the longer the password, the harder it is for hacking software to guess it. While you’re creating this hopefully-foolproof password, remember to avoid common words, phrases, variations on your name, or the name of the website where the account was created.

So how are you supposed to remember a really long, secure password and make a separate one for each account? You could use a widely-respected password manager software, but there’s always a risk of those companies’ servers being hacked. If you’re really struggling to protect yourself, you can come up with your own cheat.

For example, pick a song or a book title that you will always remember, such as, “These Boots Were Made for Walking.” Now, pick a long number combination, like your childhood phone number. You can weave together the first letter of each word in the title (alternating uppercase and lowercase) and each digit in the phone number so that you end up with something that looks like “?T2b5W6m1F9w67!” Note the extra symbols at the beginning and end.

This fairly strong password is only good for one of your accounts, though. So here are a couple of things to try:

1. You can also weave in the name of the website, like PayPal or Amazon, by putting one of the letters at the beginning and one of the letters at the end. That way, you only have to remember two letters for each account and your strong password in the middle. This is NOT ideal from a security standpoint, but it’s far better than reusing your dog’s name on every account you own.

2. Use your very strong password for your email and simply click “forgot my password” every time you log into a different sensitive account. You’ll get an email to change your password on that site, and you can change it to anything you like—even just mashing keys on your keyboard—since you’re going to change it again the next time you log in.

There’s something else to consider about password security. Changing your passwords from time to time is important for keeping hackers out of your accounts. The ability to steal or purchase databases of old login credentials means someone could get your current password by stealing information that’s several years old. Protect yourself with regular updates to your password.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: The 2018 Impact of Data Breaches and Cybercrime

Year after year, cybercrimes like scams, fraud, identity theft and data breaches make a global impact on consumers and businesses alike. Organizations like the Federal Trade Commission and the Identity Theft Resource Center keep tabs on the statistics and the aftermath of these events in order to form a clearer picture of their effects. With only days to go until we reach the end of 2018, here’s a look at some of the numbers from this year.

Top Scams of the Year

According to a report by Heimdal Security, phishing attempts continue to be one of the more prevalent ways scammers connect with their victims. Phishing usually arrives as an email that entices someone to take action; the action might be to send money, hand over sensitive data, redirect to a harmful website, or even download a virus from a macro contained within the email. No matter what the story the scammers use, one-third of all security incidents last year began with a phishing email.

What happens to consumers when they fall for a phishing email? One in five people reported losing money, around $328 million altogether. That’s about $500 per victim on average, but that’s also only from the victims who reported the scam. Interestingly, new data this year found that Millennials were more likely to fall for a scam than senior citizens, although seniors still lost more money on average than these younger victims.

Different Industries Impacted by Data Breaches

The ITRC’s annual Data Breach Report highlights the organizations that have been impacted by data breaches throughout the year, along with the number of consumer records that were compromised. While the year isn’t over, the data compiled through Nov. 30 is already worrisome.

There have been more than 1,100 data breaches through the end of November 2018, and more than 561 million consumer records compromised. Those breaches were categorized according to the type of industry the victim organization falls under: banking/credit/financial, business, education, government/military and medical/healthcare.

The business sector saw not only the highest number of breaches but also the highest number of compromised records with 524 breaches and 531,987,008 records. While the medical and healthcare industry had the second highest number of breaches at 334 separate events, the government/military’s 90 breaches totaled more compromised records at 18,148,442. The financial sector only had 122 data breaches this year, but those events accounted for more than 1.7 million compromised records. Finally, while education—from pre-K through higher ed—only reported 68 data breaches, there were nearly one million compromised records associated with schools and institutions.

The Crimes that Made Headlines

There were quite a few headline-grabbing security incidents this year. While Facebook and the Cambridge Analytica events were not classified as traditional data breaches, they were nonetheless an eye opener for social media users who value their privacy. The Marriott International announcement of a 383 million-guest breach of its Starwood Hotels brand has opened consumers’ eyes about the types of information that hackers can steal, in this case, 5 million unencrypted passport numbers. The breach of the government’s online payment portal at GovPayNow.com affected another 14 million users, demonstrating that even the most security-driven organizations can have vulnerabilities. Finally, separate incidents at retailers and restaurants like Hudson Bay and Jason’s Deli reminded us (and those breaches’ combined 8.4 million victims) that attacking point-of-sale systems to steal payment card information is still a very viable threat.

What Do Criminals Really Steal?

In every scam, fraud, and data breach, criminals are targeting some kind of end goal. Typically, it’s money, identifying information or both. But recent breaches this year of websites like Quora—which provides login services for numerous platforms’ comment forums—also show that sometimes login credentials can be just as useful.

After all, with the high number of tech users who still reuse their passwords on numerous online accounts, stealing a database of passwords to a fairly innocuous site could result in account access to so-called bigger fish, like email, online banking, major retail websites, and more. Furthermore, it showed that a lot of users establish accounts or link those accounts to their Facebook or Gmail logins without really following up; a lot of people who learned their information was stolen in the Quora breach may have forgotten they even had accounts in the first place. The number of victims in that breach is expected to be over 100 million.

Moving Forward into the New Year

The biggest security events of 2018 may pale in comparison to criminal activity next year. After all, there was a time when the Black Friday 2013 data breach of Target’s POS system was considered shocking. One thing that cybercriminals have taught us time and time again is that there’s money to be made from their activities, and they aren’t going to give up any time soon.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Honeyboys Keeping Internet Users Safe”

The term “honeypot” is actually an old word with a lot of different connotations. Besides the obvious container for honey, it also refers to any kind of “lure,” whether it’s an attractive person, a lucrative business deal or even a criminal’s bait to snare a victim.

The tech sector has long been flipping the script on honeypots and using them to lure the criminals. Whether it’s an unsecured cache of sensitive information, a website that purposely contains vulnerabilities or some other cyberbait, the result is the honeypot can help security researchers track down cybercriminals and grab their identifying information.

Now, researchers at one university have taken the crime-fighting a step further with the invention of the HoneyBot. This robotic security guard doesn’t patrol the hallways of a building to keep an eye out for intruders, though. Instead, it serves as a connected device that hackers would want to go after, a kind of data honeypot on wheels.

You might already be wondering, “Why does a data trap need to move around?” It’s so simple that it’s genius. One of the ways hackers know they’ve hit on useful data and not a trap is by having the ability to interact with the secret honeypot in a very sophisticated, higher-level way. If there’s nothing really interactive about it, then it could actually warn away cybercriminals. Worse, it could give them a portal to infiltrate a network (the opposite function of a honeypot).

When they’re able to interact with the HoneyBot and send it around the building, they’ll think they’re actually on to something. This makes the robot ideal for factories, manufacturing plants, and even a large-scale infrastructure like a power grid. While the hackers are toying around with the robot and trying to get access to other parts of the network, the HoneyBot is scooping up all of their information and reporting it to the cybersecurity team.

University researchers are expected to share the results of extensive testing in the near future, but this kind of innovation is already an exciting new tool for fighting back against cybercrime.


Read next: “Block the Wi-Fi Nabbers”

Privacy experts and advocates have long warned about some of the threats from the Internet of Things. Our connected smart home devices have the potential to spy on us, to gather, track, and spread our sensitive information and internet activity, and even to become a target for hackers.

Unfortunately, the increasingly common combination of IoT connectivity and a child’s toy can lead to a bone-chilling scenario in which information about your family member is shared online. Previous data breaches involving kids’ apps and IoT toys have grabbed entire customer databases of children’s information, in some cases even including names, addresses and photos of the kids.

As the Internet of Things becomes more widespread and the “it toy” of the holiday season lines the retailers’ shelves, it’s important that consumers do their research before making their purchases.

One great resource is the annual Trouble in Toyland report, which highlights a variety of dangers of popular toys. These dangers range from things like choking hazards to privacy questions, so it’s an all-encompassing type of report. In its 33 years, this report has been responsible for more than 150 toy recalls.

But when shopping for any kind of electronic or interactive toy, consumers can keep a few guidelines in mind before committing to this new purchase:

1. Do you need to register the device or create an account to use it? – Registering your new purchase can protect you in a number of ways, including recall updates and warranty validity. However, do you need to include every piece of information? Do you have to register your child’s information or create an online account in order to use this toy? That might give you pause, depending on the information requested, the age and ability of your kids, and your comfort level with their internet use.

2. Do you leave it turned on at all times in order for it to work? – If this device needs to be left powered on at all times, you might want to think about incorporating it into your household. Besides the drain on your utilities and your home data use for a toy or gadget that might not get used all the time, an “always on” device can lead to security issues. If you can power the device off completely when not in use, it will save both your budget and your privacy.

3. Is your Wi-Fi network protected? – Wi-Fi connections need to be password protected to keep outsiders from jumping into your network. However, a lot of users with IoT-connected toys and household devices overlook the need to protect their wifi routers as well. If your router—the box that makes the internet connection work for all of your wireless gadgets—is unprotected, then anyone who accesses your laptop through a virus could conceivably travel over to your other devices via the router.

As parents and grandparents, it’s understandable to want to give your young family members something from their holiday wish lists, but rushing into a purchase isn’t the best course of action. Do your research and make sure you’re bringing the device into a secure environment before buying.

There’s one final consideration to make when purchasing a new connected toy, especially if it’s an upgrade on a previous version: don’t discard any old connected toys without completely wiping their stored data and deleting any apps or accounts that powered it. If you can’t be sure that any sensitive information is gone from the device—including its usage history, stored identifying information, and more—then physically damage the internal components before discarding it. Remember to look for a responsible recycler so that potentially harmful internal materials don’t end up in the environment.


Read next: “Boss Phishing Bah Humbug: Don’t Fall for this Holiday Scam!”

Thanksgiving, Hanukkah and Christmas are just around the corner. Black Friday, Cyber Monday and holiday shopping is too. It also means the possibility for an increase in identity theft and fraud. So before you get caught up in all the holiday shopping chaos, you should be aware that criminals might use this as an opportunity to compromise your sensitive data. This holiday season, however, one group in particular might be purposely putting themselves at an increased risk of identity theft. A recent survey by Experian found that 19 percent of millennials would put their identity at risk in exchange for a good Cyber Monday deal. While some millennials are making it exceptionally easy to compromise their personal information during the holiday season, let’s take a closer as to why this demographic might be more vulnerable to identity theft year round.

Millennials are notorious for being the most tech-savvy generation, growing up in a world where sharing personal data online and across social media platforms is commonplace. However, their willingness to share personal data easily puts them at an increased risk of identity theft. For one, criminals might have an easier time guessing their security challenge questions because they can be quickly discovered on their public Twitter profile or Instagram page.  Second, since they are so used to sharing a wealth of personal information, they might be less likely to hesitate when asked for it by anyone – including those with malicious intent.

Along with being tech-savvy,  feelings of apathy toward data breaches could be another reason why millennials might be at an increased risk of identity theft.  According to a Gallup poll, 67 percent of millennials are trusting that the companies with which they do business, such as credit card companies and health insurance companies, guard their information. The poll also finds that 70 percent do believe that their privacy will be compromised at some point in time. Because millennials have lived through several major data breaches, they’re aware of the risks but have become accustomed to these types of events and might not fully comprehend the severity of having their personally identifiable information stolen.

In some cases, becoming a victim of identity theft is “fixable,” but what millennials might not understand is that the process is not an easy one. Identity theft cases can take years to remediate. Even if you “fix” the issue, many victims experience reoccurring threats, consistently trying to regain their identity. This also doesn’t take into account the emotional impact victims go through. The Aftermath® study revealed that victims felt angry, frustrated and violated regarding their identity theft situation. In the same survey, 50 percent of victims lost interest in activities they once enjoyed.

And lastly, another reason that millennials might be increasing their risks of identity theft is by thinking it won’t happen to them. According to the AARP, younger generations tend to believe that scammers target the elderly, which allows millennials to believe they are safe. However, what millennials might not realize is that they are just as vulnerable to the threats of identity theft as senior citizens. For example, a recent survey found that 17 percent of millennials were likely to give out sensitive information to a caller that confirmed their last four digits of their Social Security number. So it is, in fact, that everyone is equally just as at risk for identity theft, regardless of their age.

Now more than ever, millennials need to take preventative measures to minimize their risk for identity theft. Here are a couple of tips to help protect your identity:

  • Don’t give out your Social Security number unnecessarily
  • Use strong passwords
  • Set up a passcode/password and anti-virus software on all of your mobile devices (smartphone, tablet) and computers (desktop, laptop)
  • Don’t give out personal information on the phone unless you initiated the contact
  • Avoid logging into sensitive accounts, email or providing credit card/debit card numbers while on public Wi-Fi

If you do find out that your information has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.

Experian proudly provides financial support to the Identity Theft Resource Center.


Read next: “Your Holiday Shopping Guide to Putting Privacy Under the Tree”

As the holidays draw nearer and the shopping season goes full steam ahead, consumers all around the world are looking for just the right presents to finish out their lists. The presents may range in price and meaningful sentiment, of course, but with the technology sector taking up a significant share of the market, safeguarding your privacy becomes the real gift.

There’s no doubt that the more connected your devices become, the more vulnerabilities you may face. With every new piece of technology that connects to your network—along with all the apps, software, cloud-based accounts, and other tools to power these devices—there’s another possible door left wide open to hackers and identity thieves.

Fortunately, researchers at Mozilla (the creators of the Firefox web browser) have updated their holiday shopping guide that ranks all kinds of consumer goods based on their potential impact on your privacy. Titled *Privacy Not Included, this guide helps you understand the possible dangers as well as how to secure them. In some cases, it may even help you decide that a specific item is not for you or your family.

The guide is broken up into different categories—toys & games, smart home, entertainment, wearables, health & exercise, and pets—and includes reviews of more than seventy products.

One of the most important aspects to these reviews is the “minimum” requirements for protecting your privacy. According to the researchers, only 32 of the reviewed products even earned a “merit badge” for meeting those minimum standards, meaning the items must “use encryption; have automatic security updates; manage security vulnerabilities using tools like bug bounty programs and clear points of contact; and require users to change the default password if a password is required.”

However, Mozilla’s team also said other factors prevented them from deciding once and for all if many of the products meet the standards, such as the manufacturer not responding to direct requests for information about customers’ privacy.

This is the second year that Mozilla has conducted this review and released the results, but this year the company has included a new tool called the Creep-O-Meter. It will give consumers an idea of the level of privacy concern surrounding different products, ideally before they buy and install them.

There are a lot of holiday shopping guides and consumer review websites that can help you make an informed decision about price, quality, age-appropriateness, and more. This might be the only guide that explicitly supports your privacy, though, so check it out before bringing any new connected devices into your life.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

As the weather warms up, our thoughts can turn to vacation plans and exotic destinations. But the ideal summer hotspot can come with some hidden dangers that might derail any future plans, and many of those threats are online.

Public internet connections over wifi can pose a threat no matter where you are, whether at your local coffee shop or a far-off international locale. Hotel wifi connections, from the seediest dive to even the most upper crust five-star resort, can be filled with malicious activity that threatens your finances and your data. Even worse, most portable devices are able to reconnect to a previous wifi connection just by arriving in the vicinity, meaning not only do you not know who else is on the connection and able to see your content, but you may not even be aware you’re connected.

There are a few key ways to protect yourself from public wifi dangers when you travel, some of them simple and free, others involving a little know-how and some investment.

1. Turn off your Wifi

If you’re traveling with a handheld device like a smartphone or tablet, it’s a good idea to keep your wifi turned off in your settings unless you’re actively using it. First of all, it will help your battery life by not having your device constantly searching for a connection. More importantly, you will know that you’re not connected to the internet when you’re not trying to use it.

For most major devices, turning your wifi on and off is really easy: just swipe your finger down or up (depending on the make and model) from any screen, trying to “grab” the hidden menu above or below. There will be a button that looks like an antenna sending out a signal, and simply tapping that should turn it on and off.

2. Think Before Connecting To Public Charging Stations

Speaking of saving battery life…using a public USB port or outlet might be putting your identity at risk. Public charging stations aren’t like lamp posts where you just use its electricity, rather when you plug in your device, data can be sent back through the cord and hackers can gain access. It’s best to keep your phone fully charged before you head out or rely on a portable battery pack.

3. Travel with an Ethernet-enabled device

If you know you’re going to need the internet while you’re away, such as for work or checking in with family back home, a laptop with an Ethernet port can let you connect in your hotel room in the same way your modem or router are connected at home. It looks like an oversized telephone jack, and while you still don’t know who else is using it, it’s a little safer than a public wifi connection when it comes to keeping hackers out.

4. Use a VPN

A VPN, or virtual private network, is a good idea to have anyway, no matter where you are. It acts like a private tunnel onto the internet and can help keep hackers from watching your activity or tracking your content. This is really important for something like checking your bank balance or transferring money from one account to another, especially at times when you do have to use public wifi.

However, when you’re traveling (especially to a foreign country), a VPN can not only keep others from seeing what you’re doing, but it can also let you connect to sites “back home” that may be blocked in other countries due to licensing agreements.

5. Invest in a Hotspot

Of all the options, this one is the costliest, but it comes in a range of prices. If you travel frequently or work away from your desk, it can provide peace of mind and the convenience of always having an internet connection handy. A personal hotspot is available in both prepaid options and contract options through many major cellular service providers. Prepaid options, as the term implies, may cost more per use because you’re only paying as you need it, while a contract plan, just like your cell phone plan, may be more cost effective in the long run if you’ll use it routinely.

No matter how you choose to connect while traveling, remember that some internet behaviors are “safer” than others. A quick scan of your Facebook might not be all that risky, but logging into your online banking over a public wifi connection could leave the door wide open for a hacker. It’s safer to save any sensitive internet activity for when you return home…and after you’ve gotten the most out of your vacation!


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530.