National CyberSecurity Awareness Month, an annual cybersecurity experience hosted by Stay Safe Online, has officially kicked off its 15th year. This October event, which brings together stakeholders from every level of online security, is geared towards everyone from top-tier cybercrime analysts to the most vulnerable everyday internet users. The goal remains the same each year: to ensure that the most up-to-date information on cybersecurity is accessible to all users and is at the forefront of their tech decision-making.

This year’s month-long theme is “Our Shared Responsibility,” but the focus of week one is how cybersecurity begins at home. Lessons on every aspect of our physical and emotional safety begin with those who care about us the most, and internet safety is no different. Creating an environment of secure internet access and understanding leads to life-long Cyber Aware users.

To know what lessons to impart, parents and other caregivers need to understand the changing needs for all users within the home. Young children might only enjoy a few minutes of screen time on a tablet with specifically chosen apps, while older teens gain more and more responsibility—and exposure—through social media, browsing, the “latest” app that everyone’s talking about, and more.

At every age and for every user in a household, the privacy and security pitfalls can change. That’s why it’s essential to remain in the know about the kinds of cybersecurity issues that different people may face:

  1. Young children – For most youngsters, it may be up to Mom and Dad to enter their information into an age-appropriate account, so it’s also up to the parents to understand what information they’re sharing, what permissions they’re granting, and where that information can end up. Understanding what kinds of data breaches have taken place in the past can also help, such as the VTech breach or ones involving public schools and doctors’ offices.
  1. Preteens and Tweens – Every generation has thought that kids were growing up too fast these days, but when it comes to technology—especially unsupervised access to it—that may be truer now more than ever before. The average age for US kids to get their first smartphone is now ten years old, and that can mean unprecedented access to the internet, downloadable apps, social media, and more.
  1. Teens and Young Adults – One of the most commonly associated cybersecurity issues for young adults is probably cyberbullying, especially on social media, but that’s just one of the many dangers this age group can face. While it’s important to discuss proper behavior online as well as what to do if they’re targeted, it’s also vital that parents discuss scams, fraud, identity theft, hoaxes, and more. One staggering statistic, for example, has shown that senior citizens may be more likely to be targeted by a scammer, but Millennials are the ones who lose more money to online scams and fraud.

No matter what age your family members may be, NCSAM is an excellent time to explore your privacy, security, and overall digital safety.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

With its global crime-fighting efforts, the FBI can monitor potential criminal activity in an effort to take preventive action. One of the many important industries that the agency can protect this way is the financial sector. Recent discoveries have already prompted the FBI to issue a warning to banks and financial institutions: we have reason to believe a global-scale cybercrime is about to happen.

Specifically, this cybercrime targets ATMs, forcing what’s known as an “unlimited operation,” or “ATM cash payout scheme.” Essentially by combining malware infections at various banks with stolen card information onto magnetic stripe card blanks, thieves can bypass the usual account balance limits and daily withdrawal limits to steal millions of dollars through ATMs.

These kinds of attacks aren’t new, and law enforcement agencies have even managed to arrest a bad guy or two for this specific category of crime. The real obstacle, though, is that global crime syndicates can enable the theft of millions of dollars from ATMs before anyone notices what’s happening.

Many banks stock their ATMs with a fresh supply of cash for the weekend or a holiday since the bank won’t be open to help customers, so the FBI has already warned that an attack could take place at times like these.

The FBI had some vital tips for banks concerning this possible incident. While you can’t stop a global crime syndicate, there are a lot of things you can do to help:

1. Don’t panic – Your gut instinct might be to run to the bank and withdraw a lot of cash as a safety net, but that doesn’t help anything. It’s far more important to keep your head and continue with your everyday financial behaviors.

2. Monitor your accounts – After any kind of POS or data breach, consumers are urged to check their account statements. This time, we mean it! Checking your accounts right now—literally, right now—for any signs of suspicious behavior and then reporting that behavior to your bank could mean that your stolen card information (the one thieves transferred onto a blank magnetic stripe card) won’t work when a thief tries to use it. You could be one less card that gives them access to the bank’s money. So check your accounts and spread the word!

3. Report strange activity – Take immediate action if you find anything out of the ordinary in your account statements as this could indicate someone has been in your account. If someone accesses your account, they might copy it onto a blank card.

Again, one of the most important things you can do is not panic. As word spreads, there may be social media posts that end up spreading misinformation to a viral audience. Help others know fact from fiction when it comes to the impact of this crime.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

When new technology comes along, it might take a matter of years or only a matter of days for a highly-skilled hacker to figure out a way to break in. With any luck, the person who breaks into the system is what’s known as a “white hat hacker,” or someone whose expert-level skills are put to use helping stop criminal activity instead of benefitting from it.

When security analyst Ryan Stevenson breached Comcast’s Xfinity website portal, it seemed like a frighteningly easy task. It simply required him to match up readily available IP addresses—basically, your computer’s code name onto the internet—with the in-home authentication feature that lets users pay their bills on the telecom provider’s website without having to go through the sign-in process. Another vulnerability allowed Stevenson to match users to their Social Security numbers by inputting part of their home mailing addresses—something that the first vulnerability exposed—and guessing the last four digits of their SSN.

Guessing the last four digits of someone’s SSN might not sound that easy, but it only takes seconds for a computer to do it with the right software. The flaw in the website allowed the computer to make an unlimited number of guesses for a corresponding mailing address, so it took very little time for the code to reveal complete Social Security numbers.

This vulnerability is believed to have affected around 26 million Comcast customers.

Comcast issued a patch a few hours after the report of the flaws. The company responded to requests from news outlets with an official statement to the effect that they have no reason to believe anyone other than Stevenson accessed this information. They also don’t believe that the vulnerabilities are related to anyone with malicious intent. Just to be safe, though, the company is continuing an investigation into how the flaws originated and how they might possibly have been used.

In the meantime, Xfinity customers would do well to monitor their accounts closely. This could potentially affect other accounts, not just their telecom service accounts, as Social Security numbers, names and mailing addresses were visible.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Social media has changed the way people interact with each other in both good ways and bad ways. It’s amazing to connect with people all around the world or to find a long-lost classmate from seventh grade. It’s something else altogether, though, to find yourself in a compromising situation because of something you posted online.

One of the more recent features of different social media sites like Facebook, Instagram or Twitter is the ability to broadcast live video to your followers. This feature can be fun and entertaining or even educational, but if you’re not sure how the platform works or what kind of surroundings you’re broadcasting from, you may be unhappy with the results.

1. How long is my video accessible, and who can see it? – Those questions depend on the platform you’re using. Twitter’s Periscope or the Meerkat platform, for example, are available to anyone who chooses to click on your name. Facebook Live can be limited, meaning you can broadcast to everyone or just to your friend’s list. Instagram Live, though, is by default set to allow anyone to see your video; you have to adjust that setting yourself if you want to keep it private.

As far as how long the video is available, there are key differences you should know before you press the button to go live. Instagram Live videos are gone the moment the camera turns off, but Facebook Live videos can repeatedly be viewed and at a later time.

2. What’s going on around you? – You’ve probably seen some viral videos with hilarious background images, such as an adorable wedding couple sharing the first kiss during their beach ceremony only to have a man in a tiny swimsuit standing behind them. It’s not so funny when the visible area behind your video contains anything incriminating, illegal or simply embarrassing.

Remember, depending on the platform and the settings, you might not control who can see your video. If anything behind you is a dead giveaway for your location, any of your identifying information or even the answers to typical security questions (i.e., posting a video on your birthday and mentioning it), you might be sharing far more than you intended.

3. Is this content allowed? – Each platform has regulations for what is and isn’t permitted, and it’s up to you as the user to know what they are. Obviously, behavior that violates copyright—like broadcasting live from a concert, movie, or other ticket-holder events—is a no-no; even if you don’t necessarily get in trouble, it’s still theft, and it’s wrong. Broadcasting live for anything other than journalistic reasons from a crime in progress can also land you in hot water with both the platform and law enforcement.

If you want to go live on social media, you need to be smart. Know how your platform works, understand your privacy settings and surroundings, and make sure it’s approved, beneficial content… then smile for the camera and enjoy!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

If you’ve used the internet for any amount of time, there’s a good chance you’ve received plenty of phishing emails. Nigerian prince emails, foreign lottery winner emails and even “if you don’t pay the ransom, you’ll never see your son again” emails, all of which are designed to get you to hand over your identifying information, your money or both.

But now that phishing emails so widely recognized for the scams they are, savvy thieves have a new trick up their sleeves: phishing websites. How do these work? They masquerade as the real deal, tricking you into entering your credit card info, downloading a harmful software, filling out the registration form with your sensitive data or some other similar tactic.

Try this example: You head over to Amaz0n.com or PayPaI (notice the zero instead of an O and a capital letter I instead of a lowercase l) and enter all of your information, update your payment information or bank account, verify your account identity or some other mechanism for stealing from you. You never knew you weren’t on the correct site and the scammers stole everything.

“But I’m never going to type A M A Z (zero) N,” you might be thinking, and you’re probably correct. The hackers know that too, so that’s not how they target you. Instead, they get you to click a link in an email, a social media post or ad, a text message, or some other form of communication. You see what you think is an email from Amazon, either offering you some incredible deal or telling you there’s a problem with your recent order, and you click the link provided in the very professional-looking message. The link redirects to a fake website, though, even though the email domain name and the web address look close enough to the real thing to fool anyone who isn’t paying attention.

Fortunately, avoiding fake websites is almost as easy as ignoring those pleas for help from deposed Nigerian royalty.

  1. Develop the habit of NEVER verifying your identity or account information to someone who contacts you. Whether it’s by phone, email or a website, do not click or enter any personal data or payment details if you didn’t type in the web address yourself. If you think there could actually be a problem due to a message you received, get out of that message altogether and go to the website yourself, typing in the web address (you know, to avoid typing a zero instead of a letter O!).
  2. Check the website designation before doing anything. Even if you’re shopping on your favorite retail site or uploading photos to your favorite social media platform, give a quick glance at the top of the screen. Secure sites will have an HTTPS designation before the “Amazon.com” instead of HTTP. If the S is missing, your data should be missing, too!
  3. Check with the entity directly. Most major websites have had copycats steal their logos and try to convince unsuspecting users to click over to the fake site. Amazon and PayPal are just two common ones, but iTunes, Facebook, Citibank and other major financial providers, and other highly visible names also have similar fake sites.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The high-tech world of hacking means the bad guys have a lot of digital tools at their fingertips. Now more than ever, the automation behind stealing your account access means consumers need to practice the strongest password security they can.

Unfortunately, some consumers have continued to ignore years of expert warnings when it comes to password strength. SplashData, who publishes the annual list of the most commonly used passwords as compiled from leaked credentials, found that in 2017, “123456” was still the world’s most common password. That was followed by “Password,” “12345678” (thanks to websites that are trying to protect their users by requiring longer passwords), “qwerty,” and others, such as “admin” and “letmein.”

“But ‘password’ is so obvious that no hacker would ever think I’d use that… right?” Sadly, that’s not how credential cracking works.

The term credential cracking refers to the systematic, automated breaking of your username and password with the use of high-speed bots. Following a large-scale data breach, a hacker simply uses a large database of usernames and allows the computer to “guess” the passwords for each one. Some credential cracking software can make billions of guesses per second.

In short, no one is sitting at a computer with your username, typing in guess after guess until they reach your password. Their software does it for them and it does it with fairly strong results. There has even been a reported uptick in the numbers of failed login attempts on major consumer websites following large-scale data breaches, indicating that hackers are using the stolen information and their bots to “guess” passwords.

As bad as this development is, it’s not the only bad news. If you’re one of the many consumers who reuses passwords, any cracked credentials that a hacker has on you can lead them right to your other accounts. Using stolen information and cracking tools to guess your email or social media login, for example, would also give the hacker access to your Amazon, PayPal, online banking or other sensitive accounts if you’re reusing your password.

In order to fight back against this high-tech break-in, your account passwords must be strong and unique. Lengthy strings of uppercase and lowercase letters (that do NOT spell a word!) combined with some non-sequential numbers and symbols can help ward off even the most devoted little bot. Using that password on only one account is crucial to preventing multiple accounts from coming under attack.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Peer-to-peer payment apps, or P2P apps, are a convenient way to share funds with people. It might be a friend who bought those Taylor Swift concert tickets for your kid’s birthday present on your behalf, someone who owes you money for picking up the tab at lunch last week, or even a way to conduct business transactions like selling a piece of furniture or handmade crafts. One of the increasingly popular uses for P2P apps is when multiple people have to “chip in” to pay for a single item, like a hotel room, cruise ship cabin, or baby shower gift for a co-worker.

Though convenient, P2P platforms have been scrutinized for their potential security concerns. As a platform that is connected to some type of payment account, they’re a golden ticket for hackers. When you create your account on a P2P site, you will link a credit card, debit card, or bank account in order to deposit and withdraw funds; if a hacker gains access to your P2P account, they have access to a more serious form of your finances.

If you plan to take advantage of this handy payment method, you’ve got to use some precautions. The very first is your password security, which is always a good idea. Whether it’s an app account, your email account, or any other online portal, a strong and unique password is a must. A strong password contains a lengthy combination of uppercase letters, lowercase letters, numbers, and symbols, typically between eight and twelve characters in length. A unique password means that you don’t use it on other sites, no matter how tempting that may be.

Once your account is secured with a strong, unique password, it’s important to monitor all activity in case someone still manages to get in. You can set up transaction alerts to let you know right away if your account has been used, and you can schedule some time to log in and take a quick look each week. If you see activity that you don’t recognize, report it immediately.  Deposits you weren’t expecting, not just withdrawals or purchases, can still be a sign that someone is in your account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

World Emoji Day is on July 17 with fun and more than a little emoji mayhem. Fun fact: the reason for this date is that it’s the one depicted in Apple’s emoji of a calendar. With all the attention on emojis heading to smartphone screens everywhere, and more than five billion emojis sent every day via the Facebook Messenger app alone, there’s no time like the present to set the record straight on some privacy pitfalls associated with the darling little characters.

Apple was one of the first major smartphone retailers to incorporate an emoji keyboard into its devices back in 2011. For years, users had to physically type the characters that would result in the understood emotion, such as 😛 or 😉 to express the point. Once the emoji keyboard appeared, though, scammers found a way to embed viruses and other malware into downloadable “aftermarket” emoji keyboards that can get into users’ devices. The enticement was access to additional emoji characters that the manufacturers hadn’t thought to include, and as a result, consumers fell into the trap of downloading malicious software in these files.

Since that time, emojis have become the bait-of-choice for scammers hoping to convince internet users that their posts are genuine and trustworthy. By filling their spammy announcements with hearts, flowers, smiley faces and other tiny symbols, they hope to lure unsuspecting users who think they’re dealing with someone who is friendly and trustworthy. Instead, the false front of light-hearted communication can lead to a far more sinister trap.

Emojis have also been found to be a common indicator in online romance scams. First, predators who are still in the grooming stage might send dozens of periodic messages throughout the day in order to convince the victim they’re thinking about them. Many such messages have been long strings of romance-themed emojis, like hearts and little bouquets of flowers. Also, with the understanding that romance scams are accomplished by crime rings who may have several different people operating as a single personality in shifts, some experts have suggested you can spot the differences in the people who are posing as that one person by how often and which emojis they use.

It’s also worth noting that the use of emojis has become a “language” all its own. Unlike rampant conspiracy theories about what different characters mean, there is some truth to the belief that certain characters have been co-opted and are indicative of sexual or even criminal behavior. Make sure you know which symbols really mean what you meant to say before hitting send!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Why would someone simply give you free access to a brand-new blockbuster movie or an album download from a chart-topping artist?

 There are a lot of different reasons why someone might engage in piracy of copyrighted material and sadly, the internet has enabled a lot of people to distribute protected material to a mass audience. Rest assured though, no one is doing it for free. Even if they’re not charging you money for it, they’re getting something in return, either in the form of traffic to their website, advertising or affiliate link dollars or worse, by stealing your information.

Sites that offer “free” content are notorious for filling your computer with viruses and malware, and now, your Amazon Fire TV or Fire Stick may be at risk. Users who have “sideloaded” apps and other content to their connected televisions through their Amazon devices may have infections with malware that can take over their entire networks.

The term sideloading, which isn’t necessarily wrong or illegal, simply means adding content to a device without going through the device’s designated app store. Some early devices, like pre-Kindle e-readers, required users to add their own digital content with an included cable, much the same way that people might have moved digital photos from their cameras to their hard drives.

Sideloading a device that does have a platform and app store is tricky and could leave your network vulnerable. Amazon’s Fire TV and Fire Stick, for example, are intended to use the Amazon website to maintain a membership; sites like Netflix and YouTube are there for users to enjoy, but unauthorized third-party sites do not come with any kind of guarantee that the material is safe. Adding any apps that let you watch pirated shows is not only wrong, but it’s also a gateway to a virus.

One strain of malware in, particular, ADB.Miner, has already been found infecting Amazon devices through this kind of activity. This malware mines cryptocurrency, meaning it will hijack your computer or television in order to force it to waste precious energy and processing speed creating cryptocurrency for the criminal who installed it. This malware also can infect any other Android device running on that network; if you have an Android smartphone or tablet that’s connected to your home Wi-Fi, those might be at risk once ADB.Miner takes hold.

It’s tempting to blame the criminals who established the malware, but there’s an awkward truth that must be stated: anyone who downloads pirated content is a criminal too, no matter what their intentions were. Copyright laws exist not to just protect the financial interests of the actors, musicians or other “big name” people involved, but also to make sure that the janitor who empties the studio trashcans at night has a job. Make sure you’re doing the right thing by protecting yourself from a network infection and ensuring that content creators can continue producing great material for the public to enjoy.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Privacy concerns like data tracking, selling your information to third-parties and advertisers, hacking and even potential changes to how companies allow you to access the internet are all factors that put you at risk by just logging in.

So how do you protect yourself while living in an increasingly connected world?

One popular tool is a virtual private network or VPN. This app for PCs, laptops and mobile devices acts like your own tunnel onto the internet, keeping everyone from hackers to advertisers from seeing what you’re doing or knowing how you’re connecting. There are times when a VPN should be an absolute essential, such as logging into your bank account or email over a public Wi-Fi connection. Other times, this app is a safety blanket that lets you access legal content without any blocks that might be in place for geographic licensing reasons. This includes: trying to use your own Netflix subscription or uploading a YouTube video while traveling abroad.

There are some things to look for before you decide to invest in a VPN, though:

Does it cost anything?

Yes, there is a price to pay with using a VPN however, most major-name providers offer a free trial too.

What happens to your IP address?

Before installing, find out what the VPN does to your IP address or your computer’s personal “name.” Some VPNs only mask your IP address so that other people theoretically shouldn’t be able to find it or track it, but other VPNs actually assign you a brand-new IP address that does not belong to your computer. That’s important because it means you can’t be accused of specific internet behaviors since your computer’s own IP address isn’t used to connect. Anyone who wanted to track your internet activity would be tracking a made-up number instead of your actual address.

Is your activity still being monitored online?

Again, some companies have a policy of not storing their logs about your internet activity, while other companies don’t actively monitor it in the first place. It’s up to you to decide how sensitive you are to be monitored online. Don’t make the mistake of thinking that only criminals have something to hide: even sites like Facebook have admitted to selling users’ information to third-parties (perfectly legal and outlined in the terms and conditions) only to have those companies turn around and sell it to someone who didn’t have your permission.

Is the company using a foreign server?

A VPN works by connecting you to a server that the company controls, then connecting you to the internet. The number and location of those servers are where the different VPNs set themselves apart from their competition. If you never travel abroad, for example, you might not need to pay more for a service that offers 1,800 servers in more than 200 countries. However, the number and location of the servers can also have an impact on how fast your connection is, so that’s why taking advantage of free trials can be a good idea.

How many devices can you connect to?

Another area where VPNs differ is in the type of device you can connect, as well the number of devices. Some VPNs let you connect unlimited devices but will only let you use five of those devices at once. If you want your entire household protected and you have different devices—a Windows laptop for your work, a MacBook for your home, your iPhone and your spouse’s Galaxy phone, your kids’ iPads and Kindle Fire tablets—then the VPN you choose should allow different operating systems and a number of simultaneously connected devices.

When considering a VPN, don’t forget about your router.

This is especially important if you have sensitive internet-of-things connected devices, like a video doorbell or voice-activated virtual assistant. Router hacking has led to the theft of data from other connected devices, so it’s a good idea to wrap your router’s connection in a private tunnel too.

Remember, there are free trials of VPNs so you can test them before committing. See which ones you prefer based on features, ease of use and internet speed before sending anyone your payment.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.