The term “honeypot” is actually an old word with a lot of different connotations. Besides the obvious container for honey, it also refers to any kind of “lure,” whether it’s an attractive person, a lucrative business deal or even a criminal’s bait to snare a victim.

The tech sector has long been flipping the script on honeypots and using them to lure the criminals. Whether it’s an unsecured cache of sensitive information, a website that purposely contains vulnerabilities or some other cyberbait, the result is the honeypot can help security researchers track down cybercriminals and grab their identifying information.

Now, researchers at one university have taken the crime-fighting a step further with the invention of the HoneyBot. This robotic security guard doesn’t patrol the hallways of a building to keep an eye out for intruders, though. Instead, it serves as a connected device that hackers would want to go after, a kind of data honeypot on wheels.

You might already be wondering, “Why does a data trap need to move around?” It’s so simple that it’s genius. One of the ways hackers know they’ve hit on useful data and not a trap is by having the ability to interact with the secret honeypot in a very sophisticated, higher-level way. If there’s nothing really interactive about it, then it could actually warn away cybercriminals. Worse, it could give them a portal to infiltrate a network (the opposite function of a honeypot).

When they’re able to interact with the HoneyBot and send it around the building, they’ll think they’re actually on to something. This makes the robot ideal for factories, manufacturing plants, and even a large-scale infrastructure like a power grid. While the hackers are toying around with the robot and trying to get access to other parts of the network, the HoneyBot is scooping up all of their information and reporting it to the cybersecurity team.

University researchers are expected to share the results of extensive testing in the near future, but this kind of innovation is already an exciting new tool for fighting back against cybercrime.


Read next: “Block the Wi-Fi Nabbers”

Privacy experts and advocates have long warned about some of the threats from the Internet of Things. Our connected smart home devices have the potential to spy on us, to gather, track, and spread our sensitive information and internet activity, and even to become a target for hackers.

Unfortunately, the increasingly common combination of IoT connectivity and a child’s toy can lead to a bone-chilling scenario in which information about your family member is shared online. Previous data breaches involving kids’ apps and IoT toys have grabbed entire customer databases of children’s information, in some cases even including names, addresses and photos of the kids.

As the Internet of Things becomes more widespread and the “it toy” of the holiday season lines the retailers’ shelves, it’s important that consumers do their research before making their purchases.

One great resource is the annual Trouble in Toyland report, which highlights a variety of dangers of popular toys. These dangers range from things like choking hazards to privacy questions, so it’s an all-encompassing type of report. In its 33 years, this report has been responsible for more than 150 toy recalls.

But when shopping for any kind of electronic or interactive toy, consumers can keep a few guidelines in mind before committing to this new purchase:

1. Do you need to register the device or create an account to use it? – Registering your new purchase can protect you in a number of ways, including recall updates and warranty validity. However, do you need to include every piece of information? Do you have to register your child’s information or create an online account in order to use this toy? That might give you pause, depending on the information requested, the age and ability of your kids, and your comfort level with their internet use.

2. Do you leave it turned on at all times in order for it to work? – If this device needs to be left powered on at all times, you might want to think about incorporating it into your household. Besides the drain on your utilities and your home data use for a toy or gadget that might not get used all the time, an “always on” device can lead to security issues. If you can power the device off completely when not in use, it will save both your budget and your privacy.

3. Is your Wi-Fi network protected? – Wi-Fi connections need to be password protected to keep outsiders from jumping into your network. However, a lot of users with IoT-connected toys and household devices overlook the need to protect their wifi routers as well. If your router—the box that makes the internet connection work for all of your wireless gadgets—is unprotected, then anyone who accesses your laptop through a virus could conceivably travel over to your other devices via the router.

As parents and grandparents, it’s understandable to want to give your young family members something from their holiday wish lists, but rushing into a purchase isn’t the best course of action. Do your research and make sure you’re bringing the device into a secure environment before buying.

There’s one final consideration to make when purchasing a new connected toy, especially if it’s an upgrade on a previous version: don’t discard any old connected toys without completely wiping their stored data and deleting any apps or accounts that powered it. If you can’t be sure that any sensitive information is gone from the device—including its usage history, stored identifying information, and more—then physically damage the internal components before discarding it. Remember to look for a responsible recycler so that potentially harmful internal materials don’t end up in the environment.


Read next: “Boss Phishing Bah Humbug: Don’t Fall for this Holiday Scam!”

Thanksgiving, Hanukkah and Christmas are just around the corner. Black Friday, Cyber Monday and holiday shopping is too. It also means the possibility for an increase in identity theft and fraud. So before you get caught up in all the holiday shopping chaos, you should be aware that criminals might use this as an opportunity to compromise your sensitive data. This holiday season, however, one group in particular might be purposely putting themselves at an increased risk of identity theft. A recent survey by Experian found that 19 percent of millennials would put their identity at risk in exchange for a good Cyber Monday deal. While some millennials are making it exceptionally easy to compromise their personal information during the holiday season, let’s take a closer as to why this demographic might be more vulnerable to identity theft year round.

Millennials are notorious for being the most tech-savvy generation, growing up in a world where sharing personal data online and across social media platforms is commonplace. However, their willingness to share personal data easily puts them at an increased risk of identity theft. For one, criminals might have an easier time guessing their security challenge questions because they can be quickly discovered on their public Twitter profile or Instagram page.  Second, since they are so used to sharing a wealth of personal information, they might be less likely to hesitate when asked for it by anyone – including those with malicious intent.

Along with being tech-savvy,  feelings of apathy toward data breaches could be another reason why millennials might be at an increased risk of identity theft.  According to a Gallup poll, 67 percent of millennials are trusting that the companies with which they do business, such as credit card companies and health insurance companies, guard their information. The poll also finds that 70 percent do believe that their privacy will be compromised at some point in time. Because millennials have lived through several major data breaches, they’re aware of the risks but have become accustomed to these types of events and might not fully comprehend the severity of having their personally identifiable information stolen.

In some cases, becoming a victim of identity theft is “fixable,” but what millennials might not understand is that the process is not an easy one. Identity theft cases can take years to remediate. Even if you “fix” the issue, many victims experience reoccurring threats, consistently trying to regain their identity. This also doesn’t take into account the emotional impact victims go through. The Aftermath® study revealed that victims felt angry, frustrated and violated regarding their identity theft situation. In the same survey, 50 percent of victims lost interest in activities they once enjoyed.

And lastly, another reason that millennials might be increasing their risks of identity theft is by thinking it won’t happen to them. According to the AARP, younger generations tend to believe that scammers target the elderly, which allows millennials to believe they are safe. However, what millennials might not realize is that they are just as vulnerable to the threats of identity theft as senior citizens. For example, a recent survey found that 17 percent of millennials were likely to give out sensitive information to a caller that confirmed their last four digits of their Social Security number. So it is, in fact, that everyone is equally just as at risk for identity theft, regardless of their age.

Now more than ever, millennials need to take preventative measures to minimize their risk for identity theft. Here are a couple of tips to help protect your identity:

  • Don’t give out your Social Security number unnecessarily
  • Use strong passwords
  • Set up a passcode/password and anti-virus software on all of your mobile devices (smartphone, tablet) and computers (desktop, laptop)
  • Don’t give out personal information on the phone unless you initiated the contact
  • Avoid logging into sensitive accounts, email or providing credit card/debit card numbers while on public Wi-Fi

If you do find out that your information has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.

Experian proudly provides financial support to the Identity Theft Resource Center.


Read next: “Your Holiday Shopping Guide to Putting Privacy Under the Tree”

As the holidays draw nearer and the shopping season goes full steam ahead, consumers all around the world are looking for just the right presents to finish out their lists. The presents may range in price and meaningful sentiment, of course, but with the technology sector taking up a significant share of the market, safeguarding your privacy becomes the real gift.

There’s no doubt that the more connected your devices become, the more vulnerabilities you may face. With every new piece of technology that connects to your network—along with all the apps, software, cloud-based accounts, and other tools to power these devices—there’s another possible door left wide open to hackers and identity thieves.

Fortunately, researchers at Mozilla (the creators of the Firefox web browser) have updated their holiday shopping guide that ranks all kinds of consumer goods based on their potential impact on your privacy. Titled *Privacy Not Included, this guide helps you understand the possible dangers as well as how to secure them. In some cases, it may even help you decide that a specific item is not for you or your family.

The guide is broken up into different categories—toys & games, smart home, entertainment, wearables, health & exercise, and pets—and includes reviews of more than seventy products.

One of the most important aspects to these reviews is the “minimum” requirements for protecting your privacy. According to the researchers, only 32 of the reviewed products even earned a “merit badge” for meeting those minimum standards, meaning the items must “use encryption; have automatic security updates; manage security vulnerabilities using tools like bug bounty programs and clear points of contact; and require users to change the default password if a password is required.”

However, Mozilla’s team also said other factors prevented them from deciding once and for all if many of the products meet the standards, such as the manufacturer not responding to direct requests for information about customers’ privacy.

This is the second year that Mozilla has conducted this review and released the results, but this year the company has included a new tool called the Creep-O-Meter. It will give consumers an idea of the level of privacy concern surrounding different products, ideally before they buy and install them.

There are a lot of holiday shopping guides and consumer review websites that can help you make an informed decision about price, quality, age-appropriateness, and more. This might be the only guide that explicitly supports your privacy, though, so check it out before bringing any new connected devices into your life.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

As the weather warms up, our thoughts can turn to vacation plans and exotic destinations. But the ideal summer hotspot can come with some hidden dangers that might derail any future plans, and many of those threats are online.

Public internet connections over wifi can pose a threat no matter where you are, whether at your local coffee shop or a far-off international locale. Hotel wifi connections, from the seediest dive to even the most upper crust five-star resort, can be filled with malicious activity that threatens your finances and your data. Even worse, most portable devices are able to reconnect to a previous wifi connection just by arriving in the vicinity, meaning not only do you not know who else is on the connection and able to see your content, but you may not even be aware you’re connected.

There are a few key ways to protect yourself from public wifi dangers when you travel, some of them simple and free, others involving a little know-how and some investment.

1. Turn off your Wifi

If you’re traveling with a handheld device like a smartphone or tablet, it’s a good idea to keep your wifi turned off in your settings unless you’re actively using it. First of all, it will help your battery life by not having your device constantly searching for a connection. More importantly, you will know that you’re not connected to the internet when you’re not trying to use it.

For most major devices, turning your wifi on and off is really easy: just swipe your finger down or up (depending on the make and model) from any screen, trying to “grab” the hidden menu above or below. There will be a button that looks like an antenna sending out a signal, and simply tapping that should turn it on and off.

2. Think Before Connecting To Public Charging Stations

Speaking of saving battery life…using a public USB port or outlet might be putting your identity at risk. Public charging stations aren’t like lamp posts where you just use its electricity, rather when you plug in your device, data can be sent back through the cord and hackers can gain access. It’s best to keep your phone fully charged before you head out or rely on a portable battery pack.

3. Travel with an Ethernet-enabled device

If you know you’re going to need the internet while you’re away, such as for work or checking in with family back home, a laptop with an Ethernet port can let you connect in your hotel room in the same way your modem or router are connected at home. It looks like an oversized telephone jack, and while you still don’t know who else is using it, it’s a little safer than a public wifi connection when it comes to keeping hackers out.

4. Use a VPN

A VPN, or virtual private network, is a good idea to have anyway, no matter where you are. It acts like a private tunnel onto the internet and can help keep hackers from watching your activity or tracking your content. This is really important for something like checking your bank balance or transferring money from one account to another, especially at times when you do have to use public wifi.

However, when you’re traveling (especially to a foreign country), a VPN can not only keep others from seeing what you’re doing, but it can also let you connect to sites “back home” that may be blocked in other countries due to licensing agreements.

5. Invest in a Hotspot

Of all the options, this one is the costliest, but it comes in a range of prices. If you travel frequently or work away from your desk, it can provide peace of mind and the convenience of always having an internet connection handy. A personal hotspot is available in both prepaid options and contract options through many major cellular service providers. Prepaid options, as the term implies, may cost more per use because you’re only paying as you need it, while a contract plan, just like your cell phone plan, may be more cost effective in the long run if you’ll use it routinely.

No matter how you choose to connect while traveling, remember that some internet behaviors are “safer” than others. A quick scan of your Facebook might not be all that risky, but logging into your online banking over a public wifi connection could leave the door wide open for a hacker. It’s safer to save any sensitive internet activity for when you return home…and after you’ve gotten the most out of your vacation!


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. 

Is a TURKEY in Charge of your Data Security?

When it comes to keeping you safe, experts rarely recommend putting a turkey in charge—whether it’s the human kind or the bird! But this Thanksgiving week, the Identity Theft Resource Center wants you to remember that a turkey can make all the difference.

T is for Trusted Websites

If you’re one of the millions of Americans who will be doing some online shopping or booking your December travel this weekend, make sure you’re only visiting trusted websites to find your bargains. Scammers advertise the “hot toy” of the holiday season then never deliver or offer too-good-to-be-true holiday getaways, but they’re really taking your money and your payment information in the process.

U is for URLs

No matter what you’re looking for online, check the URL first. That’s the web address at the top that starts with “HTTP.” If you’re shopping or inputting any sensitive personal information, make sure it says HTTPS, which is the official designation of a Secure website.

R is for Resetting your Password

All throughout the year, but especially when cybercriminals know there will be more web traffic, it’s a good idea to reset your password from time to time. Don’t wait until a breach happens and all your accounts are exposed after you reused your passwords. Log into your sensitive accounts (like banking, credit cards, retailers) and change your password to a brand-new, strong, and unique option.

K is for Keep those Documents and Mail Locked Up

No one wants to think that a friend or family member would hurt them, but a significant amount of identity theft cases are perpetrated by someone close to the victim; this is especially true in cases of child identity theft. Before your visitors show up this holiday, make sure your family’s personal documents are safely secured. When you’re throwing away all your accumulated mail, make sure things like credit card offers, health insurance statements, and other potentially useful items are fully destroyed before you discard.

E is for Everyone Is a Link in the Chain

Too often, we think of cybersecurity as the IT guy’s problem at work or the grown-ups’ concern at home. The truth is, anyone can be the weak link that invites a cybercriminal into your system.. Make sure your workplace is secured with ongoing employee training on the latest threats and hacking tactics like ransomware attacks, and be sure to have important talks with your family about good computer use habits. If you’re spending time with relatives this week, this is a good time to point older family members to resources that can help them avoid scams and computer crimes.

Y is for You CAN Reduce your Risk

Too often, news of identity theft and large-scale data breaches can make us feel like it’s just an inevitable part of digital life. In fact, there’s actually an expression for the feeling that you can’t avoid being a victim and therefore shouldn’t even bother fighting back—data breach fatigue. While no one can be solely responsible for keeping a hacker out of their computers or devices, there are many things you can do to reduce your risk; most of these things are just simple steps that make you less of a viable target:

  • Strong, unique passwords that you change regularly
  • Good email and text habits for ignoring links or attachments
  • Safe social media behavior, including privacy settings and avoiding oversharing
  • Being on guard when it comes to scams and fraud, especially ones that require you to pay with an untraceable payment method
  • Shredding important documents before discarding them
  • Staying up-to-date on the latest threats and knowing how to respond

With the right amount of TURKEY, your data can be more secure and you can have peace of mind throughout the year…enjoy!


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?