As the holidays draw nearer and the shopping season goes full steam ahead, consumers all around the world are looking for just the right presents to finish out their lists. The presents may range in price and meaningful sentiment, of course, but with the technology sector taking up a significant share of the market, safeguarding your privacy becomes the real gift.

There’s no doubt that the more connected your devices become, the more vulnerabilities you may face. With every new piece of technology that connects to your network—along with all the apps, software, cloud-based accounts, and other tools to power these devices—there’s another possible door left wide open to hackers and identity thieves.

Fortunately, researchers at Mozilla (the creators of the Firefox web browser) have updated their holiday shopping guide that ranks all kinds of consumer goods based on their potential impact on your privacy. Titled *Privacy Not Included, this guide helps you understand the possible dangers as well as how to secure them. In some cases, it may even help you decide that a specific item is not for you or your family.

The guide is broken up into different categories—toys & games, smart home, entertainment, wearables, health & exercise, and pets—and includes reviews of more than seventy products.

One of the most important aspects to these reviews is the “minimum” requirements for protecting your privacy. According to the researchers, only 32 of the reviewed products even earned a “merit badge” for meeting those minimum standards, meaning the items must “use encryption; have automatic security updates; manage security vulnerabilities using tools like bug bounty programs and clear points of contact; and require users to change the default password if a password is required.”

However, Mozilla’s team also said other factors prevented them from deciding once and for all if many of the products meet the standards, such as the manufacturer not responding to direct requests for information about customers’ privacy.

This is the second year that Mozilla has conducted this review and released the results, but this year the company has included a new tool called the Creep-O-Meter. It will give consumers an idea of the level of privacy concern surrounding different products, ideally before they buy and install them.

There are a lot of holiday shopping guides and consumer review websites that can help you make an informed decision about price, quality, age-appropriateness, and more. This might be the only guide that explicitly supports your privacy, though, so check it out before bringing any new connected devices into your life.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

Is a TURKEY in Charge of your Data Security?

When it comes to keeping you safe, experts rarely recommend putting a turkey in charge—whether it’s the human kind or the bird! But this Thanksgiving week, the Identity Theft Resource Center wants you to remember that a turkey can make all the difference.

T is for Trusted Websites

If you’re one of the millions of Americans who will be doing some online shopping or booking your December travel this weekend, make sure you’re only visiting trusted websites to find your bargains. Scammers advertise the “hot toy” of the holiday season then never deliver or offer too-good-to-be-true holiday getaways, but they’re really taking your money and your payment information in the process.

U is for URLs

No matter what you’re looking for online, check the URL first. That’s the web address at the top that starts with “HTTP.” If you’re shopping or inputting any sensitive personal information, make sure it says HTTPS, which is the official designation of a Secure website.

R is for Resetting your Password

All throughout the year, but especially when cybercriminals know there will be more web traffic, it’s a good idea to reset your password from time to time. Don’t wait until a breach happens and all your accounts are exposed after you reused your passwords. Log into your sensitive accounts (like banking, credit cards, retailers) and change your password to a brand-new, strong, and unique option.

K is for Keep those Documents and Mail Locked Up

No one wants to think that a friend or family member would hurt them, but a significant amount of identity theft cases are perpetrated by someone close to the victim; this is especially true in cases of child identity theft. Before your visitors show up this holiday, make sure your family’s personal documents are safely secured. When you’re throwing away all your accumulated mail, make sure things like credit card offers, health insurance statements, and other potentially useful items are fully destroyed before you discard.

E is for Everyone Is a Link in the Chain

Too often, we think of cybersecurity as the IT guy’s problem at work or the grown-ups’ concern at home. The truth is, anyone can be the weak link that invites a cybercriminal into your system.. Make sure your workplace is secured with ongoing employee training on the latest threats and hacking tactics like ransomware attacks, and be sure to have important talks with your family about good computer use habits. If you’re spending time with relatives this week, this is a good time to point older family members to resources that can help them avoid scams and computer crimes.

Y is for You CAN Reduce your Risk

Too often, news of identity theft and large-scale data breaches can make us feel like it’s just an inevitable part of digital life. In fact, there’s actually an expression for the feeling that you can’t avoid being a victim and therefore shouldn’t even bother fighting back—data breach fatigue. While no one can be solely responsible for keeping a hacker out of their computers or devices, there are many things you can do to reduce your risk; most of these things are just simple steps that make you less of a viable target:

  • Strong, unique passwords that you change regularly
  • Good email and text habits for ignoring links or attachments
  • Safe social media behavior, including privacy settings and avoiding oversharing
  • Being on guard when it comes to scams and fraud, especially ones that require you to pay with an untraceable payment method
  • Shredding important documents before discarding them
  • Staying up-to-date on the latest threats and knowing how to respond

With the right amount of TURKEY, your data can be more secure and you can have peace of mind throughout the year…enjoy!


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

Securing Our Nation’s Critical Infrastructure Is Everyone’s Responsibility

In Week 4 of #CyberAware Month we’re emphasizing the importance of securing our critical infrastructure and highlighting the roles the public can play in keeping it safe.

A nation-wide pizza chain made news in 2018 by announcing a new contest: nominate your town for pothole repair. The very endearing marketing tactic asked customers around the country to explain why their town deserves a little roadway TLC in order to keep pizzas from bouncing around the car on the way to their tables. One winner would be chosen, and the chain would fund pothole repair for that city.

As fun as that sounds, maintaining and protecting our infrastructure isn’t a game, especially when it comes to the real threat of cyber attacks. These coordinated attacks can disable anything from our power grid, telecommunications and E-911 systems, water supply and sewage and more. Taking down even one of these vital utilities with a cyber attack would have devastating consequences while targeting more than one system could cripple entire sections of the country.

October is National Cyber Security Awareness Month, a project hosted by StaySafeOnline. This year’s theme is “Our Shared Responsibility,” and each weekly theme focuses on how consumers, businesses, and stakeholders can play key roles in protecting against hacking, data breaches, and other related crimes.

But how are members of the public supposed to prevent a large-scale hacking event that aims infrastructure? It’s one thing to update your home computer’s antivirus or log out of your sensitive accounts when you’re not using them, but those behaviors will hardly stop highly-skilled operatives from threatening a country’s water supply.

Or can they? Can the security behaviors you adopt prevent the next widespread cybercrime? StaySafeOnline certainly thinks so, and will offer crucial information to the public on ways that they can take an active role in securing our country’s infrastructure: “Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic consequences for our nation.”

One of the most obvious ways that consumers can protect these necessary resources starts with protecting their own networks. Your home computer, your smartphone, and your Internet-of-Things connected devices are all sources of potential vulnerabilities. If you’re in any way connected to the public utilities—even theoretically something as mundane as paying your electric or water bill online—it could result in fraudulent access to the utilities if hackers gain access through your computer.

By securing your own devices and networks first, you’re possibly preventing a cybercriminal from compromising your device and using that connection to gain access to a “bigger fish.” Third-party attacks, commonly associated with small businesses who have connections to larger corporations, are a recognized avenue of attack. The Black Friday data breach that affected Target in 2013, for example, was eventually traced back to a third-party vendor who worked on the refrigeration units for a small number of Target locations.

Safeguarding your own network and devices is always a smart thing to do, and it can prevent a lot of headaches for you down the road. In today’s connected digital climate; however, your own security steps just might protect us all.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

October is National Cybersecurity Awareness Month, and there’s no bigger “holiday” for those who work in information technology, digital safety and tech security. Okay, that might be a tiny exaggeration; However, it is safe to say this: cybersecurity professionals keep our internet and networks safe from hacking, data breaches, scams and fraud, and there simply aren’t enough cyberheroes doing the job.

Just in 2017, data breaches hit a new record high of 1,579 breaches, indicating a drastic upturn of 44.7 percent increase over the record high figures the year before. Fortunately, there’s never been a better time to pursue a career in computer security or data protection. The theme for week two of NCSAM is to highlight the intense need for highly-skilled, dedicated professionals who are interested in the landscape of modern crime and warfare known as our computers and the internet.

But who has the chance to become a superhero? Anyone! Only two years ago, there were an estimated one million unfilled jobs in the U.S. in the cybersecurity field, and that number is expected to be 3.5 million by 2021. There has never been a better time to consider this field, and there may have never been a more critical need than right now.

1. Middle school and high school – It’s never too early to begin learning about data breaches, information technology, cybersecurity and other tech-related subjects. Unfortunately, you’d be hard-pressed to find more than a few high schools even offering this type of course. There are some really dynamic online sources for teens, though, and the first step is simply to get students interested in the field and talking about the subject.

2. College and career – More and more colleges are offering cybersecurity degrees, and many of those schools even offer a fully online bachelor’s degree in the field (after all, you’re going to be working online a lot, you might as well earn your degree that way!). The programs have grown in number to the point that multiple sources have already ranked colleges’ and universities’ cybersecurity degree programs according to best value, best education, highest number of graduates working in their field and more.

3. Returning learners – For one reason or another, the average person changes careers between five and seven times during the span of their work life. Some of the reasons include better pay or benefits, more flexibility, a lack of opportunity in their previous field, or simply the chance to reinvent themselves after years in a fulfilling career. Cybersecurity is relatively new, it’s constantly evolving, it’s an incredibly high demand, and for some, it’s a job that a professional could do as a freelancer or from home. All of those factors make cybersecurity and information technology exciting possibilities for older, non-traditional or returning students.

No matter why you consider the cybersecurity field, there’s never been a better time to take on the challenge. It’s a widely recognized and highly sought after area of study while also serving the greater good and protecting the public. (The $100,000+ average annual salary doesn’t hurt, either.) If you’re looking for an exciting opportunity that can offer you variety mixed with longevity, talk to a college, university or career counselor about cybersecurity.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Our Shared Responsibility Begins at Home

National CyberSecurity Awareness Month, an annual cybersecurity experience hosted by Stay Safe Online, has officially kicked off its 15th year. This October event, which brings together stakeholders from every level of online security, is geared towards everyone from top-tier cybercrime analysts to the most vulnerable everyday internet users. The goal remains the same each year: to ensure that the most up-to-date information on cybersecurity is accessible to all users and is at the forefront of their tech decision-making.

This year’s month-long theme is “Our Shared Responsibility,” but the focus of week one is how cybersecurity begins at home. Lessons on every aspect of our physical and emotional safety begin with those who care about us the most, and internet safety is no different. Creating an environment of secure internet access and understanding leads to life-long Cyber Aware users.

To know what lessons to impart, parents and other caregivers need to understand the changing needs for all users within the home. Young children might only enjoy a few minutes of screen time on a tablet with specifically chosen apps, while older teens gain more and more responsibility—and exposure—through social media, browsing, the “latest” app that everyone’s talking about, and more.

At every age and for every user in a household, the privacy and security pitfalls can change. That’s why it’s essential to remain in the know about the kinds of cybersecurity issues that different people may face:

  1. Young children – For most youngsters, it may be up to Mom and Dad to enter their information into an age-appropriate account, so it’s also up to the parents to understand what information they’re sharing, what permissions they’re granting, and where that information can end up. Understanding what kinds of data breaches have taken place in the past can also help, such as the VTech breach or ones involving public schools and doctors’ offices.
  1. Preteens and Tweens – Every generation has thought that kids were growing up too fast these days, but when it comes to technology—especially unsupervised access to it—that may be truer now more than ever before. The average age for US kids to get their first smartphone is now ten years old, and that can mean unprecedented access to the internet, downloadable apps, social media, and more.
  1. Teens and Young Adults – One of the most commonly associated cybersecurity issues for young adults is probably cyberbullying, especially on social media, but that’s just one of the many dangers this age group can face. While it’s important to discuss proper behavior online as well as what to do if they’re targeted, it’s also vital that parents discuss scams, fraud, identity theft, hoaxes, and more. One staggering statistic, for example, has shown that senior citizens may be more likely to be targeted by a scammer, but Millennials are the ones who lose more money to online scams and fraud.

No matter what age your family members may be, NCSAM is an excellent time to explore your privacy, security, and overall digital safety.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media

With its global crime-fighting efforts, the FBI can monitor potential criminal activity in an effort to take preventive action. One of the many important industries that the agency can protect this way is the financial sector. Recent discoveries have already prompted the FBI to issue a warning to banks and financial institutions: we have reason to believe a global-scale cybercrime is about to happen.

Specifically, this cybercrime targets ATMs, forcing what’s known as an “unlimited operation,” or “ATM cash payout scheme.” Essentially by combining malware infections at various banks with stolen card information onto magnetic stripe card blanks, thieves can bypass the usual account balance limits and daily withdrawal limits to steal millions of dollars through ATMs.

These kinds of attacks aren’t new, and law enforcement agencies have even managed to arrest a bad guy or two for this specific category of crime. The real obstacle, though, is that global crime syndicates can enable the theft of millions of dollars from ATMs before anyone notices what’s happening.

Many banks stock their ATMs with a fresh supply of cash for the weekend or a holiday since the bank won’t be open to help customers, so the FBI has already warned that an attack could take place at times like these.

The FBI had some vital tips for banks concerning this possible incident. While you can’t stop a global crime syndicate, there are a lot of things you can do to help:

1. Don’t panic – Your gut instinct might be to run to the bank and withdraw a lot of cash as a safety net, but that doesn’t help anything. It’s far more important to keep your head and continue with your everyday financial behaviors.

2. Monitor your accounts – After any kind of POS or data breach, consumers are urged to check their account statements. This time, we mean it! Checking your accounts right now—literally, right now—for any signs of suspicious behavior and then reporting that behavior to your bank could mean that your stolen card information (the one thieves transferred onto a blank magnetic stripe card) won’t work when a thief tries to use it. You could be one less card that gives them access to the bank’s money. So check your accounts and spread the word!

3. Report strange activity – Take immediate action if you find anything out of the ordinary in your account statements as this could indicate someone has been in your account. If someone accesses your account, they might copy it onto a blank card.

Again, one of the most important things you can do is not panic. As word spreads, there may be social media posts that end up spreading misinformation to a viral audience. Help others know fact from fiction when it comes to the impact of this crime.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media