There are a lot of different kinds of identity theft. One common form is a social media hack, which involves a hacker taking over control of your social media accounts. Compared to some of the other ways an identity thief can wreak havoc with your personally identifiable information, it might not seem like a big deal. However, as a number of high-profile individuals and businesses have discovered, it actually is.

A social media hack can allow the thief to post any kind of messages that appear to come from you. They may be offensive in nature, sharing sensitive or untrue personal details and more. This can have repercussions with your employer, family and friends.

Beyond just damaging your reputation, access to your social media accounts can also lead to access to other accounts. Any website or app in which you used your Facebook, Twitter or Google connection to sign up and login can potentially be taken over once someone has control of your social media account.

A social media hack is a great way to spread malware and snare other victims. If you were to suddenly post a link on your Facebook page to something that promises to be interesting or fun, how many of your followers would click it? If you sent out private messages on these platforms to your friends and family members, how many of them would respond? All the hacker has to do is pretend to be you when they post or send these harmful messages.

There are a variety of ways criminals get into accounts, and even more ways that experts have not discovered yet. When Twitter’s own CEO Jack Dorsey had his account hacked, it happened through porting his phone number to a different cell phone. Either by hacking the cellular provider or getting an employee at the cellular company to do it, the hackers gained access to Dorsey’s phone and his logins.

However, when the NFL and numerous pro football teams had their Twitter and Instagram accounts taken over by hackers, the criminals broke in through a third-party platform. By compromising the email account for an employee of the third-party platform, hackers were able to gain access to these major accounts via a tool that measures engagement. Since all of the affected teams within the organization use the same tool to keep up with the data on their tweets and posts, breaking in was very useful.

No one is immune from a social media hack, even if you are not a celebrity or a major organization. It is important to protect yourself with strong, unique passwords, multi-factor authentication tools if you can use them and not leaving your social media apps logged in on your phone unless you have to. Also, changing your passwords frequently is a good idea, just in case hackers manage to grab outdated login information. Do what you can to keep yourself safe from hackers who are looking to land you on the wrong side of a social media hack.


 Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You may also like…

Identity Theft Resource Center®’s Annual End-of-Year Data Breach Report Reveals 17 Percent Increase in Breaches over 2018

Scam Alert: FedEx Delivery Text Scam

Scam Alert: Australian Fire Fundraising Scam

After much debate, it turns out abbreviating 2020 is not dangerous after all. When something gets posted online, there is a good chance that it can take on a life of its own. That seems to be what happened to an interesting tidbit of advice, posted by a Twitter user at the start of the new year. The advice said that you should not abbreviate the year (writing “20” instead of “2020”) due to fraud and forgery concerns because someone could add additional digits to the end of your “20” and change the year on your document.

From there, the advice about abbreviating 2020 not only went viral but it also somehow grew in magnitude and severity. The information has now been shared by police departments and other experts in different parts of the country. Some reports even said that authorities have issued a warning.

Fortunately, this seems to be a very small cause for concern. Someone could add their own two digits to the end of the date if you simply wrote “20,” changing the date to “2007,” for example. However, you have to ask yourself how that would benefit someone and what harm could it actually do to you.

Luckily, a well-thought-out explanation of the risks and worries of abbreviating 2020 can be found here. The only documents that could really be negatively impacted by abbreviating 2020 would already have the type-written date beside the signed date. Other documents, like some tax return forms, already have the precise number of blanks for you to write the date. However, your checks, for example, are not really in danger; after all, how does it benefit a thief to change the year on a check?

There are some really important reminders that come from this story, and they are relevant no matter what year it is.

  • Some viral posts are nothing more than a hoax, and others like this one start out as a gentle warning. That does not make them dire or dangerous
  • People tend to share posts that seem to be great advice on the surface—such as the infamous “Facebook is going to start using your photos unless you copy and paste this onto your wall right now!” hoax—but those posts can sound scarier as they make the internet and social media rounds
  • Good habits should not be ignored

The good habits you develop to protect yourself can actually help you in different ways. It does not hurt anything to write out “2020” instead of just the last two digits. And if writing out the year makes you more aware of your privacy and the need to protect yourself, then, by all means, write it out.

Other good habits to focus on this year include avoiding phishing scams, not sharing social media posts that are not fact-checked, maintaining strong password security and hygiene and monitoring all of your accounts for any signs of suspicious activity. If any of those habits are not clear, check out the information at the Identity Theft Resource Center’s helpful website to learn more about how to protect yourself this year. Be sure to follow the ITRC on Facebook and Twitter for up-to-date information as well.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

A PayPal vulnerability in the login system was recently discovered by a white-hat hacker, allowing the company to create a patch for the problem. When we picture highly-skilled hackers at work, we might think of darkened rooms and faces peering out of black hoodies, lit by the glow of several computer monitors. At least, that is how Hollywood portrays these criminal masterminds who can break into a secure network from anywhere in the world and cause harm.

Fortunately, that is not often the reality. In fact, a number of hackers—the so-called “white-hat hackers”—like to sift around in a major company’s security defenses just to see what they can find. The company might pay them handsomely as a reward.

That was the case with a recently patched login vulnerability at PayPal. A hacker discovered that the Java script in the login page could potentially allow unauthorized outsiders to access accounts. Alex Birsan then reported the issue to PayPal and publicly disclosed it, for which he received over $15,000 from the company.

The method involved in accessing an account without authorization is so roundabout that PayPal has no reason to think anyone actually accomplished it. According to the company, an unsuspecting user would have had to go to PayPal by first clicking a button on a malicious website and entering their credentials to take advantage of the PayPal vulnerability. Then a hacker would have had to access the Google CAPTCHA that verifies the users’ identities on certain accounts. Still, there is no reason to leave a vulnerability unchecked, and PayPal created a patch for the PayPal vulnerability.

While PayPal users do not have to do anything to install this patch—since the issue was with PayPal’s own site, not downloaded user software—this is a good reminder that any time a vulnerability is discovered and a patch is issued, that patch will not be useful unless it is implemented. If the PayPal vulnerability had involved user software or apps, you would not be protected if you had not installed the latest update.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

The Epilepsy Foundation and law enforcement are on the hunt for hackers responsible for a recent Epilepsy Foundation Cyberattack. Data breaches and account takeovers tend to be fairly straightforward. Hackers break into a network, steal useful information and then use or sell that data to someone else. Sometimes, though, cybercrimes have a far more malicious goal in mind. It might be revenge, intentional damage to a reputation or brand or some other similar focus.

In one particularly brutal cyberattack, experts initially worried that hackers broke into the Twitter account for the Epilepsy Foundation and used that access to send out dangerous tweets. Further investigations showed that they did not actually violate any accounts or even terms of use. Instead, they tweeted at those who were following the Foundation’s account and any hashtags they deployed. The tweets contained flashing, strobe-like images that were specifically intended to induce seizures in people who have photosensitivity issues. Users who rely on information from the Foundation’s Twitter feed were put at risk of a seizure due to the Epilepsy Foundation cyberattack, and the organization is taking the account hack very seriously.

The timing of the Epilepsy Foundation cyberattack appears to be no coincidence, as it occurred during National Epilepsy Awareness Month. That is a time with higher traffic because more people are looking for information and shared posts from the organization. For its part, the Epilepsy Foundation has now filed criminal complaints against the hackers and intends to assist law enforcement in discovering the culprit of the Epilepsy Foundation cyberattack and bringing the charges against them.

Social media has long had to deal with disinformation campaigns where public health is concerned, but coordinated, planned attacks of this kind are not very common. Unfortunately, as revenge-style attacks and stunts increase, hackers may attempt even more boundary-pushing tactics. This kind of weaponization is particularly alarming for a few reasons. First, it may be hard to show that the attackers actually violated any laws or even rules for using Twitter. Second, and more importantly, it demonstrates how easy it is to entice large numbers of followers to click a malicious link or download and spread harmful software.

You might also like…

Concerns Arise Around Possible LinkedIn Password Exposure

Super Bowl Means Super Scams

New York Special Olympics Email List Suffers Hack 

A business ransomware attack continues to be one of the most damaging, costly forms of cyberattacks against both businesses and consumers alike. Simply put, it is easy to pull off and it often works, all with little risk of discovery to the perpetrator.

Most ransomware attacks involve a little bit of malicious software—either designed by the criminal or purchased from another source—and some social engineering. Typically, phishing attacks work as an avenue for infecting a computer or network with harmful software. By getting even one low-level employee to click a link or open an attachment, criminals can infect the network, lock up the system and demand a ransom payment in exchange for the key to open it.

Unfortunately, the only responses to a business ransomware attack are to pay the ransom or ignore it and buy a new computer. Experts do not recommend paying the attackers because there is no guarantee they will release your network or your files. Unfortunately, getting your system back online can prove to be difficult.

One telemarketing firm, The Heritage Company, suffered a crippling business ransomware attack before Christmas. Employees were not made aware of the attack and only learned of it when all 300-plus were laid off. The company was unable to recover from the attack, despite paying the attackers to regain access via the unencryption key. In a letter to employees and a subsequent outgoing voice mail message, the company urged employees to look for other jobs.

This kind of incident is not rare, and small businesses are just as likely to be victimized as larger ones. Certain industries, like healthcare and education, are also more likely to be targeted due to the higher risks associated with being breached.

When it comes to ransomware, the best offense is a good defense. Prevention is the most important step, and it comes down to things like employee training on avoiding phishing attacks, ensuring the network has strong, up-to-date anti-malware protection and backing up all data on external storage devices every day. That way, should the other steps fail, the worst outcome is having to purchase new hardware and load the backed-up data into it.

You may also like…

Concerns Arise Around Possible LinkedIn Password Exposure

Super Bowl Means Super Scams

New York Special Olympics Email List Suffers Hack 

The U.S. Army is the latest branch of the armed services to issue an order against using TikTok.

Who Is It Targeting: Video app users

What Is It: Data theft, “leaky” app

What Are They After: The U.S. Army just became the second branch of the military to warn its members that they are not to download, install or use the app TikTok on their government-issued phones. The Chinese app, popular with young users, lets you create brief video clips that you then share on your social media channels. A number of security worries have cropped up concerning stolen information through the TikTok app, and the Army is not taking any chances.

How Can You Avoid It:

  • Make sure you understand all the privacy permissions you are granting when you open a new account
  • Do not be in a hurry to download the latest app
  • If you cannot tell what data the app uses or shares with others, then it is best to avoid it

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. Find more information about current scams and alerts here. For full details of this scam check out this article from Fox 5 San Diego.

As this year winds down, it is important to spend a little time reflecting on the 2019 identity crimes, some of the things that went right in 2019 and the things that did not go as well. This is true for so many subjects, especially identity crime – which includes scams, fraud, data breaches, cybercrime and all of the other types of crimes that go with it.

Fallout from 2018

As in previous years, this past year has been a big one for these kinds of crimes. Tech users are still feeling the aftermath of things like the Facebook/Cambridge Analytica privacy debacle that was uncovered last year; Congress is still at work on what to do about consumer privacy in the social media age. Also, the news that phishing attacks more than doubled last year over the year before had researchers, businesses, lawmakers and consumers alike paying closer attention to the messages they receive.

What Went Right in 2019

Fortunately, new legislation has come along to make our privacy lives a little safer. The General Data Protection Regulation (GDPR) regulations went into effect in Europe last year, for example, and they inflict strict penalties on businesses that gather and store data but let it fall into the wrong hands. New laws in California and Colorado will be taking effect soon, intent on strengthening privacy and consumer choice. Best of all, the awareness of what constitutes these kinds of crimes and how to recognize them is increasing.

Top Security Incidents of 2019

However, this welcome news does not mean that consumers are safe or that hackers are finally giving up. With every new platform, tool or technology, there is even greater potential for new avenues of attack. Healthcare providers and insurance companies continued to be one of the hardest-hit targets this year, thanks to the overwhelming amount of personally identifiable information (PII) they gather. “Accidental exposure” breaches were a common 2019 identity crime for major-name companies, which happens when businesses store huge databases of private information – in an online server then fail to password protect it as an example. Even our entertainment was not safe, as many apps and online gaming portals suffered data breaches that were traced back to reusing passwords on multiple sites.

2019 did not just see a lot of large data breaches, but settlements as well.

Equifax Settlement

In July, Equifax reached a $700 million settlement for harms caused by their data breach. Equifax agreed to spend $425 million to help victims of the breach, leading to lots of discussion on how to file a claim.

Facebook Settlement

While the Equifax settlement was the largest in data breach history to date, Facebook blew it out of the water just two days later, as they were ordered to pay $5 billion. After the settlement, Facebook said it required a “fundamental shift” in Facebook’s approach at every level of the company in terms of their privacy.

Yahoo Settlement

A month and a half later a Yahoo data breach settlement was proposed for $117.5 million after over three billion Yahoo accounts were exposed. Identity Theft Resource Center CEO, Eva Velasquez, stated in a media alert that the settlement trend is moving the needle in the right direction for both consumers and victims. However, that was not without its challenges, including putting the onus on the consumer to tell the settlement administrators how they were harmed and provide proof of it.

10,000 Breaches Reported

This past year the Identity Theft Resouce Center also recorded 10,000 publicly-notified data breaches since 2005. As part of the milestone, the ITRC took a look back at some of the top breaches the last 15 years as part of our 10,000 Breaches Later blog series.

Minimizing Future Risks

While data breach fatigue is a recognized phenomenon, one that can occur when consumers are bombarded with constant news about their data being compromised, the flip side is the kind of paranoia that makes you want to unplug and go live off the grid. However, neither of those is the solution. What does work is an awareness of the threat and some good privacy habits to prevent crimes like the 2019 identity crimes:

We’re Here to Help

Remember, you are not responsible for the criminal behaviors of a hacker. However, you can take steps that reduce your risk of becoming a victim and help minimize the damage if the worst does occur. The Identity Theft Resource Center is always here to help. Call us toll-free at 888.400.5530 or live-chat with one of our advisors.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Exercise Car Safety to Avoid Leaving Your Identity Behind

Holiday Phishing Scams Target Small Business

Social Security Phone Scam



New Google Chrome features have privacy experts excited. Software developers spend a lot of time and money creating the programs and apps we use on a daily basis. Sometimes, that software could use a little facelift, especially as new features and innovations come along. Other times, the software desperately needs an upgrade due to security issues.

In the new Chrome web browser update, password security is even stronger. If you attempt to login on a website or account and that username and password combination has been compromised anywhere else online, Google will alert you immediately and encourage you to change your password. This new Google Chrome feature is really helpful if you are one of the many tech users who still reuses their passwords on multiple accounts, something the Identity Theft Resource Center does not recommend.

Another great Google Chrome feature is the updated anti-phishing tool. In the past, Google would compare website URLs you visited against a list of known phishing sites. While the turnaround time for updating its list was about 30 minutes, meaning Google’s team updated the list continuously, that was still enough time for scammers to slip through or redirect their web traffic to avoid being caught. The new phishing detection happens in real-time, so if you attempt to visit a phishing website, you will be alerted immediately.

While Google’s team was making upgrades for the new Google Chrome features, they included a bunch of other new features that are not really security tools. However, they are still really handy, so Chrome users will want to take a look.

With that said, there is a catch when it comes to all these great new Google Chrome features. You cannot have them if you do not update your browser. The same is true of any app or software you use. If the developer creates a new feature, launches a new tool or discovers a massive security problem, your version will not have any of the benefits or fixes unless you update it. When you receive an alert or a notification about an available update, it is important to install it right away.

Think of it this way: if a developer discovered a dangerous security flaw that allowed hackers to break in and steal identities, the last thing they would want to do is broadcast that information. Hackers around the world could swoop in and attack computers that have not installed the update. Therefore, the news of these Google Chrome features and fixes does not tend to be very widespread. Just know that it is important to update the tools you use in order to stay protected and enjoy all the great benefits they have to offer.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Exercise Car Safety to Avoid Leaving Your Identity Behind

Holiday Phishing Scams Target Small Business

Social Security Phone Scam

The holidays are almost here, and for many people that means shopping. Unfortunately, scammers and hackers are already standing by to take advantage of consumers through data breaches and fraudulent activity, increasing the importance of holiday shopping safety. Before getting involved in this year’s estimated $1.1 trillion spending frenzy and the too good to be true online offers that go with it, it is important to understand what you can do to protect yourself and exercise holiday shopping safety.

Shop Online

A lot of people choose to skip the crowds and the chaos (and possible loss or theft of their wallets) by shopping online. However, in order to protect yourself from cyberthieves, you need to be prepared. If you are going to be establishing new accounts to make your purchases, do so before the big shopping holidays like Cyber Monday. Remember to use a strong, unique password, and enable two-factor authentication if it is offered.

Know Your Retailer

If you are already planning to shop online, exercise holiday shopping safety by choosing your retailers and making sure you are only using reputable websites. Look for the HTTPS designation at the beginning of the URL that indicates a secure website, and be sure that you are not redirecting to a website that has been made to look like the real thing. If you have received emails from companies that offer great deals, avoid clicking the links in the emails. Instead, go directly to the retailer’s website yourself and search for the item you are interested in.

Credit vs. Debit

Depending on which financial institution you use, your credit card may be more secure than your debit card. This is especially true if mysterious charges appear on your statement and you need to dispute those charges. Keep in mind that if you establish one credit card for all of your holiday shopping, it will be easier to reconcile any receipts and purchases later on. It may even help you stay on budget.

Computer Security

Before making any purchases online, exercise holiday shopping safety and make sure your computer itself is secure. Update your antivirus software and run a scan before starting your shopping in order to root out any harmful software that may be stealing your information.

Wi-Fi

If you are venturing out into brick-and-mortar stores for your holiday shopping, remember that public Wi-Fi can be problematic. A lot of retailers and restaurants offer free connectivity as an incentive to their customers. However, you cannot know who else is on the same connection. It could easily be a hacker who steals your information. Save your sensitive internet activity for your home connection.

Enable Alerts on Your Cards

If you have not already done so, contact your financial institution and enable alerts on your account. This is a very important holiday shopping safety tip. These alerts will arrive as a text message or email and will let you know immediately if your credit card number was used without the card being present, such as online. While you are enabling this feature, you might inform your credit card company if you plan to travel over the holidays so that your card is not declined for security reasons at your destination.

The Real Work Begins After the Holidays

Once the presents are shared and the decorations are put away, your work is not done. Monitor your accounts carefully for any signs of suspicious activity and take immediate action if you see any charges that should not be there.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Are the Wrong Toys on Your Holiday Shopping List?

Hacked Disney+ Accounts Are Being Sold Online

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

One week after its launch, hacked Disney+ accounts are what is being discussed rather than the new video streaming service. A week ago, Disney launched a highly anticipated video streaming service, and hackers have already found a way to make a buck while ruining your fun. The service, called Disney+, contains not only Disney film favorites but also original content and new shows in the Star Wars universe. Social media sites have been flooded with overjoyed responses from happy customers, as well as complaints from unhappy customers who have lost control over their accounts.

Hackers have been able to infiltrate accounts, change the passwords to lock out the account owners and then post the credentials online for others to use or buy. Rather than the $7-per-month subscription fee, some forums have listed accounts for sale for as little as three dollars from the hacked Disney+ accounts.

There are a couple of ways hackers may have pulled this off, most of which customers can avoid if they are careful.

First, anyone who ever reuses an old username and password combination from another site is playing with fire. If you reuse the login credentials from your MySpace, Yahoo, Adobe, Ancestry.com, Bank of America or Capital One account, a hacker with the right information can break in. Again, any previous data breach in which usernames and passwords were stolen means that information may be available on the Dark Web. If you open any new accounts with old information, a hacker may already have access to it, which may be the case for some of the hacked Disney+ accounts.

Next, if you receive an email or text message that someone has changed your account login for any account, do not ignore it or treat it as spam. It can mean that someone is in your account at that very moment, and they are locking you out.

Also, there is some speculation that hackers may have used keylogging software to steal credentials. This can happen when you visit a harmful website and login, click a link or download a file in an email that installs harmful software on your computer or connect over public Wi-Fi and log into an account. By electronically gathering up your keyboard strokes as you type, hackers can grab your login credentials, go into your account and take control.

Once they change your password, you are not only locked out of your account, you are also powerless to delete the account or block the payment method. You must contact customer support immediately if you are ever locked out of an account you own since a hacker may be involved.

Remember, the Disney+ website was not breached. It is the individual users themselves whose accounts have been compromised. Another handy tip to avoid hacks like the hacked Disney+ accounts is to stop announcing on social media whenever you download a new game, try out a new service or some other hot commodity. No one needs to know that you have paid for a subscription, and hackers are standing by (through basic keyword searches online) to see who has got an account they can grab. It is important to avoid oversharing your personal business in this way.

Finally, all of this serves as a great reminder about password hygiene. Apart from never reusing a password on another account, it is a good idea to change up your passwords frequently. The same is true of your security questions, as those are often targeted in a data breach as well. That database of old information the hackers have will not work if you are updating your passwords from time to time.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


You might also like…

Three-Pronged Web Service Data Breach A Cause For Alarm

Virtual Reality Privacy Concerns

Who is Responsible for Fraud Prevention? Join the Fraud Week Twitter Chat with ACFE!