In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

There were more than 184 million ransomware attacks around the world last year, and there’s no sign that this type of cybercrime is slowing down. If anything, the effectiveness and lucrative payouts for hackers could mean even higher numbers of attacks in the coming months.

Are you prepared? Is your workplace?

The first step is to understand how ransomware works. The culprits behind the attack can be some of the most sophisticated hackers in their field, or they may be nothing more than a low-level user who has purchased some malicious software on the Dark Web. A highly-skilled hacker can infiltrate your network, while a less adept cybercriminal relies on getting you to install the malicious software for them through a phishing email or other social engineering.

Once the harmful software is on your network, though, your files and system are locked up tight. The only way to regain access—and restore day-to-day business—is to pay the ransom and hope the criminal decides to give you the necessary decryption key. (In too many cases, the thieves made off with the ransom and refused to unlock the victim’s computers.)

One recent profile of ransomware victims demonstrated a couple of different approaches to dealing with an attack. In one instance, a city government was infiltrated; they decided to pay the ransom and hope for the best. In the other case, city officials decided not to pay the ransom and instead rely on the backups of their important files.

So who was right? It doesn’t matter. Every ransomware attack and every victim are different, so making a sound decision about recovery should be the work of the victim, law enforcement, and security experts.

But here are some things to consider:

  • While businesses are more likely to provide a bigger payout, criminals know that individuals might pay up in order to retrieve their precious photos, videos, stored content, and more.
  • Paying the ransom is absolutely no guarantee that a hacker will decrypt your files or unlock your computer.
  • The best defense against this kind of attack is to routinely back up all of your files and important folders.
  • Ensuring that you, your family members, and your company’s workforce can spot a phishing attempt and avoid installing harmful software will also help protect you.
  • A company-wide policy about never downloading unknown files, never clicking on links in emails, never opening unexpected attachments, and other dangerous behaviors can also secure your network from this kind of attack.

No matter what steps you take, it’s important to stay on top of cyberthreats and scam attempts. Regular company training and a comprehensive company-wide computer use policy can help protect your business network, and monitoring computer use at home can do the same. As always, installing and updating a strong antivirus solution to block these threats is important, too.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

Most consumers probably have some level of knowledge about identity theft and fraud. It might only be a passing familiarity thanks to news headlines about record-setting numbers of data breaches. For others, their deeper knowledge of this kind of crime may come from having already been victimized. As anyone who has had to navigate the aftermath of identity theft crimes can tell you, it carries a lasting—possibly even lifelong—impact.

So how much do you really know about this crime? (You can take this short quiz to find out!)

The Association of Certified Fraud Examiners, ACFE for short, wants to help every consumer be as fraud-aware as possible in order to reduce their risk of becoming a victim. The organization hosts an annual event each November known as Fraud Week, and together with the Identity Theft Resource Center will host a Twitter chat filled with important tips and information for the public.

International Fraud Awareness Week will run from November 11th through 17th, and while some of the information is geared towards preventing this crime within the business sector, there are plenty of resources for everyday consumers. You can sign up to host a local community education event, direct your company or business to informational webinars, and find ideas for posting on social media to raise awareness. One great item to share on your social media channels is this ACFE video on identity theft and fraud, for example.

Of course, joining the Twitter chat on November 15th is another great way to get involved and stay informed. The ITRC and ACFE will co-host the free event online at 3pm ET/12pm PT, and participants only need to log into their Twitter accounts and search for The #fraudweekchat hashtag to participate. Be sure to add the hashtag to all of your questions or comments so other participants and the chat hosts can see them.

Finally, one of the best ways to really understand the impact of fraud is to hear from the victims themselves. The ITRC’s annual Aftermath report compiles information from victim surveys, which were completed by people who reached out to the organization for help during the previous year. This information explores not only the financial impact of this crime, but also the mental, emotional, and even physical effects of being a victim.

To say that it’s up to the victims to prevent identity theft and fraud is wrong; in too many cases, the victim couldn’t have done anything to prevent the crime. However, there are ways consumers can reduce their risk, recover as quickly as possible, and minimize the lasting effects. Knowing how to recover from this kind of crime starts without knowing what preventive measures to put in place, what steps to take in the event of fraud, and what resources are available to help victims. It all starts with awareness, so make plans to be a part of Fraud Week.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

Most consumers probably have some level of knowledge about identity theft and fraud. It might only be a passing familiarity thanks to news headlines about record-setting numbers of data breaches. For others, their deeper knowledge of this kind of crime may come from having already been victimized. As anyone who has had to navigate the aftermath of identity theft crimes can tell you, it carries a lasting—possibly even lifelong—impact.

So how much do you really know about this crime? (You can take this short quiz to find out!)

The Association of Certified Fraud Examiners, ACFE for short, wants to help every consumer be as fraud-aware as possible in order to reduce their risk of becoming a victim. The organization hosts an annual event each November known as Fraud Week, and together with the Identity Theft Resource Center will host a Twitter chat filled with important tips and information for the public.

International Fraud Awareness Week will run from November 11th through 17th, and while some of the information is geared towards preventing this crime within the business sector, there are plenty of resources for everyday consumers. You can sign up to host a local community education event, direct your company or business to informational webinars, and find ideas for posting on social media to raise awareness. One great item to share on your social media channels is this ACFE video on identity theft and fraud, for example.

Of course, joining the Twitter chat on November 15th is another great way to get involved and stay informed. The ITRC and ACFE will co-host the free event online at 3pm ET/12pm PT, and participants only need to log into their Twitter accounts and search for The #fraudweekchat hashtag to participate. Be sure to add the hashtag to all of your questions or comments so other participants and the chat hosts can see them.

Finally, one of the best ways to really understand the impact of fraud is to hear from the victims themselves. The ITRC’s annual Aftermath report compiles information from victim surveys, which were completed by people who reached out to the organization for help during the previous year. This information explores not only the financial impact of this crime, but also the mental, emotional, and even physical effects of being a victim.

To say that it’s up to the victims to prevent identity theft and fraud is wrong; in too many cases, the victim couldn’t have done anything to prevent the crime. However, there are ways consumers can reduce their risk, recover as quickly as possible, and minimize the lasting effects. Knowing how to recover from this kind of crime starts without knowing what preventive measures to put in place, what steps to take in the event of fraud, and what resources are available to help victims. It all starts with awareness, so make plans to be a part of Fraud Week.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

On November 6th, citizens will cast their votes for governors, state officials, or members of Congress, either continuing to support the incumbent or opting to make a change with a new candidate. In any event, the work of campaigning and elections are big business…especially for scammers.

With so much discussion about the mid-term elections, thieves have launched a wide variety of election season scams to steal personally identifiable information, financial resources, or both.

1. Phishing attempts – Candidates and political parties rely on emails and phone calls to connect with voters, and scammers are using the same tactics. By posing as members of a campaign, scammers target their victims with phony donation requests, fake news articles that encourage them to click and input their information to read, and more. The goal in these scams isn’t just money, but also access to your personal data.

2. Donation requests – It takes a lot of money to put on an effective campaign, so political candidates often request donations, host fundraisers, and more. Thanks to online platforms, candidates or their team members can request money via social media and platforms like GoFundMe or PayPal. However, the natural mechanism that allows candidates to do that effectively also means a scammer can do it, too. Be on your guard for similar names, “patriotic”-sounding organizations, and issue or party-centric groups that are not actually affiliated with anyone campaigning.

3. Fake robocalls – There have already been reports of robocalls associated with particular candidates for promotional purposes, and remember, charitable organizations and political ads are two of the categories that are exempt from the Do Not Call registry. However, some of the robocalls have not only been spoofed or use stolen recordings of the candidates, but some of them have also even been highly offensive and designed to get the listener to interact.

So how are you supposed to protect yourself from elections season scams? By using the exact same good habits that are designed to keep you safe from scams throughout the year. Never give out your information or verify your identity to someone who contacts you; never make a spur-of-the-moment donation or spontaneously pay a fee, fine, or bill; remember that anyone can create an email account or website, and it doesn’t take any effort or know-how to copy or mimic an existing organization.

Keep your identity and your finances secure by being cautious about how you interact with the campaign process this year…and don’t forget to vote!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

October is in full swing, and you can tell just by looking around. Halloween decorations fill every storefront, and Dia de Los Muertos depictions are already on display. Pumpkins, ghosts and skeletons already sit on porches, propped in place for some scary fun.

While hordes of the undead (trick or treaters) will be stalking the streets soon, here’s an all-too-real, all-too-common, supremely scary “undead” scenario: an identity thief steals your deceased loved one’s identity to open new accounts, apply for government benefits, buy houses or cars and more.

According to some reports, as many as 2.5 million deceased individuals become the victim of identity theft each year. Some estimates say that around 800,000 of these people are targeted specifically because they have passed away (the remaining identities may simply be chance victims of identity theft or random use of Social Security numbers). As with some other types of identity theft, like child identity theft, the culprits have typically been close friends or relatives of the departed. The easy access to their sensitive documents and the uncertainty surrounding things like account status or benefits means it can be easy for someone to slip in and commit this kind of fraud.

However, that’s certainly not the only mechanism by which a thief can steal a deceased person’s identity. Thanks to things like data breaches and synthetic identity theft, even strangers can commit fraud with someone else’s data. Add to this the wealth of social media accounts, personal information online, and internet obituaries, it becomes even easier to seek out a victim who won’t be likely to speak up about the crime.

Unfortunately, this specific form of identity theft—also called “ghosting”—can take months for financial institutions to discover. It’s unthinkable that you may find out months later, just as you’re beginning to rediscover some new sense of normal without your loved one, that their name and identity has been used to commit fraud.

There are some steps you can take to protect your family if you experience this kind of terrible loss:

1. Be reserved about the obituary – Watch what details you share, such as precise birth dates, anniversaries, or relatives’ names if identifiers could be picked out. Mentioning that your grandmother’s sister never married, for example, would give identity thieves your grandmother’s maiden name. This could also spell trouble for different relatives, as they would now know your mom or dad’s mother’s maiden name.

2. Alert the Social Security Administration – Let them know that the recipient has passed away and to lock their number. This would prevent someone from filing a change of address form and changing the account number where benefits would be received.

3. Reach out to the three major credit reporting agencies – By contacting the credit reporting agencies, you can ask for a freeze to be placed on your loved one’s credit report. This should effectively prevent anyone from opening a new line of credit or making a large purchase.

4. Keep documentation secure – It’s horrible to think that someone close to you would try to take advantage of this awful situation, but it does happen. Money troubles can make people do desperate things. Be very careful if someone asks too many questions, wants to view documents, insists on accompanying you to the bank or Social Security Administration, etc.

5. Continue to monitor your loved one’s identity – There are websites where you can check to see if an SSN has been used or identifying information has been stolen. Also remember that junk mail and unshredded documents are prime sources of identity theft. If any strange bills or statements arrive in the mail, don’t disregard them without investigating them further.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

At one point not too long ago, the IRS was reportedly issuing billions of dollars each year in fraudulent tax refunds filed by identity thieves. Thankfully, with better information and new regulations to help curb this problem, improvements have already been made. That doesn’t mean there isn’t still a long way to go towards fighting back against tax return fraud.

One of the chief issues the agency faces is simply the sheer volume of compromised taxpayer records that are floating around, available for identity thieves to purchase and use. Record-setting numbers of data breaches have resulted in hundreds of millions of consumer records exposed, ready to be used by the original thieves or those who buy them online.

Part of the effort to stem the flow of fraudulent refunds has meant slowing down the process significantly. Of course, we all want to receive a speedy refund that gets automatically deposited into our bank accounts, but that level of efficiency means it’s even easier for thieves to get to your money first. By automatically flagging certain returns for review—especially ones that use some of the more common standard deductions like dependent children or child care expenses—the agency hopes to block even higher numbers of phony refunds.

At the same time, the IRS is also taking a close look at its own mechanisms, namely its websites and taxpayer-centric user portals. The anonymity of the internet makes committing this kind of fraud even easier, and by finding ways to lock down their sites for better verification of taxpayer identities, the IRS hopes to stop even more fraud.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

Identity theft is commonly associated with the damage it can do to victims’ finances, especially if the thief racked up tremendous debt. The countless new credit cards, the cars or houses, the new utilities turned on in apartments the victim didn’t rent can all lead to six-figure debt before they even know their identity was stolen.

There’s another serious threat to identity theft victims, one that may be just as harmful, and that’s the emotional toll this crime can take. This side effect can easily be overlooked at first by both the victim and their family members or friends. Worse, outsiders might even treat this side of identity theft as a non-issue, diminishing the feelings of loss, mistrust and even paranoia that victims can feel.

Each year, the Identity Theft Resource Center conducts an in-depth study of ID theft victims who’ve reached out to the organization during the year for help. The study is based on voluntary feedback to a comprehensive set of questions in order to get a better look at the trends and the lasting effects of this crime. The resulting ITRC Aftermath report is then made available to the public, including law enforcement, policymakers and other stakeholders, in order to provide accurate information from the victims’ standpoint.

Year after year, respondents to the ITRC survey list some understandable emotional harm as a result of the crime. They’re often left feeling hopeless to resolve their cases and have a generally negative sentiment about their ability to recover. More than 85 percent have stated that they’ve felt worried, anger and frustration and another 83 percent are left feeling violated. Even worse, almost 70 percent of victims say they don’t think they can trust anyone and that they now fear for their safety. Almost as many victims reported that they feel powerless or helpless, while the majority of them are left feeling sad, depressed and betrayed.

Part of the hopelessness and paranoia may stem from all the ways that identity theft leaves its mark. More than 30 percent of the victims who responded said the crime caused them problems at work, either with their employers or with those they work with, while eight percent said it affected them at school with either the administration or other students. Some victims actually lost out on employment opportunities or even lost their jobs because someone had stolen their identity and used it in a way that came back on the victim. Some of the victims had their paychecks or their insurance benefits withheld due to the incidents, causing severe financial harm and the obvious distress that goes along with it. It’s easy to see how the financial turmoil can seem minor in comparison to the emotional upheaval. Money problems can be resolved, even if it takes time, but thinking that someone is using your good name to break the law is an endless kind of hurt. Knowing that your family members or coworkers think you’re a thief or an irresponsible consumer can break even the most solid bonds. It’s important that all consumers understand the aftermath of identity theft in order to be prepared, both financially and emotionally, should it happen to them or someone they care about.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Download now: The Aftermath®: The Non-Economic Impacts of Identity Theft

A new phishing scam has been uncovered by the FBI, one that targets you by pretending to come from your employer. By sending you a phishing email that claims to be from your workplace’s HR department, hackers hope to get their hands on your login credentials to steal your direct deposit paycheck.

It starts with an email that looks genuine, and it redirects you to a website that looks like an official workplace online portal. You enter your login details, confirm your identity, and then you’re all set.

Unfortunately, the portal was actually transmitting your credentials to the hackers, who’ve already breached your company’s website. They use your credentials to log in and change your direct deposit information, which will put future paychecks in their accounts or on prepaid debit cards.

The only way you’ll know your paycheck didn’t end up in your account might be when your account drops below the minimum balance, usually as a result of making purchases or paying your bills. Of course, once that happens, you get to handle the bad check fees and penalties from your bank while the hackers make off with your money.

One of the telltale signs of a phishing email is notoriously poor spelling and grammar, but since this one is posing as your own company’s HR department that might not be the case. Also, this scam is seeking out individuals who have a username and password to log in with. Therefore, it may be targeting a more select group of employees rather than casting a wide net and hoping to snag an everyday consumer.

Fortunately, the ways to avoid this scam are as simple as avoiding any other phishing scam. The downside, though, is that developing these habits requires you to instinctually learn to ignore direct requests, even ones that appear to come from your employer.

1. Never click a link, open an attachment, fill out information, verify your identity, or otherwise engage in any sensitive activity without checking it out thoroughly. It does not matter who the sender is: ignore any request of this kind and make a direct phone call to the supposed agency instead.

2. Verifying information that the sender should already have is an automatic red flag. Why would you need to tell your own employer what your username and password are? They’re the ones who issued them to you!

3. Remember, this same advice pertains to any platform, whether it’s email, text message, social media message, or phone call. Never hand over your information to someone who requests it without checking the situation first.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

If you’re making a trip to Seattle, you probably have the famous Gum Wall at Pike Place Market on your list of to-do’s. If you haven’t heard of it the second-germiest tourist attraction in the world, the Gum Wall holds over two thousand pounds of chewed gum on it’s the walls.

Some tourists get creative and chew a whole pack to create an image or spell out words. However, it looks like gum isn’t the only thing people are sticking onto the Gum Wall.  It’s actually common for people to stick on coins, notes, spoons and even personally identifiable information (PII).

Pennies were actually one of the first items people would stick onto the wall with a piece of gum in the early 1990s. The Market Theater continued to clean the wall, but it didn’t seem to stop people from sticking gum onto it.  After the third round of cleaning, the market management decided to let the gum wall be.

Since then, the wall has become filled with business cards, phone numbers, full-names and more. It might seem harmless and fun in the moment, but this may be a threat to your identity later on. A study conducted by Javelin Strategy and Research found that there were 16.7 million identity fraud victims in the U.S last year. It’s important to safeguard your PII as a preventative measure to reduce your chances of identity theft.

It might not seem like a big deal to have your phone number exposed, but if it gets in the wrong hands the data within your mobile device can be compromised. By accessing your phone number criminals can send you scam text messages or phone scams. Both of which can contain phishing attempts or malicious software. This can all lead to a thief accessing your email accounts and change logins or even take money from your mobile wallet.

Even though sticking your old school ID or a business card doesn’t seem like it can do much damage it can cause many problems for you in the long-run. Avoid sharing your PII and keep it just as private as you would with your SSN.

The Gum Wall has only been cleaned once in 2015. So if you’re planning to stick something onto the wall be prepared for it to be there for several years and for millions of people to pass by it.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media