I am one angry lady right now. My name is Nikki and I am the Social Media Coordinator here at the Identity Theft Resource Center. Something just happened to me that I had read about, but like everyone else had decided it would not happen to me. Yes…my Pinterest was hacked. For those of you who don’t know what Pinterest is, it is a social networking site where you can “pin” pictures to your “boards” so that you may go back later and find them. It is a visual social bookmarking site if you will. While I am not as obsessed as many users, I have thoroughly enjoyed pinning items to my craft board so that I can go back later and look when I have time.

Last month I worked to spread the word to consumers about the scams that were running rampant on Pinterest, but I did not think it would happen to me and the small amount of pins I had acquired. I was wrong. Just now I happened to come across a Facebook post about how to make a very cool iPad case using wallpaper so I thought I would go ahead and pin it so I could check it out later. This is when the trouble began.

I have several different “boards” on my Pinterest to organize what I find online, but the board to which this particular link wanted to post to was called “Make Money Online”. Fairly certain that I had not created that board, I logged into the site and found that several boards had been created and items had been pinned to them. The pinned items, when clicked on, would lead someone to either an online job scam or a malware download.

Now, because of my work experience at the ITRC, I was able to recognize this and delete these boards before clicking on them. I changed my password and looked through my profile to be sure nothing else nefarious was going on. But I wonder how many people would actually know to do that? I also wonder if the Social Media Coordinator at the Identity Theft Resource Center had something that I just wrote about happen to me, then how often is this occurring?

Needless to say, I understand that having some malicious linked pinned onto your Pinterest boards is not as devastating as having your checking account taken over. However, it did really make me feel vulnerable and a bit violated. In the end, the lesson was learned to check my Pinterest more often than once a month. I advise that you do the same.

“My Pinterest Got Hacked” was written by Nikki Junker. Nikki is the Social Media Coordinator at the ITRC.

Identity theft is problematic across the nation, being ranked fourth in the country for reports of identity theft means that Arizona is no stranger to this crime. The Office of the Arizona Attorney General has been instrumental in combating this crime through the creation and collaboration of various organizations and state agencies.

In 2011 the Arizona Attorney General’s Office (AZ AGO) was awarded a grant as a part of the National Identity Theft Victims Assistance Networks Project that allowed the office to establish the Arizona Identity Theft Coalition (AITC). To create this coalition, AZ AGO teamed up with various public and non-profit agencies including: the U.S Attorney’s Office, ICE, US Postal Inspector, the IRS, State Bar of Arizona, Police Office Standards and Training Board just to name a few.

AITC’s mission is to raise public awareness through community outreach programs and campaigns, improve inter-agency infrastructure, coordination, and referrals, as well as educate and train service professionals.

William Bessette, Program Administrator for the coalition, states that, “the goals of this coalition are a proactive approach for removing citizens from becoming a victim of identity theft, and equipping law enforcement with better tools and practices to service those who have been victimized.”

Since its beginning, AITC has rolled out two major initiatives as part of their long term goals, the Law Enforcement Best Practices Task Force and the Strategic Education Task Force. Both of these task forces play a role in achieving the goals of the coalition by constructing efficient solutions for resolving identity theft incidences, educating the public on tips for preventing victimization, and raising the public’s awareness regarding identity theft.

In addition to the work done through the AITC, the AZ AGO also strongly advocates specifically for senior citizens and military services members, who are often direct targets of identity theft.

The AZ AGO began the Taskforce Against Senior Abuse (TASA) which is specifically designed to educate and increase awareness of various forms of senior/elder abuse. Seniors are often times the victims of identity theft for several reasons: they are still receiving and sending bank statements in the mail, they carry their Medicare card on their person, and they are easily fooled by fraudulent schemes.

TASA’s community outreach program is dedicated to teaching seniors and their families, law enforcement, caregivers and other groups about how to best protect seniors from being victimized. Through public awareness campaigns, free educational presentations and training videos, TASA has been able to educate the senior community on preventative tips for avoiding identity theft.

Debra Boehlke, Program Manager for the Community Outreach and Educations Division, reminds her TASA presentation audiences, “do not carry your Social Security number on you, or anything that may have your Social Security number on it and protect your mail!”

It is very important that community members invest in cross cut shredders or attend local Shred-a-thons in order to protect their identity from being stolen, as well as mailing personal information in a secure postal box or office. These are just a few of the many steps that TASA advocates to prevent seniors from becoming victims of identity theft.

In addition to the Arizona seniors that are victims of identity theft, numerous military service members find themselves targeted for this crime as well. Approximately 14 % of Arizona Veterans have reported being victims of identity theft. Service members, veterans and their families are more prone to becoming a victim of identity theft mostly because their Social Security number has been used as their Service number for years. Despite a recent push to change service numbers, there is still plenty of other documentation that service members and veterans have that include their Social Security number. Often times, these families do not know how to properly store or dispose this information or sensitive materials get lost in the several times these families tend to move.

“Service Members, Veterans, and their families need to be aware of the potential for them to be victims of consumer fraud and theft. Our Military population is at a greater risk over the general public for crimes such as Identity Theft, and it has to be proactive to protect itself. An important role of the Office of the Attorney General is to provide information and resources for our Military population to help them in that effort. Some of the methods employed by the Office of the Attorney General include partnerships with Military and Department of Defense organizations, providing direct service with community outreach presentations, and facilitating initiatives such as the C.A.M.O. committee. The Attorney General has also expanded his staff to include Veterans and Subject Matter Experts who can address these issues more efficiently,” states Patrick Ziegert, a Community Outreach and Education Specialist, as well as a United States Army Veteran.

The AZ AGO recognizes the abundance of Veterans who are being affected within the state and have implemented a taskforce called CAMO to try and combat several Veterans issues.

CAMO, which stands for “Command, Control, Communication, Connectivity and Intelligence Arizona Military Outreach,” was created in 2011 to address the 600,000 plus Veterans, 15,000 National Guard members, 20,000 active duty Service members and their families who live in Arizona.

In terms of identity theft, CAMO’s “Command” committee is working towards preventative measures and providing assistance for Veterans through education, community outreach, Shred-a-thons, and public service announcements.

The Attorney General’s Office has also been involved with the Yellow Ribbon Reintegration Program which provides information, instruction, resources and referrals to deploying military units about identity theft and how to freeze their credit before deployment, amongst other things.

The Community Outreach division also works with school aged children to warn them of the dangers of connecting with strangers on line and sharing personal information that an Identity Thief could use against them, their parents, and grandparents. As technology allows us to get connected quicker with more resources, so does the problem of cyber ID theft. We must teach consumers simple practices to treat their phones and computers like they are purses, wallets, or bank accounts. Use secure passwords, be aware of current trends, and pay attention to your credit and accounts. Helping victims becomes easier when they are aware of how the theft may have occurred so they can change their behavior and guard against identity theft.

For more information visit our website at www.azag.gov , or contact us at 1-602-542-2123, 1-602-542-2145 or 1-800-352-8431.

The author of the above piece is Kathleen Winn, Director of Community Outreach for the Arizona Attorney General’s Office and trained by the Maryland Crime Victims’ Resources Center, Inc. through the Department of Justice.

The introduction of the smartphone into the technology platform revolutionized the use of the cellphone. Suddenly, activities and actions that required a stationary device, or a device connected to wireless internet became activities on-the-go. Now, the smartphone’s capabilities have surpassed those ever associated with a small mobile device. Cellphones went from being solely used for telephone calls, to nearly replacing the use of computers.

Nowadays, smartphones are used to place and receive phones calls, text messages, email, online banking known as mobile banking, document generation and sharing, social networking, bill paying, gaming, etc. Almost any activity can be supported by the small mobile device. These activities are made possible by the introduction of applications, known as apps. Just like programs have to be downloaded to a computer, apps have to be downloaded to a smartphone to carry out the desired commands.

When it comes to the smartphone, safety comes second to that of the computer. However, it doesn’t mean users cannot take security measures to ensure they are being protected. One of the greatest threats to users is applications. As a result of security holes, certain app developers create apps designed to steal user data, and gain access to information they would otherwise not have access to. For example, Malware is a common threat. In its essence, Malware is malicious software intended for malicious purposes. It has the ability to damage and disable computer systems. Since a smartphone is in many ways like a computer, it is a target.

When users download an app, and the app is malicious, it can download Trojans, viruses, worms, etc. to the device. These may install keylogger software, spyware, bonnets, and so on. The intent of the software is to follow user activities to obtain personal information. This information can then be used by criminals for financial gain – committing financial fraud, and in some cases identity theft.

The best rule of thumb is to verify the legitimacy of the applications being downloaded to a smartphone. As it is, apps require access to a significant amount of data, so ruling out applications can be a great step to take. In addition, reading the apps’ reviews can be helpful. Usually other users will define in their posts the problems they have had with the application. Users need to be weary of what they download, therefore, if the user doesn’t feel comfortable with the information the app is requesting access to, the best thing to do is to not download the app.

Truth of the matter is no one can protect a smartphone better than its user. It all boils down to the apps the user is downloading, and the activities or commands being carried. Although the responsibility of protecting a device is the users’, there are security software apps that scan for malware and spyware. These can be a helping hand.

Many professionals view air-travel days as an opportunity to get some extra work done, pay bills online, or distract themselves during their commute by surfing the internet. The convenience and ease of use of modern laptops and iPads have made it easy to stay connected in route. As a result, public Wi-Fi is now commonplace in most major airports and even becoming more common on the airplanes themselves. As with most technological conveniences these days, in addition to the obvious advantages, wifi in airports pose additional risk to consumers who may not be aware that they’re in potentially dangerous ‘hot zones’ for identity theft.

Public wifi is a beacon for those who would seek to harvest your personal information through your internet connection. Free wireless networks are usually not password protected, or have a password that’s publicly available. This means that every time you sign on to a public wifi connection, you’re essentially sharing a connection with any and all strangers in the area. In an airport especially, even more so than in a coffee shop or other place usually associated with public wifi, the number of strangers in your immediate vicinity is usually much higher. Any and all of those have the potential ability to access the same network connection you’re using. All it takes is one malicious user on your network to cause you a lot of trouble.

Anytime you access public connections to the internet, your computer is more exposed to the threats of malware or viruses which may be present on another’s laptop, not to mention the threat of a nefarious fellow traveler snooping through your shared files, shoulder surfing to watch you input your passwords, or otherwise monitoring your internet activity. Most people don’t realize that when sharing a network internet connection with someone, there is no additional firewall or security in place to protect the information stored on your computer. This quite naturally makes places like airports and other areas that offer free public wifi very attractive to would-be identity thieves.

If you can avoid using public wifi altogether, do so…if you just can’t resist checking the scores or the weather while waiting to board your flight or arrive at your intended destination, try to avoid doing potentially dangerous activities like online banking, filing tax returns, or checking any email accounts that might have valuable information stored in it; as this information could be harvested from your machine and used against you. If you know you will be traveling often and find yourself using public wifi normally you may want to look into getting a personal VPN. A personal Virtual Private Network will help protect you against the dangers of public wifi.

If using public wifi unprotected, be wary of any wireless network that shows up with a stronger signal than the network offered by the known provider (in other words, if you’re in the American Airlines terminal, you shouldn’t choose that random linksys server over the one labeled “Americanterminal1access” for example). Often potential hackers will generate their own network signal to have others “hook up” to them, exposing all their information. Other network users will see the stronger signal and connect to it unwittingly, without realizing that they’ve just voluntarily offered up anything that isn’t independently password protected for viewing by the thief.

When using your home wireless connection, ensure that it’s always password protected. Remember, you never know who else may be online.

You may have heard the tech term “patches” thrown around the office or mentioned in news segments, but if you’re not already familiar, you should be. Patches are perhaps one of the single-most important cyber security tools that the everyday tech user needs, right up there with things like anti-virus software and scanning filters.

A patch is a small piece of software that a company issues whenever a security flaw is uncovered. Just like the name implies, the patch covers the hole, keeping hackers from further exploiting the flaw. A number of holes have been exploited with severe consequences before their developers’ could create a patch, including the Heartbleed virus in 2014 and the recent WannaCry ransomware attack that struck just this month.

WannaCry hit more than 200,000 computers and networks before a 22-year-old cyber security whiz identified and activated a kill switch. Some of the hardest hit networks were hospitals, as their systems were locked up by the attack. This resulted in the loss of patient care, and some facilities even had to turn away patients due to the inability to access any of their computers. The only way to unlock the computer and remove the ransomware was to pay the fine in bitcoin to the hackers, at least until the block was discovered.

Microsoft had already issued a patch only a matter of weeks ago for the particular hole that led to WannaCry, but many users had either not installed it or did not have automatic updates activated on their systems.

Whenever cyber security experts, researchers, or even just highly knowledgeable “hobbyists” discover a new flaw, the typical protocol is to alert the software developer immediately so they can issue a patch. They do not usually make the discovery public. This might seem counterproductive since typically the public can’t take action to protect themselves, but experience has shown that informing the public also alerts hackers to the existence of the flaw. By only telling the developers first, hopefully they will close up the hole before anyone else discovers it on their own.

Unfortunately, this kind of secrecy—while necessary to keep hackers from launching new malware attacks—also means that if the developer themselves discovered the hole and patched it in the next regularly scheduled update, you may never know about it. That’s why it’s very important to keep all of your software and handheld devices up-to-date; depending on your comfort level with your own tech you might choose to set your computer to automatically install any new updates from the developer.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

As an organization specializing in monitoring and tracking data breaches, the ITRC has come across varying degrees of breaches and reasons for notification due to the varying types of compromised information. We would like to take this opportunity to address some of the differences and provide some insight into our approach for tracking data breach incidents.


According to most state laws, a data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property. Note that under these state breach laws, non-personal identifying information is not included.

Next, let’s consider hacking. By definition, “hacking” is the deliberate and unauthorized access, use, disclosure, and/or taking of electronic data on a computer. Hacking efforts target all types of information – from high level intellectual property down to individual personal information, both sensitive and non-sensitive information. Taken together, these two situations result in nearly 26% of the “reported breaches” included on the 2011 Identity Theft Resource Center Breach List.

This brings us to the definition of “reported breaches”. ITRC only publishes breach incident information which is available from credible, public resources. Breach incidents are tracked daily from sources such as state Attorneys General offices, a variety of media sources, and other well-recognized and respected entities that track and capture this information from publicly available sources. This approach means that the ITRC Breach Report only reflects the tip of the iceberg.

In 2011, 41% of the breaches on the ITRC report show the number of records exposed as “unknown.” In addition, ITRC is aware of a significant number of breaches that are not made public. As a result, it is not possible to provide truly accurate numbers – either for the number of breaches or the number of records. The majority of “reported breaches” included in the list are those which have met “breach notification triggers” established by the various state laws regarding this issue. Usually these incidents are electronic in nature, and must also expose information identified as PII, such as first and last name combined with a social security number, driver’s license or state identification number and/or financial account numbers (including debit and credit cards). Some states have expanded this “trigger” definition to include medical and healthcare information. This situation leaves large loopholes for breaches to remain unreported.

Currently we know that :

  • An undeterminable number of breaches go unreported, even when notification should have been triggered according to the applicable state laws.
  • Many breach notifications (at least what is disclosed by the entity) underreport the number of records
  • Many breach notifications also do not clearly define the types of information exposed.
  • Public information is often incomplete in detailing how the breach occurred
  • Many breaches involving non-PII, such as email addresses, user names, and passwords, are not reported because they do not meet “breach notification triggers” as established by various state laws

To date state laws have not added notification “triggers” for paper breaches, or those incidents which involve non-personal types of information, i.e. passwords, usernames and email information. Paper breaches have been captured and categorized on the ITRC Breach Reports since 2005, even though these types of breaches did not trigger breach notifications. Paper breaches are typically “outed” by external sources (consumers, media, etc.), and are not usually reported since there is no mandatory reporting. The reality is paper breaches present a higher level of “risk of harm” because the information is often “ready to use” and may even include signatures.

Since there is no mandatory reporting for these types of breaches, individuals have no way of knowing they should be concerned about having their information exposed, and subsequently used for identity theft. Over the past five years, even without a requirement for notification, paper breaches have represented an average of 19.6% of the total breaches.

Another issue that is excluded from the current set of state breach notification laws is how to handle those data breach incidents which expose non-sensitive personal information. This non-sensitive personal information is a rich source for phishing scams. User names and passwords are a wonderful place to start hacking, since most people use variations of passwords on multiple accounts. Even an email takeover can be an easy way to request a friend’s help to “get back from London,” or to start a directed “spear phishing” attack on employees of your company. Due to these types of risk, the ITRC began to capture and track these non-PII breach incidents even though they did not often include the types of personal identifying information necessary for a breach notification.

One thing that remains clear is that when it comes to electronically stored information, the ability of the cyber-criminal to gain access to this information will always outpace legislative and law enforcement efforts to curb their malicious activity. All businesses should take note of these changes and react aggressively to protect themselves, their employees, and their customer base from harm. The current call for a Cybersecurity bill in the U.S. Senate should underscore the need for all businesses to strengthen their security efforts.

Facebook – the social network giant has posed the opportunity for its users to vote on changes to their privacy policies. The focus wraps around how the network uses ‘user’ information through data collection practices and the use of that data for advertising. The giant is aiming at providing clear explanations to its users of how information is shared. In other words, users will have options to control how their information is shared. The voting was opened on June 1, 2012 and will close June 8, 2012.


Although some consider this to be a way to engage users, some say that users are not actually voting on policies, but rather voting for the old policy or the new policy. The old policy, per se, involves more complex language – harder for the user to decipher. On the other hand, the new policy is more transparent – easier and clearer for the user to understand. Co-Chair and Director, Jules Polonetsky of the organization Future of Privacy Forum feels “they’re going through with a vote because they promised a vote, but they’re really not going to end up with anything useful.”

According to The Inquisitr, users will find the following on the social network site:

‘Recently, Facebook provided revisions to its SRR and Data Use Policy to, among other things, improve the documents by adding examples and detailed explanations to help users better understand their policies and practices; comply with the law; incorporate feedback from the Irish Data Protection Commissioner’s Office, other regulators, and users; and reflect the addition of new products and services, like Timeline.’

So, if users want to vote, they have until Friday, June 8, 2012 to do so. However, keep in mind that in order for the results of the voting to even matter and taken into consideration, more than 30% of Facebook users have to vote. If that is not the case, the question then, is there anything useful in the process at all?

Recently, what has been a hot topic in the news is the infection of computers and computer systems in the Middle East. The damage is being attributed to a new threat that is being called “the most sophisticated cyber weapon,” “the most complex threat,” and “a massive, highly sophisticated piece of malware.” This new threat is known as “Flame.”

malwareBefore taking a look at what experts are saying, the dictionary definition of ‘malware’ is “malicious software that is intended to damage or disable computers and computer systems.” In essence, there are different types of malware designed for specific purposes; however, in their simplest of forms they are created to do exactly what the dictionary definition provides – disrupt computers.

Wired.com provides the jest of what malware does by providing their early analysis of ‘Flame:'” …the lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a back door to infected systems to allow the attacks to tweak the toolkit and add new functionality.”

Furthermore, according to NakedSecurity, ‘Flame’ has yet to be dissected to find out the workings of the deeper threats it poses to computer users. NakedScience states that “at its simplest level, Flame isn’t doing anything different from the vast majority of other malware we see on a typical day.” As a result, they emphasize on the fact that computer users should not be doing anything other than what they usually do on a daily basis to protect themselves.

In essence, computer users should continue to keep their anti-virus and security patches up-to-date. In addition, as usual – be cautious and fully aware or familiar with the software they install on their computers, the links they click on, the sites they visit, etc. Based on certain reports, ‘Flame’ can now be detected by anti-virus/ anti-spyware software.

I received a text message from my mobile provider the other day stating that as a premium customer I could download a free anti-virus for my Smartphone. Jaded as I am, working in identity theft, I was leery of a few things. First, I wasn’t sure the text had actually come from my mobile provider. The text message sender was only identified as a five digit number so I could not be sure that this was not actually a smishing scam. Second, I was concerned that even if the text was from my mobile provider, the download would not be free in the end or would expose all kinds of data when I accepted to download the application.

phone malware

So, I headed to my mobile providers website to see if this offer for free mobile anti-virus was legit. After finding the application on their website and realizing that what I was being offered was a very basic anti-virus which could be updated for a fee I came to the conclusion that this was indeed a little personal victory. Not only was I getting free basic anti-virus for my Smartphone, I was being validated for my concerns about mobile security.

Many people do not realize that your Smartphone is a mini PC and therefore vulnerable to the same risks as any laptop or PC. Mobile Malware is a growing threat and while Android devices were originally the target of many malware attacks, the risk for iPhone users is growing as MacOS is increasingly threatened. The best way for Smartphone users to protect themselves is to protect their mobile devices with anti-virus, just as they would their desktop.

The generosity of my mobile provider got me to thinking if all mobile providers were doing something similar. Had they finally caught the drift that if their customers were fearful of using the internet it would affect their bottom line? Perhaps they have as all of the major mobile providers I looked at offered some sort of free anti-virus protection for their Smartphone customers. This is exciting news for us here at the ITRC. It is good to know that there is protection available to consumers, protecting them from mobile malware attacks and therefore, one technique thieves use to get personal information to commit identity theft.

If you haven’t yet downloaded anti-virus onto your Smartphone, head on over to your mobile providers website and check to see if they offer free anti-virus for your device. Make sure that you are actually downloading the app from your mobile provider’s website. Cybercriminals will surely begin to create fake anti-virus applications for mobile devices in an attempt to infect devices with malware, so be sure the application is legitimate and not an application made to look similar.

Earlier this month members of the ITRC team, in an effort to promote greater education and unity of effort in the fight against identity theft, made a visit to Vancouver, BC, where Canada’s newest non-profit organization, CITSC (Canadian Identity Theft Support Centre) is nearly ready to hard launch their victim assistance center. Much like the ITRC here in the States, CITSC is an organization whose primary objective is to provide no-cost assistance to victims of identity theft and financial fraud. The two organizations have been closely collaborating for several months in order to share intelligence and experience, to make CITSC’s transition to a fully functioning national non-profit go more smoothly. While in Vancouver, ITRC representatives engaged with CITSC to complete live training exercises with actual victims.


The ITSC received a charter from the Canadian Department of Justice to develop a program to educate and assist Canadian victims of identity theft and financial fraud. Much like the United States, Canada’s identity theft is a growing problem, quickly making its way into the public consciousness. Canadian law differs in several key areas from US law, so it is important to have an organization that is versed in Canadian law so it can provide the most effective assistance to Canadian victims and consumers. While this sounds simple, the process of getting a national non-profit organization up and running smoothly is actually a very challenging undertaking. CITSC reached out to ITRC not only to train advisors, but to assist in establishing operations and security protocols that are a necessary part of running the day-in, day-out business of an organization that still has all the same challenges a normal small business does. This allowed CITSC to not have to “reinvent the wheel,” as CITSC President Kevin Scott put it.

Providing CITSC with the opportunity to put more of their initial focus on discovering and understanding the differences in Canadian law and how that would affect the advice given to victims and consumers was of paramount importance to the ITRC. As the ITRC Director of Operations Rex Davis put it, “once they go live with a hard launch we know their jobs will get fast and furious, so we just wanted to do all that we could to give them the best leg up possible out of the gate.” The shared mutual interest from both organizations has led to close collaboration over the past year and has covered every issue or challenge that might be faced with forming this kind of organization. As their expected hard launch date is tentatively set for June, this trip’s objective was to provide sort of a final systems check, to ensure the victim advisors who would be handling calls are trained and ready to go.

According to ITRC Victim Advisor Gabby Ayala, “the objective of this visit was to give the folks who will be first responders to Canadian victims some live experience with an actual victim pool prior to the hard launch of their call center. Overall we thought the experience was incredibly beneficial for both parties. It gave us a chance to show them what they should expect and to allow them to have some actual experience with victims under their belt prior to going live. I think it was encouraging for us as well to see how far they’ve come in such a short period of time. The dedication they show to the victims and the passion they have for the subject matter is readily apparent, and I think that was really a welcome sight for us as veteran advisors. It was gratifying to know that Canadian victims will be in good hands.”

For questions or more information about the Canadian Identity Theft Support Centre, visit their website at http://idtheftsupportcentre.org/ or call them toll free at 1(866) 436-5461.

“ITRC Goes to Canada, Ey?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to ITRC Blog.