Sparking joy has taken on a whole new meaning thanks to the KonMari method of tidying up. Cleaning up your physical and digital life are some ways to minimize your risk of identity theft.

Marie Kondo is taking the world by storm with the premise of decluttering your life, tidying up your home and work spaces, and basically living by a simple principle: if it doesn’t “spark joy,” you don’t need it. The mindset behind the so-called KonMari method has proven so effective that second-hand stores and thrift shops are seeing record-setting levels of donations.

This decluttering concept can be applied to physical possessions, but you should also consider its ability to benefit other areas of life. You might clean up your email inbox or desktop for example. There’s another level of protection that consumers can take from this “spark joy” concept, and that’s keeping their identities out of a criminal’s hands.

Before You Begin

There are a number of steps that can help you organize your identity before you ever have to deal with cluttering consequences. These would include things like halting subscriptions to magazines and newspapers you don’t read, blocking credit card offers with your financial institutions, going “paperless” on bills and bank statements, and more. By ensuring these things don’t arrive at your home, you’ll have less clutter to deal with and fewer security pitfalls that a thief could exploit.

Another possible vulnerability is your email inbox. Adopt the good habit of not just deleting unwanted emails, but actively unsubscribing from them. This will require you to open them, scroll all the way down, and click unsubscribe. Do NOT follow this procedure for emails that appear to be scam attempts, as clicking a link can redirect you to a harmful website or install malicious software on your computer. Are you holding on to an old email address?

Physical Mail

As for identity tidying in your home or workplace, that can seem very daunting. Don’t worry, it’s not. Following commonly shared methods from organizational experts like Marie Kondo and others, you can start by creating “piles.” Establish a temporary spot for everything that could be linked back to your identity: a pile for bills, a pile for junk mail, a pile for important papers, and more.

The bills: your monthly bills must be accessible but protected, so find out where you are most likely to see them but keep others from coming across them. As you pay a bill, shred the remaining mailer portion so that you don’t end up with random piles of paper that will need to be addressed later.

Junk mail: it’s too easy to toss some junk mail on the counter and think you’ll deal with it later. It’s even easier to throw it in the trash unopened, but that could lead a dumpster-diving identity thief to pieces of your overall data puzzle. Keep a basket near your cross-cut shredder to stash these items until you’re ready to shred.

Important papers: a lot of people would agree that tax documents, health insurance statements, and other key papers don’t exactly “spark joy” and therefore should be done away with immediately. However, that’s not wise. What is useful, though, is investing in a small file cabinet or file box where important papers can be stored when not needed. It’s important that this file be accessible in an emergency but not left out in the open where anyone could rifle through it.

Digital Clutter

It’s easy to forget that your identity is vulnerable online, too, but the same principles behind decluttering can help you in the virtual space. Investing in an external hard drive or cloud-based storage subscription can protect the things you want to keep while getting them out of your physical space. Even better, if there’s a paper you might need at a later date, you can simply photograph it or scan it, then store it in these outside spaces. That way, you can discard the original but retain a protected printable copy if you need it.

Mobile Apps & Privacy Settings: First, take a look at all of the apps on your device – are there any you’re not using anymore? Delete those.

Second, visit your mobile device settings to see what information your applications are collecting from you and update them for increased privacy. For example, you might need to let a map app see your location for example, but does it need to be active all the time or just when in use? Same thing for photos, do all of your apps need access to your media library? Definitely not. It’s also a good time to run any updates for your phone software or apps. Read the descriptions carefully and note any cybersecurity language before choosing to update.

You should also be concerned about the permissions you allow (see trustjacking) the mobile apps on your device. Through these apps, third-parties might be tracking information about you that you might not realize like your location, search history and even your photos. Even if they aren’t actively using this collected data, they’re still storing it which can leave your personal information vulnerable to cyberattacks should the third-party fall victim to a breach.

Also, think twice before discarding that old device. Be sure to reset to your factory settings.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What’s the Latest Threat From Your Internet Connected Toys?

Valentine’s Day is just around the corner and many people are looking to swipe right on a match through a dating app in hopes of meeting their suitor in real life. In 2018, Tindr alone processed a record 1.6 billion swipes a day. With 40 percent of Americans switching to online dating, there’s now an app for every kind of user preference including dog lovers, foodies and celebrity look alikes. With love in the air, scammers are also upping their game on these platforms in order to get your money or personal information. Let’s talk about how to swipe left on a romance scam.

Many popular dating apps like Tinder and Zoosk have reported numerous incidents of romance scams taking place on their platforms. Scammers are becoming more advanced in their techniques including using chatbots to reach more people at a faster rate and evolving their messages to remain current. To avoid being caught, scammers might also try to lure you off the dating app by claiming they are canceling their account or some other excuse. Don’t go breaking your heart or your bank, read more about how to detect a romance scam here.

When using dating apps you should always be conscious of the information you disclose and who you choose to talk to. Be extra leery if someone gives you excessive compliments, reveals in-depth information about themselves immediately, is located outside your country, asks for money or expresses interest in marrying right away. If you come across a scammer, report their profile right away to the company they have an account with. Never send anyone from a dating app money, passwords or login info to your accounts or personal contact information.

Who would’ve thought that swiping right on a popular dating app could get you in the hands of an identity thief? Kerrie Roberts with sponsor, Experian and Eva Velasquez of Identity Theft Resource Center weighs in on the ever so popular, “romance scams”.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What’s the Latest Threat From Your Internet Connected Toys?

Malware is a growing threat, one that can impact everyone from a casual computer user to a Fortune 500 company. More than just a virus, malware is more like a catch-all term for any kind of malicious software that can infect a computer and be used for harm. Now, thanks to a new Swiss initiative and a team of volunteers, cybercriminals have a little less leverage for attacking computers.

The project, URLHaus, relied on volunteers within the cybersecurity company to seek out websites that distribute malware. These websites can infect your computer even if you don’t engage or if you visited by mistake, and it’s a common tactic that hackers use when they get you to fall for a phishing attempt. More than 100,000 of these websites have been identified and taken down in the last ten months.

A malicious website is just one of many different avenues for infecting your computer, but it’s a widely used method of attack. When a scammer sends out a phishing email that spoofs a known company, for example, the link within the email will often take the victim to a harmful website where the malware infection takes place. Common phishing emails include copycat messages from your bank telling you there’s a problem with your account, fake emails from known retailers like Amazon or PayPal, requests to verify your identity or account information, and many other believable messages.

Scammers can also use social media to get their victims to visit a harmful website. Private messages that appear to come from someone you know, telling you to click here to get this incredible deal or see these unbelievable pictures they found of you, for example, are widespread. Of course, actually paid ads for interesting products and fantastic sales can also redirect users to a fake website.

Once you visit the website and interact with it, the malware is installed on your computer or mobile device. It might be ransomware that locks up your computer, spyware or adware that tracks your online activity, a keylogger that steals everything you type (including account logins), and more.

So how does the cybersecurity industry fight back? One website at a time, which is why the project and its volunteers are so crucial to protecting tech users. Unfortunately, finding these websites scattered across the vast world wide web is a slow and tedious process; of course, getting the companies who host the sites to take them down can take even longer, about an average of eight days from the date of notification.

While the volunteers continue this vital work, the next step for URLHaus is to help those web hosting companies take action more immediately. Some companies respond within a day, while others take as long as a month. The bigger the company and the more customers they have hosting websites through their platform, the longer it can take to investigate a site that’s been reported.

In the meantime, there are some behaviors that tech users can deploy that will help them avoid some of these sites…

1. Never click a link in an email, text message, or social media message unless you’ve verified it with the sender; don’t just trust that you know the sender, either, since accounts can be hacked or copycatted.

2. Avoid clicking on ads in social media posts unless you can explicitly trust the company and the link. When in doubt, simply do a quick internet search for the product and the seller in order to look at the item more closely.

3. Most important of all, make sure you have a reputable security suite installed and updated. Antivirus software isn’t enough anymore, not with so many different threats out there. A lot of great software developers even offer their products at “freemium” pricing, which means there’s a price plan for every budget. There’s literally no excuse to not protect your tech.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Getting the Most Out of Your Antivirus

February 5th is Safer Internet Day, an international effort aimed at making our world wide web safer for every kind of user.

This year’s theme, “Together for a better internet”, focuses on creating a better internet for all users.

 

Whether it’s children playing a game or doing homework, longtime friends reconnecting over social media, or a company conducting business around the world, the internet was designed to bring people together. Ideally, it should happen without becoming the victim of a crime.

 

The Safer Internet Day website contains a wealth of resources and announcements about events in different locations, but you don’t have to save it all for one special day. There are a number of things you can do to make the internet a better place.

1. Embrace strong password security

A lot of people misunderstand the mechanism by which hackers grab your password. They think teams of criminals sit at workstations and type in various numbers or letters until they get it right. That’s why a lot of people think using something like “password” is a good idea: “They’ll never guess something so obvious!” The truth is, hackers use software that can make billions of guesses per second. They don’t have to type a thing, they just launch the software and wait for access to your account.

But you can fight back against this by using a password that even a computer would have a hard time guessing. Combinations of uppercase and lowercase letters, numbers, and symbols are important for protecting your accounts, as is ensuring that you only use that password on one account.

2. Beware of what you share

Social media hoaxes are nothing new, but they continue to run rampant because people blindly click to send them out again. A lot of hoaxes may be silly stories or “click like and share if you want this baby to be healed!” kinds of pointless content. However, there’s a reason accounts like those post fake content.

Even if it looks like they’re not benefitting in any way, they still are. When you share someone’s post, you’re telling the social media platform that this is valuable content. That means the algorithms behind it are more likely to make other content from that user visible to a lot of people.

Of course, silly hoaxes are one thing, but posting negative information is something else altogether. Make sure you’re not accidentally sharing inaccurate medical information, content that willfully targets an individual, or posts that damage reputations despite being false.

3. Even if it’s about yourself, don’t overshare

Oversharing on social media doesn’t just mean spilling the beans about family secrets or uploading embarrassing potty training videos of your kids. It also means posting so much information about you or your family that an identity thief can connect the dots. Even worse, you could accidentally post so much information that this same thief can connect the data dots on your friends and relatives.

Remember to maintain an air of caution about what you put in your profiles, what you say in your posts, and which friend requests you accept in order to avoid being targeted by someone masquerading as something they’re not.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read more: Hackers Use Memes To Hide Malicious Code

Fans of the iPhone video chat feature FaceTime might be surprised to learn that a software bug may have been leaking their private calls. While the process took a number of steps to initiate—so it’s unlikely anyone accidentally eavesdropped, but instead chose to do so intentionally—there was also no way to know if someone was listening to you during your calls.

To make the glitch work in their favor, a user had to initiate a FaceTime call and then add their own phone number as another person in the group call. That way, even if the actual third-party never answered, the call remained connected and the user could listen in on the other person. Even worse, if the unaware third-party pressed their volume button or power button for some reason, the eavesdropping became a video monitoring call instead of just audio.

This kind of privacy flaw isn’t like Apple, a company known for its consumer-centric security. Several industry watchers like 9to5Mac and the Verge have reported on this bug, and Apple has temporarily disabled all group FaceTime function until a patch can be written and a software update released.

First, the immediate warning for consumers: situations like this one are why you must make it a priority to download new software updates when they become available. When companies release an update, it’s because they’ve found ways to make their product better. Many times, the update can actually resolve a serious security or privacy problem.

More importantly, this is a stark reminder that our technology is only as good as the level of human error behind it. Apple prides itself on producing great products and focusing on its users’ needs, but even the best can sometimes experience flaws. If you don’t put blind trust in your products or platforms, you’ll be less likely to feel the harmful effects of accidental issues.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Spring Cleaning for Your Mobile Device

Memes are a fun way to spread a little light-hearted internet discussion using pictures that have been overlaid with bold-font text. Some memes are based on screenshots from iconic movies, and others take on a viral life of their own after a simple photograph is uploaded and altered with a message. However, it’s okay to be a bit of a grumpy cat when it comes to protecting your identity.

Hackers have been able to use a process called steganography to hide malicious code in the string of computer code that makes up a meme. Steganography is basically “information hiding inside information.” Be aware, though, that steganography as a tool is not always harmful or malicious, it’s only how it’s used that can cause problems. It’s like the parent of a toddler hiding pureed carrots in their child’s spaghetti sauce, just to get a few more veggies into them; instead, it’s hackers hiding harmful malware inside a picture that looks funny.

Even worse, that funny picture is easily shareable in emails, messages, and on social media. You can potentially infect your entire contact list with one affected meme.

Fortunately, there are some steps you can take to protect yourself and your online friends. Many of these preventive measures are just good internet habits to develop anyway, so there’s really nothing too difficult to master.

  • First, avoid opening links or attachments in emails or messages. Many different types of malware can be lurking in a link to an infected page or in the macros of an attached document, so you should never open these unless you’ve personally verified it with the sender.
  • If someone sends you a funny or poignant meme, don’t “open” it by tapping on it (on a mobile device) or saving it to your computer. Have a good laugh, then forget it.
  • Never share a meme unless you can trust the source. If someone sent you one and you saved it to your computer then uploaded it to your Facebook wall, for example, you’re potentially infecting anyone who clicks on it through your social media channels. If anyone shares your post to their own wall, they may be spreading it far and wide.
  • Most important of all, make sure that you have strong, up-to-date, reliable antivirus software installed on your computer. Depending on the company you choose, some very affordable security suites offer tools like anti-ransomware, anti-phishing, and instant scanning of new files even before you open them. That means any new content coming across your internet connection is checked out—and blocked, if necessary—before it reaches your hard drive.

Again, all of these steps are good ideas to put into practice anyway, even if you’re not sending or receiving memes. Protect your network, your devices, and your identifying information by adopting good internet security habits.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What Can a Thief Do With Your Driver’s License?

From doctor’s offices and financial institutions to college university admittance applications and summer camp registrations, the request for your Social Security number (SSN) has become commonplace. In fact, it’s become such a standard request that many individuals willingly provide this number without hesitation and without really thinking about the consequences behind this, one of which being an increased risk of identity theft.

Social Security numbers hold one of the keys to your identity. With it, you can open a new line of credit, gain employment, receive health insurance and file taxes. Thieves also know the power behind this nine-digit number, which is why it’s one of the most highly sought after pieces of personal information. There are a variety of ways that thieves attempt to obtain SSNs, and they include more low-tech methods like sifting through your trash, stealing a wallet, purse or laptop; or using more sophisticated ways like phishing emails and texts, scam calls and via data breaches. For example, there were nearly 158 million social security numbers exposed in 2017 due to data breaches.

While the exposure of your SSN is not entirely preventable – data breaches are a perfect example of this – consumers should refrain from giving it out unnecessarily to minimize their risks of identity theft. Basically, the frequency at which the number is exposed – whether intentional or unintentional, the higher the probability that it will be compromised. Here are some tips to help you protect your SSN and become a better steward of your identity:

Be in the Know – Educate yourself on the types of scenarios that require you to provide your Social Security number so that you can decide ahead of time whether or not you should provide it. Here is a list of situations that require your SSN:

  • Internal Revenue Service for tax returns and federal loans
  • Employers for wage and tax reporting purposes
  • Financial institutions for monetary and credit transactions
  • Veterans Administration as a hospital admission number
  • Department of Labor for workers’ compensation
  • Department of Education for student loans
  • Entities that administer any tax, general public assistance, motor vehicle or driver’s license law
  • Child support enforcement
  • Food Stamps
  • Medicaid
  • Unemployment Compensation

Don’t be afraid to ask – When your Social Security number is requested it’s best to ask the requestor some additional information to better understand whether you absolutely need to provide your SSN and if so, how they plan to protect it. In some instances, you may be able to provide an alternative like a driver’s license. Keep in mind that if you don’t provide your SSN, some entities may refuse to provide the services requested. Some questions to consider asking are:

  • Why does the company need this information (what law or reason make this a requirement)?
  • How do you protect this information?
  • What will happen if I don’t provide it?
  • Is there is an alternative to providing my SSN (driver’s license, etc.)?

Protect your physical card, too – It’s crucial to not only correctly safeguard your social security number but to also protect the physical card to the best of your ability. This includes storing it in a secure place (like a locked safe) and by not carrying it around in your wallet or purse.

Be leery of scammers – Scammers may pose as the IRS, the Social Security Administration and others to attempt to gain access to your SSN and they may do so over the phone, through email, text or even through social media platforms. To stay safe, never provide your SSN or other sensitive information on a call that you didn’t initiate. Also, don’t automatically give out your Social Security number via email, text or social media messages, even if it looks like a legitimate business requesting it. Instead, call the entity directly by locating their number on their official website, on the back of your card or even on a recent bill.

If you know your social security number has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What Can a Thief Do With Your Driver’s License?

Fortnite is a popular online battle game that has drawn criticism for its combination of violent battle and seemingly child-friendly artwork, as well as for its business model that encourages players to spend real money on fake goods within the game. Worse, though, is the recent announcement that a bug in the game’s code allowed hackers to access players’ accounts and use their stored credit cards.

Pending the ongoing investigation, Epic Games hasn’t revealed how many Fortnite accounts were compromised, so until notification is sent to all affected players, it’s a good idea to check your payment card statements regularly and change your password.

There has been some concern raised about hackers’ ability to also intervene on voice chat sessions between players—which is alarming since this game is used mainly by kids—but the company says that is not true.

The hackers didn’t gain access to the credit card information, so how did they benefit from this? There is a whole world of internet buying and selling that involves virtual goods sold within games. If you’ve seen the recent children’s animated film, Wreck It Ralph 2: Ralph Breaks the Internet, this acquisition of useful items is portrayed. People working within a game acquire items that help players get to another level—like a special tool, a faster car, or better weapons—and sell them for actual money online by transferring them to the buyer’s account within the game. It’s perfectly legal and allowable, but hacking someone’s account and using their credit card to purchase these things is not.

Epic Games claims the bug has now been closed, but again, changing your password is a good idea. At the same time, despite official announcements to the contrary, this is an excellent time to talk to your kids about connecting with other players in online games. Whether or not the hackers could eavesdrop on conversations doesn’t matter; the other people legitimately participating in those conversations might easily be bad actors, as well. Talk to your online game players about safe conversations, never divulging their personal details, and understanding how virtual items cost very real money.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: What Can a Thief Do With Your Driver’s License?

Data Privacy Day is an international effort to empower individuals and business to respect privacy, safeguard data and enable trust.

Many of today’s tech users have never navigated an online world where they weren’t constantly asked to provide personal details about themselves for everything from booking a doctor’s appointment to buying a new shirt. Too many tech users don’t do enough to protect their online privacy and secure their data, while also thinking that it’s “other people” who don’t protect themselves.

This is a trend that Data Privacy Day works to address. The Identity Theft Resource Center is the non-profit partner for this event, hosted on January 28th, 2019, by StaySafeOnline. Powered by the National Cyber Security Alliance, the upcoming event will focus on the changing privacy landscape and what that means for consumers, businesses, policymakers, and more.

The change is so rapid, in fact, that StaySafeOnline is referring to this age as a new era in privacy, and as such, the event will feature a wide variety of instructional sessions led by some of the top names in the field. With events available for both in-person attendees and live stream participants, Data Privacy Day stands to be a source of vital information to kick off the new year with a focus on security.

Of course, there are actionable steps that every tech user can implement right now to help secure their personally identifiable information and protect their privacy:

1. Understand—and put in place—good password hygiene.

2. Establish a family or company policy on how to respond to suspicious messages and what steps to take in the event of a possible privacy incident.

3. Install strong, trustworthy security software that helps block or delete attempted privacy threats.

4. Think twice about oversharing, whether it’s posting too much information on social media, responding to emails asking for identifying details, or handing over your data to third-parties.

5. Seek out the vulnerabilities that may already be a threat, like third-party apps, unsecure privacy settings in your social media accounts, software and operating systems that haven’t been updated regularly, and more.

Can’t be there in person? Watch live from LinkedIn, SF! ITRC CEO, Eva Velasquez will be joining privacy experts on the panel, “The Future of Privacy and Breakthrough Technologies” to discuss advances in technology, such as artificial intelligence to the human body acting as the computer interface, how privacy will take on even greater significance. Panelists will highlight why our actions now will drive tomorrow’s outcomes.

Just released – Download the 2018 End-of-Year Data Breach Report


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Consumers at Risk: 126% Increase in Exposed Consumer Data, 1.68 Billion Email-Related Credentials