Thanksgiving, Hanukkah and Christmas are just around the corner. Black Friday, Cyber Monday and holiday shopping is too. It also means the possibility for an increase in identity theft and fraud. So before you get caught up in all the holiday shopping chaos, you should be aware that criminals might use this as an opportunity to compromise your sensitive data. This holiday season, however, one group in particular might be purposely putting themselves at an increased risk of identity theft. A recent survey by Experian found that 19 percent of millennials would put their identity at risk in exchange for a good Cyber Monday deal. While some millennials are making it exceptionally easy to compromise their personal information during the holiday season, let’s take a closer as to why this demographic might be more vulnerable to identity theft year round.

Millennials are notorious for being the most tech-savvy generation, growing up in a world where sharing personal data online and across social media platforms is commonplace. However, their willingness to share personal data easily puts them at an increased risk of identity theft. For one, criminals might have an easier time guessing their security challenge questions because they can be quickly discovered on their public Twitter profile or Instagram page.  Second, since they are so used to sharing a wealth of personal information, they might be less likely to hesitate when asked for it by anyone – including those with malicious intent.

Along with being tech-savvy,  feelings of apathy toward data breaches could be another reason why millennials might be at an increased risk of identity theft.  According to a Gallup poll, 67 percent of millennials are trusting that the companies with which they do business, such as credit card companies and health insurance companies, guard their information. The poll also finds that 70 percent do believe that their privacy will be compromised at some point in time. Because millennials have lived through several major data breaches, they’re aware of the risks but have become accustomed to these types of events and might not fully comprehend the severity of having their personally identifiable information stolen.

In some cases, becoming a victim of identity theft is “fixable,” but what millennials might not understand is that the process is not an easy one. Identity theft cases can take years to remediate. Even if you “fix” the issue, many victims experience reoccurring threats, consistently trying to regain their identity. This also doesn’t take into account the emotional impact victims go through. The Aftermath® study revealed that victims felt angry, frustrated and violated regarding their identity theft situation. In the same survey, 50 percent of victims lost interest in activities they once enjoyed.

And lastly, another reason that millennials might be increasing their risks of identity theft is by thinking it won’t happen to them. According to the AARP, younger generations tend to believe that scammers target the elderly, which allows millennials to believe they are safe. However, what millennials might not realize is that they are just as vulnerable to the threats of identity theft as senior citizens. For example, a recent survey found that 17 percent of millennials were likely to give out sensitive information to a caller that confirmed their last four digits of their Social Security number. So it is, in fact, that everyone is equally just as at risk for identity theft, regardless of their age.

Now more than ever, millennials need to take preventative measures to minimize their risk for identity theft. Here are a couple of tips to help protect your identity:

  • Don’t give out your Social Security number unnecessarily
  • Use strong passwords
  • Set up a passcode/password and anti-virus software on all of your mobile devices (smartphone, tablet) and computers (desktop, laptop)
  • Don’t give out personal information on the phone unless you initiated the contact
  • Avoid logging into sensitive accounts, email or providing credit card/debit card numbers while on public Wi-Fi

If you do find out that your information has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.

Experian proudly provides financial support to the Identity Theft Resource Center.


Read next: “Your Holiday Shopping Guide to Putting Privacy Under the Tree”

As the holidays draw nearer and the shopping season goes full steam ahead, consumers all around the world are looking for just the right presents to finish out their lists. The presents may range in price and meaningful sentiment, of course, but with the technology sector taking up a significant share of the market, safeguarding your privacy becomes the real gift.

There’s no doubt that the more connected your devices become, the more vulnerabilities you may face. With every new piece of technology that connects to your network—along with all the apps, software, cloud-based accounts, and other tools to power these devices—there’s another possible door left wide open to hackers and identity thieves.

Fortunately, researchers at Mozilla (the creators of the Firefox web browser) have updated their holiday shopping guide that ranks all kinds of consumer goods based on their potential impact on your privacy. Titled *Privacy Not Included, this guide helps you understand the possible dangers as well as how to secure them. In some cases, it may even help you decide that a specific item is not for you or your family.

The guide is broken up into different categories—toys & games, smart home, entertainment, wearables, health & exercise, and pets—and includes reviews of more than seventy products.

One of the most important aspects to these reviews is the “minimum” requirements for protecting your privacy. According to the researchers, only 32 of the reviewed products even earned a “merit badge” for meeting those minimum standards, meaning the items must “use encryption; have automatic security updates; manage security vulnerabilities using tools like bug bounty programs and clear points of contact; and require users to change the default password if a password is required.”

However, Mozilla’s team also said other factors prevented them from deciding once and for all if many of the products meet the standards, such as the manufacturer not responding to direct requests for information about customers’ privacy.

This is the second year that Mozilla has conducted this review and released the results, but this year the company has included a new tool called the Creep-O-Meter. It will give consumers an idea of the level of privacy concern surrounding different products, ideally before they buy and install them.

There are a lot of holiday shopping guides and consumer review websites that can help you make an informed decision about price, quality, age-appropriateness, and more. This might be the only guide that explicitly supports your privacy, though, so check it out before bringing any new connected devices into your life.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

Question and answer site Quora announced a data breach that affected about 100 million users’ accounts. The hacked information included names, email addresses, and encrypted passwords. While most people who participate in online discussion via the platform may establish an account, anyone who has posted through Quora anonymously does not need to worry about their name getting “out there” since they never provided it.

Names, email addresses, and Quora passwords might not seem like a big deal to some users. After all, the company discovered the breach on November 30th and has already begun issuing notification letters. They’ve also forced a reset of all account passwords, so everything should be fine.

Unless… unless you’re one of the incredibly high numbers of people—52%, in fact—who reuses their passwords on multiple websites.

For years, security experts have tracked the use of “popular” passwords, and have found bizarrely simple passwords to be the most popular. These include things like “password,” “123456,” and “QWERTY,” just to name a few. But password strength—or lack thereof—isn’t really the problem in this case.

With the Quora breach, it doesn’t matter how amazing your password is, like “h2E9Nb17LW.” If you reuse that same password on any other website on the web, the hackers who have your Quora email and password have those same credentials to try on other sites. Hopefully, your online banking, credit card, PayPal, Amazon, and other vital accounts aren’t connected to those credentials this way.

This incident and so many others that only affect login credentials can be mistaken for being “not a big deal,” but the reality is just the opposite. When web users reuse their credentials like this, they leave themselves vulnerable to other account breaches and identity theft. It’s essential to create a strong password for every account you have, but it’s equally important to keep each strong password limited to one account.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

The term “data breach” serves as a catch-all word for any kind of event in which someone entrusted with information—usually for large groups of people, like one’s customers or patients—allows that information to be exposed. While some data breaches are the work of highly-skilled hackers who can access a billion email accounts at once, others could be something as simple as an electrician leaving his work phone behind on a job site, possibly exposing customers’ info.

However, no matter how it happened, who was at fault, or what information was exposed, all data breaches are serious. They carry the potential for someone to misuse information or harm others.

A recently reported data breach of the United States Postal System’s website appears to be accidental, but since about 60 million users’ information were exposed for at least a year, there’s no telling what damage could have occurred…or has already occurred.

This breach involves the website’s API, or “application program interface.” API is computer lingo for the set of parameters that help legitimate users interact with a website. The API was connected to the USPS “Informed Visibility Mail Tracking & Reporting” service, a mail tracking preview program, where the weakness was found. Unfortunately, by exploiting any security holes found in the tracking service, hackers can interact with the API, too.

Here’s what security researchers found: the USPS website was accidentally left “unlocked,” meaning anyone with an account could change the search parameters and find other users’ accounts and information. They could even make changes to those accounts in some cases.

Think of it like this example: pretend you went to a major retailer’s website to look up a pair of socks you ordered two years ago. You go to your order history, type in your name and zip code, and then your order history appears. Now pretend that you could simply change the zip code or the last name, or your city or street address. What would you do if all of the information for every person in your zip code, last name, city, or street address appeared? What if it showed you every single item those people had ever ordered?

That’s similar to what happened here, and there are a few unfortunate issues with this breach. First, the information was never secured in the first place. It was only a matter of time before someone decided to test out different data points. Also, the USPS was supposedly informed of this website problem a year ago. Recently, the person who informed them then contacted Krebs on Security to report that the matter had still not been resolved, and Brian Krebs reached out to the postal service. After he contacted them, the USPS patched the problem and made it stop.

This certainly isn’t the first time a government agency has suffered a data breach. The Office of Personnel Management, reported in June 2015, and the US State Department, reported in September 2018, for example, have both endured exposures of users’ sensitive information. However, that doesn’t make the issue any easier for the consumers who now need to monitor their USPS accounts and make sure that nothing out of the ordinary has taken place.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

As the weather warms up, our thoughts can turn to vacation plans and exotic destinations. But the ideal summer hotspot can come with some hidden dangers that might derail any future plans, and many of those threats are online.

Public internet connections over wifi can pose a threat no matter where you are, whether at your local coffee shop or a far-off international locale. Hotel wifi connections, from the seediest dive to even the most upper crust five-star resort, can be filled with malicious activity that threatens your finances and your data. Even worse, most portable devices are able to reconnect to a previous wifi connection just by arriving in the vicinity, meaning not only do you not know who else is on the connection and able to see your content, but you may not even be aware you’re connected.

There are a few key ways to protect yourself from public wifi dangers when you travel, some of them simple and free, others involving a little know-how and some investment.

1. Turn off your Wifi

If you’re traveling with a handheld device like a smartphone or tablet, it’s a good idea to keep your wifi turned off in your settings unless you’re actively using it. First of all, it will help your battery life by not having your device constantly searching for a connection. More importantly, you will know that you’re not connected to the internet when you’re not trying to use it.

For most major devices, turning your wifi on and off is really easy: just swipe your finger down or up (depending on the make and model) from any screen, trying to “grab” the hidden menu above or below. There will be a button that looks like an antenna sending out a signal, and simply tapping that should turn it on and off.

2. Think Before Connecting To Public Charging Stations

Speaking of saving battery life…using a public USB port or outlet might be putting your identity at risk. Public charging stations aren’t like lamp posts where you just use its electricity, rather when you plug in your device, data can be sent back through the cord and hackers can gain access. It’s best to keep your phone fully charged before you head out or rely on a portable battery pack.

3. Travel with an Ethernet-enabled device

If you know you’re going to need the internet while you’re away, such as for work or checking in with family back home, a laptop with an Ethernet port can let you connect in your hotel room in the same way your modem or router are connected at home. It looks like an oversized telephone jack, and while you still don’t know who else is using it, it’s a little safer than a public wifi connection when it comes to keeping hackers out.

4. Use a VPN

A VPN, or virtual private network, is a good idea to have anyway, no matter where you are. It acts like a private tunnel onto the internet and can help keep hackers from watching your activity or tracking your content. This is really important for something like checking your bank balance or transferring money from one account to another, especially at times when you do have to use public wifi.

However, when you’re traveling (especially to a foreign country), a VPN can not only keep others from seeing what you’re doing, but it can also let you connect to sites “back home” that may be blocked in other countries due to licensing agreements.

5. Invest in a Hotspot

Of all the options, this one is the costliest, but it comes in a range of prices. If you travel frequently or work away from your desk, it can provide peace of mind and the convenience of always having an internet connection handy. A personal hotspot is available in both prepaid options and contract options through many major cellular service providers. Prepaid options, as the term implies, may cost more per use because you’re only paying as you need it, while a contract plan, just like your cell phone plan, may be more cost effective in the long run if you’ll use it routinely.

No matter how you choose to connect while traveling, remember that some internet behaviors are “safer” than others. A quick scan of your Facebook might not be all that risky, but logging into your online banking over a public wifi connection could leave the door wide open for a hacker. It’s safer to save any sensitive internet activity for when you return home…and after you’ve gotten the most out of your vacation!


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. 

Is a TURKEY in Charge of your Data Security?

When it comes to keeping you safe, experts rarely recommend putting a turkey in charge—whether it’s the human kind or the bird! But this Thanksgiving week, the Identity Theft Resource Center wants you to remember that a turkey can make all the difference.

T is for Trusted Websites

If you’re one of the millions of Americans who will be doing some online shopping or booking your December travel this weekend, make sure you’re only visiting trusted websites to find your bargains. Scammers advertise the “hot toy” of the holiday season then never deliver or offer too-good-to-be-true holiday getaways, but they’re really taking your money and your payment information in the process.

U is for URLs

No matter what you’re looking for online, check the URL first. That’s the web address at the top that starts with “HTTP.” If you’re shopping or inputting any sensitive personal information, make sure it says HTTPS, which is the official designation of a Secure website.

R is for Resetting your Password

All throughout the year, but especially when cybercriminals know there will be more web traffic, it’s a good idea to reset your password from time to time. Don’t wait until a breach happens and all your accounts are exposed after you reused your passwords. Log into your sensitive accounts (like banking, credit cards, retailers) and change your password to a brand-new, strong, and unique option.

K is for Keep those Documents and Mail Locked Up

No one wants to think that a friend or family member would hurt them, but a significant amount of identity theft cases are perpetrated by someone close to the victim; this is especially true in cases of child identity theft. Before your visitors show up this holiday, make sure your family’s personal documents are safely secured. When you’re throwing away all your accumulated mail, make sure things like credit card offers, health insurance statements, and other potentially useful items are fully destroyed before you discard.

E is for Everyone Is a Link in the Chain

Too often, we think of cybersecurity as the IT guy’s problem at work or the grown-ups’ concern at home. The truth is, anyone can be the weak link that invites a cybercriminal into your system.. Make sure your workplace is secured with ongoing employee training on the latest threats and hacking tactics like ransomware attacks, and be sure to have important talks with your family about good computer use habits. If you’re spending time with relatives this week, this is a good time to point older family members to resources that can help them avoid scams and computer crimes.

Y is for You CAN Reduce your Risk

Too often, news of identity theft and large-scale data breaches can make us feel like it’s just an inevitable part of digital life. In fact, there’s actually an expression for the feeling that you can’t avoid being a victim and therefore shouldn’t even bother fighting back—data breach fatigue. While no one can be solely responsible for keeping a hacker out of their computers or devices, there are many things you can do to reduce your risk; most of these things are just simple steps that make you less of a viable target:

  • Strong, unique passwords that you change regularly
  • Good email and text habits for ignoring links or attachments
  • Safe social media behavior, including privacy settings and avoiding oversharing
  • Being on guard when it comes to scams and fraud, especially ones that require you to pay with an untraceable payment method
  • Shredding important documents before discarding them
  • Staying up-to-date on the latest threats and knowing how to respond

With the right amount of TURKEY, your data can be more secure and you can have peace of mind throughout the year…enjoy!


Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

This Thanksgiving, there are a lot of important guidelines that consumers should follow for travel safety. You need to arm yourself with the right tools to protect your identity, your financial information, and your holiday spirit this season.

Each year, Thanksgiving—even more than other holidays like Christmas or spring break—has the highest volume of travel traffic. That means crowded airports, last minute flights, and the hunt for hotel accommodations. It can also mean travel scams, fraud, and identity theft if you’re not careful.

Here are a few tips to help keep your information safe and your sense of cheer intact as you travel this holiday season:

1. Online booking – Industry watchers aren’t the only ones who know that more US travelers venture out for turkey day than any other day of the year. Scammers know it, too. If you’re planning on booking air travel, cruises, rental cars, or accommodations online, make sure you’re only using reputable websites. Use a payment method that offers consumer protection just in case, and investigate whether or not you need travel insurance.

2. Last minute specials – Yes, if you do your homework or if your dates are a little flexible, you can find some incredible deals on your travel. You may even find some great last-minute rates on tickets or rooms that haven’t sold. However, you’re just as likely to find some fake websites, harmful links, phony accommodations, and more. Avoid the sense of urgency that scammers often embed in their tactics; if you’re told to “act now” or told there are only “three rooms left!” then you might want to walk away.

3. Know your website – Even if you’re trying to book your trip through a reputable site, you might be the victim of a copycat scam. Everything about the email, social media post, or even the website itself looked legitimate, with the company logo and the right color scheme. But check the web address in the bar at the top of the screen. If you don’t see HTTPS (instead of just HTTP), then you shouldn’t enter any sensitive information. Also, look for characters that could be inserted to trick you, as a zero instead of a letter O or a lowercase L instead if an uppercase I. Those little details can mean you’re on a fake website that will steal your information—and not put you on a plane!

4. Oversharing the event – While you’re away, make sure that you’re not oversharing your personal details on social media. Posting pictures and tagging them with the location could be an indication that your home and mailbox are standing empty. Sharing pictures of other family members and their kids might be a no-no, so make sure you know everyone’s comfort level before you post and label.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you’re like many US consumers, you may already be thinking ahead to your Black Friday or Cyber Monday shopping. After all, it’s a good idea to be prepared: know what your budget is, scope out what gifts you may be looking for, have your retail shopping accounts already created and secured with a strong, unique password, even have your credit or debit cards ready so that you don’t expose your data or spend unwisely.

Now in its seventh year, there’s another holiday that follows right on the heels of the shopping extravaganza, one that is truly a remarkable kickoff to the holiday season: Giving Tuesday. When the dust settles from the flurry of early shopping, it’s a good time to spread some goodwill by contributing to a worthy cause.

Of course, your favorite charity could use your support at any time of year, so what makes #GivingTuesday so special? For starters, the social media buzz surrounding the event can help encourage donors who may not have known about the annual holiday. Also, a number of companies offer to match funds that day, helping to spread your generous donation even further.

Unfortunately, any time a newsworthy event takes place, scammers are ready to strike. That’s why it’s important to be ready for Giving Tuesday and avoid impulse donations unless you can trust the source:

1. Plan now for how your donation will be made – Will you use a crowdfunding site? A payment app? A credit card or debit card? By knowing how you’re going to give, you can avoid some of the scams that may pop up.

2. Know where your money is going – Some generous consumers like to split their donations among different causes, such as an animal advocacy group, a veterans’ organization, and a charity that provides meals for the homeless. Others might choose to rotate their donations year to year in order to give the maximum support they can afford to a much-needed organization. In any case, if you make your plans now—even if you wait to make the donation until the actual holiday—you’ll be less likely to be taken in by a phony charity request. Verify your favorite charities through Guidestar or BBB Wise Giving.

3. Be careful about oversharing – One sure sign that a donation request is a scam is if they ask for a ridiculous amount of personal data. Yes, charities do like to get contact information so they can follow up with you later, and some charities need to collect small amounts of demographic info. But anyone who wants your birth date, Social Security number, any kind of account numbers or login credentials or other sensitive info should be avoided.

It’s important that we all do what we can to help agencies and organizations who do important work, but at the same time, it’s okay to be hesitant when it comes to your security. Be on the lookout for scams and fraud, and avoid any scenario that makes you uncomfortable. Giving Tuesday is a great opportunity to offer your support but do your homework to ensure that your donation is going to the right people while protecting your privacy.

For more information on Giving Tuesday—both as an individual donor or for information on helping worthy causes get involved—visit GivingTuesday.org.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert