Identity theft and security experts have warned for years that consumers need to stay on top of the latest news about scams and fraud in order to protect themselves. But there’s no need to keep those details a secret!

A retail employee in Illinois saved the day when she and other workers stopped a senior citizen from becoming the victim of a scam. The customer was trying to buy a high-dollar amount of gift cards to bail her grandson out of jail. According to the story, a far-flung police department had called her to let her know her grandson was in custody and needed $500-worth of gift cards to post his bail. Fortunately, she was prevented from buying the cards and called the local police department instead. Sadly, another customer wasn’t so lucky. She proceeded to buy the gift cards despite the warnings from employees.

Even worse, a Walmart employee in another state tried to be a good Samaritan and prevent a man from purchasing a $2,500 wire transfer to send to a scammer. The employee, who is now being honored by the company’s board of directors for her repeated help stopping other customers from becoming victims, was originally threatened with a lawsuit by the would-be victim since she put up some fuss about processing the wire transfer. Fortunately, once the police were called, the customer learned the truth and thanked the employee for saving him from a crime.

These examples illustrate a very serious issue: scam activity is on the rise and more consumers are sitting up and taking notice. However, as these real scenarios demonstrate, it can be difficult to intervene when you see something taking place, even if you’re certain something isn’t right. You don’t know how your help will be received.

So how do you put your knowledge of scams and fraud to good use and help your fellow consumers while avoiding any negativity? First, just know that no matter how your attempt to help is received, you were trying to do the right thing. Also, you can try this:

1. Spread the social word – Social media can be a powerful force for good, especially if the content you’re sharing is relatable and genuine. It’s tempting to forward every alarming hoax that pops up, but if you craft a sincere warning about scams and fraud, you just might prevent someone else from becoming a victim. Don’t forget to make your post sharable!

2. Host a fraud prevention event – There are a number of organizations that host awareness events throughout the year, but you don’t have to wait for a specific time. You can host your own get-togethers, community action meetings, senior center events and more, then use those as a time to help get the word out about different kinds of fraud.

3. Follow news from the Identity Theft Resource Center online – The ITRC has a Twitter account, Facebook account, weekly newsletter and many other resources that can keep you informed. Sharing their news is as simple as clicking a button. Helping others recognize a potential scam doesn’t have to mean putting yourself out there.

If you see a scam taking place, you can enlist the help of retail employees, store managers, law enforcement officers or anyone else who can stop someone from becoming a victim. No matter how you choose to help, just know that you’re working to make life better for others when you stop a scam in its tracks.


Read next: “Your New Medicare Card Could Lead to a Scam”

The U.S. government began changing the information that Medicare cards contain, and not a moment too soon. Ever since the program was created in 1965, Medicare’s familiar red-white-and-blue paper identification contained the beneficiaries’ Social Security numbers. Even handing your card over in a doctor’s office or pharmacy could lead to identity theft and fraud, let alone the consequences if you lost your wallet or purse.

Now, Medicare cards contain a unique patient identifier number. The administration allowed itself a calendar year to make the switch, and they’re about halfway through the process of issuing new cards to all of the beneficiaries. If you don’t receive your new card by April 2019, contact the Medicare agency for an update.

Wouldn’t it be nice if identity thieves and scammers simply thought, “Gee, guess I can’t steal SSNs anymore!” and threw in the towel? Instead, they’ve come up with new ways to take advantage of their victims, especially those who currently possess one of the new cards.

First, some scams have centered around the cards themselves. Claims from a phone caller that you need to verify your identity, activate your card, pay a fee to upgrade your paper card to a (non-existent) plastic card, or other similar stories are completely false.

Other scams have involved “matching” your identity to your card. A caller claiming to be from the Medicare agency checks to see if you’ve received your new card. If not, they ask for your Social Security number to make sure you’re still covered and receiving benefits. If you have received it, they ask for your SSN to match your patient identifier number to your account and make sure you’re covered. In either case, it’s not true.

One of the more outrageous scams involves your bank account info. This version claims that you have to move all the money out of your current bank account to a temporary “safe” account to avoid scammers who’ve targeted you as a Medicare recipient. Providing your account info obviously leads to the caller draining your bank account.

There are some things to keep in mind about the scams associated with these new cards:

1.You can provide your SSN to receive medical care—even if you’ve received your new card—through December 2019. There’s nothing you need to do to “extend” your coverage or move it over to your new card

2.Your new card is completely free, despite claims that you have to pay a $25 fee to get it; no, you cannot upgrade to a plastic card instead of paper, either.

3.Never verify your identifying information or account information to anyone who contacts you. They called you, remember? They should already have it, and a legitimate caller would never ask you to provide it.


Read next: “Are Scammers Trying to Give You Money?”

There’s no limit to the many ways a scammer will try to separate you from your money. One of the most common tactics is a phishing attempt, which happens when someone contacts you via phone, text, or email with a legitimate-looking request. Many of these attempts copy a well-known business’ logo, web address, email domain, and other realistic features.

Email phishing attempts are so common you may not even notice any more if you get several of them a day. Many spam filters have gotten good at catching them, but the ones that slip through into your inbox can look pretty convincing.

The goal of a phishing attempt is pretty straightforward: just click the link. That’s usually all the scammers need you to do. From there, it will either install harmful software on your computer that lets the scammer snoop around, or it will take you to a fake website where you must input your sensitive information: either way, the scammer benefits.

A new twist on these messages actually offers you money for clicking, though. The email contains a very common, official-looking receipt for a purchase you made via PayPal. When you scroll through and think to yourself, “No! I didn’t buy a virtual reality gaming headset!” you’ll quickly see the numerous links and buttons to dispute the charge.

Think about it: how many real receipts have you ever actually received that say, “You didn’t make this purchase? Click here for a refund!” What kind of company puts three or four refund offers on your receipt?

Not a real company, that’s for sure. The scammers are just after your clicks in order to move forward with their next malicious steps.

Instead of falling for it, scroll up to the top of the email and hover your mouse over the sender’s name. Their email address should pop up. Pay close attention to the letters if it still looks like a real email address, and notice subtle changes, like the letter O is actually a zero or a letter L is actually an uppercase I. Once you’ve figured out it’s a fake—or even if you’re still not convinced—exit out of the email and go to your actual PayPal.com or Amazon.com account, for example, and look into it. You’ll most likely see that you have not made a purchase.

But just in case… what if there really is a purchase for something you didn’t want? That email still can’t help you, but the customer service reps can. Use the contact information listed in the verified email to get in touch with someone who can help.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What to do When Your Passport Number is Breached”  

Your Passport and Your Identity

A recently-discovered data breach of the Starwood brands of Marriott International’s hotels has left consumers and security advocates alike scratching their heads. At the heart of this confusion surrounding the theft of data for around 25 million guests is passport security, or more accurately, the need to safeguard both your physical document and its number. So assuming that your passport was affected, what do you do?

As noted in the newest release published on January 4th, 2019, “Marriott now believes that approximately 5.25 million unencrypted passport numbers were included in the information accessed by an unauthorized third party. The information accessed also includes approximately 20.3 million encrypted passport numbers.” According to numerous sources including the US State Department, your passport number on its own is not a highly valuable piece of information for a hacker. However, when combined with some of the other data points that were compromised in this breach, your number could possibly be used to craft a more complete profile for identity theft – or allow for an identity thief to generate a synthetic identity with more validity.

First, if the physical document is lost or stolen, that is absolutely an urgent matter. You should report it to the proper authorities—namely the State Department who issues them—so that there is a record of the missing document. If it is used for identity theft or fraud, you will have already filed it as missing.

Read: What To Do If Your Passport is Lost or Stolen

But in the case of this data breach where only the number was compromised, your recourse is a little different:

1. If only the number and not the actual document is stolen, don’t be too quick to replace it. Since the number by itself does not directly result in identity theft, you may not be given a new passport free of charge. That means you’ll pay for the new document out-of-pocket.

In the case of the Marriott breach, if you can show proof that your passport was the cause of fraud or identity theft, they are offering to replace it. Read the specifics very carefully to understand what your recourse is in this particular case.

2. If the document was set to expire in the near future AND you were planning to replace it, there’s no need to wait if you can demonstrate that it was compromised. However, you may need to provide the notification letter or email from Marriott International to show why you’re requesting a new passport early.

3. When you decide to replace your passport, it will contain a new number (unlike driver’s licenses that retain their issue number, for example), but that doesn’t mean someone couldn’t still use your old number to piece together your identifying information. You will still need to monitor your accounts—especially travel-related accounts—carefully.

Read: What Can a Thief Do With Your Driver’s License?

This breach also serves as a cautionary tale about oversharing: unless you are required to turn over a piece of identifying information, think twice about submitting it. Many consumers take domestic flights and stay in hotels without even owning a passport; just because you have one doesn’t mean you have to provide the number every time it’s an option.

Finally, as if this wasn’t worrisome enough, there’s another potential threat that could be looming: scams associated with passports. With any high-profile event, scammers crawl out from under their rocks to take advantage of the public. Be wary of any email, text, social media post or other communication that plays off of fears surrounding compromised passport numbers.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read: The Real People Behind Identity Theft Statistics

Remember way back when—about a month ago!—when you were challenged with the ultimate New Year’s resolution?

It didn’t seem all that difficult at the time, and it was certainly easier than your co-worker’s goal of losing twenty pounds. But that challenge to protect your identity and secure your personal data might have been a little more than you bargained for, so it’s time to take stock.

1. How are your passwords coming along?

If you took the warning to heart and vowed to be more safety-minded about your online accounts, good for you! That’s one of the best behaviors you can adopt to hopefully prevent internet takeover. Using a strong, unique password is critical, and changing your password regularly on sensitive accounts can help thwart a lot of problems down the road.

If you didn’t get around to this step yet, it’s not too late. Stop right now and change three passwords: your primary email password, your preferred social media password, and your online banking password. Go ahead, we’ll wait right here. Just do yourself a favor and make sure you don’t use the same password on all three sites!

After those three accounts are secured, do this: every time you log into any account for the first time after today, click “forgot my password” instead of logging in. You’ll receive an email in a few seconds that contains a link to change it, and you’ll know you’ve created a new password for that account without having to hunt all over the internet for every website you use.

2. Are you monitoring your credit reports?

If you ordered copies of your credit report last month to kick off your privacy New Year’s, way to go! If you meant to do it but didn’t get around to it, STOP RIGHT THERE! According to the Federal Trade Commission, there is only one authorized source for free credit reports, and that’s AnnualCreditReport.com. You can reach them via their website or by calling 1-877-322-8228.

There’s something to remember about your credit reports, though. You’re entitled to one free copy every twelve months from Experian, Equifax, and TransUnion, also known as the Big Three of credit reporting. So you could order just one this month, say, from Experian. In a few months, order one from Equifax. Finally, request one from TransUnion later on. This will give you an ongoing look at your credit report so you can stay on top of any shady activity.

By the way, a number of credit card companies have started providing your FICO score when you log into your account. It’s free, instant, and does not count as an inquiry into your credit report. However, it’s not comprehensive, it’s only your actual score. If your score isn’t where it should be—or where you think it is—then you certainly want to look at your credit report. If your score is fantastic, it still doesn’t mean you’re completely safe, but it is something you can look at every single time you pay your bill online. A dramatic change in your score could indicate something fishy.

3. Did you give that receptionist your Social Security number? 

Hopefully, you didn’t ring in the New Year with a cold or other illness, but if you did, a trip to the doctor’s office may have been in order. Did you dutifully fill in your Social Security number on the form, or did you remember your privacy resolutions and leave it blank? It’s pretty daunting to refuse to hand it over, and can even get you a few weird looks from people who think you might be a little paranoid. But the truth is, intentional and accidental data breaches are a huge and costly problem, especially for medical facilities.

Any time you’re asked for your SSN, stop and ask yourself why this facility could possibly need it. Then, ask them the hard questions: who in your company will be able to access it? how will you keep it safe? how will I find out if you’ve had a data breach and someone has stolen my information?

Feeling a little bit silly for refusing to provide it is going to be a whole lot more pleasant than feeling silly when you receive a data breach notification letter in the mail. Your SSN and other sensitive information don’t belong in every single person’s hands, and honestly, some businesses don’t even know why they’re still requesting it in this current cybercrime climate.

If you fell a little short in your resolutions—whether the ones you made about your identity or your weight loss goals—there’s good news: 2019 has eleven more months to get it right! With a little bit of extra effort and adopting some good habits, you’ll be on track before you know it.


How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the TMI Weekly.

Thanksgiving, Hanukkah and Christmas are just around the corner. Black Friday, Cyber Monday and holiday shopping is too. It also means the possibility for an increase in identity theft and fraud. So before you get caught up in all the holiday shopping chaos, you should be aware that criminals might use this as an opportunity to compromise your sensitive data. This holiday season, however, one group in particular might be purposely putting themselves at an increased risk of identity theft. A recent survey by Experian found that 19 percent of millennials would put their identity at risk in exchange for a good Cyber Monday deal. While some millennials are making it exceptionally easy to compromise their personal information during the holiday season, let’s take a closer as to why this demographic might be more vulnerable to identity theft year round.

Millennials are notorious for being the most tech-savvy generation, growing up in a world where sharing personal data online and across social media platforms is commonplace. However, their willingness to share personal data easily puts them at an increased risk of identity theft. For one, criminals might have an easier time guessing their security challenge questions because they can be quickly discovered on their public Twitter profile or Instagram page.  Second, since they are so used to sharing a wealth of personal information, they might be less likely to hesitate when asked for it by anyone – including those with malicious intent.

Along with being tech-savvy,  feelings of apathy toward data breaches could be another reason why millennials might be at an increased risk of identity theft.  According to a Gallup poll, 67 percent of millennials are trusting that the companies with which they do business, such as credit card companies and health insurance companies, guard their information. The poll also finds that 70 percent do believe that their privacy will be compromised at some point in time. Because millennials have lived through several major data breaches, they’re aware of the risks but have become accustomed to these types of events and might not fully comprehend the severity of having their personally identifiable information stolen.

In some cases, becoming a victim of identity theft is “fixable,” but what millennials might not understand is that the process is not an easy one. Identity theft cases can take years to remediate. Even if you “fix” the issue, many victims experience reoccurring threats, consistently trying to regain their identity. This also doesn’t take into account the emotional impact victims go through. The Aftermath® study revealed that victims felt angry, frustrated and violated regarding their identity theft situation. In the same survey, 50 percent of victims lost interest in activities they once enjoyed.

And lastly, another reason that millennials might be increasing their risks of identity theft is by thinking it won’t happen to them. According to the AARP, younger generations tend to believe that scammers target the elderly, which allows millennials to believe they are safe. However, what millennials might not realize is that they are just as vulnerable to the threats of identity theft as senior citizens. For example, a recent survey found that 17 percent of millennials were likely to give out sensitive information to a caller that confirmed their last four digits of their Social Security number. So it is, in fact, that everyone is equally just as at risk for identity theft, regardless of their age.

Now more than ever, millennials need to take preventative measures to minimize their risk for identity theft. Here are a couple of tips to help protect your identity:

  • Don’t give out your Social Security number unnecessarily
  • Use strong passwords
  • Set up a passcode/password and anti-virus software on all of your mobile devices (smartphone, tablet) and computers (desktop, laptop)
  • Don’t give out personal information on the phone unless you initiated the contact
  • Avoid logging into sensitive accounts, email or providing credit card/debit card numbers while on public Wi-Fi

If you do find out that your information has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.

Experian proudly provides financial support to the Identity Theft Resource Center.


Read next: “Your Holiday Shopping Guide to Putting Privacy Under the Tree”

As the holidays draw nearer and the shopping season goes full steam ahead, consumers all around the world are looking for just the right presents to finish out their lists. The presents may range in price and meaningful sentiment, of course, but with the technology sector taking up a significant share of the market, safeguarding your privacy becomes the real gift.

There’s no doubt that the more connected your devices become, the more vulnerabilities you may face. With every new piece of technology that connects to your network—along with all the apps, software, cloud-based accounts, and other tools to power these devices—there’s another possible door left wide open to hackers and identity thieves.

Fortunately, researchers at Mozilla (the creators of the Firefox web browser) have updated their holiday shopping guide that ranks all kinds of consumer goods based on their potential impact on your privacy. Titled *Privacy Not Included, this guide helps you understand the possible dangers as well as how to secure them. In some cases, it may even help you decide that a specific item is not for you or your family.

The guide is broken up into different categories—toys & games, smart home, entertainment, wearables, health & exercise, and pets—and includes reviews of more than seventy products.

One of the most important aspects to these reviews is the “minimum” requirements for protecting your privacy. According to the researchers, only 32 of the reviewed products even earned a “merit badge” for meeting those minimum standards, meaning the items must “use encryption; have automatic security updates; manage security vulnerabilities using tools like bug bounty programs and clear points of contact; and require users to change the default password if a password is required.”

However, Mozilla’s team also said other factors prevented them from deciding once and for all if many of the products meet the standards, such as the manufacturer not responding to direct requests for information about customers’ privacy.

This is the second year that Mozilla has conducted this review and released the results, but this year the company has included a new tool called the Creep-O-Meter. It will give consumers an idea of the level of privacy concern surrounding different products, ideally before they buy and install them.

There are a lot of holiday shopping guides and consumer review websites that can help you make an informed decision about price, quality, age-appropriateness, and more. This might be the only guide that explicitly supports your privacy, though, so check it out before bringing any new connected devices into your life.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

Question and answer site Quora announced a data breach that affected about 100 million users’ accounts. The hacked information included names, email addresses, and encrypted passwords. While most people who participate in online discussion via the platform may establish an account, anyone who has posted through Quora anonymously does not need to worry about their name getting “out there” since they never provided it.

Names, email addresses, and Quora passwords might not seem like a big deal to some users. After all, the company discovered the breach on November 30th and has already begun issuing notification letters. They’ve also forced a reset of all account passwords, so everything should be fine.

Unless… unless you’re one of the incredibly high numbers of people—52%, in fact—who reuses their passwords on multiple websites.

For years, security experts have tracked the use of “popular” passwords, and have found bizarrely simple passwords to be the most popular. These include things like “password,” “123456,” and “QWERTY,” just to name a few. But password strength—or lack thereof—isn’t really the problem in this case.

With the Quora breach, it doesn’t matter how amazing your password is, like “h2E9Nb17LW.” If you reuse that same password on any other website on the web, the hackers who have your Quora email and password have those same credentials to try on other sites. Hopefully, your online banking, credit card, PayPal, Amazon, and other vital accounts aren’t connected to those credentials this way.

This incident and so many others that only affect login credentials can be mistaken for being “not a big deal,” but the reality is just the opposite. When web users reuse their credentials like this, they leave themselves vulnerable to other account breaches and identity theft. It’s essential to create a strong password for every account you have, but it’s equally important to keep each strong password limited to one account.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

If you follow tech news, you may still get shivers up your spine from the buzz surrounding one of the most dangerous ransomware attacks in recent history. The May 2017 WannaCry attack made headlines for months due to the high volume of victims and the high-profile companies who were targeted. Within a short time, this self-replicating cryptoworm had infected more than 300,000 computers, locking up their systems and demanding payment from the victims in the form of Bitcoin.

As with all headlines, though, the story can fade fast when other news takes its place. And just like most other news stories, that doesn’t mean this one is gone just because people aren’t talking about it.

In fact, antivirus and security suite developer Kaspersky Lab issued recent findings that more than 75,000 new cases of WannaCry infections were discovered between July and September of 2018. Yes, only a couple of months ago, new victims were suffering from a well-known form of ransomware and having to decide whether or not to pay the criminals in order to regain access to their computers.

One of the major issues surrounding WannaCry is that a patch was available for it even before the initial attack. Consumers and businesses who were using older computers or older operating systems may have been more vulnerable, along with individuals who haven’t been installing recommended updates regularly.

Another issue some victims faced was not having a strong, up-to-date security suite with antivirus and anti-malware protection. A number of large-scale data breaches have been traced back to inadequate protection for a computer or network, and in some cases, the original victim was not the major corporation who was ultimately the target.

One of the best courses of action against WannaCry or any other form of ransomware is to create scheduled, automatic backups of all your files. These backups can be stored in a cloud-based subscription or an external storage device, and they’ll mean you can still access all of your files if someone targets your system. Paying the ransom might be cheaper than a new computer—the typical WannaCry ransom was $300, but other ransomware attacks have demanded more—but there’s no guarantee the hackers will release your files upon payment. That money can be put towards newer equipment instead of lining a cyberthief’s pockets.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert