In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

There were more than 184 million ransomware attacks around the world last year, and there’s no sign that this type of cybercrime is slowing down. If anything, the effectiveness and lucrative payouts for hackers could mean even higher numbers of attacks in the coming months.

Are you prepared? Is your workplace?

The first step is to understand how ransomware works. The culprits behind the attack can be some of the most sophisticated hackers in their field, or they may be nothing more than a low-level user who has purchased some malicious software on the Dark Web. A highly-skilled hacker can infiltrate your network, while a less adept cybercriminal relies on getting you to install the malicious software for them through a phishing email or other social engineering.

Once the harmful software is on your network, though, your files and system are locked up tight. The only way to regain access—and restore day-to-day business—is to pay the ransom and hope the criminal decides to give you the necessary decryption key. (In too many cases, the thieves made off with the ransom and refused to unlock the victim’s computers.)

One recent profile of ransomware victims demonstrated a couple of different approaches to dealing with an attack. In one instance, a city government was infiltrated; they decided to pay the ransom and hope for the best. In the other case, city officials decided not to pay the ransom and instead rely on the backups of their important files.

So who was right? It doesn’t matter. Every ransomware attack and every victim are different, so making a sound decision about recovery should be the work of the victim, law enforcement, and security experts.

But here are some things to consider:

  • While businesses are more likely to provide a bigger payout, criminals know that individuals might pay up in order to retrieve their precious photos, videos, stored content, and more.
  • Paying the ransom is absolutely no guarantee that a hacker will decrypt your files or unlock your computer.
  • The best defense against this kind of attack is to routinely back up all of your files and important folders.
  • Ensuring that you, your family members, and your company’s workforce can spot a phishing attempt and avoid installing harmful software will also help protect you.
  • A company-wide policy about never downloading unknown files, never clicking on links in emails, never opening unexpected attachments, and other dangerous behaviors can also secure your network from this kind of attack.

No matter what steps you take, it’s important to stay on top of cyberthreats and scam attempts. Regular company training and a comprehensive company-wide computer use policy can help protect your business network, and monitoring computer use at home can do the same. As always, installing and updating a strong antivirus solution to block these threats is important, too.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

Most consumers probably have some level of knowledge about identity theft and fraud. It might only be a passing familiarity thanks to news headlines about record-setting numbers of data breaches. For others, their deeper knowledge of this kind of crime may come from having already been victimized. As anyone who has had to navigate the aftermath of identity theft crimes can tell you, it carries a lasting—possibly even lifelong—impact.

So how much do you really know about this crime? (You can take this short quiz to find out!)

The Association of Certified Fraud Examiners, ACFE for short, wants to help every consumer be as fraud-aware as possible in order to reduce their risk of becoming a victim. The organization hosts an annual event each November known as Fraud Week, and together with the Identity Theft Resource Center will host a Twitter chat filled with important tips and information for the public.

International Fraud Awareness Week will run from November 11th through 17th, and while some of the information is geared towards preventing this crime within the business sector, there are plenty of resources for everyday consumers. You can sign up to host a local community education event, direct your company or business to informational webinars, and find ideas for posting on social media to raise awareness. One great item to share on your social media channels is this ACFE video on identity theft and fraud, for example.

Of course, joining the Twitter chat on November 15th is another great way to get involved and stay informed. The ITRC and ACFE will co-host the free event online at 3pm ET/12pm PT, and participants only need to log into their Twitter accounts and search for The #fraudweekchat hashtag to participate. Be sure to add the hashtag to all of your questions or comments so other participants and the chat hosts can see them.

Finally, one of the best ways to really understand the impact of fraud is to hear from the victims themselves. The ITRC’s annual Aftermath report compiles information from victim surveys, which were completed by people who reached out to the organization for help during the previous year. This information explores not only the financial impact of this crime, but also the mental, emotional, and even physical effects of being a victim.

To say that it’s up to the victims to prevent identity theft and fraud is wrong; in too many cases, the victim couldn’t have done anything to prevent the crime. However, there are ways consumers can reduce their risk, recover as quickly as possible, and minimize the lasting effects. Knowing how to recover from this kind of crime starts without knowing what preventive measures to put in place, what steps to take in the event of fraud, and what resources are available to help victims. It all starts with awareness, so make plans to be a part of Fraud Week.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

Most consumers probably have some level of knowledge about identity theft and fraud. It might only be a passing familiarity thanks to news headlines about record-setting numbers of data breaches. For others, their deeper knowledge of this kind of crime may come from having already been victimized. As anyone who has had to navigate the aftermath of identity theft crimes can tell you, it carries a lasting—possibly even lifelong—impact.

So how much do you really know about this crime? (You can take this short quiz to find out!)

The Association of Certified Fraud Examiners, ACFE for short, wants to help every consumer be as fraud-aware as possible in order to reduce their risk of becoming a victim. The organization hosts an annual event each November known as Fraud Week, and together with the Identity Theft Resource Center will host a Twitter chat filled with important tips and information for the public.

International Fraud Awareness Week will run from November 11th through 17th, and while some of the information is geared towards preventing this crime within the business sector, there are plenty of resources for everyday consumers. You can sign up to host a local community education event, direct your company or business to informational webinars, and find ideas for posting on social media to raise awareness. One great item to share on your social media channels is this ACFE video on identity theft and fraud, for example.

Of course, joining the Twitter chat on November 15th is another great way to get involved and stay informed. The ITRC and ACFE will co-host the free event online at 3pm ET/12pm PT, and participants only need to log into their Twitter accounts and search for The #fraudweekchat hashtag to participate. Be sure to add the hashtag to all of your questions or comments so other participants and the chat hosts can see them.

Finally, one of the best ways to really understand the impact of fraud is to hear from the victims themselves. The ITRC’s annual Aftermath report compiles information from victim surveys, which were completed by people who reached out to the organization for help during the previous year. This information explores not only the financial impact of this crime, but also the mental, emotional, and even physical effects of being a victim.

To say that it’s up to the victims to prevent identity theft and fraud is wrong; in too many cases, the victim couldn’t have done anything to prevent the crime. However, there are ways consumers can reduce their risk, recover as quickly as possible, and minimize the lasting effects. Knowing how to recover from this kind of crime starts without knowing what preventive measures to put in place, what steps to take in the event of fraud, and what resources are available to help victims. It all starts with awareness, so make plans to be a part of Fraud Week.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

On November 6th, citizens will cast their votes for governors, state officials, or members of Congress, either continuing to support the incumbent or opting to make a change with a new candidate. In any event, the work of campaigning and elections are big business…especially for scammers.

With so much discussion about the mid-term elections, thieves have launched a wide variety of election season scams to steal personally identifiable information, financial resources, or both.

1. Phishing attempts – Candidates and political parties rely on emails and phone calls to connect with voters, and scammers are using the same tactics. By posing as members of a campaign, scammers target their victims with phony donation requests, fake news articles that encourage them to click and input their information to read, and more. The goal in these scams isn’t just money, but also access to your personal data.

2. Donation requests – It takes a lot of money to put on an effective campaign, so political candidates often request donations, host fundraisers, and more. Thanks to online platforms, candidates or their team members can request money via social media and platforms like GoFundMe or PayPal. However, the natural mechanism that allows candidates to do that effectively also means a scammer can do it, too. Be on your guard for similar names, “patriotic”-sounding organizations, and issue or party-centric groups that are not actually affiliated with anyone campaigning.

3. Fake robocalls – There have already been reports of robocalls associated with particular candidates for promotional purposes, and remember, charitable organizations and political ads are two of the categories that are exempt from the Do Not Call registry. However, some of the robocalls have not only been spoofed or use stolen recordings of the candidates, but some of them have also even been highly offensive and designed to get the listener to interact.

So how are you supposed to protect yourself from elections season scams? By using the exact same good habits that are designed to keep you safe from scams throughout the year. Never give out your information or verify your identity to someone who contacts you; never make a spur-of-the-moment donation or spontaneously pay a fee, fine, or bill; remember that anyone can create an email account or website, and it doesn’t take any effort or know-how to copy or mimic an existing organization.

Keep your identity and your finances secure by being cautious about how you interact with the campaign process this year…and don’t forget to vote!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

A recent discovery on an internal message board may be a little unsettling: according to Politico, who discovered the internal memo and first wrote about the incident, the U.S. State Department’s unclassified email system suffered a data breach. This event affected only one percent of the organization’s 69,000 employees, but while the classified email system was not affected, the State Dept acknowledges that the impacted employees’ personally identifiable information may have been compromised.

Events like this one are happening with alarming regularity across every kind of business or agency, leading to record-setting year-over-year numbers of data breaches and compromised consumer records. While the State Department’s investigation of the incident is still underway, the internal memo did cite the need for better password security among employees.

Password security is an issue that plagues users at every level and in every industry. There are even websites that track the most commonly used passwords—discovered as a result of data breaches and stolen account credentials—and unsurprisingly, things like “password,” “qwerty,” and “12345678” still top the lists. Of course, a weak and easily guessed password isn’t the only issue; reusing passwords on multiple accounts leads to fraudulent access too. If a hacker uncovers a database of stolen logins for social media accounts, they can access any other accounts that reused those same usernames and passwords.

The U.S. government has been urged to take extra precautions when it comes to cybersecurity, largely due to the fallout and the resulting legislation from the Office of Personnel Management breach that began in 2014 and continued into 2015. Millions of government employees’ complete identities were stolen, along with identifying information for other people connected to those employees (i.e., family members, former employers).

The event sparked the Federal Cybersecurity Enhancement Act, which was signed into law in 2015. It required federal agencies to take more preventive action to reduce the threat of cybercrimes, and to report on their actionable steps. Unfortunately, those security steps have not been implemented across the board. Several U.S. Senators issued a letter to Secretary of State Mike Pompeo earlier this month, expressing their disappointment that the organization has not followed through on enough of the recommended security measures.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

October is in full swing, and you can tell just by looking around. Halloween decorations fill every storefront, and Dia de Los Muertos depictions are already on display. Pumpkins, ghosts and skeletons already sit on porches, propped in place for some scary fun.

While hordes of the undead (trick or treaters) will be stalking the streets soon, here’s an all-too-real, all-too-common, supremely scary “undead” scenario: an identity thief steals your deceased loved one’s identity to open new accounts, apply for government benefits, buy houses or cars and more.

According to some reports, as many as 2.5 million deceased individuals become the victim of identity theft each year. Some estimates say that around 800,000 of these people are targeted specifically because they have passed away (the remaining identities may simply be chance victims of identity theft or random use of Social Security numbers). As with some other types of identity theft, like child identity theft, the culprits have typically been close friends or relatives of the departed. The easy access to their sensitive documents and the uncertainty surrounding things like account status or benefits means it can be easy for someone to slip in and commit this kind of fraud.

However, that’s certainly not the only mechanism by which a thief can steal a deceased person’s identity. Thanks to things like data breaches and synthetic identity theft, even strangers can commit fraud with someone else’s data. Add to this the wealth of social media accounts, personal information online, and internet obituaries, it becomes even easier to seek out a victim who won’t be likely to speak up about the crime.

Unfortunately, this specific form of identity theft—also called “ghosting”—can take months for financial institutions to discover. It’s unthinkable that you may find out months later, just as you’re beginning to rediscover some new sense of normal without your loved one, that their name and identity has been used to commit fraud.

There are some steps you can take to protect your family if you experience this kind of terrible loss:

1. Be reserved about the obituary – Watch what details you share, such as precise birth dates, anniversaries, or relatives’ names if identifiers could be picked out. Mentioning that your grandmother’s sister never married, for example, would give identity thieves your grandmother’s maiden name. This could also spell trouble for different relatives, as they would now know your mom or dad’s mother’s maiden name.

2. Alert the Social Security Administration – Let them know that the recipient has passed away and to lock their number. This would prevent someone from filing a change of address form and changing the account number where benefits would be received.

3. Reach out to the three major credit reporting agencies – By contacting the credit reporting agencies, you can ask for a freeze to be placed on your loved one’s credit report. This should effectively prevent anyone from opening a new line of credit or making a large purchase.

4. Keep documentation secure – It’s horrible to think that someone close to you would try to take advantage of this awful situation, but it does happen. Money troubles can make people do desperate things. Be very careful if someone asks too many questions, wants to view documents, insists on accompanying you to the bank or Social Security Administration, etc.

5. Continue to monitor your loved one’s identity – There are websites where you can check to see if an SSN has been used or identifying information has been stolen. Also remember that junk mail and unshredded documents are prime sources of identity theft. If any strange bills or statements arrive in the mail, don’t disregard them without investigating them further.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

At one point not too long ago, the IRS was reportedly issuing billions of dollars each year in fraudulent tax refunds filed by identity thieves. Thankfully, with better information and new regulations to help curb this problem, improvements have already been made. That doesn’t mean there isn’t still a long way to go towards fighting back against tax return fraud.

One of the chief issues the agency faces is simply the sheer volume of compromised taxpayer records that are floating around, available for identity thieves to purchase and use. Record-setting numbers of data breaches have resulted in hundreds of millions of consumer records exposed, ready to be used by the original thieves or those who buy them online.

Part of the effort to stem the flow of fraudulent refunds has meant slowing down the process significantly. Of course, we all want to receive a speedy refund that gets automatically deposited into our bank accounts, but that level of efficiency means it’s even easier for thieves to get to your money first. By automatically flagging certain returns for review—especially ones that use some of the more common standard deductions like dependent children or child care expenses—the agency hopes to block even higher numbers of phony refunds.

At the same time, the IRS is also taking a close look at its own mechanisms, namely its websites and taxpayer-centric user portals. The anonymity of the internet makes committing this kind of fraud even easier, and by finding ways to lock down their sites for better verification of taxpayer identities, the IRS hopes to stop even more fraud.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

Securing Our Nation’s Critical Infrastructure Is Everyone’s Responsibility

In Week 4 of #CyberAware Month we’re emphasizing the importance of securing our critical infrastructure and highlighting the roles the public can play in keeping it safe.

A nation-wide pizza chain made news in 2018 by announcing a new contest: nominate your town for pothole repair. The very endearing marketing tactic asked customers around the country to explain why their town deserves a little roadway TLC in order to keep pizzas from bouncing around the car on the way to their tables. One winner would be chosen, and the chain would fund pothole repair for that city.

As fun as that sounds, maintaining and protecting our infrastructure isn’t a game, especially when it comes to the real threat of cyber attacks. These coordinated attacks can disable anything from our power grid, telecommunications and E-911 systems, water supply and sewage and more. Taking down even one of these vital utilities with a cyber attack would have devastating consequences while targeting more than one system could cripple entire sections of the country.

October is National Cyber Security Awareness Month, a project hosted by StaySafeOnline. This year’s theme is “Our Shared Responsibility,” and each weekly theme focuses on how consumers, businesses, and stakeholders can play key roles in protecting against hacking, data breaches, and other related crimes.

But how are members of the public supposed to prevent a large-scale hacking event that aims infrastructure? It’s one thing to update your home computer’s antivirus or log out of your sensitive accounts when you’re not using them, but those behaviors will hardly stop highly-skilled operatives from threatening a country’s water supply.

Or can they? Can the security behaviors you adopt prevent the next widespread cybercrime? StaySafeOnline certainly thinks so, and will offer crucial information to the public on ways that they can take an active role in securing our country’s infrastructure: “Our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic consequences for our nation.”

One of the most obvious ways that consumers can protect these necessary resources starts with protecting their own networks. Your home computer, your smartphone, and your Internet-of-Things connected devices are all sources of potential vulnerabilities. If you’re in any way connected to the public utilities—even theoretically something as mundane as paying your electric or water bill online—it could result in fraudulent access to the utilities if hackers gain access through your computer.

By securing your own devices and networks first, you’re possibly preventing a cybercriminal from compromising your device and using that connection to gain access to a “bigger fish.” Third-party attacks, commonly associated with small businesses who have connections to larger corporations, are a recognized avenue of attack. The Black Friday data breach that affected Target in 2013, for example, was eventually traced back to a third-party vendor who worked on the refrigeration units for a small number of Target locations.

Safeguarding your own network and devices is always a smart thing to do, and it can prevent a lot of headaches for you down the road. In today’s connected digital climate; however, your own security steps just might protect us all.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media