When the Identity Theft Resource Center was founded, cybercrime and identity theft weren’t quite the “household name” hot topics that they are today. While the various forms of the crime aren’t going away anytime soon, what has happened is a cultural shift towards protecting your information and watching out for your data security.

The old recommendations for security-minded consumers used to sound pretty hard to follow. They were enough to make anyone question why they’d ever get online or carry a smartphone in the first place. Fortunately, as security has become easier to adapt to and there’s more of a public conversation surrounding it, the methods that we now consider best practices and good habits are becoming part of our lives.

While shredding old documents and making sure your privacy settings are set to the highest level might seem like common sense now, there are still a few things that are up in the air. New forms of cybercrime and new tactics on the part of hackers mean we still have “new” behaviors to adopt, just as we did years ago.

1. Two-Factor Authentication – If you’d told someone back when the ITRC was first formed that they would someday press a few buttons on their portable pocket telephone to pay for their groceries, they might have looked at you funny. But that reality is nowhere, and along with it comes the need for two-factor authentication. Some people think it’s a little bit of a hassle to have to login, wait for a text message, and then type the contents of that text into your login screen, but that is one of the best ways to ensure that a criminal isn’t remotely logging into your account.

2. Virtual Private Networks (VPNs) – While it might seem time-consuming to install and then activate a VPN every time you need to go online. However, it’s a great way to keep others from tracking your internet activity, especially if you’re connecting over public Wi-Fi networks. VPNs also let you view your content when you’re traveling, even if you’re in an area where that content isn’t under license, and they can help keep advertisers—or hackers—from tracking your internet searches for marketing purposes.

3. Password Protection – One of the easiest steps you can take in protecting your data just might be passwords, even though they’re certainly nothing new. The only new thing about passwords is our current understanding that strong, unique passwords are still not the norm; far too many people still rely on codes like “password” or “1234” when they’re trying to protect their accounts. It’s not only important to lock up your account with a long and random password that you only use on one account, but you really should change your passwords from time to time in order to thwart hackers.

While great strides have been made in informing consumers about privacy dangers, there’s still a long way to go. As cybercriminals come up with new methods to attack your data, we will continue to spread the word about ways to protect yourself.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.

As millions of Americans discover annually, identity theft is above all else, a huge pain in the neck. It can be stressful and expensive. For many, the process of mitigating their case is above all else, time consuming. According to a recent Javelin study, the average identity theft requires 33 hours of a victim’s time to effectively deal with the fallout. The best way to bring this number down is to understand that you as the victim need to have your things in order. Organization and effective note taking are the best methods to limiting the amount of your life you will need to dedicate to cleaning up the damage caused by identity theft.

The amount of clean up that will be required obviously varies based on the amount and type of fraud one may be experiencing, but nearly all identity theft requires assertive action on the part of the victim to notify all the various involved parties (banks, creditors, government, law enforcement, etc.). Different entities will of course have their own interests to protect and motivations to act or not act a certain way. You might call the same creditor three different times and receive three different sets of instructions or pieces of information, which can be incredibly frustrating. It is imperative for a victim of identity theft to have all related documentation (affidavits, credit reports, police reports) readily available to whomever might need to see them in order to clear the victim of responsibility for any of the damage caused.

It is also essential for the victim to keep thorough notes detailing all interactions they’ve had relating to the cleanup of their case. Who they spoke to, what their title and affiliation was, and what instructions they gave. That way if the victim ever has to contact the same creditor or bank more than once (as is almost always the case), in the event they get conflicting instructions or positions from two different employees of the same entity they can immediately say, “Hey wait a minute, Peggy from accounting told me last week that I had to do x, not y.” Organized and thorough notes will save you from having to repeat steps, re-request necessary documents, and lends a great deal of credibility when you can produce written evidence of completing a certain step or interacting with a certain entity.

If you become one of the unfortunate millions of Americans affected by this crime each year, horde as much information about what happened as you can, organize it, and keep detailed notes. In the end it will save you countless hours of work, and will very likely be the difference between a complete mitigation, and dealing with lingering negative effects of your identity theft for an extended period of time.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

The Identity Theft Resource Center recently engaged in a partnership with Access, Inc. Access is a non-profit organization based in San Diego which provides access to education, workforce training and support services to empower at-risk youth and young adults in transitioning to achieve self sufficiency and economic independence. Access, a non-profit organization, recently contacted the Identity Theft Resource Center, asking if we would be able to provide training for each of their youth classes as they approach graduation.

What does identity theft have to do with at-risk youth? Part of the population that Access works with is foster youth. Many of these foster youth are approaching the age when they will be emancipated from the foster system. This is a scary time for any young adult, but in the case of many of Access’ clients it can also be a time of unpleasant discovery. When these young adults begin to engage in the process of applying for jobs, housing or government services, some will find that they have been a victim of identity theft. With this discovery, they find themselves economically crippled, and unable to make the transition into adulthood. Unfortunately child identity theft is all too common for any youth. However, at-risk-youth often find themselves the unknowing target of such fraud.

There are many reasons that foster youth are at higher risk than other youth. First, when a child is removed from a parent, the parent still retains all of the child’s sensitive Personal Identifying Information (PII). If a child is being removed from a parent’s custody, there are most likely problems that the parents are facing. Sometimes these parental problems are economic, and a parent will realize that one answer to the problem is to use their child’s personal information to create new unburdened accounts. Another issue for foster children is that their personal information is being moved constantly from one living situation to another, and access to this information is not always protected correctly. An average child will in general have to provide their social security number to a very limited number of people. However, a foster child’s personal information will be given to others again and again as they continue to receive governmental services. This condition, under which a foster youth’s information is moved and distributed often, raises the risk that the child will become a victim of identity theft.

It was with these concerns in mind that Access contacted the ITRC to provide training for both their staff and the youth in their program about identity theft. Trainings for Access staff focused on how identity theft occurs, signs that the child may be a victim, and how to protect the personal information of the children under their care. The trainings for the youth informed them about how to determine if they have been a victim, steps to take to go about clearing up their case, and ways to protect themselves in the future. Recent trainings have been wonderfully successful, and the ITRC will continue to work with Access to tackle the problems their young people face. It is the hope of the ITRC that these types of partnerships will continue to thrive and remain beneficial to populations which otherwise may not understand the issue of identity theft.

For more information on Access you can visit their website at www.access2jobs.org.

“A New Partnership to Benefit Foster Children” was written by Nikki Junker. Nikki is the Social Media Manager at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.

Social networking sites are a great way for families and friends to stay in contact with each other. They also provide an open forum for people to speak their mind, talk about issues that are important to them, and share photos and memories with the world. Kids and teens have especially taken to this new way of connecting with people. In 2009, 38% of 12 year olds in the United States were members of at least one social network according to the Pew Research Center’s Internet and American Life Project. Kids love chatting, sharing real time photos, and instant messaging each other.

This is a wonderful tool for kids and teens to use, but there are certain things that must be taken into consideration, the first being the mental and emotional maturity of the user. Most young people don’t understand that what you post online can be seen by everyone, and is online forever. Pictures, comments, etc. can be viewed by anybody you allow access to. The biggest concern most parents have is stalkers and pedophiles who can use the information posted by kids to pinpoint what school they go to, the rout they take to walk home, if they have after school jobs, or if they will be at a particular location unsupervised like at the mall.

The second concern is that most kids don’t understand the long term consequences of what they post. Some users have found their posts used against them years later when they are applying for college and jobs. Comments about a particular college could result in an application to attend being denied. Pictures and comments at parties and social gatherings could cost you a job. Even pictures that a minor child may think are safe to post or share online could result in criminal charges of child pornography and a permanent record as a sex offender.

The last thing kids and teens need to keep in mind is that anything they post online can be accessed and manipulated by others. Cyberbullies have been known to take pictures from legitimate social networking profiles and create a dummy profile. They may doctorthe pictures to depict the original person in compromising and embarrassing situations.

When teaching your children safety online it is always important to stress that nothing they post is 100% guaranteed to be private. Parents should be proactive in monitoring what their children post and talk with them if they see anything they deem inappropriate.

How to Clear PII from a Mobile Device

Are you considering selling your old laptop or smartphone? As some of us may be aware, deleting files or data from these mobile devices is not enough. The truth is that some of what we think are “files” in these devices are actually pointers or “shortcuts” to the actual file data, and deleting these pointers from the devices will not delete the actual file data itself. Nowadays, personal computers and mobile devices, such as smartphones have replaced much of our old paper-file method for storing or even doing work. If you are thinking about selling or donating your personal laptop or any of your mobile devices, there are some precautionary steps you may want to take in order to ensure that any personal or sensitive information does not get left behind. Sensitive information left behind on a hard drive, or device memory can be retrieved and pose a serious problem. People who intend to use information for harm will seek out used computers and mobile devices, just to harvest the information.

For computers there are two methods for getting rid of files or information stored in hard drives. These two methods are called reformatting and wiping the hard drive. When you format your computer, the files on the disk are not completely erased; it means the address tables are – where a search will prevent the files from being easily located. Formatting the disk is much more than deleting files, however, it is important to understand that it is not completely secure. Reformatting a drive may still allow your data to be recovered, making you susceptible to data theft.

So, it will all depend on the data you have stored in your device. Think about what you have used your computer for. If you have used your computer for online banking, paying bills online, personal email, storing income tax return forms, and/or other important documents – you may want to consider disk wiping. Disk wiping is the other alternative for computers – it removes software and data from the hard drive. The process of disk wiping overwrites your hard drive. If you are getting rid of your laptop, you may want to consider performing a disk wipe service. If unfamiliar how to perform it, there are technical support groups who may be able to perform this task for you. Here is a link to an excellent short article on this practice: http://enterprisefeatures.com/2012/02/disk-formatting-vs-disk-wiping/

On the other hand, let’s talk about smartphones. It is said that if you have a Blackberry or Apple device – that data wiping will completely remove any stored data on your device. Therefore, you shouldn’t be worried about the possibility of someone hacking into the operating system and retrieving your data. You may either install wiping software or for these two devices, use the factory settings for data wiping. Now, we know there is a third party missing – the Android operating devices. There has been recently publicized advice that if you are considering getting rid of your Android device, that you are better off keeping it rather than letting it go. Android devices also offer a factory data reset, where all the data on your phone is erased. While the phone is in use, the user can also setup data encryption, where all personal data on the phone is encrypted. In addition, files can be encrypted to your memory card and internal phone storage – you’ll find this under the storage encryption option. Regardless of the type of smartphone you use, you need to be aware of all the information it harvests, and make certain that data is not given away when you are done with the phone.

Ultimately, the truth of the matter is your security depends on the type of information or data you have stored in your device. Often times, if we store personal identifying information or sensitive information that can lead to identity theft, we should be very concerned of the possible threat if we haven’t taken the measures to appropriately delete or erase the data. Exercise precaution.

“Protect Yourself Against Identity Theft! How to Clear PII from a Mobile Device” was written by Rex Davis. Rex is the Director of Operations at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.

Most iPhone users store a considerable amount of personal data on their phone that would be devastating to lose. This can be in the form of pictures, saved PDFs, passwords, banking information, credit card information, and personal text messages. Therefore, it is extremely important to keep your iPhone as secure as possible. Luckily, there are a few simple things that you can do to help ensure the safety of the personal information on your iPhone.

  • Enable the Auto-Lock and Passcode Lock features under the general settings. The Auto-Lock feature will automatically lock your phone after it has been sitting idle for an amount of time that you pre-determine. The Passcode Lock feature will require a 4 digit password anytime someone attempts to access the phone when it is locked. These two simple features provide significant deterrence to the random individual who may try to steal your phone when you leave it sitting about.
  • Siri is incredibly useful and is capable of accessing and providing personal information to whoever is using the iPhone. Unfortunately, a user is allowed to communicate with Siri even if the phone is locked. Thus, Siri can be used as a workaround to the passcode feature, giving access to personal data when the iPhone owner thinks that the phone is locked down. In the Passcode Lock menu, you can opt to turn off Siri while the phone is locked.
  • Use a Virtual Private Network (VPN) when using the iPhone to access the internet from public WiFi locations. Public WiFi poses a danger to your iPhone and personal data because hackers can use public WiFi hotspots to monitor what you are doing on your iPhone as well as what information you may be inputting into it as well. A Virtual Private Network encrypts the signals from your iPhone making it impossible for hackers to decipher what you are doing on the internet.
  • Always have an updated antivirus program installed on your iPhone to help prevent virus or other malware from infecting your phone.
  • Enable Find my iPhone under the iCloud settings which will allow you to determine where your iPhone is at any given time in addition to giving you the ability to remotely wipe your phone of all its information. This is extremely useful because the 4 digit passcode can easily be decoded by a determined hacker. With this feature enabled, if you lose your iPhone all you have to do is sign onto any computer and elect to remotely wipe your iPhone of all its information.

“How to Protect Data on Your iPhone” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original post.

Most of us who own smart phones store a considerable amount of personal data on them which could be very damaging if the phone was lost or stolen. Everything from valuable documents, passwords, personal pictures, banking or credit information, and personal text messages could be compromised. Fortunately, there are several steps one can take to protect the data stored on their phone. What follows are some best practices for protecting the data on your Android Smart phone.

  • Enable the Auto-Lock and Passcode Lock features under the general settings. Go to your settings, and then select “security.” The Auto-Lock feature will automatically lock your phone after it has been sitting idle for an amount of time that you pre-determine. The Passcode Lock feature will require a password, or a trace design anytime someone attempts to access the phone when it is locked. These two simple features provide significant deterrence to the random individual who may try to steal your phone if it’s left unattended.
  • Use a Virtual Private Network (VPN) when using your phone to access the internet via public WiFi. Public WiFi poses a danger to your personal data because hackers can use public WiFi hotspots to monitor what you are doing as well as what information you may be sending over the internet. A Virtual Private Network encrypts the signals from your Android making it impossible for hackers to decipher what you are doing on the internet.
  • Always have an updated antivirus program installed on your Android to help prevent virus or other malware from infecting your phone. Monitoring apps such as Lookout Security can gauge the risk levels of various apps or programs you might be inclined to install on your phone.
  • Always pay attention to what apps you’re downloading. What access rights to your data does it ask for? Is it produced by a reliable/trustworthy entity? Never download an app you’re not 100% sure about, and always pay attention to what rights they require to install their app in your phone.
  • Install a wiping program on your phone so that in the event of a theft or a loss, you will be able to remotely wipe all your sensitive data from the phone so the thief cannot benefit from it.
  • Never pre-store banking passwords or other sensitive passwords on your phone. If someone were to gain access to your Android, there’s no reason that event needs to preclude a thief gaining access to your email or your mobile banking apps.

“Keeping your Information Safe on an Android Device” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.

Identity theft related tax fraud occurs when an identity thief somehow obtains your name and Social Security number and uses this information to file a fraudulent tax return in your name. Tax fraud resulting from identity  theft can affect individuals or businesses and often the same information can be used to ultimately commit tax fraud against both. There are many ways that identity thieves can steal your information including: phishing emails, snooping through your trash for intact documents, hacking into an entity that has your personal information, stealing or finding your wallet/purse, public WiFi monitoring, changing the designated agent of business entities and the list goes on.

Once your personal or business information has been stolen, identity thieves can use this information to file fraudulent tax returns to the IRS and other tax authorities in order to receive credits or refunds. The identity thieves prefer to have the funds distributed by the IRS in the form of a pre-loaded debit card or a direct deposit which helps them avoid having to deal with security measures related to cashing a paper check. After receiving money from the fraudulent filings the identity thieves will disappear, leaving the victim individual or business owner without their refund or with substantial bills owed to the tax authorities.

The most common issue people face is a delay of their anticipated refunds. When an identity thief files your tax returns before you do, the tax return you file yourself comes under suspicion as it is a second return filed for the same taxpayer. The IRS will require that you send them an IRS Identity Theft Affidavit (Form 14039) with proof of your identity in order to confirm that you indeed are the real taxpayer. This process can be lengthy and your refund will not be processed until you are confirmed by the IRS to be the actual taxpayer. Other consequences of this crime can be severe as victims can also be left to deal with any resulting collection actions, audits, and the possibility of fighting aggressive tax collection through the IRS appeals process.

In late 2012, after the IRS reported that it had identified 642,000 tax returns affected by identity theft, the United States Government Accountability Office’s Director of Strategic Issues, James R. White, conducted a review and provided testimony as to why so many fraudulent returns are getting by the system. The Government Accountability Office (GAO) found that there were “several areas where the extent and nature of identity theft is unknown.” First, the total number and cost of fraudulent returns is hard to determine because the IRS can count the number of identity theft related incidences they discover, but they have no accurate way of determining how many they are missing. Second, the IRS usually doesn’t know the identity of the criminal unless they open a criminal investigation. Third, it is difficult determining whether a fraudulent return is part of a broader scheme as analysts cannot always identify indications of large tax identity theft schemes. Last, the characteristics of known identity theft returns are not as clear as the IRS would like as the agency does not currently track the characteristics of those returns.

This does not mean the IRS is sitting idly while allowing the fraudulent returns to be processed. The IRS developed the Internal Refund Fraud and Identity Theft Global Report (Global Report) to begin keeping track of information in their system related to identity theft incidents. IRS senior management will use this information to implement more protocols to reduce tax identity theft and it will be used as a source of information that can be sent to external entities requesting information. In addition, the IRS has already instated multiple protocols that began in 2012 or are slated to begin in 2013 as I have written about in an earlier article.

What you can do to minimize your risk of identity theft related tax fraud is to simply file your tax return first. This effectively turns the tables on the identity thief as your return will be accepted by the IRS and the criminal’s fraudulent return in your name will be denied. Now it will be incumbent upon the identity thief to provide information proving that they are indeed you, which will most likely end their attempt to defraud you and the IRS. It is unclear when exactly the IRS will begin accepting returns this year as the delay in resolving the fiscal cliff may postpone the filing period a few weeks. Regardless of when the filing period begins, try to file your return as early as possible and you will be well on your way to avoiding tax fraud this tax season!

“The Importance of Filing Taxes Early” was written by Sam Imandoust, Esq. He serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the original article.

When it comes to identity theft, there’s a great deal of consumer confusion as to what function law enforcement plays in cleaning up your identity theft mess. “Should I file a police report?” is one of the more common questions our ITRC advisors’ field on a daily basis.

When it comes to reporting and recovering from identity theft, the Federal Trade Commission (FTC) is working to simplify the process.

For years, identity theft victims have been encouraged to file a police report as soon as they discover they’ve been victimized. It wasn’t so much that the police were going to find your thief—but that it served as sworn proof that you claim to be innocent of the damage the thief did with your credit cards, identifying papers, and more. Filing a false police report is its own crime, so by seeking a police report, you were essentially saying, “I swear under oath that I’m not the one responsible for this mess.”

Unfortunately, with so many up-in-the-air variables about identity theft, many law enforcement departments were left scratching their heads. Where were they supposed to start looking if a “Nigerian prince” stole your money, or a phone scammer stole your credit card information? Too often, the police report ended up being nothing more than a piece of paper that you could hold up if someone accused you of a crime.

The Federal Trade Commission (FTC) is working to change that.

Now, instead of suggesting that all victims file a local police report, the agency runs IdentityTheft.gov, a one-stop-shopping method of getting the documentation you need to supply to different companies and organizations. Along with things like a personal recovery action plan, you’ll also receive pre-filled letters to give to your bank, credit card companies, utility companies, and more saving you some of a headache and legwork. You’ll also file an “Identity Theft Report,” which is your official statement about the crime.

This Identity Theft Report is not only legal and binding as your proof that you claim to be innocent of any damage, it’s filed automatically with the FTC, a federal law enforcement agency. However, there may be some circumstances where you’d still want to file a local police report; according to the FTC, those reasons may include:

– you know the identity thief, or have other information that could help a police investigation

– an identity thief used your name in a traffic stop or any encounter with police, or

– a creditor, debt collector, or someone else affected by the identity theft insists that you produce a police report.

If you have information that will help your local police department make an arrest, by all means, speak to that agency. Likewise, if your identity may have been supplied to police in an unrelated crime—such as someone is found with drugs in their car and supplies your name to the police—then you’ll certainly want to pay a visit to your local law enforcement office.

Remember, whether it’s filed through your local police department or the FTC’s IdentityTheft.gov website, the purpose of the report is two-fold. It serves as your declaration that you are innocent if your identity is used illegally, and it helps begin the investigation. Clearing your name is never easy, but the FTC is working to streamline the process and reduce the amount of time it takes to recover.

If you have additional questions about the cleanup process, contact the ITRC toll-free at (888) 400-5530


For on-the-go assistance, download the free ID Theft Help App.

There is something truly terrifying about the thought of losing your passport. It brings to mind being mugged in a third world country and unable to get home. More often, the situation is nothing as exotic, but it can be very stressful nonetheless. A lost or stolen passport is a very serious situation, even when you don’t need it to re-enter the United States. The reality is that a lost or stolen passport, or the loss of your passport number through a data breach, can mean more than the pain and expense of getting a new document. It can also lead to serious cases of identity theft. So if you find yourself with a lost or stolen passport document, or stolen passport number, you want to be sure that you handle the situation appropriately and quickly.

Here are the steps you want to take if your passport document is lost or your passport document or number is stolen:

1.Call the State Department’s office with any questions at 1-877-487-2778 (TTY 1-888-874-7793).  They have representatives that can help you fro

m 8 am to 10 pm Eastern Time, Monday-Friday and 10 a.m. to 3 p.m. Eastern Time on Saturdays.

2. You can report a lost or stolen passport via mail, phone, or online. In all instances, you will need to fill out Form DS-64: Statement Regarding Lost or Stolen Passport.  This is incredibly important to do as soon as possible after the discovery of theft or loss in order to avoid the use of your passport for illegal activities including, but not limited to, criminal identity theft.

3. Once your passport has been reported lost or stolen it is invalid and cannot be used again. You will need to apply for a new passport in person by filling out Form DS-11: Application for a U.S. Passport. A specialist will take a report over the phone and your passport will immediately be deactivated.

4. If your passport was stolen, file a police report. A crime has taken place and should be reported to the police. Also, you never know when you may need proof that the document was stolen. In most places, you can file a police report for a non-emergency online. If the passport went missing from a home burglary or a stolen purse, make sure to specify that the passport is among the things missing.

5. If your passport number was stolen in a data breach, but you still have your passport in your possession, there is no way to flag your passport to alert authorities.  Passports numbers can be used in conjunction with other pieces of personally identifiable information (PII) to commit criminal identity theft.  Contact the National Passport Information Center at 1-877-487-2778 or NPIC@state.gov for more information about the steps that can be taken if you are concerned your passport number may be used by someone other than you.

Losing a passport or having one stolen can be scary. However, if you follow the above steps you will be back to your jet-setting ways in no time… or 2-4 weeks. More importantly, you have taken steps to protect yourself against the chance of identity theft.

Anyone who believes their identity has been stolen or their personal data has been compromised is invited to connect with the ITRC through our toll-free call center at (888) 400-5530 or on-the-go with the new IDTheftHelp app for iOS and Android.