Either through a failed attempt at renewing your driver’s license, an unexpected failed background check during a pre-employment screening, or through some event more traumatizing, like being informed at a traffic stop that you have a criminal record you were not aware of, you’ve discovered that someone has successfully made a fraudulent driver’s license (or state id card) with your information. Now what? I interviewed ITRC’s senior advisor Wilma to get the best tips for resolving driver’s license or state ID fraud.

governmental id theftITRC: What is the most important first step for any victim of driver’s license fraud to take in order to mitigate their case?

Wilma: They should call the DMV Fraud Department in the state where the fraudulent license was issued and inform them that a license was issued in their state using their stolen information.

ITRC: What can be done if the victim needs a new license in the state where as a result of the fraud, someone else already is in possession of a current and active license?

Wilma: When the victim contacts the issuing state’s DMV, the process will vary slightly depending on the state. The victim should ask that particular DMV what they require to be sent to them in order to get the current license suspended or revoked so that the victim can get a valid license issued in his home state.

ITRC: Ok, what next?

Wilma: The victim must file a police report for criminal impersonation/identity theft at their local police dept. They should also check with their local Social Security Office to determine if SSA issued a replacement social security card and how many were issued.

ITRC: And what if the SSA informs the victim that replacement cards they didn’t request have been issued, potentially to the identity thief?

Wilma: In that case, the victim should submit their police report to the Social Security Administrations, and inform them that the prior requests were fraudulent. Request them to furnish you a Work History Report to make sure no one is employed using your Social Security Number. Then check your Credit Reports, and issue fraud alerts. In the event that any fraudulent financial information appears on the Credit Report, the victim will need to contact each of those creditors, inform them that the debt is fraudulent, and submit to each creditor a copy of your police report, along with a written dispute of the charges.

Identity theft is an ever-growing problem. What follows are 5 simple steps anyone can easily take to reduce their risk of becoming a victim of identity theft.

  1. Get that Social Security Card and birth certificate OUT of your wallet/purse/car: I can’t stress this enough, if you’re not going to get a passport or open a bank account, or process your new-hire paperwork for your next job TODAY, then why are your most sacred identity documents still floating around in your purse or wallet? I can’t tell you how often the ITRC works with confirmed identity theft victims whose cases began out of a lost or stolen purse or wallet. Without an SSN or birth certificate, the theft of a wallet is a temporary inconvenience. You’ll have cancel a few credit cards, maybe close a bank account or two, and get yourself a new license from the DMV. If on the other hand if either or both of those documents were inside the wallet or purse when stolen, congratulations; you’ll now be at an exponentially greater risk for identity theft, and numerous other types of fraud….for the rest of your natural existence. That’s not an exaggeration, once a birth certificate or SSN is compromised or exposed; there is NO perfect solution to putting humpty dumpty back together again. You’ve now forced yourself to become the paranoid, mildly panicky consumer you previously may have made fun of.
  2. Shred Your Mail: Most consumers don’t pay attention to the plethora of personal information we throw away in our discarded mail. Our mail often contains vital information that is best protected from the public. Everything from account numbers, contact information, SSN’s, dates of birth, tax id numbers, all can be found in your mailed correspondence. Invest in a shredder and make sure that any document that contains sensitive personal data makes it through the cross cutters before it goes to the trash. Having a locking mailbox is also a good idea.
  3. Check Your Credit Reports: I know you hear this all the time, from a thousand different places right? But do you really understand WHY checking your credit is a good idea? Think of it being similar to a financial X-ray – if you broke your ankle, you would go to the doctor to get it checked out. Chances are a medical professional knows your ankle is broken just from feeling it, but he orders the X-ray anyway. Why? Because the X-ray allows the doctor to identify precisely where the damage is, and hence the best/most appropriate remedy. A credit report is no different. It will show you if damage to your credit worthiness might exist, and may point out where the damage is coming from. Knowing that someone else is using your credit worthiness, and identifying the SOURCE of bad/fraudulent information is obviously the first step in getting it corrected. Checking your credit is the easiest way to find out if someone else is using your financial good name to acquire benefit, at your cost.
  4. Don’t Send Personal Identifying Information (PII) to an Online Employer: Never give your SSN, bank account numbers, or any other personally identifying information (PII) to an employer you’ve never met in person. Searching online for jobs is a fast, convenient way to job search, but consumers should understand that this convenience is not without added risk. If you haven’t had an in person meeting or at least a few phone conversations with your perspective employer, than why does he need your SSN? Make sure you know the organization that may be hiring you before giving any information. Job scams are a very common way for thieves to capitalize on the desperation of others, so make sure you’re careful with what information you send and to whom you send it. A legitimate organization will almost always want an in-person interview before offering a job position.
  5. Don’t Be Lazy with Passwords: Is your password to your online bank account the same as the one to your email, which is the same as the one to your social media page, which is the same as the one to your fantasy sports team? Password laziness is a key way scammers take advantage of you. They find a way to get access to a piece of information that on its own is harmless (maybe a name and the last 4 digits of your social). This seemingly harmless info may be enough to request a password for an online banking account. Now they have access to one account. From there, if you’re not serious about your password selections, you might’ve just made it that much easier for a thief to gain access to your entire life online. Use capital letters and numbers, and change your passwords at regular intervals.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

Especially in today’s age of accessible information, parents are more and more protective of their children’s information. This is a wonderful thing because the more aware parents are of the risks to their children for identity theft, the less likely their children will become victims themselves.

If a situation occurs that could put your child’s social security number in danger (stolen wallet, information breach, etc.) It is natural for a parent to protect their child using the steps that an adult would use on themselves. The thing that is important for all adults to understand is that the process for children is very different and can have negative results if attempted.

check

It is important to keep in mind that the credit reporting agencies do not know that a person exists until a credit report is started under their social security number. This usually occurs when credit is applied for, like for a credit card, cell phone, student loans, etc. Another way this can occur is if a parent requests a credit report on their child too often. By frequently inquiring into your child’s social security number with Equifax, Experian, and Trans Union, you run the risk of them viewing your credit checks like those done by a creditor. Checking once a year or even once every two years can start a credit history for your child at an age where they should not and cannot be applying for credit. The longer your child has inquiries but not credit on their credit report, the lower their perceived credit score goes. This will make it tougher for your child to apply for credit when they do turn 18 because it will appear that they have inquired for credit, but never received it.

In order to prevent this from happening:

  • Do not check on your child’s credit report unless there is evidence that fraud may be taking place. This can include:
    • Receiving bills or statements under your child’s name
    • Being told your child already has a bank account when you go to open one
    • Problems claiming your child on your taxes
    • Personal information is lost or stolen.
  • Check your child’s credit report when they turn 16 ONLY if one of the above scenarios have occurred. Checking at 16yrs of age allows you time to clear up any fraud that may be occurring before your child turns 18.

Child identity theft is definitely becoming more prevalent on parents’ radars as cases start to be revealed in the media. It is understandable for this concern, but as stated above a parent can do more harm than good if they are overzealous. For more information on child identity theft you can read the Identity Theft Resource Center’s Fact Sheet on Child Identity Theft. If you still have questions you can always call our victim advisor center toll free at 888.400.5530.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/itrc-launches-anyone3-campaign.

When most people think of identity theft, they only imagine the financial implications of someone opening up credit cards or writing bad checks. However, there is a whole world of ways that these creative thieves can use a victim’s personal information. One of those ways is medical identity theft and even within this subset of crime there are even more typed of crimes to be committed. One of those is what is called financial identity theft.

Examples of this type of fraud would include a hospital or a doctor billing you for medical services given to another person. The thief may or may not have a copy of your private insurance card. Here are the following steps you should take if you believe you have become a victim of this particular crime.

Ambulance

  1. Contact the billing department of the medical facility or doctor requesting payment. If you are receiving this notice from a collection agency, then contact the collection agency first. Explain that this is a case of identity theft or mistaken identity. If the billing department is reluctant to help, then contact the attending doctor, or the medical facility’s fraud or legal department.
  2. Ask what proof they have that this person is you. There is almost always a physical description of the patient. Does it match you? You might be able to show that your height, weight, skin color, age, blood type, or sex is not the same as the “patient.”
  3. Ask when service was provided. You might be able to prove you were somewhere else during that period.
  4. What service was provided? If surgery was done or a condition was diagnosed, you might be able to prove you don’t have a scar or that condition.
  5. Ask if your Social Security Number (SSN) was used or just a name and address. If your SSN was used, you will need to follow the information in ITRC Fact Sheet 100 – Financial Identity Theft: the Beginning Steps and check your credit reports. This thief may be affecting your credit status in other ways. They may be opening new lines of credit or leaving other collection actions behind.
  6. Ask if this person used your medical insurance card or number. If so, contact your insurance company and report the problem. Ask for a new number on the replacement card. They may also have a fraud department that tracks cases.
  7. File a police report in your city and state of residence. You are a victim of a crime. At your earliest opportunity, obtain a copy of the police report.
  8. Send copies of your affidavit of fraud, the police report, any other supporting documentation proving identity theft to the medical billing department and any additional collection agencies which may be involved. Please remember to mail this documentation certified, return receipt requested.
  9. Once the provider agrees this is a case of fraud or identity theft, get that agreement in writing and keep it in a safe place forever. This is called a Letter of Clearance.

While this seems like an overwhelming amount of activity to clear your name, it is not. It will be difficult and you will be angry that this has happened to you, but it can be rectified. If at any time you need additional help or have questions you can always call the Identity Theft Resource Center at 888.400.5530 to speak with a live Victim Advisor who is trained to help you through this process. There is also additional information on the Identity Theft Resource Center’s website which may be helpful.

If you have scratched below the surface of the avalanche of articles on identity theft, scams, cyber-security, or related topics, you have probably run across the term “spoofing.” However, even many of us that work in the field are not very good at explaining to others what the term means, and the various ways the term might be used. So, here goes….

From www.dictionary.com:

spoof; noun

  1. a mocking imitation of someone or something, usually light and good-humored; lampoon or parody: The show was a spoof of college life.
  2. a hoax; prank.

In the context of cyber-security and related subjects, “spoofing” means providing false information in order to make the intended victim think the communications has come from either someone they know, or a business or entity that they would tend to trust. However, there are a number of types of “spoofing”, some more technical than others:

  • IP spoofing is a technique used to make a computer user think that a particular Internet IP being presented is a safe computer/server, and should be trusted. Most of us don’t directly confront this type of spoofing, and probably are unaware of how it works. Just like phone numbers, IP addresses are supposed to signal a unique address or location across the Internet, so faking an IP address can be used by criminals as a method of becoming part of a trusted network. A consumer is unlikely to be directly confronted with IP spoofing, unless they are working in a technical field.
  • Caller ID Spoofing is used to make an incoming call present a phone number that the intended victim might know or trust. However, the number appearing on the Caller ID is not the real calling number, and “spoofing” the number is used for exactly that purpose, to gain trust in a situation when none should be given. With the advent of VOIP or Internet-based phones, the ability to make an incoming call look like it was from San Diego, when the caller is in Russia, is a fact. Caller ID cannot be trusted to determine anything about the caller. Caller ID Spoofing is done quite often, and the average consumer is often in the dark as far as knowing who is really making the call. If in doubt, the best policy is to disengage from the call, then look up the company by name, and call a listed number for the company to inquire about the contact. It should be remembered that people who do business with you already have the information about you, your account number, etc. It is an entirely different situation if you call the company, and are asked for credentials before they will discuss your business with them. However, if the call is coming from them to you, they are the ones that need to prove who they are before you give them any information. Be warned!
  • Email Address Spoofing is probably the most common type of spoofing. Most of us have seen this many times on incoming email, although we may not have recognized it. All of us observe the senders name/address on incoming emails to see who the sender might be, and whether we think about it or not, we tend to give credibility to that email based upon any previous knowledge we may have of the purported sender. Spoofing the “From:” address is often done as part of a fraudulent scheme. If the “From:” address makes you think the email should be trusted, then you are much more likely to click on a link or take other action, or otherwise give some credibility to an email that is coming from a complete stranger, and possibly a thief. Many of the emails used in “Phishing” schemes will have spoofed sending addresses. In fact, a more deadly form of this attack, called “Spear Phishing” uses email addresses from someone recognized as an authority, such as a highly placed executive of your company, to make your response even more likely. You are not going to turn down a request from your Vice President are you? And, it’s a given that website links in these spoofed emails cannot be trusted: they are spoofed also, and will very rarely point your web browser to the address that the link purports to be. Altogether, it is wise for all of us to be wary of incoming email, unless we are very sure of the sender and the authenticity of the message.
  • SMS or Text Spoofing: In a similar fashion to Caller ID and email spoofing, it is also possible for a text message (SMS) to appear to be from a trusted source, while it really is from a quite different sender. In a manner similar to other types of spoofing, be very aware when a text message invites you to take actions, or strongly implies a course of action that you had not anticipated. Like other forms of spoofing, the best answer is to be suspicious and fact check, before you act.

Spoofing is a part of the world we live in now, and it is a key element of the “social engineering” used against consumers in attempts to commit fraud and identity theft. Being skeptical and checking information by other means is really the key to avoid becoming a victim.

If you found this information helpful, you may want to consider taking part in the Identity Theft Resource Center’s Anyone3 fundraising campaign.  For more information or to donate please visit http://www.idtheftcenter.org/anyone-3.

These days we hear a lot about “the cloud.” There are services encouraging you to upload your data to the cloud, and you can access it from anywhere and easily share files with others. But the flip side is the fact that you’re pushing your personal information from your own computer to data centers where you no longer have control over it. If you backup your computer to an online, or cloud, backup service, how do you know your data is safe?

What Is Cloud Backup?

Let’s first define what a cloud backup provider is: a cloud (or online) backup service consists of an application that runs on your local computer which copies files to an online data center. In the event of a hard drive failure, theft, fire or flood, you can then restore (or copy) your data to your replacement drive and not lose any files.

Cloud Backup Encryption

Many files contain personal information, which should remain confidential. In order to do this, cloud backup services encrypt the data before transmitting it. Most services use at least 128-bit encryption (the same as banks use) and will transmit the data via a secure connection. To decrypt the data, your private key is required. Without it, the data is useless.

To make online backups easy for customers to use, providers typically will store the private key for you. After all, if you lose the key, you can’t get the data back. But, this means that with a court order, these providers can use your private key (which they store) and gain access to your data. To prevent this, create your own private key and either memorize it (it can be any length you’d like) or save it to another location (don’t save it to your hard drive, as if the hard drive fails & you can’t read the key file, you won’t be able to decrypt your backup set).

Cloud Backup Best Practices

Maintaining your own private key is a good step in securing your cloud backups, but the file structure is still saved in a non-encrypted format. So, if you have a filename or folder name that contains personal or confidential information (such as bank_accounts/5675196254.xls), the filename can be read and data assumed without even decrypting the file. To combat this, look for a service which not only encrypts the data, but also the filename and folder structure.

Local Backup: An Alternative

Keeping a local backup of your data is often cited as an alternative to a cloud backup solution. The argument is that it’s cheaper (buy a 1TB drive for under $100 and add $20 for some backup software) and faster (a full local backup takes a few hours, a full online backup can take weeks). However, if you choose to backup your data to an external hard drive, make sure the data is encrypted. No need to make it easy for a thief to walk into your den and snag all of your data.

When compared to local backups, the online service can be more affordable (it’s easier to pay $5 per month than it is to shell out $120 all at once) and while the initial backup is slower, subsequent backups only transfer the files that change, making them just as fast as the local option.

Summary

In the end, having an online backup with the default encryption choices is still a better bet than no backup at all. Cloud backups give you remote access to your files and protect you when your hard drive fails (all hard drives fail – it’s a matter of “when,” not “if”). Knowing the different encryption options will help you choose the best online backup service.

Eric Nagel is owner of OnlineBackupsReview.com, a site which reviews various online backup services. He’s been covering the online backup industry since 2008.

While more light still needs to be shown on all the electronic data breaches that are occurring every day, the less flashy and attention-getting forms of attaining personal identifying information should not be overlooked. These “low-tech” strategies for stealing one’s information include stealing wallets or purses, mail theft, sifting through dumpsters for documents, and spying over your shoulder while you handle personal identifying information. The easiest of these forms of identity theft with the lowest risk of detection is looking for your documents in the trash, otherwise known as “dumpster diving.” It is of utmost importance to be vigilant against these forms of theft and one of the easiest ways to minimize low-tech ID theft is to keep a shredder handy around your house or office.

document shreddarThe Identity Theft Resource Center maintains a cutting edge Data Breach Report on the type and number of data breaches in the United States. While electronic data compose the overwhelming majority of data breaches, paper data breaches still make up over 15% of all data breaches reported so far this year. While 15% may seem low, people must be aware that paper breaches can often be much more devastating than electronic breaches. While an electronic breach can be just as devastating, the information compromised in an electronic data breach may be just an e-mail address, a password, or user name.

With Congress starting to take notice of cybersecurity, it is likely that low-tech ID theft, especially paper breaches, may increase as businesses begin to make a greater effort to upgrade their information technology systems. Paper breaches will often have significant amounts of your personal identifying information (PII) with extras such as what your signature looks like, fingerprints, or copies of your photo identification in a file. This is the mother lode for an identity thief. Now, the safest route to take is to simply shred every single piece of paper you throw away, but obviously not everyone wants to take the time and effort to shred that much paper on a daily basis. While you do not have to shred everything, you should always shred the following documents as soon as possible: tax returns, bank statements, credit card offers, old photo identification cards, pay stubs, convenience checks, canceled checks, old Medicare cards, and canceled credit cards or debit cards.

These documents all contain sensitive personal identifying information that an identity theft can use to do considerable damage to you. Use a crosscut shredder, which means that the shredder won’t just cut the paper into long lines, that cuts the paper being shredded into hundreds of pieces which makes it virtually impossible for an identity theft to put back together. For documents containing PII that you must absolutely hang onto, the best thing to do is to scan these documents onto your computer, transfer them to a thumb drive, and then delete them from your computer. Store the thumb-drive either in a safe storage area like a safe or hide it somewhere that a thief would have trouble finding it.

“Shred for Your Protection” was written by Sam Imandoust, Esq. Sam serves as a legal analyst for the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

Progress in technology is occurring faster than ever before in human history. The wealth of information now at our fingertips makes things possible that were unthinkable even a few short years ago. One of these is an interesting new development in law enforcement tactics. The use of digital data, stored on sites like Facebook, or GPS tracking data harvested from your smartphone is being utilized by law enforcement to both track and convict criminals of crime. Utilizing technology as a tool for law enforcement is not a new concept, nor is its effectiveness in dispute. The use of such tactics is not without controversy however, and privacy advocates are expressing concern as to the morality and legality of using someone’s personal webpage against them.

phone

In January of this year, The U.S. Supreme Court for the first time limited police power to track people using GPS devices, setting a general standard for the privacy rights Americans should expect from a new generation of wireless electronics. From now on, law enforcement officers can expect that using GPS information to track and build evidence against a suspect will be scrutinized carefully if it is done without a warrant. Probable cause will need to be established. Essentially, the court ruled that the 4th amendment does extend to electronic surveillance of this kind. However, the divergent opinions expressed by the court leaves in doubt just exactly where the line will be drawn as to what will constitute an invasion worthy of 4th amendment protection. That line will need to be defined by future litigation, but what is already clear is that the court recognized technology’s ability to peek into our personal lives in a way that is new and unprecedented. And the court ruled that the 4th amendment in certain situations can and should provide us some protection from these intrusions.

The use of Social Media sites like Facebook and Twitter by law enforcement is also coming under scrutiny. Following the London riots of last summer, the New York Police Department formed a special unit to monitor gang activity on social media sites, and found it to be an incredibly effective tool. Criminals often post things indicating everything from gang affiliation, to evidence of the commission of a crime. The FBI too, has adopted similar tactics, with similar success. This notable success in preventing crime has been both cheered as groundbreaking, and criticized as an improper invasion of privacy. It’s hard to argue that a criminal boasting of committing crimes on social media pages has much expectation of privacy, but what is unclear up to this point is just how police go about getting information from social media, and what the standard of conduct is or should be related to viewing and extracting information from a potentially personal webpage.

What is clear is that as technology grows ever more advanced, the balancing act between increased connectivity and expectation of privacy will be ever more difficult.

“Phone and Social Media Tech Now Being Utilized by Police: Effective New Tool in the Fight Against Crime, or Invasion of Personal Privacy?” was written by Matt Davis. Matt is a Victim Advisor at the Identity Theft Resource Center. We welcome you to post/reprint the above article, as written, giving credit to and linking back to the ITRC Blog.

An article from Private WiFi’s CEO, Kent Lawson, raised interesting points about online privacy attitudes among younger people.

The article presented some interesting thoughts from Ella Hickson, a young playwright. Ella notes she is more aware of the value of privacy and puts forth the idea that most of the younger generation thinks in terms of an “inner circle of friends” and “our public self.” She further relates that we want this public self or persona out there “on billboards,” and that the whole point of this carefully constructed and controlled persona is that “it is seen.”

As she noted in the piece:

“I think the kind of ‘all hanging out there’ that we see on social networking sites, etc., is more duplicitous than it seems. The things that we have total access to are, of course, highly controlled by those that are putting it there for the most part. Very rarely is anything being posted ‘about’ someone that they aren’t posting themselves.”
I can’t disagree with Ella, and find her comments very insightful. Most postings on social networking sites are carefully controlled by the person who “owns” the page. We can think of this persona as our billboard where we advertise the self we want people to see, and what they get to see is very definitely filtered by what we want them to know about us. She is absolutely correct in that we don’t put our dirty laundry on Facebook, just the “good stuff.”

Where I see a flaw in her outlook on privacy is in a lack of knowledge about how many different types of exploits are used to trap personal information, both for “legitimate” marketing purposes, and by those who wish to do us harm.

It should be remembered that in regarding social media sites, we users are their income stream, not their customers. Their customers are the many entities that want to access our information for sales and marketing purposes. Mobile apps and social networking apps and games want access to our user information for a marketing reason.

And, many of those who would do us harm are very bright and capable, and find many ways to “social engineer” or otherwise exploit our public presence to gain information that is then used to harm us.

Preventing Online Crime

Stalking, identity theft, scams, and other criminal acts all succeed best when the perpetrator has knowledge of his or her intended victim. The fact that the information the criminal started with was our public information does not make it any less useful. As an example, about a year ago I spent a few hours investigating geo-tagging,” which is where a cellphone or smartphone takes a photo and embeds the GPS location information directly in the image file. Most current phones with cameras have this ability, and each device may or may not be configured to geo-tag each photo.

Having read about this, I was curious to find out whether photos posted to Facebook would have the information, and whether it was difficult to use. I downloaded about 20 photos from a variety of friends’ Facebook pages. Most did not have the embedded location information, but four of them did. Using that information and Google Maps, I was able in a few seconds to see the location, and even zoom in and look at the home involved.

That’s more than a little scary – that’s a great tool for a Facebook stalker.

The point I am making is not specific to this one type of exploit, but rather that we should all be very careful about having a complacent attitude regarding our privacy and security. Certainly there is a lot of our personal information “out there in the cloud,” and being used by a large variety of companies with which we have dealings. But there is a significant area of “privacy responsibility” that resides directly with each individual. In that context, it is a really good idea for all of us, including twenty-something young adults, to also pay close attention to our public persona.

Ask anyone who has been denied a job because of party pictures shared publicly; that is not identity theft, per se, but it certainly can have an impact. The point is that collecting a variety of information about an individual is a fairly powerful way to build an identity profile, and what you publicly post is certainly a great starting point.

This article was originally posted by PRIVATE WiFi, a personal VPN software that encrypts your data in public wireless hotspots. Using our easy software prevents identity thieves from hacking into your emails, online banking, social media accounts, and other personal information. To sign up for a FREE three-day trial, visit privatewifi.com.

We welcome you to post/reprint this article, as written, giving credit to the author and linking back to www.private-i.com.

I am one angry lady right now. My name is Nikki and I am the Social Media Coordinator here at the Identity Theft Resource Center. Something just happened to me that I had read about, but like everyone else had decided it would not happen to me. Yes…my Pinterest was hacked. For those of you who don’t know what Pinterest is, it is a social networking site where you can “pin” pictures to your “boards” so that you may go back later and find them. It is a visual social bookmarking site if you will. While I am not as obsessed as many users, I have thoroughly enjoyed pinning items to my craft board so that I can go back later and look when I have time.

Last month I worked to spread the word to consumers about the scams that were running rampant on Pinterest, but I did not think it would happen to me and the small amount of pins I had acquired. I was wrong. Just now I happened to come across a Facebook post about how to make a very cool iPad case using wallpaper so I thought I would go ahead and pin it so I could check it out later. This is when the trouble began.

I have several different “boards” on my Pinterest to organize what I find online, but the board to which this particular link wanted to post to was called “Make Money Online”. Fairly certain that I had not created that board, I logged into the site and found that several boards had been created and items had been pinned to them. The pinned items, when clicked on, would lead someone to either an online job scam or a malware download.

Now, because of my work experience at the ITRC, I was able to recognize this and delete these boards before clicking on them. I changed my password and looked through my profile to be sure nothing else nefarious was going on. But I wonder how many people would actually know to do that? I also wonder if the Social Media Coordinator at the Identity Theft Resource Center had something that I just wrote about happen to me, then how often is this occurring?

Needless to say, I understand that having some malicious linked pinned onto your Pinterest boards is not as devastating as having your checking account taken over. However, it did really make me feel vulnerable and a bit violated. In the end, the lesson was learned to check my Pinterest more often than once a month. I advise that you do the same.

“My Pinterest Got Hacked” was written by Nikki Junker. Nikki is the Social Media Coordinator at the ITRC.