For many people, the holidays are a time for thinking of others. But now more than ever, it’s important to give yourself an extra special gift this year, the gift of identity protection. Just like any other kind of gift giving, there are a wide variety of options to meet every budget.

Free – What’s better than the perfect gift? A free perfect gift! Luckily, there are lots of things you can do for your privacy that won’t cost you a dime, but that can do wonders for protecting your data:

  • Install a VPN – A virtual private network is a “tunnel” onto the internet that lets you surf the web away from prying eyes. Many quality VPNs offer a “freemium” account, meaning the lowest amount of data is free but there are monthly subscriptions if you need more. If the free level fits your budget best, you can turn your VPN on and off when you need it most, such as for logging into your bank account or paying your credit card bill online.
  • Check your credit reports –  You can request one free credit report per year from each of the three major credit reporting agencies. If you stagger your requests—one in January, one in May, and one in September, for example—you’ll get an ongoing peek at your credit report throughout the year. Click here for the list of agencies, their addresses, and their requirements for requesting your report.
  • Text alerts – Finding out that someone is using your identity is upsetting enough, but finding out months or even years after the fact can be devastating. You can work to prevent that kind of discovery by signing up for alerts, when available, with different companies like your credit card company and your financial institution each time your accounts are used.

Low to Medium Cost – There are a few items that come with a modest price tag, but can be good investments towards your identity protection:

  • A personal shredder – Your personal documents are a sought-after source of information for identity thieves. A home model cross-cut shredder can help you dispose of identifying information before anyone can gain access to Shredding papers like health insurance statements, bill stubs, credit card offers, and anything else that can be traced back to you is a good idea.
  • Document destruction service – If you have the volume for it, signing up for a document destruction service may be right for you. It’s especially important if you own a business that is responsible for other people’s sensitive information. Some services will notify you when they’ll be in your area with their mobile shredding vehicle, while others will actually place a locked bin at your home or office to secure the documents until they retrieve it.
  • Software – The VPN mentioned above can also be had for a nominal cost, and it’s a good idea if you spend a lot of time online using sensitive information. Of course, strong antivirus and antimalware software are very important, no matter what level of tech user you are; prices for this software run a fairly broad spectrum, so read up on which one would be right for your needs before you buy.

Higher Cost – For some people, a higher price on personal protection is worth it. It may be true for anyone who has already had information compromised, or who has the type of job or income that makes them a particularly lucrative target for hackers and identity thieves:

  • Credit monitoring – There are services that offer different levels of protection at different price points, and they will actively monitor your credit report for anything out of the ordinary. You can be alerted immediately if anyone opens a new line of credit using your Social Security number, for example.
  • Data breach insurance – Again, if you own a business that handles other people’s sensitive information, you might be interested in paying for data breach insurance. This covers you in the event your network or computers are hacked and your customers’ information compromised. Depending on the coverage you choose, it may pay for your customers’ credit monitoring in the event their information is stolen through your company.

No one can prevent every kind of cybercrime or identity theft, but the small changes you make now can help you be less of a target. Connect with the ITRC through our toll-free call center at (888) 400-5530, or on-the-go with the new IDTheftHelp app for iOS and Android.

If you’ve been using technology for any amount of time, hopefully, you understand the need for sound password security. By using a secure, unique password on all of your accounts, you can help minimize the risk of account takeover and identity theft. However, a strong password isn’t foolproof.

study by Google and UC Berkley found that hackers manage to steal nearly 250,000 usernames and passwords every week, simply by asking for them in phishing emails…and that’s only one method of a cyberattack. That doesn’t even take into consideration the theft of this data by methods like keylogging, viruses that sift through your computer for information, and data breaches.

One newly deployed security measure that’s gaining ground with businesses and experts alike is the verbal passphrase. This is a spoken word combination or statement that the account holder must say before the representative can share any details or take any action on the account. By requiring this phrase, you’re able to verify your account ownership without having to speak sensitive information like your birthdate or your Social Security number.

A verbal passphrase also solves another common identity theft problem: rampant requests for verification from outsiders. Too many phishing attempts contain the same all-too-believable story, namely that there’s a problem with your account and they need to you to verify your username and password. What intelligent consumer wouldn’t be concerned enough to fall for it? Even though sources have warned consumers repeatedly not to fall for the old “account verification” ploy, it obviously happens hundreds of thousands of times a week.

With a verbal passphrase, even the customer service rep might not have access to your more sensitive information. Why should they? They wouldn’t need it if you were able to clue them into your identity with something as simple as, “It rains a lot on my birthday,” for example.

This method of securing your account works to fight some problems, and it’s another tool in your privacy toolbox aimed at keeping prying eyes out of your information while allowing you easy access. Adding this step, alongside things like password security, two-factor authentication, and good habits involving emails or texts can help reduce your risk of losing control over your accounts.


If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.

Ever since the concept of sharing your personal life on the internet became a reality, social media users have been warned about everything from oversharing to privacy settings to avoiding cyberbullies. But there’s another evil lurking in the background of your last Facebook post, and it can lead you to hand over all of your money.

One member of the military stationed in California found this out the hard way when a scammer contacted him by phone, claiming to be a representative of his bank. The caller explained that there had been fraudulent activity on the soldier’s bank account. The caller then said a new account had been opened for the soldier and they simply needed the authorization to transfer all of his funds into the new account. The soldier complied, grateful that his bank was staying on top of things and looking out for him.

Unfortunately, the new account number was not in the soldier’s name; once the funds were transferred, the scammer emptied the account and the money was long gone.

Why would someone fall for a scam like this? Because the scammer had a lot of detailed information about the soldier’s whereabouts and activities over the course of the previous few weeks, especially a trip to Hawaii. All of the information used to convince the victim that this was genuine was likely gleaned from his Facebook posts.

When you’re posting online, it’s important to keep a few things in mind:

1. Am I oversharing?

Oversharing is a touchy subject because isn’t the entire point of social media to let the people who care about you and your opinions know what’s going on? Yes, to a degree. But stop and ask yourself if some things really should be posted. Vacation photos can wait ‘til you get home (just remember that a scammer could use that information as in the scenario above), and other information like the purchase of a new car or a child’s accomplishments can be toned down to avoid inviting scammers.

2. Are my privacy settings strict enough?

While there’s a chance the scammer who targeted the soldier’s bank account could still have found some of the information another way, strict privacy settings could have kept the caller from knowing such highly detailed information. Make sure you know who can see your content and how to control it.

3. Who is this new friend request? OR, I thought I was already connected to Mike from accounting?

One easy way for scammers to see your social media posts is to send you a friend request. They can initiate a new contact and look to be someone you might like to connect with, or they can “spoof” an existing account that you’re already connected to. If you suddenly get a friend request from someone you should already be connected with, get in touch with that person before you accept the request and find out if it’s real or not.

Finally, regardless of what you post, this unfortunate situation serves as a dire warning about how you interact with “faceless” entities. If you receive a phone call or email about an account you own, do not take any kind of action just because someone contacted you. Thank them for the information, end the call or message, then reach out to your account company directly to find out what’s going on.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

A number of tech companies have launched virtual home assistants. These voice-activated devices function as virtual assistants, doing everything from playing music to answering questions to ordering goods and services for you.

These devices have already raised a number of concerns about privacy. In order to function properly, they’re “always listening,” meaning they are waiting for their wake word to activate them. They begin recording your voice at the first hint that you’ve said the wake word and can store your voice recordings and report those back to the company’s servers. The companies themselves are also using your interaction with your device to tailor it to your preferences, improve the product, suggest new purchases, and more.

Essentially, users have had to decide if knowingly giving up a little privacy is worth the increased convenience. From the sales figures for these devices, it appears that many customers have decided yes, it’s worth it.

After unveiling its connected device and spending significant amounts of money on the product, one electronics manufacturer has decided to pull the plug on its own virtual assistant. Mattel, known around the world for children’s toys and electronics, was slated to launch a kids’ version of these devices called Aristotle. The intention was that the device itself would interact with your children, while also serving parents as an electronic monitoring system and shopping service.

Aristotle could read stories, sing songs, alert you to deals and specials on diapers, and more. If it sensed the baby crying, it would play a soothing song or turn the lights on low to calm the child before parents had to intervene. Its installed camera could let you watch your children from your smartphone or another mobile device over Wi-Fi. Some review sites had even referred to Mattel’s new product as a “virtual babysitter,” allowing you to monitor your children when you weren’t there.

The alarm bells are deafening. Mattel has already had a brush with cybersecurity doom in its interactive Hello Barbie that allowed hackers to access the doll’s microphone, stored account settings, and more. In light of the potential harm from hackers who could access the child-centric AI device and the misperception that Aristotle will watch your kids while you go out for the evening, Mattel has now ended the product and will not be releasing it.

This is good news to privacy advocates and parenting experts. “Young children shouldn’t be encouraged to form bonds and friendships with data collecting devices,” the Campaign for a Commercial Free Childhood wrote in a letter to Mattel. “Aristotle will make sensitive information about children available for countless third parties, leaving kids and families vulnerable to marketers, hackers, and other malicious actors. Aristotle also attempts to replace the care, judgment, and companionship of loving family members with faux nurturing and conversation from a robot designed to sell products and build brand loyalty.”

It’s important to know that Mattel has broken the mold here: the decision to cancel an expensive product before releasing it demonstrates the kind of forward thinking that isn’t always in place when it comes to cybersecurity. Too often, a device or platform is launched and then repeatedly “patched” as more and more security flaws are discovered. By then, the damage has been done. To the toymaker’s credit, the company looked at the potential privacy pitfalls and decided not to release a risky device.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Security and privacy experts have cautioned people for quite some time about being too “braggy” on social media, indicating that certain posts can come back to haunt you.

It doesn’t take a lot of imagination to envision someone breaking into your home when you post vacation photos while you’re at the beach, and that very behavior has been warned about for a long time. It’s even become a pop culture joke, with social media users saying things like, “Sure I’m in Paris, but my brother is house sitting… don’t bother coming over!” But the new trend of people actually posting photos of their boarding passes, passports, and other key travel documents is actually far more dangerous than possibly inviting a thief to your address.

Boarding passes contain a short security code, which basically serves as a temporary password on your ticket. Airlines issue these to compartmentalize your information. When the barcode or QR code on your ticket (or on your smartphone’s screen) is scanned, some pieces of your personal data may pop up there as well like a frequent flyer number, passport number or date of birth.

It takes no effort for someone with the right know-how to read the information from your posted picture, log into your account, and wreak havoc. Some possibilities include taking ownership of your ticket, printing themselves a new boarding pass, changing your passport number in the account to reflect someone else’s identity, accessing your frequent flier miles, and even purchasing new tickets for themselves on your dime.

Yet, this behavior is inexplicably common. According to one source, there were 92,000 search results on photo-sharing social media site Instagram that contained the hashtag “#boardingpass.” These include everything from a photo of a smiling person clutching the small piece of paper to photos that are actually fully zoomed in so the complete information is available.

All the experts can safely tell you is that this behavior is awfully close to throwing your identity out there for the internet to use. Take the safer route and wait to post a picture until you have something neat to share from your trip.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There’s a popular app—currently, the third most popular free app for iPhone and iPad, with more than 62 million users worldwide—that is not only a parents’ nightmare for their kids’ health and well-being, but is also a privacy pitfall.

Called Sarahah and developed by Zain al-Abidin Tawfiq, the app is supposed to let the user’s connections leave anonymous compliments to brighten their day, along with “constructive criticism.”

Perhaps there was some honorable intent behind it. After all, how do you tell your co-worker that he has a problem with bad breath, or tell your best friend that her fiancé is having an affair? Unfortunately, that’s not the kind of “helpful” criticism users have reported receiving. Instead, there have been character attacks, hateful rhetoric about users’ lifestyles, racist hate speech, and even instructions to “just kill yourself already.”

What makes the messages even worse is the functionality of the app: these statements supposedly come from someone you know, which is far more damaging than hate from an anonymous stranger on the internet.

Now, researchers have discovered yet another problem with Sarahah. As in any instance in which someone makes an app available for free, there’s got to be a monetization trap-door. If the app isn’t making money through things like in-app purchases or advertising, then there’s a very good chance the terms and conditions of the app allow for data gathering and sale to third parties.

According to Zachary Julian, senior security analyst at Bishop Fox, Sarahah nabs your entire address book from your contacts and email account, then uploads it to its own servers. The company issued a statement shortly after the discovery, stating that it was designed to help your contacts find you on the app and that this functionality will be removed in later versions of the app. However, that information is a goldmine to advertisers, spammers, and hackers. The ability to grab 18 million people’s contacts lists can easily mean exponentially larger pools of potential spam recipients and scam victims.

It’s always important to understand the flaws in the latest software craze before you unleash it on your device and to investigate these apps and platforms thoroughly before installing them. Your data, your identity, and even your physical safety can be at risk.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

A case that will be decided before the US Supreme Court has brought some unlikely supporters together. Fourteen major tech giants have all voiced their support for increased consumer privacy protections, including a well-known telecom provider.

Verizon has long been known for cooperating with law enforcement and government agencies when it comes to customers’ data, but much of that stems from a ‘70s-era ruling concerning the communications providers. When that ruling was created, the most a search of a specific landline telephone account could provide was call length, location, and who placed the call. It didn’t indicate the content of the call or the actual identity of the person who engaged in the phone call.

Now, however, everything has changed. Today’s cellular phones can provide the full content of text messages and emails, GPS coordinates to the various locations where the phone had been used, voice recordings of calls and messages, geotagged photographs, biometric markers like fingerprints and facial recognition, and address books filled with hundreds of contacts. And that’s why Verizon feels that there needs to be a fresh look at the laws protecting individuals’ privacy.

The case before the Supreme Court, Carpenter v United States, actually focuses on the specific location information that a cell phone provides. Law enforcement officials are able to follow the phone as it “pings” different cellular towers, as well as triangulate the phone’s position based on multiple towers. That means the police can place the suspect at the scene of a crime at an exact moment in time; attorneys argue that this violates the individual’s Fourth Amendment rights unless the officers have a search warrant.

There are always different sides to any legal story, and in order to reach the country’s highest court, the issue must also address a never-before-heard series of arguments. That’s precisely the stand that Verizon, Facebook, Apple, Microsoft, and other companies who’ve filed the brief are stating: the times are changing, the technology is evolving, but we’re still relying on laws and rulings that were made in a time when the industry couldn’t have even envisioned the smartphone. This case serves as an important reminder that our legal protections and our privacy rights need to keep up with the latest technology, perhaps more now than ever before.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

In the digitally connected world we live in, we sometimes discover that increasing our convenience means sacrificing some of our privacy.

Unfortunately, there appears to be a growing consumer mindset that giving up your personal information, your daily activity, and your physical location are just the price you have to pay to use that latest in time-saving technology.

One company that has come under fire over the years for a lax approach to customer privacy is Uber. The ride sharing company’s model is truly a game changer in the world of freelance-driven customer service, but their entire function hinges on knowing where you are by tracking your cell phone. It’s literally how a driver knows where to and when to pick you up. The ease with which you can find a ride depends on the driver who is closest to your location being able to take the fare.

As a result, Uber has faced a laundry list of privacy complaints, some of them intentional and some purely accidental. For its part, the company’s stance tends to be that they cannot increase productivity and reduce customers’ wait times without access to this level of private information.

The trade-off for the customer is that software developers and engineers cannot make improvements to their products without analyzing data about how well the system works. In Uber’s case, though, everyone from the driver to the IT department to the marketing department had access to your location, your cell phone’s unique identifying serial number, and more. In light of efforts to improve their public image and increase customer trust, they’ve now unveiled an open-source software tool that can still allow them to improve their business model without exposing your information to an endless line of employees.

Uber’s new FLEX system relies on what they’re calling “elastic sensitivity.” It means giving users only the information they need to do their job without letting them see data they don’t need. By making this tool available in the open-source format, Uber is encouraging other companies to use the tool, tweak it to suit their business needs, and even improve it for everyone involved.

This renewed focus on privacy couldn’t come at a better time for both Uber and the public. Data breaches continue to set records each year for the numbers of events that have taken place, especially in the Business sector. While many people think of highly-skilled hackers in these breaches, in far too many cases it occurred accidentally as a result of an employee unintentionally exposing the victims’ data or by an “insider” who has access to the information. More efforts such as this one could lead to a dramatic improvement in preventing both of those kinds of needless data breaches.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Privacy continues to be a hot topic right now, and fortunately, there are some pretty strict laws in effect to help ensure that you have a measure of control over your information. While these laws can and do get broken all the time, they still serve as a safety net that provides for legal prosecution following wrongdoing.

When a new technology or capability crops up, privacy advocates immediately start to wonder how this will affect people and their data, and a recent report about tech giant Apple has experts pondering the pros and cons. The innovators behind the iPhone, iPad, and a host of other advancements are looking into a way for consumers to store their complete medical histories in their iPhones.

This isn’t to be confused with the information in your device’s pre-installed Health app. That app will store optional information like your height and weight, your blood type, and your emergency contact, along with serving as a small fitness tracker to give you a sense of how much effort you’re putting forth. Instead, Apple is talking about records like your last blood test, that MRI of your knee that you had three years ago (complete with the actual images), and so much more.

If you’re the least bit privacy-minded, you should check your fitness tracker now because your heart rate probably just shot up a little. In this era of record setting data breaches, hacking events, and ransomware attacks, the last thing you might want is a handheld device storing your most personal physical data.

But at the same time, if you use your smartphone the way most consumers do, it can already provide a thief with access to your bank account, your address, your account logins, pictures of your children, and more. If you’re able to safeguard your phone to the point that you can keep a criminal out of your bank account (typically with things like a strong password and two-step authentication), you can keep him out of your medical records, too.

Why would Apple even want to consider putting consumers at this much risk—while also taking on the potential liability for having a billion customers’ medical data compromised? Currently, the process of exchanging medical information among different doctors’ offices and hospitals is not streamlined. It involves privacy waivers and records requests, and then there’s the issue of tech compatibility; not all facilities use the same systems, so sometimes they share your files and those records can’t be opened by the person requesting it. Apple’s plans would make the process of sharing vital data more straightforward and completely compatible.

As with all new innovation, there are security concerns that have to be thought out and addressed. Some innovation might seem invasive or even scary, but many of those concerns can be overcome with thorough understanding of the technology involved and strong safeguards.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

For a few years, medical researchers have been working on technology to make our medical care safer, more comprehensible, and more accessible. Things like the internet of things-connected devices have included pacemakers that send data readouts to your cardiologist over wifi and glucose meters that tell your insulin pump how much of a dose you need. These connected medical innovations have helped patients around the world. Unfortunately, they’ve already gained the attention of cyber criminals, too.

In the handheld device realm, there have been a wide variety of apps for tracking everything from your weight to your blood sugar readings to your ovulation calendar. With those apps, the user gets their personal information from a separate external source and then logs it into the app to get an overview of their health. Now, however, medical developers have moved towards a more streamlined approach; several companies have created devices that literally interact with the smartphone itself, such as a blood glucose meter that actually plugs into the device’s headphone jack and processes the blood sample on a strip at the end. The phone’s screen then displays the results and stores the information in the associated app.

Now, the medical community has harnessed the power of connected communication with a new approach to affordable and ease of access medical care. Downloadable apps have allowed mobile device users to “visit” their doctors for common ailments and triage services through video chats.

Different app companies employ doctors and nurse practitioners who take appointments or virtual walk-ins for everything from stomach bugs to earaches to the common cold. These apps let individuals see to their own care rather than taking off work, waiting in a doctor’s office for hours, and ultimately finding out that they have a common ailment. They also allow doctors to see their patients and discuss the symptoms, as well as prescribe medications and order lab work from a local facility while deciding if more in-depth, in-person care is warranted.

But where does the hacker come in? IoT medical devices have already been found to be vulnerable to hacking, and aftermarket medical add-ons can suffer the same security flaws. At the same time, doctor visit video apps are a genuine medical visit, meaning that HIPAA regulations apply, medical records are established and stored, insurance claims are filed, and payments are made. Any of those characteristics can open the door to identity theft if they’re not handled carefully especially in the cases of medical data breaches…

TIP: Updating your mobile privacy settings and not connecting your apps to unsecure public Wi-Fi networks is a great place to start when it comes to protecting your sensitive information.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.