Posts

In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

When new technology comes along, it might take a matter of years or only a matter of days for a highly-skilled hacker to figure out a way to break in. With any luck, the person who breaks into the system is what’s known as a “white hat hacker,” or someone whose expert-level skills are put to use helping stop criminal activity instead of benefitting from it.

When security analyst Ryan Stevenson breached Comcast’s Xfinity website portal, it seemed like a frighteningly easy task. It simply required him to match up readily available IP addresses—basically, your computer’s code name onto the internet—with the in-home authentication feature that lets users pay their bills on the telecom provider’s website without having to go through the sign-in process. Another vulnerability allowed Stevenson to match users to their Social Security numbers by inputting part of their home mailing addresses—something that the first vulnerability exposed—and guessing the last four digits of their SSN.

Guessing the last four digits of someone’s SSN might not sound that easy, but it only takes seconds for a computer to do it with the right software. The flaw in the website allowed the computer to make an unlimited number of guesses for a corresponding mailing address, so it took very little time for the code to reveal complete Social Security numbers.

This vulnerability is believed to have affected around 26 million Comcast customers.

Comcast issued a patch a few hours after the report of the flaws. The company responded to requests from news outlets with an official statement to the effect that they have no reason to believe anyone other than Stevenson accessed this information. They also don’t believe that the vulnerabilities are related to anyone with malicious intent. Just to be safe, though, the company is continuing an investigation into how the flaws originated and how they might possibly have been used.

In the meantime, Xfinity customers would do well to monitor their accounts closely. This could potentially affect other accounts, not just their telecom service accounts, as Social Security numbers, names and mailing addresses were visible.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.