Posts

Your Passport and Your Identity

A recently-discovered data breach of the Starwood brands of Marriott International’s hotels has left consumers and security advocates alike scratching their heads. At the heart of this confusion surrounding the theft of data for around 500 million guests is passport security, or more accurately, the need to safeguard both your physical document and its number. So assuming that your passport was affected, what do you do?

According to numerous sources including the US State Department, your passport number on its own is not a highly valuable piece of information for a hacker. However, when combined with some of the other data points that were compromised in this breach, your number could possibly be used to craft a more complete profile for identity theft – or allow for an identity thief to generate a synthetic identity with more validity.

First, if the physical document is lost or stolen, that is absolutely an urgent matter. You should report it to the proper authorities—namely the State Department who issues them—so that there is a record of the missing document. If it is used for identity theft or fraud, you will have already filed it as missing.

Read: What To Do If Your Passport is Lost or Stolen

But in the case of this data breach where only the number was compromised, your recourse is a little different:

1. If only the number and not the actual document is stolen, don’t be too quick to replace it. Since the number by itself does not directly result in identity theft, you may not be given a new passport free of charge. That means you’ll pay for the new document out-of-pocket.

In the case of the Marriott breach, if you can show proof that your passport was the cause of fraud or identity theft, they are offering to replace it. Read the specifics very carefully to understand what your recourse is in this particular case.

2. If the document was set to expire in the near future AND you were planning to replace it, there’s no need to wait if you can demonstrate that it was compromised. However, you may need to provide the notification letter or email from Marriott International to show why you’re requesting a new passport early.

3. When you decide to replace your passport, it will contain a new number (unlike driver’s licenses that retain their issue number, for example), but that doesn’t mean someone couldn’t still use your old number to piece together your identifying information. You will still need to monitor your accounts—especially travel-related accounts—carefully.

Read: What Can a Thief Do With Your Driver’s License?

This breach also serves as a cautionary tale about oversharing: unless you are required to turn over a piece of identifying information, think twice about submitting it. Many consumers take domestic flights and stay in hotels without even owning a passport; just because you have one doesn’t mean you have to provide the number every time it’s an option.

Finally, as if this wasn’t worrisome enough, there’s another potential threat that could be looming: scams associated with passports. With any high-profile event, scammers crawl out from under their rocks to take advantage of the public. Be wary of any email, text, social media post or other communication that plays off of fears surrounding compromised passport numbers.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read: The Real People Behind Identity Theft Statistics

Thanksgiving, Hanukkah and Christmas are just around the corner. Black Friday, Cyber Monday and holiday shopping is too. It also means the possibility for an increase in identity theft and fraud. So before you get caught up in all the holiday shopping chaos, you should be aware that criminals might use this as an opportunity to compromise your sensitive data. This holiday season, however, one group in particular might be purposely putting themselves at an increased risk of identity theft. A recent survey by Experian found that 19 percent of millennials would put their identity at risk in exchange for a good Cyber Monday deal. While some millennials are making it exceptionally easy to compromise their personal information during the holiday season, let’s take a closer as to why this demographic might be more vulnerable to identity theft year round.

Millennials are notorious for being the most tech-savvy generation, growing up in a world where sharing personal data online and across social media platforms is commonplace. However, their willingness to share personal data easily puts them at an increased risk of identity theft. For one, criminals might have an easier time guessing their security challenge questions because they can be quickly discovered on their public Twitter profile or Instagram page.  Second, since they are so used to sharing a wealth of personal information, they might be less likely to hesitate when asked for it by anyone – including those with malicious intent.

Along with being tech-savvy,  feelings of apathy toward data breaches could be another reason why millennials might be at an increased risk of identity theft.  According to a Gallup poll, 67 percent of millennials are trusting that the companies with which they do business, such as credit card companies and health insurance companies, guard their information. The poll also finds that 70 percent do believe that their privacy will be compromised at some point in time. Because millennials have lived through several major data breaches, they’re aware of the risks but have become accustomed to these types of events and might not fully comprehend the severity of having their personally identifiable information stolen.

In some cases, becoming a victim of identity theft is “fixable,” but what millennials might not understand is that the process is not an easy one. Identity theft cases can take years to remediate. Even if you “fix” the issue, many victims experience reoccurring threats, consistently trying to regain their identity. This also doesn’t take into account the emotional impact victims go through. The Aftermath® study revealed that victims felt angry, frustrated and violated regarding their identity theft situation. In the same survey, 50 percent of victims lost interest in activities they once enjoyed.

And lastly, another reason that millennials might be increasing their risks of identity theft is by thinking it won’t happen to them. According to the AARP, younger generations tend to believe that scammers target the elderly, which allows millennials to believe they are safe. However, what millennials might not realize is that they are just as vulnerable to the threats of identity theft as senior citizens. For example, a recent survey found that 17 percent of millennials were likely to give out sensitive information to a caller that confirmed their last four digits of their Social Security number. So it is, in fact, that everyone is equally just as at risk for identity theft, regardless of their age.

Now more than ever, millennials need to take preventative measures to minimize their risk for identity theft. Here are a couple of tips to help protect your identity:

  • Don’t give out your Social Security number unnecessarily
  • Use strong passwords
  • Set up a passcode/password and anti-virus software on all of your mobile devices (smartphone, tablet) and computers (desktop, laptop)
  • Don’t give out personal information on the phone unless you initiated the contact
  • Avoid logging into sensitive accounts, email or providing credit card/debit card numbers while on public Wi-Fi

If you do find out that your information has been compromised, contact our advisors using our toll-free number (888-400-5530) and they can inform you about the necessary steps to take to resolve the issue. You can also reach us using our live chat feature.

Experian proudly provides financial support to the Identity Theft Resource Center.


Read next: “Your Holiday Shopping Guide to Putting Privacy Under the Tree”

For years, security experts and advocates have warned consumers about suspicious websites, specifically ones that take your sensitive information or payments. The best course of action? To look for the HTTPS designation in the web address at the top of the screen and the little padlock icon, both of which indicate a site can be trusted.

Unfortunately, scammers continue to evolve their ways to continue victimizing the public through technology. A new report has found that about 49% of known phishing websites—websites that steal your information after tricking you into submitting it—contain a secure designation and a little green padlock. The “look for the lock” advice that was once a sound way to protect yourself is a little less reliable than before.

Just as scammers have evolved, now it’s up to consumers to make some changes in order to protect themselves from the latest threats:

1. Install a security suite that offers anti-phishing and website security

A basic antivirus isn’t enough to keep you safe anymore, and a number of well-known security software developers have incorporated a lot of extra features. Some can alert you to a fake website or known scammer before you compromise your information. Even better, many security programs offer a wide range of subscription prices—even free plans—so there’s something to meet every budget.

2. Establish a throwaway email address

Some sites want nothing more than your email address so they can sell it to spammers. Generate a free email address that is separate from your everyday, commonly used one. Then, whenever you’re visiting websites that want your email address, you have the option to trust the site with your contact information or use your backup email address.

3. Designate a payment card for internet purchases

The last thing you need is for a phishing website to steal your money, but it happens. By intentionally having an “internet only” credit card that is not connected to your bank account and that has a very low credit limit, you may have an easier time protecting yourself from someone who steals your information.

The most important thing you can do is to remember that what was once considered top-notch security advice can change as new technology and new developments occur. It’s not enough to develop a good habit and never deviate from it. Instead, you need to stay informed by following ongoing coverage of the latest scams and frauds.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “Secret Sisterhood” Online Gift Exchange Scam Alert

In the past few years, retailers have seen a trend in how their customers shopped for the holidays. More and more people have grown weary of standing in the cold or elbowing through thousands of shoppers to buy this year’s hot toy. Savvy shoppers have increasingly opted to stay home in their pajamas and find great deals online.

That’s led to the rise in Cyber Monday. Once the holiday chaos of Black Friday is out of the way, the following Monday is a time to pop over to the internet and see what sales are taking place to finish (or start!) your shopping.

Unfortunately, just like Black Friday, Cyber Monday is a favorite holiday for identity thieves, scammers and hackers. In order to reduce your risk of falling victim to the crime, you have to take some steps to secure your identity.

1. Know your antivirus software – Antivirus software has come a long way since the early days of trying to block malicious computer threats. Unfortunately, so have the tools that cybercriminals use to steal your money, your identity, your computer and more. A comprehensive security suite can now offer you protection from ransomware, trojans, worms, phishing scams, keyloggers and so much more. Many of them now include parental control tools, which is great if you have kids, as well as VPNs and tracking blockers for private browsing online.

Make sure your security suite is installed, updated and ready to protect you before you start entering your credit card details and your shipping address online.

2. Know your payment methods – Whether you’re using credit cards, debit cards, online payment platforms like PayPal, or gift cards, it’s important to keep up with which method you used on which website. That way, if there’s suspicious activity on your card or account later, you can trace it back to which site you may have used.

It’s also a good idea to know ahead of time what kinds of consumer protection are in place in case of fraud. Will your credit card company stand up for you if someone steals your information or racks up extra charges? Will they protect you if the website you used was a scam and they never send your purchases? Find out the rules and regulations—as well as what kinds of money-saving deals and discounts, if any—are in place before you use it.

3. Know what you’re clicking – Fake websites, copycat websites that look like real retailers’ sites, and bogus ads that only lead to click-revenue are the bane of every shopper’s existence at this time of year. Look for the site’s HTTPS designation before you enter any payment details, and make sure this is a reputable company before you pay for anything. A quick Google search for the name of the company or a check of the BBB’s scam tracker can tell you if there are any dissatisfied customers out there.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

There were more than 184 million ransomware attacks around the world last year, and there’s no sign that this type of cybercrime is slowing down. If anything, the effectiveness and lucrative payouts for hackers could mean even higher numbers of attacks in the coming months.

Are you prepared? Is your workplace?

The first step is to understand how ransomware works. The culprits behind the attack can be some of the most sophisticated hackers in their field, or they may be nothing more than a low-level user who has purchased some malicious software on the Dark Web. A highly-skilled hacker can infiltrate your network, while a less adept cybercriminal relies on getting you to install the malicious software for them through a phishing email or other social engineering.

Once the harmful software is on your network, though, your files and system are locked up tight. The only way to regain access—and restore day-to-day business—is to pay the ransom and hope the criminal decides to give you the necessary decryption key. (In too many cases, the thieves made off with the ransom and refused to unlock the victim’s computers.)

One recent profile of ransomware victims demonstrated a couple of different approaches to dealing with an attack. In one instance, a city government was infiltrated; they decided to pay the ransom and hope for the best. In the other case, city officials decided not to pay the ransom and instead rely on the backups of their important files.

So who was right? It doesn’t matter. Every ransomware attack and every victim are different, so making a sound decision about recovery should be the work of the victim, law enforcement, and security experts.

But here are some things to consider:

  • While businesses are more likely to provide a bigger payout, criminals know that individuals might pay up in order to retrieve their precious photos, videos, stored content, and more.
  • Paying the ransom is absolutely no guarantee that a hacker will decrypt your files or unlock your computer.
  • The best defense against this kind of attack is to routinely back up all of your files and important folders.
  • Ensuring that you, your family members, and your company’s workforce can spot a phishing attempt and avoid installing harmful software will also help protect you.
  • A company-wide policy about never downloading unknown files, never clicking on links in emails, never opening unexpected attachments, and other dangerous behaviors can also secure your network from this kind of attack.

No matter what steps you take, it’s important to stay on top of cyberthreats and scam attempts. Regular company training and a comprehensive company-wide computer use policy can help protect your business network, and monitoring computer use at home can do the same. As always, installing and updating a strong antivirus solution to block these threats is important, too.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “I’ve Hacked Your Password” Scam

Most consumers probably have some level of knowledge about identity theft and fraud. It might only be a passing familiarity thanks to news headlines about record-setting numbers of data breaches. For others, their deeper knowledge of this kind of crime may come from having already been victimized. As anyone who has had to navigate the aftermath of identity theft crimes can tell you, it carries a lasting—possibly even lifelong—impact.

So how much do you really know about this crime? (You can take this short quiz to find out!)

The Association of Certified Fraud Examiners, ACFE for short, wants to help every consumer be as fraud-aware as possible in order to reduce their risk of becoming a victim. The organization hosts an annual event each November known as Fraud Week, and together with the Identity Theft Resource Center will host a Twitter chat filled with important tips and information for the public.

International Fraud Awareness Week will run from November 11th through 17th, and while some of the information is geared towards preventing this crime within the business sector, there are plenty of resources for everyday consumers. You can sign up to host a local community education event, direct your company or business to informational webinars, and find ideas for posting on social media to raise awareness. One great item to share on your social media channels is this ACFE video on identity theft and fraud, for example.

Of course, joining the Twitter chat on November 15th is another great way to get involved and stay informed. The ITRC and ACFE will co-host the free event online at 3pm ET/12pm PT, and participants only need to log into their Twitter accounts and search for The #fraudweekchat hashtag to participate. Be sure to add the hashtag to all of your questions or comments so other participants and the chat hosts can see them.

Finally, one of the best ways to really understand the impact of fraud is to hear from the victims themselves. The ITRC’s annual Aftermath report compiles information from victim surveys, which were completed by people who reached out to the organization for help during the previous year. This information explores not only the financial impact of this crime, but also the mental, emotional, and even physical effects of being a victim.

To say that it’s up to the victims to prevent identity theft and fraud is wrong; in too many cases, the victim couldn’t have done anything to prevent the crime. However, there are ways consumers can reduce their risk, recover as quickly as possible, and minimize the lasting effects. Knowing how to recover from this kind of crime starts without knowing what preventive measures to put in place, what steps to take in the event of fraud, and what resources are available to help victims. It all starts with awareness, so make plans to be a part of Fraud Week.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

Most consumers probably have some level of knowledge about identity theft and fraud. It might only be a passing familiarity thanks to news headlines about record-setting numbers of data breaches. For others, their deeper knowledge of this kind of crime may come from having already been victimized. As anyone who has had to navigate the aftermath of identity theft crimes can tell you, it carries a lasting—possibly even lifelong—impact.

So how much do you really know about this crime? (You can take this short quiz to find out!)

The Association of Certified Fraud Examiners, ACFE for short, wants to help every consumer be as fraud-aware as possible in order to reduce their risk of becoming a victim. The organization hosts an annual event each November known as Fraud Week, and together with the Identity Theft Resource Center will host a Twitter chat filled with important tips and information for the public.

International Fraud Awareness Week will run from November 11th through 17th, and while some of the information is geared towards preventing this crime within the business sector, there are plenty of resources for everyday consumers. You can sign up to host a local community education event, direct your company or business to informational webinars, and find ideas for posting on social media to raise awareness. One great item to share on your social media channels is this ACFE video on identity theft and fraud, for example.

Of course, joining the Twitter chat on November 15th is another great way to get involved and stay informed. The ITRC and ACFE will co-host the free event online at 3pm ET/12pm PT, and participants only need to log into their Twitter accounts and search for The #fraudweekchat hashtag to participate. Be sure to add the hashtag to all of your questions or comments so other participants and the chat hosts can see them.

Finally, one of the best ways to really understand the impact of fraud is to hear from the victims themselves. The ITRC’s annual Aftermath report compiles information from victim surveys, which were completed by people who reached out to the organization for help during the previous year. This information explores not only the financial impact of this crime, but also the mental, emotional, and even physical effects of being a victim.

To say that it’s up to the victims to prevent identity theft and fraud is wrong; in too many cases, the victim couldn’t have done anything to prevent the crime. However, there are ways consumers can reduce their risk, recover as quickly as possible, and minimize the lasting effects. Knowing how to recover from this kind of crime starts without knowing what preventive measures to put in place, what steps to take in the event of fraud, and what resources are available to help victims. It all starts with awareness, so make plans to be a part of Fraud Week.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

On November 6th, citizens will cast their votes for governors, state officials, or members of Congress, either continuing to support the incumbent or opting to make a change with a new candidate. In any event, the work of campaigning and elections are big business…especially for scammers.

With so much discussion about the mid-term elections, thieves have launched a wide variety of election season scams to steal personally identifiable information, financial resources, or both.

1. Phishing attempts – Candidates and political parties rely on emails and phone calls to connect with voters, and scammers are using the same tactics. By posing as members of a campaign, scammers target their victims with phony donation requests, fake news articles that encourage them to click and input their information to read, and more. The goal in these scams isn’t just money, but also access to your personal data.

2. Donation requests – It takes a lot of money to put on an effective campaign, so political candidates often request donations, host fundraisers, and more. Thanks to online platforms, candidates or their team members can request money via social media and platforms like GoFundMe or PayPal. However, the natural mechanism that allows candidates to do that effectively also means a scammer can do it, too. Be on your guard for similar names, “patriotic”-sounding organizations, and issue or party-centric groups that are not actually affiliated with anyone campaigning.

3. Fake robocalls – There have already been reports of robocalls associated with particular candidates for promotional purposes, and remember, charitable organizations and political ads are two of the categories that are exempt from the Do Not Call registry. However, some of the robocalls have not only been spoofed or use stolen recordings of the candidates, but some of them have also even been highly offensive and designed to get the listener to interact.

So how are you supposed to protect yourself from elections season scams? By using the exact same good habits that are designed to keep you safe from scams throughout the year. Never give out your information or verify your identity to someone who contacts you; never make a spur-of-the-moment donation or spontaneously pay a fee, fine, or bill; remember that anyone can create an email account or website, and it doesn’t take any effort or know-how to copy or mimic an existing organization.

Keep your identity and your finances secure by being cautious about how you interact with the campaign process this year…and don’t forget to vote!


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: “Vote By Phone” Scam

When it comes to a credit freeze, consumers have to ask themselves when they should take this step, and why. The “when” is easy… the answer is NOW. There are very few reasons to leave your credit report unfrozen, all of them stemming from your life circumstances that involve high-volume spending, the need for new accounts or other similar, limited situations.

But “why”, is a little more difficult to explain. Your credit report is the document that gives lenders an idea of what kind of borrower you are. It contains lengthy information on your previous spending and payoffs, your open lines of credit, the amount of debt you carry, and more. However, this report is also the tool that lenders need in order to issue you a new account or line of credit; no report, no new credit card or car purchase.

It’s easy to see how blocking access to that report can prevent new lines of credit from being issued, and that goes a long way towards protecting you from fraud if someone steals or fabricates your identity. When the criminal applies for a new credit card, home utilities, a car or other similar account, the credit report will come back to the lender as “frozen,” essentially blocking the account.

This is one of the strongest measures consumers can take to help reduce their risk of financial identity theft. There are other ways your personally identifiable information fall into the wrong hands can harm you, but new account fraud is one of the easiest but most devastating scenarios. At the same time, there are not many other actionable steps consumers can take that can have this much of an impact on identity theft and fraud.

Remember when we said you should do it right now? There’s never been a better time. New legislation goes into effect this week that will remove the fees associated with freezing and thawing your credit report. Even though it takes time to “thaw” should you need it (a few business days, typically), you will no longer have to pay a fee for protecting your credit report this way. All three of the reporting agencies—Experian, Equifax, and TransUnion—will no longer charge this fee thanks to legislation that was passed after the Equifax data breach.

In order to freeze your credit, here are a few steps to take. While you handle that, remember that you’re also entitled to one free copy of your credit report from each of the three major reporting agencies every year. You don’t have to request them all at once, though, so you can stagger your requests a few months apart and get a look at your credit report all throughout the year.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?

A recent discovery on an internal message board may be a little unsettling: according to Politico, who discovered the internal memo and first wrote about the incident, the U.S. State Department’s unclassified email system suffered a data breach. This event affected only one percent of the organization’s 69,000 employees, but while the classified email system was not affected, the State Dept acknowledges that the impacted employees’ personally identifiable information may have been compromised.

Events like this one are happening with alarming regularity across every kind of business or agency, leading to record-setting year-over-year numbers of data breaches and compromised consumer records. While the State Department’s investigation of the incident is still underway, the internal memo did cite the need for better password security among employees.

Password security is an issue that plagues users at every level and in every industry. There are even websites that track the most commonly used passwords—discovered as a result of data breaches and stolen account credentials—and unsurprisingly, things like “password,” “qwerty,” and “12345678” still top the lists. Of course, a weak and easily guessed password isn’t the only issue; reusing passwords on multiple accounts leads to fraudulent access too. If a hacker uncovers a database of stolen logins for social media accounts, they can access any other accounts that reused those same usernames and passwords.

The U.S. government has been urged to take extra precautions when it comes to cybersecurity, largely due to the fallout and the resulting legislation from the Office of Personnel Management breach that began in 2014 and continued into 2015. Millions of government employees’ complete identities were stolen, along with identifying information for other people connected to those employees (i.e., family members, former employers).

The event sparked the Federal Cybersecurity Enhancement Act, which was signed into law in 2015. It required federal agencies to take more preventive action to reduce the threat of cybercrimes, and to report on their actionable steps. Unfortunately, those security steps have not been implemented across the board. Several U.S. Senators issued a letter to Secretary of State Mike Pompeo earlier this month, expressing their disappointment that the organization has not followed through on enough of the recommended security measures.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Is Your Bluetooth Tracking You?