Posts

In 2018, more than one million children were victims of identity theft. Keep in mind these are only reported cases meaning there are most likely far more victims than we know. As a parent, it’s important to think about how can we help protect our children from identity theft and the years of repercussions that typically stem from it. The truth is, no person or product can completely prevent identity theft of children or adults. While this might seem like a daunting realization, there are preventative measures and safety tactics to help minimize your child’s risk. Keep reading to learn more.

Why Target Children?

Unfortunately, children have always been viable targets for identity theft. The fact that kids do not take out lines of credit until later in life and are not actively monitoring their credit means criminals can use their untapped Social Security number to obtain credit and abuse it for years, unnoticed. Child identity theft can be committed in a variety of ways. In some cases, the child’s own parent or legal guardian, who has easy access to their PII, might use it to help ends meet and with the right intentions. Whereas in other cases, it is used with malicious intent. Another common way that a child’s PII is compromised is through data breaches, phishing scams and other methods. Criminals will specifically target databases where they know children’s PII is housed like pediatrician offices, daycare centers and summer camps.

Preventative Tips

Only Supply Necessary Information

Often child programs or service providers ask parents for a long list of information regarding their child. Before filling this out, stop and ask three questions: Why is this information needed? How will you protect my child’s data? What happens if I do not provide it?

Often times, summer camps and daycare centers do not need sensitive information about your child, like their Social Security number. Chances are small business like these might not also have the proper cybersecurity in place to store your child’s information safely. Always think twice about providing sensitive information to any business, including those who seem reputable like your pediatrician’s office.

Place a Credit Freeze

To help stop criminals from taking out a line of credit in your child’s name, parents can freeze their child’s credit with the three main credit reporting agencies (CRAs). Placing a freeze helps prevent credit, loans and services from being approved in your name (or your child’s name) without your consent. Helping protect the financial aspect of a child’s identity is only one factor, but can be greatly beneficial. Experian also offers a one-time free child ID scan to help determine where your child’s identity could be used fraudulently.

Avoid Creating Vulnerabilities

Sometimes, even with the best intentions, parents can create vulnerabilities for their children’s identity. This can happen by trusting the wrong person with PII, supplying information to breached businesses or leaving documents unprotected.

One vulnerability specifically comes to mind, a child ID kit. A child ID kit is recommended by law enforcement and child advocate agencies in case of the unfortunate event of a missing child. It contains things like an updated photograph and fingerprints of your child to provide to law enforcement in an emergency. Criminals have taken advantage of parents’ natural instinct to protect their children and offer child ID kit packages that expose children’s information. It is important to note that everything in a child ID kit is completely doable by a parent and does not cost anything to complete or provide to law enforcement, a third party is not needed whatsoever. If you do create an ID kit for your children, make sure to store it in a secure, safe location and do not trust others with the information.

Of course, the Identity Theft Resource Center is here to help. Speak to an identity theft advisor for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Experian proudly provides financial support to the Identity Theft Resource Center.


You might also like…

Imposter Scams Were the Most Reported Complaint in 2018

In New Scam, Criminals Pose as Government Pretending to Help With Identity Theft

Study Explores Non-Economic Negative Impacts Caused by ID Theft 

 

Scams and Seniors: If You See Something Say Something

You may have heard of the phrase, “If you see something say something.” The intent behind this concept is that if the public looks out for each other and reports suspicious activity, crimes have a better chance of being prevented.

Recently one of ITRC’s advisors was shopping at his local grocery store. An elderly woman in front of him at the register was trying to buy $2,500 in gift cards. The cashier called the manager to the front because the store has a $2,000 limit on gift cards. While the employees were discussing the situation, the ITRC advisor politely interrupted asking the woman why she needed so much in gift cards. The elderly woman replied she had been contacted by US Bank regarding a sweepstakes she had won totaling $750,000 in cash. In order to collect her winnings she needed to pay $2,500 upfront in gift cards to cover the taxes. Our advisor immediately recommended she not make the purchase.

He explained that this was a scam, and that a valid lottery will not ask you to pay taxes or other fees upfront in gift cards or via wire transfer before receiving your winnings. The elderly woman was apprehensive at first saying she needed to complete this step to receive her prize. Our advisor elaborated on his role with ITRC and the commonality of these scams. The woman decided to not move forward with her transaction and was relieved that he intervened. She thanked him for speaking up and for saving her $2,500 dollars.

According to the Federal Trade Commission, lottery scams were the third most common type of fraud reported to them in 2017. In many cases, scammers will take the gift card approach because it is an untraceable payment. Meaning once you release the physical cards or card numbers, scammers will take the money and run. Leaving you with no way to link the crime back to a specific individual and out a significant amount of money. Sometimes ITRC hears about cashiers and other employees educating shoppers to help prevent these scams, but not every victim is so fortunate.

By speaking up when you see something suspicious or educating friends and family about identity crimes, you can help others minimize their risks. By taking a few minutes to politely address a situation, like that of this elderly woman, you too can help save someone a lifetime of woes.

If you or someone you know is a victim of a scam or identity crime and needs assistance, you can receive no-cost help from ITRC. Contact one of our expert advisors via phone or LiveChat today. You can also download our app.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Help! My Parent or Friend is a Victim of a Scam

If you are one of the consumers who have placed a freeze on their credit reports, we commend you for taking your identity protection seriously. As an expert in the field of identity theft and crime, ITRC recommends credit freezes for certain potential and existing victims of identity crime. While a credit freeze provides almost exclusively benefits, there is a down side consumers should be aware of: a credit freeze can block your Medicare application.

Individuals applying for Medicare benefits used to rely on an easy process through the Social Security administration in order to apply. Now, however, in an effort to protect people’s sensitive data, the SSA requires a whole new account called a My Social Security account to apply for Medicare.

Consumers cannot create a My Social Security account without unfreezing their credit reports. Credit freezes can be thawed so this is a matter of minor inconvenience, but it does take additional time. If applying for Medicare online, consumers will need to first thaw their credit reports and plan for the additional time this will take.

There is some good news, if you need to unfreeze your credit report the SSA only needs access to your Equifax report at this time. You will not need to unlock the other two credit reports if you have already frozen those.

If you are in a time crunch for Medicare application, visit your local SSA office and apply in person. There is a small laundry list of items you will need to bring with you as proof of your identity, of course, but usually a valid driver’s license and passport will be enough. ITRC recommends calling ahead to determine the needed documents to help save time and streamline the process.

Remember, after your Medicare application is accepted re-freeze your credit report with Equifax to help minimize the likelihood of identity theft. While you are taking some time to address your frozen report, remember to request your once-a-year free copy of your credit report in order to look for any unusual activity that could be a sign of identity theft or fraud.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Payment apps, like Venmo, Apple Pay, Zelle and even Facebook Messenger, are used by over 90 million Americans, but are they actually secure? This touch-of-a-button technology lets you use actual funds from your bank account or your credit card to send money instantly to friends, family and retailers.

At first glance, some consumers might be a little reluctant to install and use a payment app. After all, anyone who gets a hold of your smartphone could wipe out your bank account, at least in theory. There are safety protocols in place – like two-factor authentication and one-time use PIN numbers – that help make these apps possibly safer than traditional payment methods. A lot of consumers have their smartphone on them at all times and treat it with the utmost safety concerns, so having payment information stored on their device might not seem all that farfetched.

Remember, convenience and security come with a price. Scammers have already victimized payment app users in a variety of ways including in-person scams and account takeover. Before using payment applications, it’s important to understand how to protect yourself.

Lending Your Phone

In this era of always-connected activity, everyone has a phone, but there is still the occasional instance when someone might ask to borrow your device. Many of us might not think anything of it, but when you allow access to your device you are opening up the door to your payment apps. Scammers have been known to ask to use strangers’ phones to make a call, but instead open payment apps and send themselves money.

You can avoid this one—and still be a generous person—by always logging out of your payment app when you are not using it. Also, if someone does need to make a call or send a text, dial the number for them before handing over your phone.

Scams

According to Javelin, more than $500 million was lost overall to fraud in 2017 involving a variety of peer-to-peer payments. Remember, all payment options are storing your information and are vulnerable to attacks. One woman had $9,000 debited from her account in increments after a thief gained access to her login. Plus scammers could ask for payments via app to eliminate traceability.

Never send money to individuals you don’t trust or who claim to be a business or government agency; many peer-to-peer transactions are instantaneous and irreversible.

Enhanced Security

No matter which app you choose, make sure you have enabled all the security features you can. If the app offers one-time PIN numbers or multi-factor authentication, for example, use them. This can keep hackers from accessing your login credentials and stealing your money.

Remember, access to all of your accounts usually starts with your email address or social media accounts. You have to make sure that you are using solid password hygiene on all of your accounts in order to minimize risk of hacking.

With every new type of technology, there are undoubtedly criminals out there who have found some way to take advantage of it. Practice good security protocols that protect your tech tools and be ready to adjust your usage to fit the latest scam reports.

Don’t fall for fake phishing emails or websites asking you to “verify your login.”


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Phishing scams are a low effort way for scammers to trick consumers into revealing personal information. Communication from payment platforms can be convincing with a Stripe email now making the rounds.

Phishing scams have been around for years, and with the ability to send out millions of phony emails a day, scammers don’t have much legwork to do. All they have to do is send a plausible email, get you to click the link or follow the instructions, and their work is done. One widespread form of attack involves pretending to be a high-profile company like Amazon, PayPal, or your bank in order to trick you into following their instruction and landing in their trap.

The latest front for this type of phishing attack is mobile payment company Stripe. Many small business owners, charities, and everyday consumers rely on Stripe for processing everything from payments to donations to cash from friends or relatives. The “Stripe” email claims that your account has been compromised and any money you are expecting will not be transferred to you, scammers hope to lure you into clicking and entering your info.

See real example sent to an ITRC employee:

An email typically with a subject line, “Stripe: deposit will not be made to your bank account,” has been circulating and frightening the site’s users, so much so that the company issued a scam watch statement. This post tells users what to do if they receive a strange communication that appears to come from the company. For instance, misspellings in the message or uncapitalized use of the company name are some red flags, as is an unknown email address or one that does not include the “stripe.com” domain name. Other telltale signs are listed in the website’s post.

There are some steps that tech users can follow to protect themselves from this kind of low-tech crime.

  • Never click a link, open an attachment, or download a file in an email or message unless you were specifically expecting it; even if you think you recognize the sender, it is a good idea to verify it with the sender first.
  • Next, never submit any kind of sensitive information based on a communication about your account. This includes usernames, passwords, account numbers, or any other details. Instead, go directly to the company’s website and log into your account. If there is a problem, it will be visible on the screen.
  • If all else fails, contact the company directly using a verified phone number or email address.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

There are two specifically related but not interchangeable threats to your identity, and the terms can often get confused. Credential cracking and credential stuffing both involve someone getting their hands on your personal data, especially your usernames and passwords, but how those two things take place are somewhat different.

Credential Cracking

Credential cracking happens when a hacker targets you or your company specifically. They spend a significant amount of time and tech resources on breaking into your accounts by undermining your password defenses. While victims of credential cracking can absolutely be random citizens caught up in a hacker’s trap, the effort behind it often means that the victim was targeted specifically. It might be a business account or a company’s social media accounts, financial accounts, or even the personal finances for someone within a company.

Credential Stuffing

Credential stuffing, on the other hand, usually occurs when a hacker casts a wider net. They either steal a database filled with information, buy it on the Dark Web, or even stumble upon it in an unsecured web-based storage server. Then, they use software that lets them attempt thousands of “matches” at a time, cross-referencing the stolen usernames and passwords that work on one website with many other websites. When they land on a match—meaning the victim’s username and password from PayPal, for example, are the same one they use on Amazon—they can use that information to steal money and even more identifying information.

Read next: TurboTax Security Breach Cause by Credential Stuffing

Who’s Targeted

Another major difference between these two forms of attack is in how the tech-using public can take action. Credential cracking is potentially in your own hands, unless a cybercriminal targets your place of employment; a lot of your preventive strategy will involve practicing good password hygiene. Credential stuffing, on the other hand, is a result of finding a treasure trove of information that someone else did not properly secure. You often have no way of knowing whether or not your information was included in such a database until you receive a notification letter from the company who allowed it to become compromised.

How to Protect Yourself

As always, one of the best defenses against either of these attacks is to use strong, unique, unguessable passwords that you change routinely. Changing your password can actually prevent credential stuffing since your old (and stolen) information would no longer be valid; by keeping your passwords unique—meaning they are valid on one account only—you can also work to avoid credential stuffing since they will not work on any other account.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When news of yet another data breach comes out, the reaction can range from panic to “blah.” At the one of end of the spectrum, consumers can be left with documented feelings of stress, fear and even paranoia about further attacks to their identity. At the same time, a very real phenomenon known as “data breach fatigue” occurs when there are so many attacks that consumers stop taking them seriously.

Fortunately, a new tool can help consumers make sense of a data breach; while neither overreaction nor inaction is an appropriate response, this tool can help people who are affected by the breach understand their options and take corrective action.

The Identity Theft Resource Center and Futurion have partnered and launched a tool called Breach Clarity, which takes publicly-available data breach information and breaks down both the threat and that actionable steps for consumers.

Watch Our New Free Webinar: Deciphering the Code of Data Breach Notifications

Unfortunately, far too many consumers do not check up on these kinds of attacks until it is too late. Even then, many victims of data breaches do not follow up on the support that notification letters offer, including things like identity theft protection or credit monitoring.

Breach Clarity lets users type in a general search term for a known breach and see a graphic representation of the threat level based on a number of factors. These include things like understanding whether or not financial information was exposed or if Social Security numbers (or other sensitive PII) were accessed. From there, a one-to-ten risk score is provided so consumers understand just how seriously this could affect them. The Home Depot breach in 2014 only receives a 3 out of 10 because of the nature of the information that was stolen; the 2015 attack on the US government’s Office of Personnel Management was far more serious and received a 10 out of 10 risk score as a result.

Breach Clarity was unveiled at the 2019 KNOW Conference in Las Vegas where it won first place in the third annual Identity Startup Pitch Competition. The criteria for selecting a grand prize winner included factors like the degree to which the entrant meets the customer’s needs and expectations, innovation, originality, and more.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

When it comes to avoiding a scholarship scam or financial aid scam is that there really are some obscure and even bizarre scholarships out there. There’s a scholarship for being left-handed, one for being above average in height or below average in height, one for being a redhead, and so much more. That means it’s easy to accidentally fall into a trap of applying for a scholarship from a company or organization that you’ve never heard of.

Fortunately, avoiding a scholarship scam only takes a little bit of attention and precaution.

Stick to reputable scholarship links

Many colleges and high schools will link to safe, trustworthy sources of financial aid on their websites. Start with your school’s site or your guidance counselor to find these and other sources.

Watch out for emailed offers

Once you begin engaging in activities that can be linked to college life—such as signing up for updates, filling out online applications, even searching for housing or shopping for dorm room essentials—that can trigger scammers who are looking for victims. When your email inbox begins filling up with scholarship offers and even “congratulations, you’ve been awarded a grant!” messages, it can be tempting to open them and click the link but you don’t want to do that. Opening the email and finding out if it’s legitimate is fine, but clicking a link or downloading an application can be dangerous if the sender isn’t genuine and can lead to a malicious virus or another compromise of your data.

There’s no such thing as free money

 It might sound like the opposite of a scholarship search—since scholarships are, by nature, free college money—but no one will hunt you down to give you money. Scholarships are funded by many different sources, and they are to reward hard-working students with the means to afford their tuition. No one sends out emails begging students to take the money, though. Many scholarships involve a rigorous selection process, so any claims that something is free or already yours should be a red flag.

You can’t win if you don’t play

Another important truth about scholarships is you cannot receive one if you don’t apply for it. That means you’ll never receive a scholarship that you didn’t submit your application for. If you are contacted by email, text, social media message, or some other way and told you’ve won a scholarship, make sure it’s one you applied for before you engage with the message. Furthermore, don’t fall for any hidden “fees” like paying $40 to process your new $400 scholarship; you never have to pay money to receive money.

Protect your data

With very few exceptions, you should not have to submit your Social Security number in order to apply for a scholarship. The exception may be scholarships that are awarded directly by your university (and even then, they should already have that information) or government grants and aid. A club, team, community organization, or other company should not need it, so don’t turn it over without investigating why it’s necessary.

It’s hard to believe that someone would stoop so low as to steal from a young college hopeful with a scholarship scam, but it’s true. Safeguard your identifying information and be very careful of what information you share.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

The Force Has Awakened this #StarWarsDay! May the Fourth Be With You as you break out your lightsabers and prepare to do battle against the Dark Side of our cyber world with tips from the Identity Theft Resource Center and National Cyber Security Alliance.

To celebrate this #MayTheFourthBeWithYou, use the messages below on Twitter, Facebook and LinkedIn to join the cyber force on May 4th, 2019. Don’t forget to use the #MayTheFourthBeWithYou hashtag!

Download all images and messages here.

 

Tweet: It’s #StarWars Day and the cyber force has awakened! Use our tips for protecting your identity from the dark side. #MayTheFourthBeWithYou @ITRCSD @StaySafeOnline https://idtheft.center/MayTheFourth

More resources: Identity theft impacts 17 million individuals every year and unfortunately, can impact you at anytime. Learn about the different types of identity theft and how you can protect yourself with help from ITRC.


Tweet: “Do. Or do not. There is no try.” Taking steps to protect your digital identity & privacy every day is a must. #MayTheFourthBeWithYou @ITRCSD @StaySafeOnline https://idtheft.center/MayTheFourth

 

More resources: The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses (SMBs) learn to be safer and more secure online.

 

Tweet: You don’t have to go Solo. Get help from the cyber force with tips from @ITRCSD & @StaySafeOnline #MayTheFourthBeWithYou https://idtheft.center/MayTheFourth

More resources: Learn how to protect yourself, your family and devices with these Online Safety Basics

 

Tweet: A new hope for your digital identity is here. We have a plan to help you recover from identity theft. @ITRCSD & @StaySafeOnline #MayTheFourthBeWithYou https://idtheft.center/MayTheFourth

 

More resources: For free one-on-one assistance with identity theft, scams, fraud, cybersecurity, privacy and more, contact the Identity Theft Resource Center toll-free 888-400-5530 or LiveChat

 

Tweet: Think you have what it takes to be a digital jedi? Train with steps to empower your privacy & identity. #MayTheFourthBeWithYou #RiseOfSkywalker @ITRCSD & @StaySafeOnline https://idtheft.center/MayTheFourth

More resources: Take privacy into your own hands with a privacy quiz. Then learn how to update your privacy settings on popular devices and online services.

 

Even after May The Fourth, you can safeguard your information from the Empire all year-long by staying up to date with the latest threats to your identity and tips by signing up for our newsletters:

Stay Safe Online Email Sign-up: https://staysafeonline.org/email-signup 

Identity Theft Resource Center Email Sign-up: https://www.idtheftcenter.org/newsletter-signup/ 


If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App.