Identity Theft Blog and Resources

This is part two of a two-part cybersecurity series. As mentioned in part one of this two-part series, ethical hacking involves people who are legally hired to hack into data systems in order to expose the system's weak points. These weak areas can then be strengthened. Overall, organizations, with the help of professional ethical hackers, can bolster their system security to prevent their systems from being maliciously hacked. Dave Howard, otherwise known as "Dave The IT Guy," has been a certified ethical hacker since 2009 and is the weekly host of the iHeartRadio app podcast "Bring Your Own Security." Regarding the definition of ethical hacking, Howard said it's important to keep the word "ethical" in mind. "Many folks hear the word hack and instantly think bad guys, or criminals, or some government agency. Ethical hacking is when a person who has the same technical knowledge and skills as the bad guys uses those capabilities to help organizations see their shortcomings and how to fix them, again from the hacker's point of view," Howard said. Howard's journey to becoming an ethical hacker began when he was working in his first IT-related position. "I started in the IT field almost 20 years ago as a basic break/fix tech. Printers, keyboards, monitors, anything that could break, did. As I would spend nights or weekends reading about topics and trying things out on my own, the security field really became an interest. I studied for various certifications because, back then, that's how you could prove that you knew how to do the things you said you could do," Howard explained. Howard said he discovered he had an interest in tech security and worked hard to learn as much as he could with the limited time he had. "For about two years, I taught myself some basic and intermediate level hacking skills and practiced them against computers I owned, or my company's computer systems (with permission, of course)," Howard said. "During this time, I was still working a regular 40-50 work week doing things like building servers, installing wireless systems, installing routers and switched, all trying to be a well-rounded IT person with a very wide breadth of knowledge and hands-on experience. I was also a husband and father, so for someone to just say 'I want to be an ethical hacker' requires you to stay up late while the family is sleeping, getting only 3-5 hours of sleep before work, just to find the time to learn and hone your skills." Howard got the chance to hone those skills in 2009 when the company he was working for decided to send him, and four other employees, to a two-week "Hacking School" program to help them learn more advanced hacking techniques. Howard explained that after he returned from hacking school, "a new division of our company was formed to sell PenTests (Penetration Testing) to clients and I was one of the five that would go and do the work. Sometimes it took only one of us, sometimes it took all five of us. There were a few times the PenTests were more than three months in length, having us really dig deep and look for all the ways a hacker could steal data or damage systems." Since then, Howard has continued down the ethical hacking path. Regarding what he thinks the general public should know about ethical hackers, he said "ethical hackers are exactly who you want working in your company or at least advising the IT staff in your company. We WANT to be the good guys and we want to be able to stop the governments, the criminal organizations, the stalkers, and anyone else that uses the internet and illegal methods to stalk someone, steal their identity, or their company's way to make money." He explained that there are many cyber threats that people should be aware of. After all, identity theft and other cybercrime can affect anyone and shouldn't be underestimated. "In today's world, email with links and attachments, social media messaging, and postings and even text messages coming to your phone are the most likely culprits to getting your data, money, or identity," Howard said. "The bigger threats like an Equifax hack is simply something you cannot control. If a company has your data and they don't secure it properly, nothing you do will prevent that theft." Howard provided a painful, personal example: "My wife's computer was hacked about five years ago. She got an email from her sister (which was fake) and she clicked the picture that was sent. Several days later, a visit to the local branch of our bank informed us how we went from more than $7K cash to about $300 cash in a matter of hours. We found that the hackers had gained physical access to her hard drive and she had created a document that had all of her passwords that she could never remember. They found that document went to our bank's website and, logging in as her, initiated several overseas wire transfers to bank accounts that were closed as soon as the money arrived and was withdrawn. It was a very painful process to go through the bank's investigation to ensure WE were not trying to commit a fraud to keep our money and get theirs too. Also, back then, the local and regional law enforcement entities were still very new to cybercrime and really didn't have any resources or knowledge on how to help with something like this. A report was filed, questions asked and answered then thankfully through the FDIC and other entities our money was refunded to us. But that was a seven-month process that left a virtual scar." To avoid becoming a victim of a cybercrime like he and his wife were, Howard advised that you "keep one email account that you NEVER promote/give out to the everyday person, etc. Use it ONLY to sign up for secure things like bank accounts, 401K, insurance, and any other private, financial place that you may need to login to. Don't give it to anyone else, so the likelihood of getting a fake email to that account is far less." He also suggests that you "get a prepaid debit card from any number of sources and put money on it. When you shop (online or in a store and swipe it through) if it gets compromised (like the HomeDepot hack a few years ago), the only money you can possibly lose is what is on the card at that moment. If someone happens to get it while online, again, you can only lose a small amount." Howard said it is important to "educate yourself on how to read a domain name. There are MANY ways to very easily trick someone into thinking they're going to the correct website. If you understand how domain names (URL's) work, you'll know within 10 seconds if you are going to a scam website or not." He added, "don't post private info such as address, phone number, kids' names, etc., on a public forum. Even a Facebook page that you think is private to you and your friends has been proven recently to truly NOT be private. If you must send that type of info, there are free methods to encrypt the info via text, or at least post it online in a way the automated data-stealing programs won't get your information." It all boils down to how cautious people are in their daily habits and interactions, Howard explained. "I think, in the end, that people cannot have the attitude or way of thinking that included 'Well, I can't stop it, so why try?' Or they might think 'I'll never shop online or do banking, so I'm safe.' Both of these assumptions are wrong. With technology the way it is today, we have to be diligent about how we do things (see the advice given previously). But if you don't shop online and write a check at the store or mail it in to the utility company, the exact same info on that check (you name, address, routing number, and account number) is more than enough info to steal your identity or initiate a wire transfer by someone who knows their way through and around banking rules," Howard said. "Simply putting your head in the sand and thinking 'I don't know anything about computers' isn't good enough anymore. You must get educated on these topics, or have someone around you that you trust to monitor these sorts of things for you."

This is part one of a two-part cybersecurity series. When you think of a modern-day hacker, you probably think of a hooded figure maliciously working on a computer in a dark room. What probably doesn't come to mind is a completely different type of hacker — the ethical hacker. Ethical hackers, unlike the stereotypical illegal hackers, are the good guys. Typically, they are legally hired to hack into areas like private data systems to determine the system's weak spots. This weak spot knowledge is used to strengthen the system's security so it can't be illegally hacked. Dan Desko, currently a senior manager of IT Risk Advisory Services at Schneider Downs, explained that "ethical hacking is a process of finding organizations' security weaknesses before the bad guys do. It is all about offering up a service that comes as close to the tactics of a malicious hacker in order to offer a realistic threat scenario and then learn from it. My team invests heavily in training and stays very in touch with the latest in the industry to make sure we deliver this." How did a professional like Desko get into ethical hacking in the first place? Desko explained that each step in his career combined with his personal interests was what led him to his current profession as an ethical hacker: "I started my career working in computer operations in a data center for a large steel manufacturer. That job allowed me to enhance my technical skills at a young age and I really got to understand networking and systems management. It turns out that the skills I learned there translated well into the consulting industry. I have spent a lot of time consulting on IT risk and also IT audit, and during that time I noticed a very large gap in the information security space for value-added hands-on services. In information security, there is often a lot of talk, but not enough action. This led to the building of our ethical hacking team within our organization, which we have had for over two years now." Although ethical hackers are the good guys, some people may see them in a somewhat negative light due to the hacker stereotype. Desko observed that many people don't know that there are ethical hackers in the world: "I often tell people about what we do and they often seem surprised that a career like that exists. After explaining what we do a bit more, they always seem to understand. I think the general public should know that there are people out there that do care about the privacy and security of their personal data and work very hard every day in order to protect it." With the advancement of technology, comes the advancement of a variety of cybercrime like identity theft. Although people should be aware of cybercrimes, Desko added that people should "focus on phishing, ransomware, and poor passwords; or a combination of all those!" In regards to his team, he said: "we typically incorporate phishing into our ethical hacking exercises and we are usually successful at breaching an organization's defenses with a simple phishing exercise." Desko explained that since "people are so vulnerable to social engineering because it is in our nature to trust and to want to help, phishing often plays on these tendencies and we let up our guard." He added that "it is important to not put blind trust into email and be wary of every single message you receive." Even though being aware of potential phishing situations is important, Desko said that "good password creation and password management is also very important. We often use tactics that will simply guess passwords on our client's websites. I can recall an organization where we used this tactic and were able to compromise close to 10 percent of their user's authentication credentials just because they had simple passwords in place. This led to a full-scale compromise of their network and many applications with sensitive customer data." In addition to general phishing and password creation/management, Desko said that people should know more about ransomware threats. He claimed that "ransomware is at epidemic proportions right now. This threat, which is usually delivered via a phish, will encrypt or lock your data until you pay a ransom. So many organizations are highly vulnerable to ransomware and are also unable to react or recover from it. Having some simple strategies in place as well as practicing these types of scenarios is key to recovering." The sheer amount of cybercrime is enough to make anyone worry and feel extremely vulnerable. However, you can take action to reduce your risk of becoming a victim of identity theft, a mass data breach, or other cybercrime. Desko advised that you "limit the amount of information you share about yourself online or on forms, to the extent possible. The less data you put out there, the less likely it is to be breached. Also, if you use a password for one website, don't use it elsewhere. We call this password reuse. Password reuse is an easy way to lead to more compromises of other data because if one site gets hacked, they can all be hacked." Keep in mind that there isn't a way to completely avoid cybercrime, even if you are a professional, ethical hacker. Desko explained that he has been a victim of a major data breach and that he continues to learn from it. "Like most of America, my personal data was exposed as part of the Equifax data breach. I often do breakdowns of Equifax's breach response and lay out a timeline in presentations. It is an interesting case topic to study as there are many learning opportunities that we can glean from that example. From patching vulnerable systems timely, how and when to communicate with customers, there were many interesting facts in that breakdown." Not only can ethical hackers like Desko learn from major data breaches like the Equifax breach, but the general public can as well. Whether it's a wide-spread breach that affects millions of people or an individual hacking situation, you can learn to take precautions to avoid becoming a cybercrime victim again. Although ethical hacking isn't the ultimate solution to preventing cybercrime, it has reduced organizational and individual cyber risks. If you are interested in ethical hacking, Desko advises to explore the ins and outs of ethical hacking as soon as you can. Desko advised, " the information security community, in general, is very much unlike other professional communities. There is a big emphasis on sharing data, tools, and resources for the greater good. If someone is an aspiring infosec superstar, all the tools and guidance necessary to do that is freely available for the most part. So, my recommendation is to dig in and get your hands dirty and it will pay off." Overall, white hat hacking or ethical hacking is what allows you to input your personal information on a company website without much worry. Even if you aren't pursuing an ethical hacking profession, you should focus on keeping your sensitive data secure by following Desko's advice above and doing security research of your own in order to fight against current cybercrimes.

Imagine your grandmother calling you and saying she thinks your grandfather who passed away two months ago is still alive. She explains that she keeps getting credit card bills in his name and wants to know if he somehow escaped his fate. You know the idea of your grandfather coming back to life isn't very realistic, especially since you attended his funeral. You have to explain to your grandmother that someone most likely stole her deceased husband's identity and is using it to commit credit card fraud and possibly other illegal activity. Sadly, this type of fraud is more common than you might think. Identity thieves steal around 2.5 million deceased American identities each year. Clearly, modern-day identity thieves won't hesitate to steal the identities of the deceased. And there's a reason why this type of crime is becoming popular. Ghosting, identity theft that occurs when someone steals the identity of a deceased person, can be a fairly easy crime to commit. Identity thieves take advantage of the time between when a person dies and when their personal affairs and legal aspects are put in order. According to the Identity Theft Resource Center, "it can take up to 60 days for a name to make it onto the list". In other words, it can take that long for the Social Security Administration, credit bureaus, and financial institutions to act on the information that the person is deceased. report_problem Attention: An official death notice is required for SSNs to be marked as inactive. The Social Security Administration usually won't mark the deceased person's social security number as "inactive" until it receives an official death notice. The time before the deceased person's social security number and financial affairs are settled is when ghosting identity thieves thrive. It's easier for identity thieves to steal the identity of a deceased person than the identity of someone still living; it's also easier for them to use that stolen identity. When people die, there usually isn't someone who is constantly and closely monitoring their private information (like their financial accounts), so an identity thief might have a better chance using the stolen identity without getting noticed or caught. Unfortunately, this type of identity theft seems to be a simpler, lower risk crime than other identity theft tactics. Here are a few steps you can take to protect a loved one's identity after death: Place your trust in the right people Sadly, the identity thief is often a family member of the deceased. Keep your guard up and make sure you trust the right people, even family members. Be cautious and protect as many of the physical and digital documents of the deceased as you can, including any financial records. Report the death correctly as soon as possible You should consider directly contacting the Social Security Administration, your local government, all three major credit bureaus, and all financial institutions and organizations that the deceased was associated with. Notify each contact of the person's death and make sure proper action is taken. If you act promptly, you can narrow the window of time that identity thieves try to exploit. Get copies of the deceased's death certificate Once you are able to get a few copies of the deceased person's official death certificate, send a copy to the IRS, the major credit bureaus, etc. By mailing out copies of the death certificate, you can have a "deceased alert" placed on the deceased's credit reports to help avoid identity theft. In general, keeping a few copies of the death certificate may come in handy in certain situations and can be especially useful if identity theft does occur. Avoid putting too much information in the obituary If you aren't careful, an identity thief can use the information in an obituary as a way to steal the deceased's identity. Avoid adding the person's birth date, birthplace, full name, home address, relatives' names, and other personal information. Although it may be tempting to include this information in the obituary, just remember that it's more important that you keep the deceased's identity secure. Collect physical documents and passwords Collect all of the deceased's personal documents and financial pieces like credit cards, debit cards, passport, driver's license, social security card, birth certificate, tax forms, etc. Anyone could easily steal these documents and commit identity theft. You should also collect all of the deceased's important passwords for bank accounts, computers, phones, websites, etc. Overall, the more documents and passwords you can secure, the better. Keeping these things secure will not only help protect the deceased's identity, but can also give you a peace of mind. Being the one who is responsible for keeping a loved one's identity secure after death on can be a heavy burden to carry. However, if you follow the preventative steps above and do your own research, you should be able to keep the deceased's identity out of the hands of identity theft criminals. Don't underestimate modern identity theft tactics and exercise caution when handling the deceased's documents and other personal information.  

Maybe you recently broke up with someone or you were dumped. You're feeling emotionally vulnerable: After a while, you and your best friend decide that it’s time for you to get back into the dating game. So, you sign up for an online dating app: In the beginning, you start feeling super fly because of all the attention and matches you are getting: Finally, you decide to meet the special one that you’ve been messaging back and forth. Unfortunately, this person seems to be "in between jobs" right now, so funds are too tight to travel to meet you. Being the understanding person you are, you decide to send some money to help out: Once the money is received, your mystery crush is thrilled and you both bask in digital happiness. "So, when can we meet up?" you ask. Unfortunately, this time there's been a family emergency and the date is postponed. On the bright side, you have more time to get to know each other, so you spend the next two weeks talking all about your apartment, your family members and friends, your past birthday celebrations and age, your job, where you were born and where you grew up. You love feeling so close with such a good listener: Eventually, you feel so connected and comfortable that you decide to take the ultimate step of trust: you share your embarrassing driver’s license photo. It feels so amazing to finally have someone in your life who you feel safe with: Your birthday is coming up and your digital date wants to come see you and bring a gift. And what better way for this person to know just the right thing than by borrowing your Amazon account to see what's on your wish list. Of course you'll share your user name and password! You spend the next week in awe of your new love's thoughtfulness: Unfortunately, your online dreamboat texts to let you know that something's come up and it won't be possible to make it to your party. Ever the thoughtful one, your mystery love asks for your address. You just know you're going to be getting an extra special delivery to make up for all the missed dates. You know that when the two of you finally meet, it will be the beginning of a great love story: Unfortunately, your present seemed to have gotten lost in the mail. Shortly after your birthday, you get a message saying it would be a good idea to cool things down and see other people. Heartbreak Hotel? I need a room for one, please: Not long after your online love dumped you, you get several outrageous credit card bills in the mail. Confused, you decide to call your credit card company saying that you never made these purchases with your card. They tell you that you have also opened two other credit card accounts and have maxed out each account. You explain that you were not responsible for the charges, and you still have your credit card in your possession. Then you realize that you had connected your credit card to your Amazon account. The only other person who had access to your account was your online dating partner. You now realize why you never met in person, why there were so many questions about your life, etc. Once the realization hits, you feel like a fool: After the grief and anger pass, you decide to learn more about identity theft and its many forms. You hire a professional identity protection service, obtain protective software, and try to take as many preventative steps as you can to avoid this from ever happening again:

Everyone knows online dating can be crazy and fun, what with setting up profiles and posting just the right pictures. But when you sign up for an online dating service, you might not be prepared for how much email you will receive. Honestly, you might get more stuff in your inbox than you bargained for. Once you've signed up and given them your email address, the emails start. These are the most common types: Notifications that someone is interested in meeting you Notifications of "possible matches" Newsletters and announcements about upcoming events Promotions from partners of the dating site Phishing emails from cyber-criminals pretending to be your online dating service All these emails can really add up and smother your inbox. Within a week of signing up, you might feel ready to close your account with them, just to stop the deluge of emails. Unfortunately, when online daters do try to cut it off, dating sites can sometimes be less than responsive. One frustrated consumer filed this complaint with the Better Business Bureau (BBB) about Spark Network, which owns Christian Mingle and a slew of other dating sites: "The company refuses to remove me from their database... I have attempted to get myself removed from this company's advertising database, but they refuse (or simply do not acknowledge) to remove my email address. They will not provide a phone number and attempting to remove myself online is futile." When dating sites abuse your email or phone, or refuse to stop sending messages at your request, this is a misuse of your personal information. While not quite as prevalent on online dating sites as scams or billing and collection issues, misuse of online dater's personal information can be stressful and time-consuming to fix. In some cases, it can pose a real risk to your identity and finances. Fortunately, as a consumer, there are actions you can take to eliminate this stress and risk. You can start by abiding by these seven iron-clad rules: 1. Know What You're Agreeing To When you sign up for an online dating service, that service is required by law to provide you with a document that tells you what you're agreeing to as one of their users. This document is usually called a privacy policy or terms and conditions, and you'll usually see a link to it on the dating site's sign-up page with a message like "By clicking 'submit' you agree to abide by AcmeDating.com's terms and conditions." If you click on the link to the document, you'll find a page full of small-print legalese-it's not exactly page-turner material. So why put yourself through the laborious task of reading it? Because this document spells out what your dating site is planning to do with your personal information once you click 'submit'. And when you click 'submit', you are officially giving them permission to do everything in that document. So, to avoid giving someone the permission to do inappropriate things with your email or phone number, it's in your best interest to read this document before you click submit. On the Federal Trade Commission's (FTC) page on the evils of spam, they warn: "Check the privacy policy before you submit your email address to a website. See if it allows the company to sell your email to others. You might decide not to submit your email address to websites that won't protect it." 2. Know What Your Rights Are Speaking of the FTC, they regard unwanted emails the same way they regard uninvited telemarketing calls, as a nuisance and even harassment. Certain rights prevent companies from abusing your personal information. First, know that it is illegal for companies to send you emails without your permission. If companies are found to be emailing people without their permission-or without making them aware that they're giving that permission-they can get in big trouble. So if you are receiving emails from a dating site and you're certain that you didn't give them your permission by signing up for their service, you need to notify the authorities immediately. Second, if you're receiving these emails because you implicitly gave them permission to when you signed up, you have the right to demand that they limit or discontinue their emails to you. This is similar to the laws that force telemarketers to place your phone number on their "Do Not Call" list when you ask them to. If they continue to send you emails after you've requested them not to, it becomes harassment and that is illegal. 3. Adjust Your Settings When you feel that you are receiving too many emails from your dating site, your first move should be to adjust your settings to your liking. Nearly all of the top online dating sites provide pages where their users can modify their email settings. For example, OKCupid.com lets users change their email settings on their account pages, including limiting how much email they receive or unsubscribing from their emails altogether. ChristianMingle also lets their users unsubscribe from various types of emails, including newsletters, partner offers, notifications of possible matches, and messages from "secret admirers." If you can't readily find your email settings page on your dating site, consult your site's 'Help' page or contact customer service. 4. Beware of phishers Cyber-criminals aren't just targeting banks and retailers anymore. In 2014, cyber-criminals launched mass phishing attacks against Match.com, Christian Mingle, PlentyOfFish, eHarmony, Chemistry.com, and other major dating sites. Their goal: to steal online daters' usernames and passwords. This means online daters need to constantly be on alert not just for too many emails from dating sites and their partners, but for emails that tell them that something has gone wrong with their online dating accounts and that they need to click on a suspicious-looking link to fix the problem. 5. Mark it as spam Most email providers allow you to mark emails as spam. Most of the major email providers, like Yahoo and Gmail, provide this feature, which accomplishes two things at once. First, it reroutes any future emails from the marked email address to your spam folder, so it doesn't clog up your inbox. Second, it flags the offending email address in your email provider's database. If enough people mark it as spam, all of their emails will be blocked by that email provider. This is an easy yet subtle way to tell your dating site, "Thanks, but no thanks," and force them to reconsider how much email they send out. 6. File complaints with the BBB and the FTC If changing your settings and working directly with your dating site's customer service team fails to bring the flow of email down to a level that you're comfortable with, your next option is to escalate the situation by bringing in a third party. The BBB and the FTC provide places where consumers can file complaints about companies. When filing a complaint, be sure to be as descriptive, factual, and honest as possible. This ensures that your complaint will be resolved faster and more smoothly. The BBB and/or FTC will then take your complaint to your dating service find out what occurred and then get the situation resolved. This process usually takes a few weeks. No dating site wants to get a bad rating or risk their accreditation with the BBB. Similarly, no company wants the bad press of being investigated by the FTC. This factor works in your favor when it comes to getting your complaint resolved. 7. Submit a consumer review Consumer review sites have never been a more popular way for consumers to find out if a company is worth their time or not. That's why online dating services pay close attention to these reviews and why you should take the time to post your own review of your experience with your online dating service. This directs consumers like yourself to the best dating services and away from the less reputable ones. More importantly, it puts pressure on your online dating service to improve and treat their customers fairly. Sending a Message Ultimately, being a good consumer means knowing what your dating service can do with your personal information-and especially what they can't do. By taking the right action, you will keep your inbox uncluttered while getting the most out of your online dating experience. Best of all, it keeps your online dating service honest.

Public, free Wi-Fi is a convenience that most of us appreciate, but you shouldn't be blinded by its too-good-to-be-true appeal. Using public Wi-Fi networks might just be one of the riskiest, tech-related mistakes you make on a regular basis. Scott N. Schober, the President and CEO of Berkley Varitronics Systems (BVS), author, and well-informed cybersecurity expert, believes that public Wi-Fi networks are, in fact, dangerous to access. Schober explains, "when you access most public Wi-Fi, you enter into a temporary relationship with that provider whereby you trade your privacy for convenience. Open Wi-Fi access points are sometimes subsidized by collecting and selling metadata relating to all consumer activity including purchasing habits, dwell time in the store and even the specific devices used to connect to that open Wi-Fi. You might not care about sharing this metadata but advertisers certainly do." Recurring risks According to Schober, the shared metadata can be used to a criminal's advantage. He says that "this data is extremely valuable because it provides vital information that acts as pieces in a larger puzzle profile that targets you. When properly sorted, this profile can reveal daily patterns including our daily routines, habits, contacts, social posts, and of course, our purchases. Now imagine that when you approach each store, someone is shadowing you and taking notes on everything you did with your smartphone while near that store. It is enough to freak out most consumers, but that is essentially what we are doing."  Schober explains that "by allowing one Wi-Fi to collect and sell this metadata, we are unwittingly opting into targeting and tracking programs similar to Google or Facebook’s advertising programs. Citizens have the right to protect their own privacy, but cannot truly protect themselves if they are not even aware they are being targeted." Frequency of theft Many people may think that public Wi-Fi network risks are rare, most likely because they haven't noticed any negative consequences from connecting to public Wi-Fi. To Schober, the risks are "like fishing in a barrel" as in "high traffic areas are prime targets for hackers and very likely to include fake hotspots that can compromise our devices. These are called Man-in-the-Middle attacks because the hacker’s access point pretends to be a known public hotspot. And there is nothing to stop hackers from naming these deceptive hotspots by the same or similar names to trusted ones such as ‘Free Wi-Fi Starbucks’. So when customers scan the list of possible Wi-Fi connections, they might simply just choose the first one they recognize in a long list. That means they have now just connected to the hacker’s hotspot revealing commonly used login credentials, their email, and perhaps all the data on their phone." Schober adds that the one connection made to the hotspot may not be your last. He says, "to make matters worse, as a convenience feature, most phones automatically reconnect to known hotspots by default every time you are back in the area so hackers can get repeat business from their victims." The bigger problem Regarding the degree of theft that can come from using public Wi-Fi networks, Schober shares that "public Wi-Fi is a stepping stone to much greater data theft." He explains that "while only a few items such as frequently used passwords and emails can be easily gleaned from a casual public Wi-Fi connection, the real payoff usually results from the introduction of malware onto the device. Once a hacker has a direct connection to your mobile device via malware, they have access to most anything on that device. But their reach can extend far beyond that device as well. Depending on how they compromise your phone, a hacker can then gain entry into your PC at home and eventually all data including financial, personal, healthcare, and even friends’ and family’s data too." All of which makes public Wi-Fi a worrisome threat. What to do if you are a victim If you have reasonable evidence to believe that you have been victimized because of your public Wi-Fi network connections, Schober instructs that "you should first delete all Wi-Fi networks listed on your mobile device so you do not automatically re-connect to them when you are nearby. If you know the name of suspicious hotspot, alert the nearest retailer also offering public Wi-Fi since most of their customers would potentially be affected by this same hotspot as well. If any legitimate retailer believes their customers could be in jeopardy, they will take action." He recommends that you "use your own 4G LTE hot spot or host one from your secure 4G smartphone. If you suspect your devices have already been compromised, be sure to erase and re-install your phone OS completely and do not use a recent backup that might contain cookies, browser history, or any code that might contain the malware such as key loggers. Effective anti-keyloggers such as StrikeForces’ MobileTrust can be purchased from Amazon or directly from their website https://www.strikeforcecpg.com. I use these products and have found them to be simple and effective defenses against keyloggers." How to avoid becoming a victim Although there are many legitimate Wi-FI networks, avoiding connection to a public Wi-Fi network is a good way to protect yourself and your data. Schober recommends "that people consider a 4G LTE hotspot to avoid the privacy pitfalls associated with open Wi-Fi. A modulated LTE signal is unlikely to be hacked or spoofed and much safer than using any open Wi-Fi. Modern smartphone OS includes integrated Wi-Fi tethering plans so you can host your own Wi-Fi hotspot. Just make sure you use a long and strong password so you can connect any of your devices securely to your smartphone." If protecting your privacy is important to you, prevention is the key. Although avoiding public Wi-Fi networks altogether is a solid preventative step, there are many other ways a thief could steal your private information and even your identity. Hiring a professional identity theft protection service might also prove to be a good move on your end. After all, your data, information, and identity are worth protecting, especially as cybercrimes are becoming more frequent.    

1. What does the antivirus software cover? Although they are often classified as 'antivirus' software, these products have expanded to do so much more than just protect against computer viruses-although they still do that. These days, antivirus software has to protect your computer from a multitude of threats, such as: Malware Phishing attacks Malicious URLs Mobile hacks Firewall protection Parental controls Document disposal Wi-fi monitoring Online backup Social media hacks With so many threats, the antivirus software packages you look at are going to throw some very long feature lists at you. This can be somewhat overwhelming. Fortunately, you can make this process less intimidating by weeding out that stuff that is lower on your priority list. Some of features are going to be important to most consumers, while others exist solely to satisfy only the most vigilant users. Before purchasing, make a list of the threats you want to be protected against and then look for features that address those threats. 2. How will the antivirus software affect your computer's speed? Since the beginning, one of the biggest complaints from antivirus customers has been the tendency these programs have of bogging down computers, sometimes bringing them to a complete standstill. On his review of McAfee antivirus on bestcompany.com, Brad, a McAfee customer, loved the software but had this one complaint: "It can really bog memory down when it is doing updates or scanning." PCMag reviewer Neil RubenKing tested Panda Security's effect on how long it took his computer to boot up, with the following results: "I found that adding Panda to the mix made the boot process take 19 percent longer. That's precisely the average of current products." So, despite the software-makers' best efforts to minimize the slowdown on users' computers, it's common and even expected that, because they are constantly scanning and sorting files as your computer runs, any antivirus software is going to slow down the operation of your computer. That being said, some antivirus softwares make special versions that have impact on computer speed far below that of normal packages. One example of this is Webroot, which offers a package especially for PC gamers. This package runs in the background while they play their games and is guaranteed not to interrupt or cause their games to slow down or crash. Few things are as annoying as having your antivirus software turn your once-speedy computer into a dinosaur. So before you buy, do your research and read plenty of reviews to gauge which antivirus software packages cause the least computer slowdown. 3. Does the antivirus software's tuneup tools help or hinder? Many, if not most, antivirus packages also have features designed to optimize the workings of your computer with regular scans. For example, in reviewing AVG antivirus, Neil Rubenking found that: "This simple scan wipes useless data from the Registry, defragments the Registry, and eliminates broken program shortcuts. It also cleans up traces of your Internet and computer use, optimizes startup and shutdown, and, if necessary, defragments the hard drive." All of these steps can work wonders for the speed and responsiveness of your computer, often giving a second life to a computer you thought to be on death's doorstep. But these scans can also be so frequent and take so long that they seem like they are always running and getting in your way. Kay Richardson, a McAfee customer, described this best when she reported on bestcompany.com: "It took 2 days for it to complete a scheduled scan on my laptop. This has been happening frequently." Again, reading through some honest reviews will tell you which antivirus packages will take over your computer with tuneup scans and which ones won't. 4. How current is the antivirus software? When it comes to stopping viruses, worms, and malware, antivirus software is only as good as its updates. Software updates tell the software about any new threats that have emerged and how to deal with them. If its software updates are out of date by even a couple days, your computer could be at risk from the newest threats. The downside of all these updates is that they can occur daily and they can really slow down you computer. Thankfully, many antivirus packages have started running on the cloud, meaning updates don't have to be uploaded onto your computer. Instead, updated information is posted to a web-based tool that then scans your computer for threats. So you don't have to worry about your computer having to download those lengthy, annoying, bandwidth-sucking updates. 5. How does the antivirus score on independent tests? Just as companies like JD Power and Associates offer ratings for automobiles, there are independent companies that are dedicated to testing the different antivirus software packages and assigning performance scores. One example of this is Dennis Technology Labs, which runs uniform malware tests on all antivirus software and assigns scores (AAA, AA, A, B, C) based on how many simulated malware attacks they successfully detected and blocked. If you were to look at their test results, for instance, you would find that McAfee scored an AA, which is decent but not as impressive as Kaspersky, which earned a solid AAA. 6. Will the antivirus software run on my operating system? Does your computer run on Windows, Mac, or maybe Linux? Although most of the top antivirus software will run on all three of these major operating systems, a few don't, and it's important that you check before purchasing your software. Webroot, for example, supports Mac and Windows but not Linux. 6. Will the antivirus software protect your mobile device? That's right. As mobile devices have transformed from simple phones into hand-sized computers, they have also become another potential target for viruses, hackers, and other threats. This means that you might want to consider if your antivirus software will protect your phone or tablet as well as it does your home computer. This is real point of differentiation among antivirus packages. Some don't provide any protection for your mobile devices, and others might require that you purchase extra products to extend coverage to your mobile devices. Be aware that some products will cover all kinds of mobile devices, but some won't. For example, Kaspersky works on Android devices but not on Apple devices. If you don't go with antivirus software that protects both your phone and your mobile devices, you might consider purchasing apps on your device that will protect it. Norton, McAfee, and many other antivirus companies provide downloadable apps on iTunes and Google Play. 7. Does this antivirus software come with reliable technical support? Occasionally, software installations don't go as planned. Antivirus software can sometimes be hard to figure out. In these moments, you want to know that you can call the company that made the software and that they will be available to help you fix the problem. Most importantly, you want that company to be available whenever things go wrong, not only during certain hours of the day. Fortunately, most of the top antivirus software companies provide 24/7 technical support to the customers with a paid subscription. However, a few, like Webroot, offer technical support only during business hours. Before you buy antivirus software, check quickly to make sure they offer 24/7 technical support. 8. Have you checked the antivirus software's subscription policy? Although every top antivirus package offers free trials of their software for anywhere from a couple weeks to 30 days, they all charge a subscription fee to continue their services. Depending on which features you buy with each software, these subscriptions will be anywhere from $20 to $150 and will typically be good for a year. Once that year is up, however, your subscription will usually automatically renew for another and take the same amount from your credit card or bank account again. This is true for all of the top antivirus companies, and it can sometimes be a huge pain in the neck for customers who weren't expecting it or don't want to continue. So what should you do if you don't want your antivirus subscription to automatically renew? Most software packages allow you to disable the auto-renewal feature anytime during your subscription period. In the event that your subscription is automatically renewed and you don't want to continue, some companies, like McAfee, will let you cancel any time within 60 days of the renewal and give you a full refund. At any rate, before buying antivirus software, take the time to read the packaging to find out what their policy is regarding auto-renewal and refunds. The Best Security is Doing Your Homework The truth about any antivirus package is that no software is 100-percent guaranteed to protect your computer or mobile devices. Fortunately, there are a lot of really good options out there that can help you protect your computer, your identity, your documents, and your family members. To make sure you get the right one for you, do your homework and make sure you ask the right questions before you buy.

It's Valentine's Day and you and your spouse are enjoying a candlelit dinner at your favorite restaurant. Everything feels picture perfect as you end your evening sharing a heart-shaped chocolate dessert. When you try to pay your check, your waiter whispers "I'm so sorry. It seems your card has been denied." Your confusion later turns to shock when you call your card issuer and discover that your spouse has opened various credit card accounts in your name and has exceeded the credit limit on more than one of those accounts. This Valentine's Day is more sour than sweet when you realize you're the victim of spousal identity theft. Spousal identity theft Surprisingly enough, scenarios like this aren't that uncommon. Spousal identity theft is actually more feasible than other forms of identity theft because the thief doesn't have to try very hard to obtain a spouse's private personal information and data. Spousal identity theft occurs when your spouse uses your identity for opening and using multiple credit card accounts, creating other fraudulent accounts, misusing social security numbers, signing documents, and more; all without your consent. The tragic experience Although spousal identity theft may seem like a distant worry for some, it became a hard reality for victim Jonathan Farley. Farley met his wife in March 2013. By 2016, Farley and his wife were separated after she had stolen "several thousand dollars' worth of items" and defrauded Farley "out of tens of thousands of dollars". Farley's wife had previously used his credit card and "may have photographed the numbers on the back" which Farley thought "was odd, but innocuous." In September 2016, Farley realized his wife was trouble after she had stolen all of his new furniture and told him that she was connected to the Russian mafia. Farley contacted law enforcement and tried to charge his wife with theft, but was told by a state attorney that his wife's actions were valid because she was his wife who shared his property. According to Farley, the state did not take any action of justice against his wife for her fraud and theft. Farley tried to enhance his bank account security by adding more security questions to his bank account access, but was told he was not allowed to do so by his bank. His bank account is still connected to the original security questions; all of which his wife knows. Farley's wife left the country shortly after she stole from him, requiring Farley to stay married to her for a year after they had separated by law. Farley intends to use professional identity theft protection services to help keep his identity secure once his divorce goes through and he can rebuild his savings.  Unfortunately, Farley's experience, like many victim of identity theft situations, did not have a happy ending. According to the Identity Theft Resource Center (ITRC), spouses are legally seen "financially as one person" in most states. This means that a spouse is legally allowed to access any financial accounts that another spouse opens or uses and also has the ability to open new credit lines with a spouse's information. The ITRC states that "the only general exception to this rule is if they've forged your signature without your consent" which would be regarded as forgery and/or fraud. Post-identity theft options Victims of spousal identity theft have a few options to remedy their situations. One option is to keep the situation in the family. For instance, a couple could try to work things out on their own time between themselves instead of taking legal action. In this case, the couple would have to treat the financial infidelity as a debt they will have to pay off together since the debt will not go away via court case. Another option is a legal separation, which gives the victim an opportunity to separate both physically and financially. Spouses that continue to open accounts under their spouse's name and information will be considered identity thieves and can be subjected to identity theft charges. Additionally, victims of spousal identity theft can file for divorce if amends cannot be made. If the identity theft continues, then victims can notify the police and file identity theft criminal claims. Preventative steps Preparing for spousal identity theft can be difficult. More likely than not, couples will share their personal and private information like social security numbers, birth dates, full names, tax return information, bank account number information, and credit card numbers. Communication may help prevent spousal identity theft, but it may not always reflect a spouse's true intentions. One preventative step you can take is to make sure that you monitor your credit. Credit is often one of the first indicators of spousal identity theft. Another step is to make sure you keep your important documents like your tax return documents and birth certificate separate from your spouse if they are acting suspiciously. If you have doubts or concerns, put a new, secure password on your phone and make sure you keep your phone close to you at all times. Many phones contain sensitive personal information and data that could be used in an identity theft scenario. Lastly, one of the best things to do would be to hire professional identity theft protection services that will monitor your credit reports from all three major credit bureaus around the clock and will notify you of suspicious or fraudulent activity. Stay aware Overall, spousal identity theft is a real problem that affects many people on a regular basis. Staying aware of the dangers of spousal identity theft can help you prepare for stolen identity situations that may arise between you and your spouse. If your marriage is founded on trust and honest communication, your chances of spousal identity theft will be lower than most. However, it's still good to keep in mind that there is no way to completely avoid all forms of identity theft.

Many a Craigslist scam goes as follows: You post an ad selling a big-ticket item. An eager buyer responds and says they'll send you a cashier's check-not just for the cost of the item, but also shipping fees, to make things easier for you. And depending on what you're selling, the shipping fees can be close to $2,000. You deposit the check, so now, the payment for the item, plus shipping fees, are in your checking account. You then wire the shipping fees to the "shipper" so that the buyer gets the item fast. A few weeks, maybe a month later, your bank pulls all the money that was deposited into your account, out. This means you are out whatever the shipping fees were. That's because the check was phony. You now realize, "I've been scammed!" Even if you wait to see if the check clears, this doesn't guarantee the money won't be pulled out of your account, because even the bank can be fooled, thanks to the Federal Reserve Board's Expedited Funds Availability Act. This makes it possible for deposits to be available pronto. How can you spot a scam? The buyer's e-mail address is strange. The buyer says they'll send you a cashier's check that covers more than the sale item-usually the extra money is to pay for shipping. Be especially suspicious if the buyer says they'll throw in a little extra to show their appreciation. You're instructed to send the shipping money via instant electronic transfer. And you're told to hurry this process up; the buyer pressures you to wire the money ASAP. The extra money in the check doesn't always pertain to shipping. But the big red flag is that the check (or money order) coming to you is for more than the cost of the sale item. A lot more. And for whatever reason, the "buyer" wants you to send that difference back to him (or the "shipper"). The buyer, their check's bank, and the shipper are from different states. The buyer doesn't show much interest in the sale item or its associated paperwork. They're happy with your price rather than wanting to bargain it down.  How to Avoid Getting Scammed Require cash transactions. Try to work with only local buyers. Sometimes you have to take a buyer who's long distance, and sometimes you just have to accept a check or money order. In that case, call the bank that the check/money order came from for confirmation that it's legitimate. Warning: Sometimes a scammer will print phone numbers on the fraudulent check/money order and arrange for a co-scammer to answer and confirm the money's legitimacy. So don't dial any numbers on the money document. Instead get the bank's number from its website. See what happens when you require that the buyer, who wants to use a cashier's check, use a local bank. If there's resistance, you're probably looking at a scam.

What Is Identity Theft Protection? What Is Identity Theft Restoration? Identity theft protection is a proactive measure designed to either prevent occurrences of identity theft, or limiting these events in number and severity. While no company can guarantee complete prevention of an identity theft, the best identity theft protection companies are skilled at detecting and resolving ID theft events quickly. Companies will offer any of the following services to protect your identity from further harm: Credit Monitoring Identity Monitoring Security Freezes Fraud Alerts Also known as "identity recovery," identity theft restoration is a reactive measure designed to help you regain full control of your good name and finances after an identity theft takes place. Most identity restoration companies will assign you a case worker who will walk you through the process of regaining your identity. The best identity theft protection companies will offer any of the following to help you restore your identity: Lost Wallet Protection Limited Power of Attorney Identity Theft Insurance Pre-Existing Theft Credit Monitoring Many identity protection companies offer credit monitoring as their standalone protection solution. Credit monitoring is the process of periodically checking your credit reports for accuracy as well as potential incidents of fraudulent activity. Credit reports are obtained from up to three major credit reporting bureaus: TransUnion, Experian, and Equifax. Identity theft protection companies offering credit monitoring will notify you should any of the following take place: A company examines your credit history Loan or credit card applications are filed under your name. A bankruptcy appears in your public records. A legal judgment is filed against you. Your credit limit changes. Your personal information changes. Back to Top Identity Monitoring As opposed to credit monitoring, which applies to factors that affect your credit report directly, identity monitoring deals with factors that do not show up on your credit report. While many protection companies will monitor instances of misuse or abuse of your identity, very few can do it in realtime. These companies employ what's called an analytical system, which provides live updates of your personal information, where it is being used, and whether the use is unauthorized. These events include the following: Change of address request New court or arrest records Payday loan applications Orders on services (cable, utility, wireless, etc.) Check cashing requests Social media Black market websites (illegal databases that trade ID theft victims' personal information) Back to Top Security Freezes When a new and fraudulent account is opened in your name, it can be very difficult to stop the ID thief from ruining your credit, draining your bank account, and destroying your good name. A security freeze stops creditors from seeing your credit reports or credit score, which in turn prevents reputable credit grantors from issuing new lines of credit in your name. When the fraudulent accounts have been resolved, you may then unfreeze your credit using a PIN provided by the reporting agency. A security freeze does not halt fraudulent activity on your existing accounts; it is designed to stop subsequent attempts to use your information on credit applications. Back to Top Fraud Alerts Like security freezes, fraud alerts can be done either manually or through an identity theft protection company. If you suspect you may be the victim of identity theft, you can issue a fraud alert on your credit reports, which notifies creditors and lenders of the breach and allows them to protect your account from further fraudulent activity. Depending on your circumstances, you could use one of several different fraud alerts: Initial Fraud Alert Extended Fraud Alert Active Duty Military Alert Lasts at least 90 days Used if you suspect a fraud Requires proof of identity Entitles you to one free credit report Only needs to be placed with one credit agency Lasts seven years Used if you are a victim Requires identity theft report Entitles you to two free credit reports Only needs to be placed with one credit agency Lasts one year Used to reduce risk of ID theft while deployed Only needs to be placed with one credit agency Back to Top Lost Wallet Protection In the event the contents of your wallet or purse have been lost or stolen, the identity restoration service will help you to replace these important documents and cancel the lost items. In order for the lost wallet protection to have significant effect, it is important to keep a list of what documents you carry in your wallet or purse. This will help the restoration company know which documents to replace, and where to look for potential incidents of fraud. Lost wallet protection usually includes, but is not limited to the following: Credit and debit/ATM cards Driver's license Social Security Cards Insurance cards Other certifications of licenses Back to Top Limited Power of Attorney While you always have the choice to act on your own behalf while restoring your identity, in some instances (particularly when the law is involved), you may benefit from agreeing to an ID theft company's Limited Power of Attorney policy, which gives the company restricted authority to act on your behalf. Through the Limited Power of Attorney, a company can legally represent you to creditors, credit reporting agencies, and even debt collectors. The company can also represent you in court, to insurance agencies, and other authorities to help halt, mitigate, or remediate/repair your credit or identity. Back to Top Identity Theft Insurance Many identity theft services will provide you with some type of insurance to help cover the out-of-pocket expenses associated with your identity theft. Identity insurance policies can range from as little as a few thousand dollars, all the way up to $5 million, and will pay for the various costs directly related to recovering your identity: Notary and Certified Mailing Costs: Costs incurred when sending letters to creditors, reporting agencies, and debt collectors Lost Wages: Some policies will reimburse lost wages should your identity theft affects your employment or your ability to receive your paycheck. Applications: The cost of reapplying for loans, grants, etc. that you were denied as a result of the identity theft Travel Expenses: In the event you need to travel in order to amend incorrect information on your credit reports or in public databases Child/Elderly Care: Costs incurred when you must pay to have your family looked after while you travel to amend your identity Attorney Fees: Lawyers fees for preparing and reviewing documents, or representing you in court Back to Top Pre-Existing Thefts A pre-existing theft is an identity theft event that has not been resolved prior to signing up for identity restoration services. Very few companies will provide restoration services for pre-existing theft; they will only cover events that take place while you are a paying customer. However, some companies do provide restoration on pre-existing thefts. Back to Top