Identity Theft Prevention & Identity Theft Response

By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner


Technology and convenience go hand-in-hand, right? It’s true. We can now conduct our personal and professional business activities online in ways that hardly could have been imagined even just a few years ago. But, like with everything else, there is a price to pay for added convenience. And in this case, there are very real threats to security when putting your private information online…a necessary step to accessing technology conveniences.

Unfortunately, identity theft — where personal information such as your full name or social security number is stolen to commit fraud — is more common than we like to admit. Your identity allows a criminal to fraudulently apply for credit, file taxes, get your tax refund or get medical services, resulting in your credit status being negatively affected. You will spend both a painfully significant amount of time and money trying to restore your good name, with your ability to manage your finances severely hampered in the meantime.

When you imagine these crimes committed against you or your loved one, you realize the seriousness, beyond inconvenience and closer to life-changing consequences, of identity theft. If you – and who could blame you – have adopted technology conveniences, it’s time to also pay attention to what you should be doing to prevent identity theft.

  • Order your credit report once a year and review to be certain that it doesn’t include accounts that you have not opened. Check it more frequently if you suspect someone has gained access to your account information.
  • Keep your social security number (SSN) secure. Don’t carry your social security card in your wallet or write your number on your checks. Only give out your SSN when necessary. In reality, there are few situations when you must share this information. Just because you are being asked to provide your social security number does not mean that you NEED to provide it!
  • Don’t respond to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail, or online. Again, just because someone is asking does not mean you need to answer. In fact, if someone is asking for these kinds of personal information, that is a red flag. Use a critical eye and stop to ask yourself what is really going on.
  • Keep your private information just that, PRIVATE! Shred receipts, credit offers, account statements, and expired cards. Store personal information in a safe place at home and at work. Make sure others cannot see you typing your passwords on computers and at ATMs.
  • Keep your personal mail safe. Collect mail promptly. Ask the post office to put your mail on hold when you are away from home for several days. Consider getting a locking mailbox.
  • Take the time to pay attention to financial transaction details. Be aware of your billing cycles. If bills or financial statements are late, contact the sender. Review your receipts and compare receipts with account statements, looking out for unauthorized transactions. You can also consider switching to electronic statements.
  • Get tech savvy by installing security protection software on your home computer.
  • Create complex passwords that identity thieves cannot guess easily. Enable 2-factor verification on your password-protected online accounts. Change your passwords with regularity, and when a company that you do business with has a breach of its databases
  • Prevent medical identity theft by guarding your social security, Medicare, and health insurance identification numbers. Only give your number to your physician or other approved health care providers – and only when they absolutely require it! Review your explanation of benefits to make sure that the claims match the services you received. Request and carefully review a copy of your medical records for inaccuracies and conditions that you don’t have.

The worst part is that you may not know that you are the victim of ID theft until you experience a catastrophic financial consequence, like unexplained significant bills, aggressive collections or denied loans when you are depending on additional credit. Suddenly, technology will be not so convenient anymore! Identity theft is a faceless crime. You will have no idea who is doing this to you and they will, no doubt, give you little thought as they rampage your life. Yet the consequences of this crime are scars that will mark its victim for years to come.

This is no more true than in the case of Child Identity Theft, where a child’s identity is stolen and might go undetected for many years, resulting in incredible damage by adulthood. This is why I recommend setting security freezes for the entire family. The reality is that credit monitoring services are not enough. Someone can still open an account in your name and ruin your credit history. Encourage all of your family members to contact each of the three credit reporting agency’s (TransUnion, Equifax and Experian) and place a security freeze on your credit files. With the security freeze on your credit file, no one can open a new account (take out a mortgage, a car loan or other financial commitment on your behalf) unless they have your secret pin.

If you are a victim of identity (ID) theft, report it immediately to the FTC, online or by phone at 1-877-438-4338. Visit to report it and get a personalized recovery plan. This is a terrific user-friendly site that will walk you through the steps of recovering your identity. Once you file the ID theft with the FTC, you will have an ID theft affidavit. Print and take the ID theft affidavit with you to file the crime with the local police. The ID affidavit and your police report are your identity theft report. Your identity theft report will be very important as you resolve the problem with creditors, banks, and any other companies where fraudulent accounts were set up in your name.

You may also report specific types of identity theft to other agencies:

  • Tax Identity Theft – Your social security number is used to falsely file tax return, typically to get a tax refund or a job. Be aware, the IRS DOES NOT initiate contact with a taxpayer by sending an email, text, or social message requesting personal or financial information. Should you get an email that claims to be from the IRS, do not reply or click on any links. Your fear of this crime can be used against you via email scams that falsely alert you to a crime and seek your personal information that will later be used to steal from you. Instead, you should report it to the IRS and your state’s Department of Taxation or Revenue. File a report with the Federal Trade Commission (FTC). You can also call the FTC Identity Theft Hotline at 1-877-438-4338 or TTY 1-866-653-4261. Respond immediately to any IRS notice; call the number provided. If instructed, go to the Identity Verification Service. Complete IRS Form 14039, Identity Theft Affidavit; print, then mail or fax according to instructions. Continue to pay your taxes and file your tax return, even if you must do so by paper.
  • Medical Identity Theft – Your Medicare ID or health insurance member number is used to get medical services, or to issue fraudulent billing to your health insurance provider. If you believe you have been a victim of medical identity theft, call the Federal Trade Commission at 1-877-438-4338 (TTY: 1-866-653-4261) and your health insurance company’s fraud department. You can create a complaint form with the details of your experience at to share with them and with law enforcement. If you suspect that you have been the victim of Medicare fraud, contact the U.S. Department of Health and Human Services’ Inspector General at 1-800-447-8477.

In addition to federal government agencies, you should also report the theft to other organizations, such as:

  • Credit Reporting Agencies – Contact the three major credit reporting agencies to place fraud alerts (or freezes on your accounts if you have not done this important preventative step so that no one can apply for credit with your name or social security number). Get copies of your credit reports, to be sure that no one has already tried to get unauthorized credit accounts with your personal information.
  • Financial Institutions – Contact the fraud department at your bank, credit card issuers and any other places where you have accounts. You may need your ID theft reports from the police and Federal Trade Commission in order to report the fraud.
  • Retailers and Other Companies – You will also need to report the fraud to companies where the identity thief created accounts, opened credit accounts, or even applied for jobs in order to clear your name.
  • State Consumer Protection Offices or Attorney General – Your state may offer resources to help you contact creditors, dispute errors and other helpful resources.

If you need more help — and I hope you take the steps to ensure this never happens to you — the Federal Trade Commission offers a publication, Taking Charge – What to do if Your Identity is Stolen that shares detailed tips, checklists, along with sample letters.


Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.

Security Alert: Wi-Fi Connections at Risk

As your Internet Service provider, EarthLink is committed to keeping you informed of important cyber security events being observed globally. Below our partner Symantec shares information regarding a recent vulnerability that impacts Wi-Fi networks and how you can protect yourself.

Security researchers1 have discovered a major vulnerability in Wi-Fi Protected Access 2 (WPA2). WPA2 is a type of encryption used to secure the vast majority of Wi-Fi networks. A WPA2 network provides unique encryption keys for each wireless client that connects to it.

The vulnerability, dubbed “KRACKs” (Key Reinstallation AttaCKs), is actually a group of multiple vulnerabilities that when successfully exploited, could allow attackers to intercept and steal data transmitted across a Wi-Fi network. Digital personal information that is transmitted over the Internet or stored on connected devices — such as driver’s license number, Social Security number, credit card numbers, and more — could be vulnerable. All of this personal information can be used toward committing identity theft, such as accessing bank or investment accounts without the users knowledge.

In some instances, attackers could also have the ability to manipulate web pages, turning them into fake websites to collect information or to install malware on user’s devices.

 What should you do?

Wi-Fi users should immediately update Wi-Fi-enabled devices as soon as a software update is made available. Wi-Fi enabled devices include anything that connects to the Internet — from laptops, tablets, and smartphones to other smart devices such as wearables and home appliances.

 Should you change your Wi-Fi password?

No. This vulnerability does not affect the password to your router’s Wi-Fi network. Regardless of if your Wi-Fi network is password protected, this new vulnerability still puts your data at risk because it affects the devices and the Wi-Fi itself, not your home router, which is what the password protects.

Are hackers already exploiting this vulnerability?

Not yet. But as with many newly discovered vulnerabilities, it is only a matter of time before hackers find ways to exploit this weakness to their advantage.

 What else can you do to help protect you connected devices while waiting for a software update?

Keep in mind that it may take some time for the manufacturer of your devices to come up with a security patch. In the meantime, there are extra steps you can take to help secure your devices.

We strongly recommend that you install and use a reputable VPN such as Norton WiFi Privacy on all your mobile devices and computers before connecting to any Wi-Fi network. By using a secure virtual private network (VPN) on your smartphones and computers, your web traffic will be encrypted and your data will be safe from interception by a hacker.  A VPN creates a “secure tunnel” where information sent over a Wi-Fi connection is encrypted, making data sent to and from your device more secure.

Norton WiFi Privacy uses the same encryption technologies that leading banks deploy, so you can rest assured that your information stays secure and private. You can also browse anonymously and protect your privacy with Norton WiFi Privacy. You can mask your online activities and location with this no-log VPN that encrypts your personal information but never stores your online activity or location.

Additionally, only using HTTPS-enabled websites means your web traffic will also be encrypted by SSL and may be safer from this vulnerability. HTTPS browsing adds an extra layer of security by using encryption via the website you are visiting.


By Ben Halpert, Founder Savvy Cyber Kids, an EarthLink partner

In the Digital Age we are spending an increasing proportion of our day in cyberspace and less time IRL (in real life). From shopping, dating and sharing, to learning, buying and teaching, our interactions with the virtual world are having a greater and greater influence on how we and others see ourselves, how we think and how we see the world and our place in it. Regrettably, there is not a virtual justice system ensuring that those who use the Internet for good are rewarded and that those who do otherwise face appropriate consequences.

As parents, we need to help our children grow up understanding that, as Thomas Friedman of the New York Times put it, “the internet is an open sewer of untreated, unfiltered information, where they need to bring skepticism and critical thinking to everything they read and basic civic decency to everything they write.” Friedman cited a Stanford Graduate School of Education study published in November 2016 that found “a dismaying inability by students to reason about information they see on the internet.

So, what’s a parent to do?

Savvy Cyber Kids, a nonprofit organization whose mission is to enable youth, families and school communities to be powered by technology, recognizes that children may be ‘Digital Natives’ but they are also ‘Digital Naives,’ who, without intervention, completely lack an understanding of the implications of their digital actions. Founded in 2007 by Internet security expert, noted speaker and author Ben Halpert, Savvy Cyber Kids provides cyber ethics resources for parents and teachers to educate children as they grow up in a world surrounded by technology.

Here are Ben’s Top Ten Parent Tips for Cyber Safety:


Do you know your child’s favorite game, app, or social media community (and it changes often!)? If not, ask them! Children love talking about what they do with technology. Now that you know their favorite app, game or social media community, ask your child who they interact with in those digital spaces. Just as you ask about who your child plays with at school, you should ask who your children’s friends are online.


Much like the “sex talk,” the first time you introduce the “tech talk” is an important parenting hallmark. Since giving your child access to an Internet-enabled device is like taking the front door off your house and inviting in strangers, children need to understand that the virtual world can be a dangerous place and that they need to take steps to keep themselves safe. Help your child learn to distinguish between the physical world and the virtual world. Explain to your children that the physical world includes their home, friends they play with in their neighborhood, at school and on sports teams they play on. Teach your children to see strangers as strangers. As your children get older, the “tech talk” continues to evolve and delves into greater detail the inherent dangers of cyberspace. Start the talk — and don’t stop talking.


Let your children know they can approach you if something upsets them online, if they realize that they made a mistake, and that you are always available for them to help them understand what they are experiencing. Ask your child if they had ever seen anything online or in a game that made them feel uncomfortable or strange. Or if anyone has said anything strange to them in an app or a game. Ask them if anything online has made them feel funny, hurt their feelings or confused them. If they make a mistake, resist the urge to have a merely punitive approach. Help them to make better choices and sustain their willingness to communicate with you.


Encourage your children to use critical thinking skills and pause when they are about update social media or take any action on one—then think about what they are about to do, before potentially posting or forwarding something mean or suggestive. As a rule of thumb, have them answer a question like: What would my mother think about this? Help your children to understand why authorship, sources and sponsorship can influence the truthfulness of what they see on the Internet. Challenge them to not believe everything they see and to search for proof before accepting information.


To your children, anyone that reaches out to them via an app, game, or social media community seems like a good person just wanting to chat. Yet anyone that your child meets online is a stranger, FOREVER. You can’t definitively know who this person is, if they are misrepresenting themselves or if they are safe to engage with. Ask your children if they have ever received a message from someone in a game or an app that they don’t know in the physical world. Talk to your children about the concept of privacy and how they should not share personal information like names, addresses or phone numbers, if their parents are home, family schedules, or what school they attend. Make sure your children understand that they should NEVER meet someone they met online, through an app, game or social media community in the physical world. NOT EVER.


It is important for you and your children to update all devices and software on a regular basis and when notified by the manufacturer or creator. Anytime an update (often called a patch) is available, a fix was made to a known problem with that device or software. Perhaps there is a way for someone to remove all the information off a computer or device. Maybe there’s a way for someone to remotely turn on the video camera on your device and take inappropriate videos. In addition to keeping up with the latest patches, install (and keep updated) an antivirus product. Antivirus products can protect you from certain attacks. And yes, even Mac computers should have antivirus software too.


Read the privacy policy for each device, app, game, or social media community that your grandchild is using to learn exactly what information about your grandchildren is been collected by the company providing the service and what they can do with that information. Next, look for the available parental controls for each. Some apps, games, and social platforms offer options that can limit who your grandchildren can talk to you, as well as who can contact your grandchild. If there is an option to create private profiles, direct them to do so and talk to your children about not allowing people they do not know in the physical world to connect with them.


The reality is that credit monitoring services are not enough. Someone can still open an account in your name and ruin your credit history. Encourage all of your family members to contact each of the three credit reporting agency’s (TransUnion, Equifax and Experian) and place a security freeze on your credit files. With the security freeze on your credit file, no one can open a new account (take out a mortgage, a car loan or other financial commitment on your behalf) unless they have your secret pin.


Every account you and your grandchildren use is secured by user ID, such as a nickname or email address, and the password. This is done to prove that you are the person that is supposed to be accessing the account you were attempting to log into. Due to the increasing number security breaches, encourage your family members to take an additional step, beyond a complex password. Enable 2-step verification, a security measure that typically involves a text message being sent to your phone, a one-time code sent to your email, a call to your phone and/or the use of a verification app (sometimes called an authenticator app).


Encourage your children’s schools to support your digital parenting by merging cyber ethics lessons across all learning disciplines and offering age-appropriate cyber ethics programming for students, parents and educators.


Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for their free resources to help you navigate today’s digital world with cyber ethics.

Pro Tip: Encryption How To’s

You have probably heard people talk about using encryption to protect themselves and their information. In this article, we will explain what encryption is, how it protects you and how to implement it properly.

Why Use Encryption?

You might have sensitive information on your devices, such as documents, pictures and emails. If one of your devices were to be stolen, all of your sensitive information would be in someone else’s hands. Encryption protects you in these situations by helping ensure unauthorized people cannot access or modify your information.

How It Works

Encryption converts information into a non-readable format called ciphertext. Today’s encryption works by using complex math operations and a unique secret key, converting information into ciphertext. The key locks or unlocks the encrypted information. Your key could be a file stored on your computer, a password or a combination of the two.

What Can You Encrypt?

There are two types of data to encrypt:

  • Data at rest – such as the data stored on your mobile device
  • Data in motion – such as receiving email or messaging

Encrypting data at rest is vital to protect information in case your computer or mobile device is lost or stolen. Full disk encryption (FDE) is a widely used encryption technique that encrypts the entire drive in your system. This means that everything on the system is automatically encrypted for you. Today, most computers come with FDE but you might have to manually turn it on or enable it. FileVault is used on Mac computers while Windows computers can use Bitlocker or device encryption. Mobile phone encryption for the iPhone and iPads automatically enable FDE once a passcode has been set. Starting with Android 6.0 (Marshmallow), Google is requiring FDE be enabled by default provided the hardware meets certain minimum standards. Please check with your device manufacturer to determine if it supports FDE.

Information in motion is also vulnerable. If data is not encrypted it can be monitored, modified, and captured online. This is why you want to make sure that all sensitive online transactions and communications are encrypted. A common type of encryption for data in motion is HTTPS. This means that traffic between your browser and a website is encrypted. Look for https:// in the URL, a lock icon on your browser or your URL bar turning green.

Key Things to Remember

  • Your encryption is only as strong as your key.
  • If using a passcode or password for your key, make sure it is a strong, unique password.
  • The longer your password the harder it is for an attacker to guess or brute force it.
  • If you can’t remember all of your passwords we recommend a password manager to securely store your passwords.
  • If your device has been compromised or is infected by malware, cyber attackers can bypass your encryption or leverage your secret key to decrypt the data if your key is not stored securely. It is important you take other steps to secure your devices including using anti-virus, strong passwords, and keeping them updated.

What Do You Know About Malware?

Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim. Malware has become the most significant external threat to most systems, causing widespread damage and disruption, and necessitating extensive recovery efforts within most organizations.

There are five types of malware:

  • Ransomware – Ransomware is a subcategory of malware which typically will block access to computers or data until a payment is made.
  • Trojan – A Trojan is a self-contained, non-replicating program that, while appearing harmless, actually has a hidden malicious purpose. Trojans either replace existing files with malicious versions or add new malicious files to hosts.
  • Spyware – Spyware is a type of malware used to covertly observe a user’s activity and gather information about a user without their knowledge or consent.
  • Virus – A virus self-replicates by inserting copies of itself into host programs, data files or propagating through network file sharing. Viruses are often triggered through user interaction, such as opening a file or running a program.
  • Worm – A worm is a self-replicating, self-contained program that usually executes itself without user intervention.

Signs to Look Out For:

  • Slow performance
  • Unexpected computer crashes
  • Pop-up ads (even when no browser is open)
  • Excessive hard drive activity
  • New browser homepage or toolbars
  • Unexpected Antivirus disabling
  • Lost functionality

Ways To Avoid An Attack: 

  • Do not open suspicious emails oremail attachments, click on hyperlinks, etc. from unknown or known senders, or visit websites that are likely to contain malicious content
  • Do not click on suspicious web browser popup windows
  • Do not open files with file extensions that are likely to be associated with malware (e.g., .bat, .com, .exe, .pif, .vbs)
  • Do not disable malware security control mechanisms (e.g., antivirus software, content filtering software, reputation software, personal firewall) and ensure that they are continuously updated
  • Do not use administrator-level accounts for regular host operation
  • Do not download or execute applications from untrusted sources

Do You Know The Keys To Creating A Strong Password?

A password unlocks a kingdom of information — yet people often make themselves vulnerable to cyber attack by using weak passwords.

To create better passwords, use these password safety tips:

  • Use at least 12 upper and lowercase letters, symbols and special characters
  • Make an acronym out of a memorable sentence: My 1st son was born at Atlanta Hospital at 2:30pm= M1swb@AH@2:30pm
  • Don’t use personal information easily found from a Google search or social media
  • Don’t store your passwords in a Word document or on paper
  • Use different passwords for each account
  • Never share your password
  • Avoid logging into accounts on public computers or unsecured WiFi

If you believe your password has been compromised, change your password right away. If you need help, contact EarthLink Support.