How to prevent holiday identity theft

by Herb Weisbaum,

identitytheft1ID theft is a year-round problem, but the hectic holiday season is prime time for this crime. There are a few simple things you can do to reduce your risk of becoming a victim.

You’re stressed. You’re sleep-deprived. You’re running around trying to get all of your shopping done before the relatives arrive. The crooks who want to steal your personal information couldn’t be happier.

Identity theft is a year-round problem, but fraud prevention experts warn that the hectic holiday season is prime time for this crime.

“People get distracted at this time of year,” said Adam Levin, chairman and founder of IDentity Theft 911. “And when you get distracted and you’re not thinking about security, you become vulnerable.”

Many people are simply too lax when they shop online. A recent survey by IDentity Theft 911 found that 21 percent of online shoppers would provide their mother’s maiden name in order to make a purchase; 14 percent would provide a family member’s birthday. And even though the number was small, 2 percent would give out their Social Security number. That’s something you would never do simply to shop online.

“It may take little time for that privacy compromise to result in identity theft,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that helps victim of this crime. “Come January or February, after you recover from the holiday shopping frenzy, you may notice something is amiss.”

ID thieves also have an array of technology that can help them steal your private information when you shop online, whether on your computer or your mobile device.

“There are now tens of thousands of viruses targeting mobile devices,” said Robert Siciliano, an online security expert with McAfee. “They can compromise the device by installing spyware on it that steals user names and passwords, as well as credit card information.”

Security software is now available for mobile devices. The website Top10Reviews recently rated 2014 mobile security software.

The fraud experts at recommend creating a new password when you shop at a site you haven’t used before.

“If the bad guys get a hold of that new password, they won’t be able to hack into any of your other accounts,” said Scambook’s Miranda Perry. “It may be a pain to create new passwords and remember them all, but there are a number or programs that will do that for you; many are free.”

They recommend LastPass, which is free for Mac and Windows computers. David Pogue, formerly of the New York Times, likes another free program called Dashlane. In a recent review, he called it “one of the best” password programs available. The new version 2.0 can synchronize all the passwords between your computer and your smartphone.

Some naughty online holiday scams
Security experts agree: You can’t prevent identity theft. There are simply too many opportunities for the bad guys to steal your personal information. But you can reduce your risk if you know some of the favorite ways ID thieves target you during the holidays.

1. Bogus websites with screaming deals
It’s a holiday tradition — identity thieves create bogus sites with beautiful graphics and amazingly low prices on popular, but non-existent digital devices. Take the bait and you won’t get your merchandise and the crooks will have your credit card number and other personal information.

Protect yourself: Do your homework. If this is your first interaction with a new merchant, check them out before you provide any personal information. How long have they been around? Are they rated by the Better Business Bureau? Beware of prices that are significantly cheaper than everywhere else. It could be a trap.

2. Digital greeting cards loaded with merry malware
You expect to get holiday eCards from friends and family. Identity thieves send out seasonal greetings, too. But theirs are loaded with viruses and other malware. Their spambots use social media sites to send booby-trapped greeting cards that look like they’re from someone you know.

Protect yourself: Don’t click the links in the body of an email alerting you to an eCard and don’t open any attachment. You can always check to see if that person really did send you a card. The safest way to get an eCard is to go to the greeting card company’s site and put in the card number listed in the email.

3. Bogus shipping notices
If you shop online and are expecting a package, a shipping notice doesn’t seem that unusual. That’s why the bad buys send out bogus shipping alerts designed to look like they’re from FedEx, UPS or the U.S. Postal Service. They’re hoping you’ll click on the link, which loads malware onto your machine or takes you to a phishing website they’ve created.

Protect yourself: Only use tracking numbers provided to you in the initial email you get right after you make the purchase. Go to the store’s website to track any packages you’re expecting.

4. Fake Black Friday or Cyber Monday ads
It’s always fun to see the leaked ads for Black Friday and Cyber Monday. That’s why scammers create fake leaked ads. They contain links that direct you to a fraudulent website that installs malware.

Protect yourself: Stick with reputable sites that specialize in Black Friday ads. Some of the better known sites are:,, and

Be on the lookout for possible problems
The best way to spot a problem is to look for it. And that means going through your bank and credit card statements each month — more often, once a week or so, if you have online access.

“Look at the charges. Are they exactly what’s on the receipt? If there’s something on there that you don’t recognize, call the bank or credit card company right away,” said Julie Springer, a vice president at TransUnion.

Security warnings can be scary, but the consequences of identity theft can be serious. So, you need to be on guard.

“Most people are going to be fine,” noted Miranda Perry at Scambook. “I shop online all the time and by following a few safeguards, I’ve avoided any sort of incident. Just remember, it’s better to be safe than sorry.”