The University of Texas at Austin created the Center for Identity (CID) several years ago. It’s a very creative enterprise that pulls together faculty, staff, ideas and projects that cut across departments as well as drawing in people outside the university. Full disclosure: I’ve attended and spoken at a few of the CID’s Global Privacy Summits and found them to be among the most innovative conferences.

CID has recently pulled together several resources that I want to share with you. They’ve developed the CID ID Protection toolkit that is well written with concrete, practical tips. The toolkit can be found at:  It’s worth taking a look at CID’s other tips and projects as they are doing research on “real world” privacy issues. That general site is:


Netflix users need to read David Bisson’s article about the credit card phishing scheme that’s been unearthed. His excellent article can be found on Graham Cluley’s website. That link is:

This is a “must read ASAP” for Netflix users so that their financial information isn’t captured and used by the scammers behind this latest phishing scheme.


I’ve written before about ransomware which is an especially vicious attack by thieves and scammers. They capture a consumer’s computer, infect it and then demand payment before the consumer can regain use and/or control of it. There are differing views on what a consumer should or shouldn’t do if she finds herself in this terrible situation.

Graham Cluley has posted an excellent article by David Bisson on what a consumer should and should not do when confronting a ransomware situation. I strongly encourage everyone to read Mr. Bisson’s article since he provides a well thought out approach which is helpful to know about before trying to undo this type of terrible dilemma. The article can be found on Mr. Cluley’s website at:

I hope no one ever needs this information but better to be educated about it then trying to figure it out when hit with a ransomware infection.

Bah humbug! 2016 is ending with more bad news about data breaches — this one involving a major hotel chain. Brian Krebs just reported about a possible credit and debit card breach at one of the brands operated by the Inter-Continental Hotels Group. He was alerted by security experts about a pattern of fraudulent credit and debit card transactions particularly with cards used by consumers at Holiday Inn and Holiday Inn Express at U.S. locations (

This is very worrisome as Mr. Krebs reports since the Inter-Continental Hotels Group is the parent corporation for over 5,000 hotels in the United States and around the world. Some of their other brands include Kimpton Hotels, Crowne Plaza and the Inter-Continental Hotels.

Mr. Krebs notes that consumers whose credit and debit cards are fraudulently used are not responsible for those charges but consumers must report such unauthorized transactions ASAP to their respective credit and debit card companies.

So anyone who’s stayed at a Holiday Inn or Holiday Inn Express — or any other the other Inter-Continental Hotels Group brands — must be vigilant about checking bank and credit card statements.

I’ll end 2016 on a possibly foolishly optimistic note — here’s hoping 2017 brings better protections for consumers and fewer privacy and data breaches.

Anyone who has had a Yahoo account since 2013 needs to change his user name and password ASAP! Yahoo just announced that 1 billion user accounts were hacked in 2013. What was stolen by hackers includes such personal and financial information as a user’s name, phone numbers, date of birth and even more.  All of this is information that thieves can use for a wide-range of damaging identity theft schemes.

So Yahoo account users should not — I repeat not! — wait to get the email notification that Yahoo says it’s sending to affected consumers. Sending that magnitude of emails could take more time than a Yahoo customer can safely wait. Who knows what personal and financial damage has already been done or could be done by the time the emails are sent and received.

Be pro-active and protect yourself—change your user name and password ASAP!

The Federal Trade Commission (FTC) ran a 3 part technology series this Fall. On December 7th, they held their final workshop on the timely topic of SmartTV. I listened to the workshop and found the information presented both informative and chilling.

The informative part comes from the insights offered by the various experts — FTC privacy attorneys, technologists working for companies developing the new SmartTV and related technologies and developers working for companies that want to collect and monetize the increasing flow of information.

SmartTV is the catch term for the types of new apps and streaming services being offered now and developed for the near future. The new technologies will, very succinctly, pose the real possibility of more information being captured about a consumer’s viewing habits. That is a rich data source for entities wanting to build and send more ads and ever more specialized customized ads to consumers.

SmartTV is not some far off technology. It’s here and consumers need to be ever more aware of the kinds of information these new devices are capable of collecting and sharing before making a purchase.

Why do I think this SmartTV workshop was so timely? It came right in the midst of the holiday shopping season when consumers are buying, among other items, new TVs and other devices. A good time for consumers to really examine a device before buying it.

Attorneys need to be alert for a phishing scam that is happening around the country. An email comes from what claims to be either a local bar association or a State disciplinary counsel. The message falsely states that a disciplinary action has been filed against the attorney.

The recipient will be told to either click on a link or open an attachment to get more information. DO NOT DO THIS! Delete this email ASAP!

The links and attachments likely contain malware or a virus that will infect the recipient’s computer and capture all sorts of personal and financial information.

Any attorney who gets this type of email should contact her local bar association to alert them about the scam.

I’ve written over the years about the proliferation around the holidays of scams and phishing schemes. The scammers count on consumers being so busy during the holiday season that they become less vigilant about protecting their personal and financial information.

Ryan Francis has written an excellent article compiling 10 of the scams that occur regularly during the holidays (; “10 top holiday phishing scams”; November 21). In his article, Mr. Francis cites the 6 holiday threats identified by Jon French, security analyst at AppRiver.

Mr. Francis’ article is worth reading for more details. Here’s a quick list of the threats identified by Mr. French:

  1. Fake purchase invoices;
  2. Fake shipping status messages that contain malware;
  3. Flyers and sales deals that come via emails: these are tricky as there will be some legitimate flyers and sales information during the holidays.
  4. Fake but legitimate looking links and urls: these are constants throughout the year but scammers know busy consumers might not take the time to check to see if the link and/or url look suspicious;
  5. Hacked bank accounts: consumers need to always be careful but especially during the holidays; make sure to check  at ATMs for “skimmer” devices; and
  6. Fake email surveys that offer money or gift cards to consumers for filling them out; doing so could mean infecting your computer with malware.

As the old saying goes, crime never takes a holiday. So be extra vigilant this holiday season.

The OPM hack continues creating havoc as reported on the Nextgov website. They have a story titled “Ransomware Emails Use OPM Breach To Lure Victims” ( This is a “must read” story for the countless current and former federal employees whose personal information was hacked in the breach. And, as the story emphasizes, the alert is important for even non-current or former federal employees as the personal information of family members and others might have also been obtained by the hackers.

Emails from hackers were sent out on Tuesday, November 8th. Anyone receiving an email that is allegedly from an OPM “account manager” must delete it ASAP! The email, per the Nextgov article, says that there’s been “suspicious movements” in the email recipients account. The email has an attachment that it says the recipients should open to learn about these allegedly suspicious activities.

Do not open it! The attachment has malware that will lock and then encrypt the recipients’ computer until and unless they pay a ransom.

The scheme was uncovered by the firm PhishMe; Brendan Griffin, a PhishMe Malware Analyst, told Nextgov that the ransomware email was likely sent to millions of individuals. How to tell if the email is part of this ransomware scheme? As the Nextgov article highlights, the email contains typos and poor grammar.

So — again — be very careful if you got one of these emails — and be aware of any similar schemes in future emails that appear to be from OPM.



Michelle Singletary writes The Color Of Money column in The Washington Post. Her October 26th column was timely and insightful as she outlined various ways consumers could, but might not, be more pro-actively protecting the privacy of their personal and financial data (Protecting yourself on the Web? Probably Not;

In her column, she cited Consumer Reports November issue that has the lead story How to Protect Your Privacy Smart and easy ways to keep your data safe. Her description of this article was excellent so I read the cover story.

It is an issue and article that consumers should read ASAP! The lead article also has links to other Consumer Reports stories on this topic. I found the September 20th article titled 66 Ways to Protect Your Privacy Right Now Do one, some, or all. Each will make a difference especially useful — concrete details written well and without jargon.

Consumers should read Ms. Singletary’s October 26th column as well as the November issue of Consumer Reports and the lead and other articles. This will be time well-spent — consumers will come away equipped with the kind of information they can use to more pro-actively protect their sensitive private information.