You may remember last December when Facebook began prompting users to make their shared content and status messages publicly visible. With the announcement, Facebook founder, Mark Zuckerberg, encouraged Facebook users to follow suit by changing his own "old" privacy settings and posting this statement: 

For those wondering I set most of my content on my personal Facebook page to be open so people could see it. I set some of my content to be more private, but I didn't see a need to limit visibility of pics with my friends, family or my teddy bear :)

A few months later Facebook pushed the privacy boundaries again with its latest program, “Instant Personalization”. This service allows other web sites to customize user experience by giving them access to user’s Facebook data. And no, it's not an opt-in program like the other one.

This new direction in privacy policy represents quite a shift from Zuckerberg's previous stance when he termed privacy control as "the vector around which Facebook operates."

A Change in Tactics

Not only did Facebook change its approach to privacy, it also changed its approach to implementing these new directions. 

With the Instant Personalization program, Facebook embraced the "we know best" mentality further and omitted the prompts altogether.  Users found themselves already opted-in without the need to trouble themselves with giving consent. Sure, you can still opt out, but Facebook warns you that you'll be forfeiting a "richer experience as you browse the web".  

No, I'm not making this up.

Why Have Things Changed?

So why the change in direction?  What elixir did Zuckerberg drink to make him adopt Google CEO, Eric Schmidt's mantra, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place"?

Zuckerberg's Facebook page offers this simple explanation: 

"i'm trying to make the world a more open place."

In a video interview with TechCrunch founder Michael Arrington, Zuckerberg elaborated on this idea further by promoting Facebook's willingness to stay flexible and embrace ever-changing "social norms".

It starts to get interesting at about 2:50 as Mark elaborates on Facebook's view of your privacy:

In case you don't want to watch the video, here are the relevant quotes:

We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are.

A lot of companies would be trapped by the conventions and their legacies of what they've built, doing a privacy change - doing a privacy change for 350 million users is not the kind of thing that a lot of companies would do. But we viewed that as a really important thing, to always keep a beginner's mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.

Facebook's Real Motivation

However, if I'm making my guess, I'd say the interests listed on his Facebook profile  tell the REAL story:

•  "Openness" - openness to increasing Facebook's marketshare & revenue

• "Breaking Things" - like Facebook's previous privacy policy

• "Revolutions" - creating his own in an attempt to dethrone Google

• "Information Flow" - the more your information flows around the web, the higher Facebook's revenue

• "Minimalism" - minimizing your concerns 

Let's cut to the chase...

Facebook sees an opportunity to control the web the way no other company - not even Google - can. It has 400 million users (and growing) and it will leverage those users (and their data) to control what people see and how they interact on the internet. That's an amazing opportunity which could make Zuckerberg one of the most powerful (and richest) people in the world.

Now do you see why some privacy concerns aren't going to deter Facebook or the venture capital people that back them?

Now don't get me wrong... I love Facebook and will continue to frequent the site. In fact, I may have even chosen to opt-in for a service like "instant personalization". But that aside, Zuckerberg isn't kidding anyone here. As far as this writer is concerned, this is all about increasing revenue and Internet dominance.

What Can You Do to Protect Yourself?

Last week, PC Magazine published a nice little slideshow tutorial offering 8 steps on how to better protect yourself from the privacy pitfalls of Facebook. Unless you're planning on abandoning Facebook altogether, I highly recommend checking it out...just recognize upfront that your tutorial won't be personalized!

If you hadn't heard, identity theft company LifeLock agreed to pay $12 million dollars to settle charges from the Federal Trade Commission and 35 states. The FTC felt that LifeLock ads were deceptive and overstated the protection provided by the service.

Personally, I think the charges are valid and I had to chuckle a bit when I read this email from CEO Todd Davis sent out to his partners. Mr. Davis certainly has his public relations firm working overtime to write something like this.

Here's the Message:

Take a read for yourself. I've got a few more comments below.

Important Message From Todd Davis, LifeLock CEO

Dear Valued Partner: As you know, because of LifeLock's efforts since 2005, more Americans now know of the risks of identity theft, and more importantly, have taken steps to help protect themselves. I am proud LifeLock has had tremendous success in helping to protect consumers' identities. LifeLock first gained national attention through an innovative advertising campaign in which I published my real Social Security number. Our advertising campaign was created at a time when there were absolutely no guidelines in place that governed the identity theft protection industry. I published my Social Security number because of my confidence in LifeLock's ability to proactively protect me and the knowledge that if my identity was misused, LifeLock would help fix the problem for me - as it would for any member. Unfortunately, some regulators felt these early advertisements gave consumers a false sense of absolute confidence that they could never become victims of identity theft. As a result, LifeLock has agreed to a set of advertising standards that establishes, for the very first time, federal and state regulatory guidelines for the entire identity theft protection industry. It is important to note that this agreement resulted from a review of practices from years past and has absolutely no impact on our current advertising, the LifeLock protection members currently receive through your valued partnership, or LifeLock's role as the leader in identity theft protection. In announcing the agreement, FTC Chairman Jon Leibowitz wished LifeLock well and expressly stated his conclusion that LifeLock now has a legitimate business model going forward with honest advertising. In fact, LifeLock has been in full compliance with the FTC agreement announced by Chairman Leibowitz for nearly a year. LifeLock remains as financially strong as ever and is committed to our single-minded mission to help members protect their identities. As part of the FTC agreement, consumers who are not fully satisfied with the LifeLock® service due to its past advertising can request a refund through the FTC. Significantly, we believe the FTC action explicitly recognizes that LifeLock is the leader in identity theft protection and provides real value to consumers. LifeLock helps reduce the risks of identity theft and will continue to educate consumers on the risks of identity theft. Further, you can rest assured that LifeLock has taken the strongest measures to protect members' data, measures which are certified both as ISO 27001 and PCI-DCS Level 1 compliant - the highest standards for information data security. We thank you for your partnership and your continued trust in LifeLock. As always, our number one priority is keeping members safe. If you have any further questions about your partnership, please contact your LifeLock Account Manager.   Sincerely, Todd Davis CEO

Our Comments...

They Have Updated Their Service. This is Good.

The current LifeLock service certainly appears to be better than their previous service - which was based mostly on placing fraud alerts (which you could do yourself for free), putting you on the credit opt-out list (which you could do yourself for free), and providing a million dollar guarantee. We applaud LifeLock for updating their service, though it appears getting sued (and losing) by Experian to stop placing fraud alerts probably factored into their planning.

"Innovative" Is Not a Word I Would Use for Publicizing Your CEO's SSN

This sentence from the email absolutely drives me crazy:

LifeLock first gained national attention through an innovative advertising campaign in which I published my real Social Security number.

Their advertising was not innovative. It was stupid, irresponsible, and sent the wrong message to consumers about protecting their personal data. Calling it "innovative" doesn't sound like Mr. Davis is too sorry about this completely wrong-headed advertising campaign.

Blame the Government

When you don't want to take responsibility for your actions, most people like blaming someone else. Mr. David tries to blame the government for his company's shortcomings:

Our advertising campaign was created at a time when there were absolutely no guidelines in place that governed the identity theft protection industry.

Common sense says plastering your CEO's SSN all over magazines, newspapers, internet, television and radio is probably a bad idea if you're serious about educating people on the dangers of identity theft. You don't need "guidelines" from the FTC or anyone else to point that out. They wanted to create an attention-getting and "innovative" advertising campaign, and they did it. Please don't blame the government when you're told it was a bad idea.

Language Only a Politician Could Love

In the end,  I understand why LifeLock would send out something like this. They need to reassure partners that everything is fine and that none of this was their fault. It just upsets me when I read double-talk like this:

Unfortunately, some regulators felt these early advertisements gave consumers a false sense of absolute confidence that they could never become victims of identity theft.

 Hmmm... where did those consumers get that false sense of absolute confidence? Maybe it was our "innovative" advertising? Nah, couldn't be. It was those bad regulators who just don't see the truth.

Bottom Line - Apologize and Be Forgiven

I don't see an apology here. I'd feel better about LifeLock if they would apologize. What I see is more breast-beating and blaming. It's too bad. LifeLock is the biggest identity theft service and they got there because of the millions of venture capital dollars they've spent on advertising and their "innovative" marketing. They could apologize without jeopardizing their #1 status, but I don't think it will happen in my lifetime.

Includes items such as:

• GPS Jammer
• Cell Phone Bugs
• VHF/UHF Jammers
• Bug detecting
• and more.

Homebrew Military & Espionage Electronics

Foil, not just for hats anymore!

Tinfoil is apparently not just good for keeping the lizard people from reading your thoughts from afar, with a little wit and the silver stuff you can also wreak havoc on those high security and dimple locks that are just a little too hard to pick sometimes. Now available in kit form, compliments of China(tm)

Article and video on Blackbag.nl

With the new year come the new worries about taxes - what kind of taxes will you need to file before April 15th, how much money will you have to pay, what bracket did you place in, etc. Unfortunately, you also need to worry about protecting your identity. As Privacyrights.org notes, your IRS information returns might constitute an identity thief's "dream."

None of us want to become a "dream" target for any kind of thief, let alone an identity thief. So while you're figuring out the right returns to send to the IRS, this is also a great time to take steps to ensure the protection of your identity.

Five Recommendatations for Keeping Tax Info Safe

1. Guard your mail. Once your mail leaves your hands, it's at the mercy of the people who handle it - so make sure you get it in the hands of the right people. Take your sensitive mail directly to the post office and make sure that when you check your mail, you don't leave it in your mailbox - you retrieve it as soon as possible after it's delivered or consider a locking mailbox.

   You should also look at a mail service like EarthClassMail.com - especially if you're away on travel or vacation.

2. Don't keep tax information loose around the house or car. Let's face it: there aren't many places you'll keep your tax information except a few places, like the house, car, or office. So make sure you don't get cavalier about these locations. Make sure you can lock important documents away at home and that you protect them in your car and office.
3. Only deal with legitimate government organizations. Whether you like it or not, you have to pay your taxes and you have to report your information to the government. But you don't have to report it to just about everybody else, so protect your information by dealing directly with the IRS and worrying less about third parties.
4. Protect your SSN. Your social security number is a big target for identity thieves, and since taxes contain your SSN, you're going to want to be careful about making sure they're secure. Do a search on your computer for your SSN and archive any documents onto a CD and delete the files from your computer.
5. Keep your accounts and papers tidy. It's harder to guard yourself if you're a hoarder with mounds of papers on his desk, so make sure that you keep things simple - this will help you find your important documents, which helps you protect them.

If you're a Facebook addict - and chances that if you have a parietal lobe and a mouse, you are - then you'll be interested to see this eye-opening article about how easy it is to hack through the privacy settings in your profile.

According to ZDNet.com, an Israeli security research firm recently demonstrated just how easy it is to hack Facebook and bypass the privacy settings that so many of us hold dear.

Claims the man:

I could write malicious application that steals users personal info or even simple application that build for me a bot net users for malicious purposes like hacking systems for SQL Injections and DDOS attacks. Using ClickJacking i also could fool users to click whatever I want: adding me as their friend, delete their account, and even open their camera and microphone using flash (Older versions then 10.x), or install Facebook applications that posting their web camera and microphone every time they connected to Facebook - Just use your imagination on what you want others to click on...Transfer to you poker chips???

In other words, be afraid. Be very afraid.

In all seriousness, this does give cause for concern. Many users simply believe that using the proper security settings on their Facebook profile is enough to keep unwanted users out, but a skilled hacker should have no trouble doing damage.

It's important to note that if you want to protect your privacy, it's still a good idea to keep your privacy settings strict so that unwanted users can't view your information or photographs. But the ease with which Facebook can be hacked, at least in the example above, does give rise to this question: is this proof that the most secure Facebook profile is no Facebook profile at all?

Demo Video

The researcher has released a video showing the clickjacking hack, though it doesn't have any audio - bummer. 

What Should You Do?

There's no reason to cut and run simply because you're afraid of hackers. But if you closely guard your security online and keep a Facebook profile active, then this question is one you'll really want to ponder.

Remember also that just because a hacker could get to your profile doesn't mean that any necessarily will or would want to. Just be sure that you respect your own privacy and respect the power of hackers to go after your identity through something as simple as social media.

In a few days, it will be a month since Christmas has come and past, and that usually means a month since you've opened up those new computers and laptops. While you're enjoying the free trial offers of expensive anti-spyware and virus protection programs, you're probably also aware (or even repeatedly reminded) that they're about to expire. If you don't want to pull out the credit card but don't want to lose the spam and virus protection, it's time to look at a third alternative - free programs.

Yeah, yeah, I know. You get what you pay for, right? Some people may even be so dead-set against free anti-spyware that they simply pay for the more expensive suites just to feel comfortable. Don't be that person. Let's check out a few free programs that actually deliver the goods:

Microsoft Security Essentials

Microsoft often gets a bad rap these days, especially when it comes to software bugs. But what people don't take into account is that most viruses are written for Microsoft or Windows software; of course they're going to get slammed. MS isn't oblivious to this, hence the free Security Essentials program that you can download right now. We love this as a security program because it's simple, gets the job done, and won't expire on you because it's absolutely free. Just one quick tip: make sure that you uninstall the previous spyware program you've been running if you decide to stick with Security Essentials. Keeping your computer free and clear of unwanted programs will help it run smoothly.

• Download MS Security Essentials

Avast - with an Exclamation Point

avast! is another great alternative - they provide both hardcore, more costly Internet security systems but also offer Antivirus 5.0, a free program. You'll get the usual suspects - anti-spam firewalls, message scanning, and compatibility with your latest Windows system - as well as a few avast!-unique frills like avast! Community IQ. Which is the better choice? It depends on your needs. Give one of them a try or, if you're feeling ambitious, give them both a try and look for the best results. Ideally, a solid security program will run in the background, talk to you as little as possible, and keep your computer clean and fresh. If that's what one of these programs does for you, then it's doing its job. Leave it alone! You don't necessarily need the more expensive security programs unless you're really looking for some serious protection.

• Download avast! 5.0

Want to Learn More?

Still not sure which program to use? Lifehacker.com has a review and additional resources for both programs:

• Avast Free Antivirus 5.0 Adds Behavior Monitor, Heuristics Engine, and Improved Performance
• Microsoft Security Essentials Ranks as Best-Performing Free Antivirus

Do You Have a Favorite Free Virus Program? Tell Us About It.

Let us know in the comments if you have a favorite free option. There are some good ones available and these aren't the only two out there.

Microsoft Security Essentials System Requirements

Operating System: Windows XP (Service Pack 2 or Service Pack 3); Windows Vista (Gold, Service Pack 1, or Service Pack 2); Windows 7

• For Windows XP, a PC with a CPU clock speed of 500 MHz or higher, and 256 MB RAM or higher.
• For Windows Vista and Windows 7, a PC with a CPU clock speed of 1.0 GHz or higher, and 1 GB RAM or higher.
• VGA display of 800 × 600 or higher.
• 140 MB of available hard disk space.
• An Internet connection is required for installation and to download the latest virus and spyware definitions for Microsoft Security Essentials.
• Internet Browser:
  • Windows Internet Explorer 6.0 or later.
  • Mozilla Firefox 2.0 or later.
• Microsoft Security Essentials also supports Windows XP Mode in Windows 7.

Avast! System Requirements

• Processor Pentium 3, 128 MB RAM
• 100 MB of free hard disk space
• Microsoft Windows 2000, Microsoft Windows XP/Vista/7 (32/64 bit)

As if there weren't enough worries about identity theft in this era high-tech, password/encrypted technology, we have to remind ourselves that identity theft still happens because of the hard technology and documents you expose to the world.

Consider the case of William Pollock, a young man from Texas who was looking to find a solid moving company to help move his family to Pennsylvania.

Pollock shopped around for a few different movers, as most of us would do, and when he wasn't happy with their price quotes, he turned to Craigslist.  There he found Moo-Ving.com, a company with a professional enough web site and, what's more attractive, a far lower price quote.

Caveat emptor.  As it turned out, the company took Pollock's $5,000 in upfront cash and started making demands, telling him that they wouldn't move his belongings unless he paid their fees.  Eventually the company stored his belongings in a secret location, essentially holding his private property hostage.

This kind of theft isn't as cut and dry as "routine" identity theft.  You know not to give out your credit card number unless the person taking it has a good reputation and the interaction is secure.  But what about private dealings with companies that appear to have good web sites?

List of Red Flags

Let's consider some of the red flags Pollock could have considered:

• He found the moving companies on Craigslist rather than through more traditional methods.
• He didn't do a lot of research into the reputation of the company.
• He paid upfront in cash.

All of these elements, put together with a company like Moo-Ving.com, spelled disaster.

How to Protect Yourself

How can you avoid this type of mistake?  Simple:  work with reputatable businesses when you entrust your belongings to someone else, and make sure that you pay after a job is well done, not before.

If you've become a victim of a company like this, you can turn to MoveRescue - an organization funded by some of the larger moving companies that provides legal help and assistance to consumers stuck in this situation.

A Fight Identity Theft visitor forwarded this email to us today and it was so creative I just had to post it here.

The email supposedly comes from Robert Mueller - the current head of the U.S. Federal Bureau of Investigations. Not only was it sent by the FBI, the scammers try to get you to believe it's been vetted by the Anti-Terrorist and International Fraud Division. Unbelievable.

Why Do They Send These Emails?

What they're really after is the fee they want you to pay in order to collect your $850,000 - that's why they call this an "advanced-fee fraud." The fee is sent by money order which makes it very difficult to trace and impossible to recover. Here's the money paragraph:

This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $239.99 ONLY to your claims agent via the information in which she shall send to you upon your request, if you do not receive your winning prize of $850,000.00 US Dollars we shall be held responsible for the loss and this shall invite a penalty of $3,000 which will be made PAYABLE ONLY by you (The Winner).

 The $239.99 will likely only be the start of the fraud. They'll continue to ask for more money in order to deliver the $850,000. No matter how much you pay, the money will never end up in your bank account.

From: robertmul@fbi.gov.us
Subject: E-mail From The FBI..
Date: Wed, 2 Dec 2009 13:53:50 -0500

Anti-Terrorist and International Fraud Division
Federal Bureau Of Investigation.
Seattle, Washington 98101-2904
Telephone/Fax Number: +1(206) 426-2866
 
Attn: Beneficiary
 
This is to Officially inform you that it has come to our notice and we have thoroughly completed an Investigation with the help of our Intelligence Monitoring Network System that you legally won the sum of $850,000.00 US Dollars from a Lottery Company in the United Kingdom. During our investigation we discovered that your e-mail won the money from an Online Balloting System and we have authorized this winning to be authentic and paid to you via a Certified Cashier's Check.
 
Normally, it will take up to 10 business days for an International Check to be cashed by your local bank. We have successfully come to an agreement with this company on your behalf that funds are to be drawn from a registered bank within the United States Of America so as to enable you cash the check instantly without any delay, henceforth the stated amount of $850,000.00  US Dollars has been deposited with Bank Of America.
We have completed this investigation and you are hereby approved to receive the winning prize as we have verified the entire transaction to be Legitimate, Safe and 100% risk free of scams and frauds of any nature, due to the fact that the funds have been deposited at Bank Of America you will be required to settle the following bills directly to the lottery claims agent in-charge of this transaction whom is located at the liaison office of the Lottery Company in Seattle-Washington. According to our discoveries, you are required to pay for the following:
 
(1) Deposit Fee's (Fee's paid by the lottery company for the deposit into an American Bank which is - Bank of America)
(2) Cashier's Check Conversion Fee (Fee for converting the Wire Transfer payment into a Certified Cashier's Check)
(3) Shipping Fee's (This is the charge for shipping the Cashier's Check to your nominated destination)
 
The total amount for everything is $239.99 (Two Hundred & Thirty Nine United States Dollars & Ninety Nine Cents). We have tried our possible best to indicate that this $239.99 should be deducted from your winning prize but the funds have already been deposited at The Bank of America and cannot be accessed by anyone apart from you the winner. Therefore you will be required to pay the needed funds to your lotto claims Agent in-charge of this transaction via Western Union Money Transfer Or Money Gram. The payment will NOT reflect at the Bank of America with the given transaction code(EA2948-910) until you have covered the processing fees needed.
 
In order to proceed with this transaction, Click Here to contact your claims agent Mrs. Louise Major. You will be required to call her for verbal verification and e-mail her with the following informations:
 
FULL NAME:
FULL MAILING ADDRESS(INCLUDING CITY/STATE/ZIPCODE):
AGE/SEX/OCCUPATION:
CONTACT PHONE NUMBERS(CELL & HOME):
 
You will also be required to request Western Union details on how to send the required $239.99 in order to immediately ship your prize of $850,000.00 US Dollars via Certified Cashier's Check drawn from The Bank of America, Also include the following transaction code in order for her to immediately identify this transaction : EA2948-910.
 
This letter will serve as proof that the Federal Bureau Of Investigation is authorizing you to pay the required $239.99 ONLY to your claims agent via the information in which she shall send to you upon your request, if you do not receive your winning prize of $850,000.00 US Dollars we shall be held responsible for the loss and this shall invite a penalty of $3,000 which will be made PAYABLE ONLY by you (The Winner).
 
Signed:
Robert Mueller
Federal Bureau Of Investigation                    
 
NOTE: In order to ensure your check gets delivered to you ASAP, you are advised to immediately contact Mrs. Louise Major via contact information provided above and make the required payment of $239.99 to information in which she will provide you.
__________________________________________________________________________________________________________
The information contained in this email message is legally privileged and confidential information intended solely for the use of the intended recipient(s). If you are not the intended recipient(s), any distribution, dissemination, or reproduction of this email message is strictly prohibited.

We know everyone is looking for that best deal online, especially during the Black Friday shopping blitz. Here are some quality online shopping tips from Intersections, Inc. (provider of the Identity Guard identity theft protection service).

We also recommend a post from the always excellent Privacy Rights Clearinghouse - "Holiday Shopping? Ten Timely Tips"

Don’t Let Would-Be “Grinches” Steal Your Financial Health and Identity During the Busiest Shopping Season of the Year!

As the biggest holiday shopping days of the year quickly approach, consumers everywhere will be lining up at stores on "Black Friday" for pre-dawn sales that will hopefully net great bargains and savings on holiday gifts. For those that don't want to fight the massive crowds at the malls and local shopping centers, they'll surf the Web on "Cyber Monday" - the Monday right after Thanksgiving - to catch even better sales, conveniently ordering their gifts online to have them shipped all over the world.

Finding the right deal on the perfect gift is going to be a priority this holiday shopping season as consumers everywhere are penny pinching during tougher economic times. The National Retail Federation expects average holiday spending this year will be around $682.74, down 3 percent from $705.01 last year, so getting the best value for your money is key, whether the gift is found on the Internet or at a retail store. With major online price breaks offered on Cyber Monday, online shopping sales are expected to increase 18 percent over last year, according to Information Resources, Inc.

To kick off the 2009 holiday shopping season, Intersections Inc. (Nasdaq: INTX), a leading global provider of consumer and corporate identity risk management services, and provider of IDENTITY GUARD® Total Protection, the award winning identity theft protection service, advises holiday shoppers to take extra caution to avoid damaging their credit or becoming a victim of identity theft. Identity theft peaks this time of year -- wallets are stolen, credit cards are accidentally left behind and scammers everywhere are looking to prey on their next victims -- but there are simple steps consumers can take to avoid making careless decisions that can have a long-term effect on their financial well-being.

Intersections recommends the following safety tips for holiday shoppers:

1. Protect your computer from online threats including money-stealing Trojans. Fraudsters are eagerly waiting to take advantage of the millions of credit card transactions that will be made online this holiday season. They are lurking to find any weak links in your network to gain access to your personal and credit information. More recently, they are using sophisticated Trojans to grab your bank account and credit card login information, disable your security software, and sneak into your bank account by pretending to be you. Trojans are even smart enough to quietly drain your bank account over the holiday period based on the assumption that you'll be too busy to check exactly how much you're spending until the New Year. The best way to avoid Trojans is to (a) not open attachments or click on email links; (b) be careful where you surf and stick to online "neighborhoods" where you really feel safe; and (c) regularly patch your computer and update your anti-virus, anti-spyware and firewall software.
2. Take a tip from online merchants and "trust but verify." Whether it's online shopping searches, incredible gift offers, or holiday wishes from your Twitter "Tweeps" or Facebook friends, the best way to avoid gift-wrapping yourself for scammers this year is to turn your cynicism on to the highest level. If you think before you click, you might just play Grinch to an identity thief.
3. Be careful buying gift cards. Make sure that you purchase gift cards that are legitimate and secure, and avoid buying gift cards secondhand from an unverified source. UK-based security firm Corsaire recently found that the vulnerable magnetic-stripe technology used for gift cards and customer loyalty cards make these attractive targets for hackers. Additionally, the research revealed that gift cards can easily be "sniffed" off the shelf in the checkout line with a scanner and cloned, card numbers can be stolen, and retailers' gift card Web sites can be hacked.
4. Avoid Tweet Traps! Scammers fully understand the power and reach of social networks, and gathering places like Facebook and Twitter are a feeding ground for all kinds of thieves this holiday season. According to the eHoliday Study by Shop.org (a division of the National Retail Federation), 47.1 percent of retailers said they will be increasing their use of social media during the holidays. The biggest threat to be wary of this year is the "Tweet Trap" - a message that appears to be from a trusted friend or follower passing on some great news, a real bargain, or a worthy cause, but instead hides spam, phishing fraud, or a malicious download. Consumers should be cautious about Tweets or Facebook messages about great holiday deals, must-have gifts, or hard luck stories, even if they are coming from "friends." If they sound interesting, do your own research to see if they're genuine. But don't click or download.
5. If a deal sounds too good to be true, it probably is. This scam has focused on promising shoppers the hard-to-find gift at an irresistible price and in most cases, the gift doesn't exist, doesn't arrive, the seller demands far more for it, or simply steals the shopper's credit card information. But this year, hackers are upping the stakes by hacking into the search ranking systems of the major search engines like Yahoo! and Google so that their fraudulent or malware-infected web sites appear at the top of shopper searches. And most shoppers still believe that if a Web site is at the top of a search engine's list, it has to be legitimate.
6. Do NOT give out your financial information over the phone or email. If your bank or credit card company sends you an email or even calls you warning you of insufficient funds or other problems with your account, contact them directly using the customer service numbers posted on their web sites. Don't respond to their emails or to any number they provide in an email or phone message.
7. Keep travel plans private. Don't give a gift to digital burglars by Tweeting or posting updates to Facebook about your holiday plans like when you're going to be away from home or all the cool stuff you bought. Otherwise your new purchases may end up under someone else's tree.
8. Do a post-holiday credit health check-up. After the holidays are over, be sure to check your credit reports, credit card statements and bank statements to verify all transactions. Each transaction you made, either in retail stores or online, could have been compromised, adversely affecting your credit and your credit score. Notify your bank or credit card company immediately if you see anything suspicious.

"With a soft economy and higher unemployment rates, consumers are under increased pressure to cut holiday spending, and this may lead to an increased willingness to take on greater risks," said Steven Schwartz, Intersections' Executive Vice President of Consumer Solutions. "While retailers will respond with timely offers and special discounts, it's important for customers to protect themselves from scammers and cyber scrooges who may try to prey on their emotions with targeted offline and online schemes."

One way to protect yourself is to be vigilant about where you shop (online or at the mall), what information you provide and to whom, and to protect your computer from spyware, malicious code and Trojans. Intersections' IDENTITY GUARD® Total Protection is the most comprehensive offering on the market today covering personal information, credit reports, public records, computer, Internet and mobile transactions. The service also provides sophisticated software that protects consumers against keylogging attacks, secures their passwords and user IDs as they navigate online, identifies legitimate websites, and protects their computers from advanced malware software. IDENTITY GUARD® Total Protection also provides identity theft recovery services and financial reimbursement insurance in the event identity theft occurs. Find out more at www.identityguard.com.