The 12 Thefts of Christmas

The 12 Ways Your Identity Could Be stolen This Holiday Season, And How You Can Grinch The Thieves

By Neal O’Farrell Founder,

Of all the things you might want for Christmas this year, a clone is probably not on your list. But if statistics are true to form this holiday season, in the 12 days leading up to Christmas more than a quarter of a million Americans will lose something that Santa won’t be able to replace — their identity.

So to help you keep your good cheer and your identity this holiday, we’ve taken a look at a dozen ways your identity could disappear this season and what you can do to prevent it:

Phishing – Phishing has become one of the costliest and most lucrative forms of identity theft, using bogus emails and web sites to trick you into revealing confidential financial information. One research group estimates that phishing netted more than $10 billion for identity thieves last year.

How Can You Grinch This? Pretty easily if you’re paying attention. Make it a rule to never, ever give any personal, financial, or security (like a password) information to any email request, either in response to the email or through a web site the email links you to.

Bogus Email Receipts – A new variation of an old scam involves the use of email notification of receipts for goods you never ordered. The goal is to install a Trojan horse or similar malicious code on your computer when you open the attachment, which will then steal passwords and other information and gift them to an identity thief.

How Can You Grinch This? Don’t open email attachments unless you are expecting them, even if you recognize the email address of the sender. Check with the sender or vendor first. And of course always make sure you have up-to-date virus and spyware protection on every computer.

Skimmers – Skimmers are small credit and debit card readers that can be used to steal a copy of your card when you make a payment or use an ATM. In one scam a group of waiters netted more than $3 million using skimmers to make copies of customer credit cards. Another gang made more than $3.5 million by replacing the card readers at ATMs with skimmers. And thieves in California stole more than $100,000 by replacing a supermarket credit card reader with a skimmer.

How Can You Grinch This? Be vigilant, pay cash, or use a credit card (debit or ATM cards typically don’t offer the same protection as credit cards).

Bots – Bots are small pieces of code, a little like computer viruses, used to hijack infected computers and use them to attack other computers, distribute pornography, and steal passwords and identities. An 18-year-old was recently arrested for allegedly operating a “botnet” of more than 2 million infected computers used in a crime spree that cost millions of victims more than $20 million.

How Can You Grinch This? Be careful about the web sites you visit, be careful about anything you download, don’t click on links in suspicious emails, and make sure your computer is up-to-date with virus, spyware, and firewall protection.

Mail Theft – Mail theft has always been a favorite for identity thieves, and this year you can expect your mail to get plenty of attention from petty thieves, opportunists, meth users, and organized crimes gangs looking for “gifts” like checks and financial statements.

How Can You Grinch This? Have mail delivered to your front door and not to a mailbox at the end of your driveway and try paying bills and accessing statements online.

Nearest And Dearest – One of the saddest facts about identity theft, according to a number of studies, is that most identity thefts are committed by people known to the victim, including friends, neighbors, co-workers, and even family.

How Can You Grinch This? Don’t leave financial information like statements, credit cards, check books, and pre-approved offers lying around your home or workplace where they can tempt someone you trust.

Electronic Greetings Cards – At the risk of offending the entire online greeting card industry, I personally recommend never sending or opening electronic greeting cards because they can very easily be used to hide things like computer viruses and worms that can target your identity.

How Can You Grinch This? Send a real card by mail or in person. If you have to send a last minute electronic greeting, a personal email with no attachments is just as good and perhaps even more welcome.

If you receive such a card, check with the sender before you open it (by calling and thanking them – if they don’t know what you’re talking about, you know you’re being scammed).

Pickpockets – Christmas is an excellent time for pickpockets because of big crowds, big spending, and hassled shoppers too busy to notice that they’re being, well, noticed.

How Can You Grinch This? Think about shopping as a covert mission, and as with any such important missions always travel light. The most you’re likely to need to go to the shopping mall this year is a credit card (yes, just one) and a driver’s license. So slip them into an inside pocket and leave bulky big targets at home.

Keep wallets in pockets that are not easy to access, and keep purses tucked in close to the front of your body.

Burglary – Identity theft may be the burglary of the future. Not only is burglary being fuelled by meth users looking to fund their next fix, traditional burglars realize that identity theft is a much more lucrative crime than fencing stolen old TVs.

How Can You Grinch This? When you’re going shopping this Christmas, go in shifts so your home is never empty. Hide your financial records or place them in safe or locked filing cabinet. Password-protect your computer and encrypt any sensitive financial data on it. And hide your laptop.

Going, Going, Gone – Auction fraud – This year billions of dollars of Christmas gifts will be purchased through online auctions like eBay. Unfortunately for some, according to the Internet Fraud Complaint Center nearly 43% of all reported internet fraud comes from online auctions.

How Can You Grinch This? Stick with reputable auction sites like eBay that have layers of security and guarantees in place to protect you. Use their auction guides to learn how to spot and avoid a scam.

Bogus Charities – ‘Tis the season of taking as much as giving, and you can expect to see an increase in the number of bogus charities asking for credit card donations throughout Christmas. This could be by phone, mail, and increasingly by email. And many of these scams will either spoof well-known charity organizations, or use similar-sounding names, to trick you into giving.

How Can You Grinch This? Give only to charities you know and trust, and preferably through their web site rather than in response to a phone call or mail solicitation.

Hard drive rebuilding – Before you retire your old computer to the scrap heap or the auction block this year, make sure that you do a complete wipe of the hard drive so that you don’t leave any extra gifts for the new owner.

Researchers who purchased 158 used hard drives at second-hand stores and on eBay found that 128 had usable information still on them, including medical records, pornography, and more than 5,000 credit card numbers.

How Can You Grinch This? Deleting files from a computer does not erase them. Consider using one of the many professional data erasing programs, like Data Cleaner ( or Cyberscrub ( Data Cleaner costs around $30, and Cyberscrub costs around $50.

About the author

Neal O’Farrell has been fighting cybercrime and identity theft for more than a quarter of a century and has been described as one of the world’s Top 20 security experts. He was the first expert to train an entire police department in identity theft awareness and that training program has since been used by more than 200 police departments as well as the FBI, the DMV, and the US Attorney’s Office.

He is the CEO of security training firm My Security Plan ( and co-founder of the Center for Information Security Awareness (, a group of leading academics and security experts focused on building greater security awareness.

He can be contacted at

Leave a Reply

Your email address will not be published. Required fields are marked *