Mark Pribish

Kids' smart toys are big holiday targets for hackers

By Mark Pribish
Vice President and ID Theft Practice Leader

ID-theft criminals may be the ultimate Grinch this holiday season as kids' smart toys create vulnerabilities for hacking, data theft and cyberattacks.

While the Black Friday and Cyber Monday cyberthreats are behind us, we cannot let our guard down, as ID- theft criminals continue to target new access points through the Internet of Things - for example, children's toys.

Mattel's Barbie Doll, the iconic doll series coveted by millions of children, has now become "smart," and that sadly means there's a dark side. The cybervulnerability of smart toys is all too real.

Smart toys, similar to other smart devices and appliances, connect to your home's Wi-Fi network. This means that if compromised, criminals have a conduit into all activities on your home network. ID-theft criminals may then attempt to garner your personally identifiable information, access your home security system or listen to personal conversations through baby monitors or even the new Hello Barbie doll.

According to the Huffington Post, the new Hello Barbie doll, which connects to the Web to provide answers to your children's questions, "uses a microphone, voice recognition software and artificial intelligence to enable a call-and-response function similar to Siri or Google Now. A free smartphone app that connects the toy to a user's Wi-Fi network brings this Barbie into a class of technology often referred to as the Internet of Things, or IoT."

To the credit of Mattel, the company that markets the Barbie brand, it has partnered with entertainment company ToyTalk to develop the doll's information-security technology to minimize potential security issues and to protect consumers' security.

However, it's not just smart toys that create an opportunity for cybercriminals to steal our children's information, such as names, ages and even photographs. It's also through direct attacks on organizations where parents register their children's information, such as VTech, a recent data-breach victim with millions of records compromised.

The VTech website advises that "4.8 million customer (parent) accounts and 6.3 million related kid profiles worldwide are affected, which includes approximately 1.2 million Kid Connect parent accounts. In addition, there are 235,000 parent and 227,000 kids accounts in PlanetVTech. Kid profiles, unlike account profiles, only include name, gender and birthdate."

Understand that anytime you create accounts for your children for educational products or services, both you and your children's information is a target for hackers. This is because hackers are looking for information such as your e-mail address or passwords. Simply attaining your e-mail address allows hackers to engage in spear phishing attacks, which have proven incredibly effective. Hackers also realize that people oftentimes utilize the same passwords for multiple sites. They can take the password to try to drain your bank accounts.

Don't let cybercriminals steal your happy holidays by using strong and up-to-date Wi-Fi security along with strong password management.


To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Alert -- Delivery Scam Steals Customer Info with Crafty Con

Holiday delivery scams may arrive at your door.

December 08, 2015

Everyone loves a surprise present... except when it's a scam. Be on the lookout for scammers who are taking advantage of the holiday season. This con seems like you are receiving a package, but it's really a way to steal your credit or debit card information.

How the Scam Works:

Your phone rings, and it's a delivery company saying that you have a package on the way. A short while later, the door bell rings. Sure enough, it's a delivery person holding a gift basket. You ask who sent the gift, but the deliverer doesn't know. He or she may claim the card was sent separately.

You decide to accept the "gift" anyway. Before the delivery person can leave it, he or she says you need to pay a nominal "verification fee." In one version of the scam, the amount allegedly confirms that the basket, which contains a bottle of wine, was given to a person of legal drinking age. The delivery person claims he or she can only accept credit or debit cards, and produces a hand held card scanner.

This may all seem totally normal, but it's a set up. The "card scanner" is actually a device that collects the credit/debit card number, PIN and/or security code. Con artists then use this to make unauthorized charges or commit identity theft.

Protect Yourself from a Delivery Scam

  • Be suspicious of a package from an unrecognized delivery service or source. If a friend or family member wants to surprise you, they will likely send a gift using an established service.
  • Do not give your credit or debit card to someone at your door. Unless you requested the package and expected to pay something, you shouldn't have a fee at delivery.
  • Asking for ID is OK, but not a credit card. It is not out of the ordinary to ask for identification when alcohol is delivered, but the receiver would not be required to pay a fee to receive a gift.
  • Look out for other variations. This isn't the only delivery scam that pops up at this time of year. BBB has a warning about a number of holiday scams (bbb.org/holidayscams). Be alert!

For More Information

To find out more about other scams, check out BBB Scam Stopper (bbb.org/scam).

Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/

If you believe your identity has been stolen, call 866.SMART68 today.