How to Prevent Identity Theft: A Step-by-Step Guide
6 second take: Identity theft is scary, but a little preparation and know-how can help spot it before it gets out of control. Here’s how you can protect yourself.
In today’s world, you seem to hear a news story about hackers stealing personal information every week. Remote cybersecurity threats are on the rise for both consumers and businesses, a study by research firm Javelin Strategy confirms; identity theft and fraud have increased by 15 percent over the past year alone. How are you supposed to protect your information online?
Moreover, the study confirms that cybercriminals and identity thieves have adapted new methods for committing fraud, shifting from credit card counterfeiting to illicitly taking over credit and checking accounts — a development that should concern individuals and enterprises alike.
The report echoes previous concerns regarding cybersecurity, and how these failings will affect the U.S. economy during a period of widespread telecommuting.
Nongovernmental organizations such as the World Economic Forum (WEF) and the Atlantic Council previously noted that much of our technological infrastructure is inept to handle the rigors of a fully remote model.
The WEF predicts that the economic effects of a widespread, COVID-like computer virus will dwarf that of our current public health pandemic.
As such, it’s necessary that we all safeguard our cybersecurity — and take the necessary steps to prepare and prevent identity thieves and other web-based fraud.
What Is Identity Theft, Exactly?
Identity theft occurs when someone acquires your personal identifying information and uses it for their financial gain. Over the past year, there were nearly 1.5 million reports of identity theft made to the Federal Trade Commission, which is why it is so important that people take extra steps to protect their identifying information whenever possible.
How to Prevent Identity Theft
1. Guard Your Identifying Information at Home and in Public Spaces
Be Careful Giving Out Info
When you visit doctor’s offices and similar establishments, you tend to complete every form you’re asked to fill out, and these forms often request your Social Security number (SSN). But, why do doctor’s offices ask for that information?
Insurers shouldn’t use your SSN to identify you, so why do doctors need it?
In reality, they use your SSN to report your delinquent bills on your credit reports. That’s why you shouldn’t give out your SSN to anyone who doesn’t actually need it. Leave the line blank. If somebody requests that you fill it out, ask why they need it. Most of the time, the party asking for your SSN will let the issue go.
Lock Up Your Documents
Keep your financial documents in a secure place such as a lockbox or locked filing cabinet at home. Don’t keep account numbers in easily visible places where visitors might see them.
Shred or Burn Unneeded Documents
Shred receipts, credit card offers and applications, checks, bank statements, and similar documents if they are no longer needed. If you’re having a bonfire, toss them in! Simply throwing these documents in the trash is not recommended.
Opt for the Post Office
If you don’t have a locking mailbox, take outgoing mail to the post office or utilize mail drop-off boxes; also promptly remove any new mail. If you’re going away for an extended period of time, request a vacation hold on your mail.
If you order new checks or credit/debit cards, ask to pick them up at your bank or post office instead of having them sent to your home (again, unless you have a locking mailbox).
Carry Only What You Need
Your purse and wallet are relatively easy targets for people wanting to steal identities. When heading out, take only the identification, credit card, and debit card that you need. Leave everything else safe at home.
You can even purchase wallets that are made to block identity thieves’ RFID scanners.
2. Check Your Statements
Another way to prevent identity theft is to regularly examine your financial statements. Make sure you recognize every transaction. If you don’t, contact your financial institution immediately. This is how I caught my credit card fraud and identity theft.
If you don’t feel confident in your own memory, start keeping track of the money you spend.
You can set up a budget, which will help you keep an eye on your spending. That will help improve your finances, in addition to allowing you to keep better records of your purchases in the event of fraud.
If your statements are mailed to you, make sure that you actually receive them. Some thieves will steal these from your mailbox.
3. Check Your Credit Report
Simply checking your statements won’t prevent all identity theft. Criminals often open accounts in your name. If they don’t have the statements mailed to you — and smart criminals won’t — you may never know about that account. It’s absolutely imperative that you check your credit report regularly.
You’re entitled to a free copy of your credit report once a year from each of the three major bureaus at AnnualCreditReport.com. You can also receive free credit reports in full from sites like Credit Karma and Credit Sesame (which also offers an identity theft protector).
Once you receive your credit report, look for new accounts that you don’t recognize. If you find any, contact the listed phone number and investigate.
You might also want to consider enrolling in a plan that monitors your digital and financial identity.
4. Initiate a Credit Freeze
Thankfully, I’ve never had any unauthorized accounts opened. But if that does happen, it can be a real headache. If fraudsters can open one account, chances are they will open more.
The last and most effective of the ways to prevent identity theft is to put a freeze on your credit report. When you freeze your credit report, no new credit can be issued to you. You have to unfreeze your credit prior to applying for any new accounts, though, or you will be denied.
You’ll need to freeze your credit report separately at each of the three major credit bureaus — Equifax, Experian, and TransUnion. The price varies by state, but it usually ranges from being free to costing just a few dollars.
You may have to pay a fee to lift your credit freeze before applying for new credit, as well.
5. Learn How to Protect Your Information Online
Use Encrypted Websites
Anywhere online that you bank or shop (or have to enter personal information) be sure to double check that the URL starts with “https” and not just “http.” The “s” indicates that it’s a secure site and will encrypt the information you submit. There should be a padlock icon on the search bar of your internet browser as well.
Don’t Fall for Scam Emails
Organizations and businesses should remain vigilant of phishing attacks — where a hacker pretends to be a representative of an organization through a facsimile email — as phishing remains a common, and successful, method of gaining access to private information.
To protect your information online, if you ever receive an email asking to respond with personal information such as account numbers or passwords, delete the email and block the sender. Even if the email looks like it’s from a company you’re familiar with, a legitimate company will not ask you for private account information in this way.
Don’t click the links in these emails either. If you want to check to see if the email sender is legit, type the company name into your web browser and contact the company through customer service.
“In the last few years, a massive surge of cyberattacks has been witnessed, especially identity theft and phishing,” says Saad Rana of virtual private network service PureVPN. “J.P.Morgan fell victim to such scams in 2018, leaving common users petrified for their own cybersecurity.”
Phishing attacks similarly played a role in leaking the emails of political consultant John Podesta (and by extension then–presidential candidate Hillary Clinton), demonstrating the efficacy of the scam — and the necessity to prepare.
“There’s no silver bullet to what you can do to protect your organization from phishing attacks,” says John Svazic of EliteSec Information Security Consulting. “But training your staff to report suspicious emails and phone calls, in line with ensuring you keep your internet-facing systems patched and up to date, will definitely go a long way.”
Different Types of Identity Theft
There isn’t just one type of identity theft. Here are five of the most common forms of identity theft many Americans face:
- Social Security Theft: If your Social Security number is compromised, the thieves will be able to open accounts and receive government services in your name. With this information, criminals could ruin your credit score, which is why it is so important to keep an eye out for fraudulent activity.
- Medical Identity Theft: If a thief manages to get their hands on your health insurance numbers, they may be able to receive prescription drugs, file claims with your insurance, and see doctors under your name — and on your dime. If you receive notices from medical debt collectors or find yourself with strange bills, you may be a victim of medical identity theft.
- Tax Identity Theft: For most people, the best part of the tax season is when they finally receive their refund. Unfortunately, not all people are so lucky. For victims of tax identity theft, they may file to receive their return, only to discover that it has already been claimed. If this happens, be aware that your Social Security number may have been compromised, as well.
- Senior Identity Theft: Many thieves choose to target seniors, who may not be as attentive to their credit. Seniors also tend to fall victim to phone scams or email phishing scams, which can put them at risk for this kind of theft.
- Employment Identity Theft: If you receive notice from the IRS indicating that you may be a victim of employment identity theft, this could mean that thieves used your personal information in order to apply for jobs. This may seem harmless, but it can prevent you from receiving government assistance like Social Security or unemployment benefits.
Delete Personal Information From Electronics Before Disposing
If you plan on getting rid of or selling an electronic device such as a computer or cellphone, wipe the system clean first. Check the owner’s manual if you aren’t sure how to do so or search the internet for a how-to guide.
Don’t Overshare on Social Media
Social media is chock-full of information about us, and unfortunately, identity thieves use this to their advantage. You’re probably familiar with “challenge questions” on different online accounts. A common one is “Where did you attend high school?”
Can someone easily find this information on your Facebook account? You don’t need to delete your account, but you should be aware of what information you’re making public and which privacy options you’re using on your different social media accounts. Just knowing this can help you learn how to protect your information online.
Keep Passwords Unique and Private
Passwords are key to figuring out how to protect your online information. Don’t have the same password for all your online accounts, and don’t make it something easy like your last name or “password123.” Try to mix letters, numbers, and special characters when creating passwords.
If you don’t think you’ll be able to remember passwords such as “gTpf$54!x,” try creating a password from a phrase you are more likely to remember. For example, the phrase “I love to read Harry Potter books!” turns into “Il2rHPb!” Also, do not write down your passwords and leave them for people to easily find or store them in the “Notes” section on your cell phone.
“Small changes can make a huge impact on your information security,” says Svazic. “Making use of a password manager is probably one of the biggest, since it will help you organize your passwords and ensure that you don’t reuse them on different websites.”
Password managers like LastPass and Bitwarden generate passwords that are difficult to guess and even more difficult to remember. Thankfully, they also store encrypted versions of the passwords, so that you can go about your day without having to remember 50,000 complicated and randomly generated codes.
Svazic recommends utilizing multi-factor authentication, which requires a user to sign in on two devices simultaneously and may deter would-be thieves.
“Even if your password is discovered, the attacker still needs to have your phone or some other physical device to get into your account,” Svazic adds.
After Identity Theft
If you have already become a victim of identity theft, all is not lost. There are several steps that you can take to help protect your credit.
The first thing you should do, if you discover that someone has stolen your identity, is to set up a fraud alert on your credit report.
“A fraud alert makes it more difficult for hackers to open accounts under your name by informing other companies that they must verify your identity before proceeding with an application,” says Veronica Miller, cybersecurity expert for VPNoverview.
“A fraud warning can be put on your credit report for free by contacting one of the three credit bureaus,” Miller adds. “Depending on the type of fraud warning you add, it will last anywhere from 90 days to seven years.”
In the event that your online information is at risk of being stolen or misused, it is recommended that you also consider changing your passwords.
With so much information available online, it’s always smart to ensure that you know how to protect yourself from being vulnerable to further theft.
“You are only as safe as the places with the worst security that have your personal information,” says Steven Weisman, author of Identity Theft Alert. “Use a nonsensical security question on your account so that commonly available information can’t be used by an identity thief to gain access to your accounts.”
There are other steps you can take as well. “Use dual-factor authentication whenever possible,” Weisman adds. “Use strong security software on all of your devices and update it as soon as updates and patches are issued. Freeze your credit at each of the major credit reporting agencies.”
“Finally, don’t click on links or download attachments in email and text messages unless you have confirmed that the communication is legitimate,” Weisman says. “Whenever you receive a phone call, text message, or email, you can never be sure who is actually contacting you, so don’t provide information unless you have confirmed the legitimacy of the communication.”
The Bottom Line
Cleaning up the results of a stolen identity takes a long time and can be a major headache. You should regularly monitor your accounts and credit reports regardless of whether you think you’re at risk for identity theft, because there is always a risk that you might be a victim — even if you don’t know it just yet.
Always be prepared to face off against the risk of identity theft by putting these tips to good use. By learning how to protect your information online, you won’t have to worry about cleaning up after being a victim of this cybercrime.