7 Ways to Prevent Identity Theft
Identity theft can upend your life. It requires a tremendous amount of time and effort to undo the damage—and the aftereffects can be felt for months or even years.
Even the largest companies experience data breaches, losing track of customer passwords and personal information that can then be used to commit identity theft. And smaller organizations, governments, and schools are increasingly under attack by cybercriminals as well. In short, we’re all at risk.
While you can’t do much to improve your bank’s cybersecurity posture, there are some simple steps you can take to protect yourself. If you want to prevent identity theft, here are 7 things that you can do.
Check Your Passwords
We talk about the importance of passwords a lot, but there’s a good reason for that: When it comes to cybercrime, we’re often our own worst enemy. Weak or reused passwords make it easy for criminals to gain access our accounts, make off with our information, and from there, steal our identities.
Tip: Create strong, unique passwords for each account or service that you own. Get a password manager like 1Password or iCloud Keychain in order to make it easier to remember all of those passwords. And remember, password managers can also be used to create ultra-strong passwords that use long, random strings of letters, numbers, and special characters—making them essentially uncrackable.
Even if you’re already following password best practices, perform a self-audit to see if one of your accounts has been involved in a data breach. Checkup tools like haveibeenpwned or Chrome’s Password Checkup extension can’t protect you from undiscovered breaches, but they can let you know if one of your accounts was caught up in a known breach (and thus if it’s time to change your password). Lastly, consider using two-factor authentication whenever possible—that way, if the unthinkable happens and someone gets their hands on your master password, they won’t have immediate access to your accounts.
Secure Your Networks
Strong, unique passwords are an excellent way to protect yourself from identity theft and other forms of cybercrime. But they’re not a ‘magic bullet’ solution, because criminals don’t always need your password in order to gather enough information about you to steal your identity.
Tip: Practice good network security at home, locking down your Wi-Fi network with strong encryption protocols and giving it a name that doesn’t provide any hints as to the type of router you’re using or who you are. When you’re in public places, don’t use unsecured Wi-Fi networks or send sensitive data over a public connection. Even on password-protected public networks, consider using a VPN to add an extra layer of security by encrypting your network traffic.
Don’t Get Phished
Next to weak passwords, falling for phishing scams is one of the most common ways that people give away their own data—and this can lead to identity theft. Phishing is pervasive for the simple reason that it works: Even large organizations and governments have fallen victim to these attacks.
Tip: First, be on your guard. Realize that not everything that comes into your inbox is legit, even if it appears to be at first glance. Secondly, be aware that your bank or hospital will never ask you to send unencrypted information through email, and that any such requests are likely fraudulent. Next, learn how to spot common types of phishing emails. If you have any doubts about the sender’s legitimacy, don’t click on any links or open their attachments. And finally, get in the habit of scanning anything you download with a strong antivirus program before you open it.
Beware of Phone Scams
Not all phishing attacks are delivered by email. Be on the lookout for phone phishing, a type of attack in which malicious actors call their targets pretending to be from a company or a government agency in an attempt to convince them to give up sensitive information.
Tip: Remember that the IRS or your bank will never call you asking for your passwords or other sensitive information over the phone—that’s just not how they operate. Don’t be intimidated by someone claiming that you’re being audited or that you’re in some kind of legal trouble. It’s just a scare tactic designed to rattle you. If someone does call you about an issue with your account or service, ask them for a reference number or case number and say you’ll call them back. Be sure not to call any number that they provide, as this may well be fake! Instead, call the organization’s main line directly and see if they know anything about the case. If they don’t, you’ve dodged a bullet.
Don’t Forget About Old-School Threats
Identify thieves aren’t all master hackers: Many will resort to decidedly low-tech means to commit their crimes. Although it’s less common these days, criminals still go through paper waste to find personal information that can be used to commit fraud or steal someone’s identity.
Tip: Old-school problems require old-school solutions: Invest in a simple, cross-cut paper shredder. Basic models can be picked up from office supply stores for around $100, and cross-cut models will turn paper into confetti (no chance of truly determined criminals taping the strips back together). Destroy anything containing potentially sensitive information before throwing it in the trash. This includes bank statements, documents containing your Social Security number, or communications with your physician. This also applies to special offers and application forms: If you receive credit card sign-ups or balance transfer checks in the mail from a financial institution, don’t just throw them away—shred them.
Check Your Credit
One of the reasons that identity theft is so hard to recover from is that it often goes unnoticed until the problem is fairly severe. If criminals rack up several months’ worth of charges on fraudulently opened credit cards, it can take a tremendous amount of time and effort to undo the damage.
Tip: Check your credit report regularly, and scan for signs of suspicious activity. That way, if you do find something amiss, you’ll be able to alert the proper authorities quickly, before things get out of hand. Consumers in the United States are entitled to three free credit reports per year, one from each of the three main credit reporting agencies (TransUnion, Experian, and Equifax). The reports can be accessed by using the official website authorized by the federal government: www.AnnualCreditReport.com. Lastly, be careful not to visit imitation sites with similar-sounding names, as these may themselves be fraudulent.
Flag It or Freeze It
Sometimes, despite all our precautions, the worst can happen. So what should you do if you have reason to believe that your information or identity may have been stolen, or that a fraudulent attempt to open a credit account in your name is imminent?
Tip: Federal law provides two methods of protecting yourself in this situation. Your first option is to flag your own credit file by requesting a “fraud alert” with one of the three main credit bureaus. This will notify any business or financial institution that a request to open a line of credit in your name may be fraudulent. If they receive such a request, they will take additional steps to verify the identity of the requester and make sure it’s really you. The second, more severe measure is to ask for a “credit freeze”. Credit freezes make it impossible for anyone to access your credit record (even you). This means that no one can open a new account in your name for any reason. It is possible to unfreeze and then refreeze your credit file, but it takes a bit of work—so a credit freeze should only be used if absolutely necessary.
It’s not possible to eliminate all risk, especially when it comes to something like identity theft: We’re simply not in complete control of how our information is protected. The companies which collect and store our data will, hopefully, continue to improve their security. But in the meantime, you can greatly reduce your risk of identity theft by taking the steps outlined above.