When your identity is stolen, you lose some things, but gain others. You could lose all the cash in your bank account, or the title to your home. But you might gain a criminal record, or a lien on your home mortgage. Identity theft is the most disastrous when it goes on without your knowledge, as the thieves obtain more and more access to your accounts and belongings.
How can you head off these potential disasters? Here are some simple tips that can help you stop identity theft. None of these will guarantee your safety against a hacker who has targeted you personally, but so many people fail to protect themselves that most criminals go for the easy marks. These tips can help make sure you, and your identity, aren't among the chumps.
1. Shred, Shred, Shred
Never discard or recycle bank statements, bills, or any documents that contain your personal information. Invest in a home document shredder, and use it. When in doubt, shred! It worked for Ollie North, and it can work for you, too. Check with your local waste removal service about what to do with the shreds, as they may not be accepted for paper recycling.
2. Secure Your Documents
You don't need constant hands-on access to vital documents like birth certificates, tax returns, social security cards, and so on. Keep those in a fireproof home safe or lockbox. That's a better choice than a bank safe-deposit box. Safe-deposit box contents aren't insured for their full value, the boxes aren’t guaranteed proof against fire or disaster, and banks have been known to drill out boxes and remove their contents without notice.
Don’t stop there—get a lockbox for your digital docs as well! By using encryption software, you can ensure that a snoop who gains access to your computer won't be able to see your sensitive documents, much less read them.
3. Power Up Your Passwords
A breach at any secure site could conceivably reveal your login credentials to thieves, so you should always change your password after a breach. If you’ve used that same password on dozens of other sites, that’s bad—very bad! Hackers and thieves know that people are lazy, so when they get hold of login credentials for one popular site, they quickly try them on other sites. You can minimize the collateral damage by using a different strong password for every secure site. Of course, you'll need a password manager to keep them straight, and you need to use it correctly. That includes protecting the password manager itself with one very strong master password that you can remember but that nobody else would guess.
Even the strongest master password can be captured by a keylogger or a shoulder-surfer. You can further protect your password treasure trove by enabling multi-factor authentication (MFA). With MFA active, access to your passwords requires both the master password and another factor such as your fingerprint or a code received on your phone. Just knowing the master password won't let a hacker gain access.
4. Remember, Loose Lips Sink Ships
You can’t avoid providing personal information when you want certain things, such as a mortgage or a new insurance account. In those situations, though, you've initiated the process, and you've verified you're dealing with a legitimate company. When a company contacts you asking for personal info, whether by snail-mail, email, or phone, zip your lip. Don't fall for the scam. If you feel the contact might be legitimate, ask for a way to contact them after you've done some investigating.
5. Don't Be Fooled by Scammers
It's nice to get help from tech support for any computer problems you may have. Don't be fooled, though, by self-proclaimed tech support experts who contact you by phone, email, or otherwise. Yes, they may claim your computer is sending out viruses. They may insist you’ll be in big trouble if you don’t have them clean it. They'll come up with any wild story, but eventually they'll start asking for passwords, or requesting remote access to your computer. Hang up, and block the caller.
6. Lock Your Phone
That smartphone in your pocket is an identity thief's dream. It has your email, IM, social media, and other apps, potentially logged in and available. It contains personal data galore, including all your contacts. A thief who has unfettered access to your phone owns your identity, period.
You absolutely must use a strong authentication method to lock the phone. A four-digit PIN just won’t cut it, nor will a too-simple swipe pattern. Your best bet is biometric authentication, such as fingerprint or facial recognition, backed by a seriously strong passcode using all characters, not just numbers. Hey, you only need to type that passcode after you upgrade your operating system or let your phone totally run out of juice. Just make sure it's something you can remember, or that it's stored in a password manager accessible through your other devices.
7. Don’t Get Hooked by Phishing Frauds
Getting a data-stealing Trojan installed on millions of computers is hard work. It's much easier to simply trick victims into giving away their credentials. Phishing websites mimic banking and other sensitive sites, in hopes that some poor sap will log in, giving up both username and password. They may even redirect to the actual site, so you don't realize you've been robbed of your credentials.
Don't give your identity away. If you get an email apparently from your bank, don't click any links. Instead, log on to the bank's site directly. Look for a secure HTTPS URL and lock icon, and be sure the URL in the address bar is correct. And if your antivirus or browser flags a site as fraudulent, stay away! The same applies to shady looking or unexpected texts. That's right, there are sms-based scams, too!
Phishing is a problem in the workplace, too. In an attack dubbed spear phishing, malefactors craft extremely convincing emails, designed to fool employees or executives into giving away their passwords, or even transferring money into shady accounts. Stay alert when using your work email.
8. Install Protection
Nobody should use a PC or laptop without the protection of a powerful antivirus, or, better, a full-blown security suite. A few security suites include antitheft protection for laptops; there are also standalone utilities that can lock down a lost or stolen laptop and even help recover it. Security products for mobile devices tend to combine antivirus and antitheft. Android devices are particularly vulnerable, but any device can get lost or stolen, so install protection.
Don't stop there; install a virtual private network, or VPN, as well. Your local security software protects your data on your own devices, while the VPN protects it as it travels the internet. Using a VPN also serves to hide your personal IP address, thereby preventing websites from identifying your location based on that address.
9. Avoid Oversharing
Sharing your posts and pictures with your circle of social media friends is fun, but you might be sharing with identity thieves if you're not careful. It's important to correctly secure your social media. Check your privacy settings from time to time, as the social media services are fond of making changes.
For an eye-opening experience, download your data from Facebook and other social media sites. Seeing what’s already out there may inspire you to lock down your account more thoroughly.
10. Get Free Credit Reports
You're eligible for one free credit report per year from each of the big three credit agencies. You can sign up for reports from TransUnion, Equifax, and Experian at www.annualcreditreport.com. Yes, the Equifax breach exposed personal data for 143 million Americans in 2017, but that breach didn’t put the company out of business. Pro tip: don't get the reports all at once. Get one at a time, four months apart. That will give you better coverage overall. Also consider signing up for the free, ad-supported Credit Karma service, which keeps a watchful eye on your credit score.
11. Sign Up for Identity Theft Protection
One more thought. You've surely seen advertisements that promise protection against identity theft. In truth, these services can't prevent identity theft, but they do provide an early warning system, and can be a great help when you’re dealing with the consequences. The best ones combine identity theft monitoring and remediation with security protection for your devices, at a price substantially less than buying those two services separately. Check our roundup of identity theft protection software, and consider how much you’re willing to pay for peace of mind.
You don't have to turn your life upside down to protect against identity theft. Follow these simple tips and you'll have an excellent chance of thwarting the identity thieves.