How to avoid identity theft

This post has been modified to reflect new information since its original publication.

You are right to be concerned about identity theft. In 2020, data breaches exposed 37 billion pieces of personal data, a 141% rise from the previous year. Moreover, individuals who experience identity theft not only have to deal with the bureaucratic nightmare of reclaiming their identities, but they also must worry about restoring their privacy, their online reputations, and their financial well-being.

With the constant news coverage and warnings about identity theft, you might assume that it’s only a matter of time before you become a victim. However, this is not true. In fact, there are several things you can do to reduce the chances of it happening to you.

How to keep your information safe from identity thieves

Whether it’s your home address, your phone number, or even your full Social Security number, the odds are good that your private personal information is somewhere out there on the Internet, just waiting to be stolen by a cybercriminal. To protect yourself, follow these tips:

Limit the amount of data you share about yourself

The best way to prevent online identity theft is to limit the amount of personal data you share about yourself online and in person. Limiting the amount of data available about yourself and your family will make it considerably more difficult for identity thieves to put together the kind of digital dossiers they need to crack into your accounts.

Always be careful about giving out information such as your date of birth, phone number, home address, Social Security number, and any banking information (credit card numbers and so forth). Similarly, avoid sharing anything that might potentially be used as a security question. For example, don’t post your mother’s maiden name, the make and model of your first car, the name of the street you grew up on, or the full names of your siblings, children, parents, or pets.

If any website asks for this kind of sensitive information, make sure you ask them to explain their motives before you respond. More importantly, never give this information to unsolicited telephone callers.

Use strong passwords for all your online accounts

A strong password offers a sturdy defense against identity thieves and is an essential part of protecting your online privacy. Unfortunately, most Internet users rely on easily cracked passwords such as “12345” or “iloveyou.”

To help protect your identity, use a strong password that includes symbols, numbers, and upper- and lower-case letters. If you have a hard time making up a strong password, try using a mnemonic device. For example, “My sister was born at New York Mercy Hospital in 1975” becomes “mswb@NYMHi1975.”

Ideally, you should use a random password generator and never use your birthday, initials, or any real words in your passwords.

One of the biggest mistakes people make online (besides using an ineffective password) is using the same password for all their online accounts. If your email password is the same as your banking password, which is also the same as your Facebook password, then you’ve got a problem. By cracking just one account, an identity thief could gain access to all your sensitive data.

Because it’s impossible to remember all your passwords if you make them all strong and unique, you should use a password manager like 1Password or Dashlane. These tools store your passwords in a vault that only you have the password to.

Watch out for phishing emails and third-party apps

If you receive an email from your bank or other trusted company asking for your username or password information, don’t click on any links or attachments or reply with any information. Links in emails can be disguised to take you to an identity thief’s website and attachments can infect your computer with malware. These types of scams are called phishing attacks.

As a rule, organizations won’t ask for your account information or passwords through email. If you have doubts about an email’s authenticity, you should call the company that supposedly sent the email and confirm that the email is authentic.

Similarly, you should avoid downloading apps from third-party app stores. Third-party apps can often hide destructive worms and other info-grabbing computer viruses, and this risk increases when you download an app from anywhere other than Google or Apple, where developers must adhere to certain rules.

Monitor your data online and offline

Sometimes, identity theft goes unnoticed for months, or even years, because victims aren’t aware of the crime. By the time they discover they’ve been attacked, it’s too late, and their credit and reputation are in ruins. Therefore, it’s important to monitor your bank and credit card statements, as well as your credit report. Keep copies of these documents for at least a year.

In addition to frequently checking your personal finances, you should google your name and see what comes up in the search results. You might find that someone else has created social media and other online accounts in your name.

Unfortunately, anyone can create a fake account, and it’s difficult for a Twitter or Facebook user to ascertain if the person on the other end of the email or social networking account is really who he or she claims to be. When an imposter sends out false, offensive, or scammy content from what appears to be your personal accounts, the damage to your online reputation can result in a loss of educational and job opportunities.

Luckily, there are laws in several states that specifically prohibit people from impersonating you online. California, for example, passed SB 1411, which makes it “unlawful to knowingly and without consent credibly impersonate another person through or on an Internet Web site or by other electronic means with the intent to harm, intimidate, threaten or defraud another person.” 

If you discover that someone is pretending to be you online, notify the platform of the problem and then send out a message to your friends list, letting them know that any odd messages they might receive are from an imposter, not you. Next, check your state laws to see if this activity is illegal in your state. You might also consider adding a note about your impersonation problem on your resume or college application so that hiring or admissions officials won’t judge you by what others are doing online.

Avoid using public Wi-Fi to transmit sensitive data

Never do your banking—or other activity that involves transmitting sensitive information—in public places or on public networks. Even if you use your own laptop, there’s no guarantee a hacker isn’t listening in on the Web traffic at your local café. Hotel networks are also notorious for harboring identity thieves. If you must use public Wi-Fi for activities that don’t involve banking or other sensitive information, make sure you follow these safety tips:

• Install a Virtual Private Network (VPN) on your device to encrypt any information you transmit over the network.

• Only use Wi-Fi at well-known locations, like Starbucks. These networks are more likely to be secure.

• Don’t use insecure websites. Make sure the web address starts with HTTPS, not just HTTP.

• Avoid using a network that requires you to submit personal information, like your phone number or your email address, just to use the service.

• Turn off file and printer sharing, and make your device undiscoverable on AirDrop.

• Install a silicone skin over your keyboard. This reduces a hacker’s ability to use a smartphone to hear and record your keystrokes (and hence your passwords, because each key makes a different sound).

Do identity theft prevention services work?

There are companies out there that claim to help you prevent identity theft, but all they really do is monitor your accounts to notify you after it has already happened. Moreover, you can do many of these tasks yourself. For example, you can carefully scan your monthly financial statements for suspicious charges, and you can monitor your credit report from the three major credit bureaus, Experian, Equifax, and TransUnion, via annualcreditreport.com. 

However, it’s not enough to just monitor your data for signs of identity theft. To actually lower the odds of becoming a victim in the first place, you need to remove your personal data from the Internet. This means deleting your information from hundreds of data-broker (also called “people-search”) sites that scan public records to construct a data profile on you that they then sell to marketing firms and other entities, including identity thieves.

To manually request removals from these sites, you can follow the instructions in How to remove yourself from the top people-search sites. However, if you lack the time or resources needed for this task, you can automate the process with a tool like our ExecutivePrivacy product.

What to do if someone does steal your identity

If, despite your best efforts, someone does steal your identity, don’t worry. There are some steps you can take to stop the damage to your finances and your reputation and regain your identity.

1. Contact your bank or creditor to let them know someone stole your identity and you need to freeze or close your accounts.
2. Change all your passwords and personal identification numbers (PINs).
3. Inform the FTC at IdentityTheft.gov or call 1-877-438-4338. Here, you can enter your information to receive a personalized recovery plan that will walk you through what steps you need to take.
4. File a police report and send it to your bank or creditor.
5. Call one of the major credit bureaus and ask for a free, 90-day initial fraud alert, which makes it harder for someone to open an account under your name. You only need to notify one credit bureau, because, by law, the one you contact must tell the other two.
6. Check your credit report from all three bureaus to see if you spot any fraudulent activity. If you are a victim of identity theft, there’s no charge for checking your report.

Next steps

Now that you know the basic steps involved in keeping your information safe from identity thieves, you might want to learn about more ways to protect your privacy online. For this reason, we offer a number of self-help articles, including:

• The top 5 threats to your online privacy
• The privacy risks of sharing health info online
• How to clean up your digital footprint
• How to protect yourself from revenge porn

We are also available 24/7 for free consultations regarding your unique online privacy concerns.