(Credit: Zain bin Awais)
Imagine waking up in the morning only to find out that a debt collection agency is calling you about a car you didn't know you bought, or you can't log in to your email or social media because your accounts have been stolen. That's what identity theft can do to you. The worst thing about identity theft is that it can escalate without your knowledge as the thieves obtain more and more access to your accounts and belongings.
How can you head off these potential disasters? Here are some simple tips that can help you stop identity theft. None of these will guarantee your safety against a hacker who has targeted you personally, but so many people fail to protect themselves that most criminals go for the easy marks. These tips can help make sure you aren't among the chumps.
1. Shred, Shred, Shred
Never discard or recycle bank statements, bills, or any documents that contain your personal information. Invest in a home document shredder and use it. When in doubt, shred! It worked for Ollie North, and it can work for you, too. Check with your local waste removal service about what to do with the shreds, as they may not be accepted for paper recycling.
If you have a stack of papers high enough to overload and burn out your poor home shredder, check your local office supply store. Chances are good you’ll find a per-pound rate for shredding. Do note that they probably won’t shred your docs right in front of you. In most cases, they’ll slide them into a locked bin that gets transported securely to a shredding facility.
2. Secure Your Documents
You don't need constant access to vital documents like birth certificates, tax returns, social security cards, and so on. Keep those in a fireproof home safe or lockbox. That's a better choice than a bank's safe deposit box. Safe deposit box contents aren't insured for their full value, the boxes aren’t guaranteed proof against fire or disaster, and banks have been known to drill out boxes and remove their contents without notice.
Don’t stop there—get a lock box for your digital docs as well! By using encryption software, you can ensure that a snoop who gains access to your computer won't be able to see your sensitive documents, much less read them.
3. Power Up Your Passwords
A breach at any secure site could reveal your login credentials to thieves, so you should always change your password after a breach. If you’ve used that same password on dozens of other sites. Hackers and thieves know that people are lazy, so when they get hold of login credentials for one popular site, they quickly try them on other sites. You can minimize the collateral damage by using a different strong password for every secure site.
Of course, you'll need a password manager to keep them straight, and you need to use it correctly. That includes protecting the password manager itself with one very strong master password that you can remember but that nobody else would guess.
Even the strongest master password can be captured by a keylogger or a shoulder surfer. You can further protect your password treasure trove by enabling multi-factor authentication (MFA). With MFA active, access to your passwords requires both the master password and another factor, such as your fingerprint or a code on your phone. Just knowing the master password won't let a hacker gain access.
4. Remember: Loose Lips Sink Ships
You can’t avoid providing personal information when you want certain things, such as a mortgage or a new insurance account. In those situations, though, you've initiated the process and verified you're dealing with a legitimate company. When a company contacts you asking for personal info, whether by snail-mail, email, or phone, zip your lip. Don't fall for the scam. If you feel the contact might be legitimate, ask for a way to contact them after you've done some investigating.
5. Don't Be Fooled by Scammers
It's nice to get help from tech support for your computer problems. Don't be fooled, though, by self-proclaimed tech support experts who contact you by phone, email, or otherwise. Yes, they may claim your computer is sending out viruses. They may insist you’ll be in big trouble if you don’t have them clean it. They'll come up with any wild story, but eventually, they'll start asking for passwords or requesting remote access to your computer. Hang up and block the caller.
6. Lock Your Phone
That smartphone in your pocket is an identity thief's dream. It has your email, text messages, social media, and other apps potentially logged in and available. It contains personal data galore, including all your contacts. A thief with unfettered access to your phone owns your identity, period.
You absolutely must use a strong authentication method to lock the phone. A four-digit PIN won’t cut it, nor will a too-simple swipe pattern. Your best bet is biometric authentication, such as fingerprint or facial recognition, backed by a seriously strong passcode using all characters, not just numbers. Hey, you only need to type that passcode after upgrading your operating system or letting your phone run out of juice. Just make sure it's something you can remember, or it's stored in a password manager and accessible through your other devices.
7. Don’t Get Hooked by Phishing Fraud
People who write malware do it to make money, and, like anybody else, they prefer to make the most money with the least work. Coding up a data-stealing Trojan that can evade detection and installing it on millions of computers is a tough slog. It's much easier to simply trick victims into giving away their credentials. Phishing websites mimic banking and other sensitive sites in hopes that some poor sap will log in, giving up both username and password.
Don't give your identity away. If you get an email apparently from your bank, don't click any links. Instead, log on to the bank's site directly. Look for a secure HTTPS URL and lock icon, and be sure the URL in the address bar is correct. And if your antivirus or browser flags a site as fraudulent, stay away! The same applies to shady-looking or unexpected texts. That's right, there are SMS-based scams, too!
Phishing is a problem in the workplace, too. In spear phishing attacks, malefactors craft extremely convincing emails to fool employees or executives into giving away passwords or even transferring money into shady accounts. Stay alert, even when using your work email.
8. Install Protection
No one should use a PC or laptop without the protection of a powerful antivirus or, better yet, a full-blown security suite. A few security suites include antitheft protection for laptops; some standalone utilities can also lock down a lost or stolen laptop and even help recover it. Security products for mobile devices tend to combine antivirus and antitheft. Android devices are particularly vulnerable, but any device can get lost or stolen, so install protection.
Don't stop there; install a virtual private network (VPN), as well. Your local security software protects your data on your devices, while the VPN protects it as it travels the internet. Using a VPN also hides your personal IP address, thereby preventing websites from identifying your location based on that address.
9. Avoid Oversharing on Social Media
Sharing your posts and pictures with your circle of social media friends is fun, but if you're not careful you might be sharing with identity thieves. It's important to secure your social media. Check your privacy settings from time to time, as social media services are fond of making changes.
Download your data from Facebook and other social media sites for an eye-opening experience. Seeing what’s already out there may inspire you to lock down your account more thoroughly.
10. Get Free Credit Reports
You're eligible for one free annual credit report from each of the big three credit agencies. You can sign up for TransUnion, Equifax, and Experian reports at www.annualcreditreport.com. Yes, the Equifax breach exposed personal data for 143 million Americans in 2017, but that breach didn’t put the company out of business. Pro tip: Don't get your credit reports all at once. Get one at a time, four months apart. That will give you better coverage overall. Also, consider signing up for the free, ad-supported Credit Karma service, which keeps a watchful eye on your credit score.
11. Sign Up for Identity Theft Protection
You've surely seen advertisements for services that promise they’ll protect you against the scourge of identity theft. In truth, these services can't prevent identity theft, but they do provide an early warning system, and they can be a great help when picking up the pieces after a successful attack on your identity.
The best ones combine identity theft monitoring and remediation with protection for your devices at a price substantially less than buying those services separately. Check our roundup of identity theft protection software, and consider how much you’re willing to pay for peace of mind.
You don't have to turn your life upside down to protect against identity theft. Follow these simple tips, and you'll have an excellent chance of thwarting the identity thieves.