Identity theft can be devastating. Victims may lose money, see their credit destroyed and spend a lot of time trying to re-establish their financial accounts. They could even be forced to prove their innocence of crimes committed in their name.
That can seem pretty scary, but you don’t have to become a security fanatic to protect your identity. You can prevent identity theft by following a few basic steps. The protection won’t be absolute but you can put the odds in your favor.
Like most criminals, identity thieves look for easy targets. Here’s how to make yourself a hard target.
PII: the Key to Identity Theft
PII stands for Personal Identifiable Information. This is any data that would allow someone to impersonate you.
PII includes key elements like your Social Security number, account numbers, and passwords, but it also includes mundane details like your full name, phone number, and email address.
Identity thieves work by acquiring parts of your PII and using open sources to fill out a profile that they can use to impersonate you. Protecting your PII is the key to protecting yourself from identity theft.
Let’s look at some ways to protect your PII and prevent identity theft.
Prevent Identity Theft by Securing Your Bank and Credit Card Information
Many people imagine identity thieves as high-tech hackers, manipulating the internet and using computer wizardry to steal your PII. The real methods are often much more mundane. Here are some simple tips.
1. Beware of Dumpster Dives and Mailbox Raids
One of the most common and effective ways to steal PII is “dumpster diving”. Thieves prowl through garbage to recover bank or credit card statements or other mail (even bills) that people have casually thrown in their wastebaskets. Once they have your account and balance information, they can pretend to be you when contacting your bank or credit card company.
Shred your paper statements or other documents containing personal information before discarding them so no one can dig through your trash and get them.
Thieves may steal your statements from your mailbox before you ever see them. Maintain a secure mailbox or have your bills sent to a P.O. box. Use electronic statements with secure passwords whenever possible.
2. Remove Personal Documents From Your Wallet or Purse
You might think it is convenient to keep your personal information in your wallet, but if it gets stolen or lost, thieves can use the information to steal your identity, use your credit cards, and empty your bank accounts.
Don’t carry these items:
- Social Security Card The number on this card is the key to getting into most of your accounts. Thieves can get loans and credit cards in your name.
- Passport A passport is a government-issued legal document. Criminals can use it to get new identity cards and open new accounts. And of course, they can travel in your name.
- List of your passwords. This list gives cybercrooks all they need to take over your online identity.
- Blank checks If you lose a blank check, a criminal can drain your bank account or use the information to enter your account electronically. These days, few purchases are made by check, so leave your checkbook at home unless you know you will need it.
- Birth Certificate This document will allow thieves to combine it with other fake I.D.s to convince someone to open an account in your name.
Not all identity theft is electronic. Think about what you really need to carry and leave the rest at home.
💡 Tip: Change your passwords frequently and do not use the same password for all of your accounts.
3. Watch Out for the Old Fashioned Con
One of the most common and popular forms of identity theft and fraud is social engineering. This is essentially an old-fashioned con job. As con artists have always done, social engineering scammers gain your trust and persuade you to give up PII – or even money – voluntarily.
Identity thieves may contact you by phone, email, or text. They will often impersonate employees of financial institutions or other businesses. The request will sound innocent: maybe they need to verify a transaction or confirm account details. Some may use a reward or prize as bait or warn you that your account will be closed if you don’t take action.
Your best security measure is to never give out PII online unless you know the institution and you initiated the contact. It is rare for reputable companies to contact you asking for information about yourself. If you have any doubts, check with the company.
Social engineering scams can take many forms.
- Phishing involves using emails, text messages, and websites, often using the name or visual identity of a real institution, to convince you to give up details.
- Baiting uses emails or messages promising a reward, prize, or other incentives to get you to surrender PII.
- Romance scams involve criminals taking on the identity of physically attractive people and convincing their marks to strike up an online “relationship”.
- Affinity fraud involves scammers that gain trust by pretending to be a member of a social group, like a church or club, that the mark belongs to.
All of these scams rely on our tendency to trust people who seem superficially trustworthy.
👉 Data Highlight: Losses due to romance scams amounted to $547 million in 2021.
4. Watch for Pressure to Provide Your PII
Any time you have to “act now” or hurry in any way, you are dealing with a scammer. You may hear a warning that you will lose money if you don’t act during the call.
There is even a fake IRS scam where the caller tells you that police are on the way to arrest you for tax fraud, and you can only prevent it by giving them information to stop it. The IRS never does this, nor does any respectable company.
Prevent Identity Theft by Paying Attention to Online Security
Many forms of identity theft don’t take place through “hacking” or other computer-related activities. Some do, and you’ll still need to pay attention to online security in order to prevent identity theft.
5. Never Post Private Information in Chatrooms or on Social Media Sites.
Even something as simple as your home address can give a criminal an “in” with you. Because they know your address, you may think they are legitimate. And, of course, posting account numbers and bank balances and the like will give them powerful information they can use to gain your trust. Even just posting your bank’s name will let people know who you do business with, and they may call you pretending to be from that bank.
Thieves may also use information from your social media to order goods and services, open shopping accounts, and even steal from others by using your name.
6. Avoid “Friendships” That Move Too Fast
Online relationships may invite identity theft. Romance scams are everywhere online. Criminals pretend to be attractive men or women and act like they feel close to you. This usually occurs over a period of days, with the scammer suggesting you will know each other forever because you are so much alike.
At some point, the scammer may ask you to move to Whatsapp to continue the conversation. This provides them with end-to-end encryption to protect them from the prying eyes of social media administrators. You may be “helped” to get into cryptocurrency (the account will be fake and they will take your money). Or they may ask to buy a phone card or send money for a medical operation.
Ask for a video call. Most scammers will drop you immediately. They will refuse to do anything that would reveal their true appearance.
7. Watch for Suspicious Websites
Beware of clicking on websites that are trying to steal from you. Often, a link with some “amazing” offer will take you to a site that immediately asks you for personal information so you can take advantage of their deal. That’s usually a bad idea.
Some sites may direct you to links that will install malware on your computer. Never click on a link unless you’re sure you know where it goes.
A fake website may look very much like the real one but will have a different web address or URL. Always check the full URL to see if it has misspellings or belongs to a domain other than the company’s. A fake may be different from the real thing by only one letter. Look up the company on Google to see the proper URL.
💡 Tip: You can check the legitimacy of a URL with Google. Type in http://google.com/safebrowsing/diagnostic?site= followed by the site you want to check. The tool will tell you if the site is known for installing malware on users’ computers.
8. Check Email Addresses on Customer Service Emails
You may receive an email regarding an account you have with a company. Typically, the email will ask you to verify your information, including account numbers and passwords.
First of all, legitimate companies never send an email out of the blue asking you for sensitive information. Secondly, check the return email address. Scammers use random addresses that don’t match the official email address of the company. You should see a domain name that is the official company domain.
If you aren’t sure, look up the company’s customer service number online and call to verify. Never use a number contained in a suspicious email or message.
⚠️ Warning: Pay attention. Email scammers often alter a letter or two to make the email address look like the company’s real address. An “a” may be substituted for an “e,” for example.
9. Beware of Unrequested Antivirus Downloads
When you get popup windows that claim you have a virus, they may tell you that you need to install an antivirus program. Never download this kind of software offered to you out of the blue. You will likely infect your computer with malware that can take over, ruin your files, or send critical data to an identity thief. Only install antivirus software from reputable companies you seek out, not offers that randomly appear on your screen.
When you are on a legitimate site but unrelated offers pop up in your window, the site may have been hacked. Clicking on these offers may introduce malware into your computer. If you see offers that are unrelated to the company, don’t click on them.
It’s best to only click on links that you deliberately sought out.
10. Use Secure Passwords
This sounds simple, but millions of people are still using highly insecure passwords, even on accounts that involve money, like banking, credit cards, and e-commerce accounts. Using random passwords and changing them regularly is one of the most basic ways of preventing identity theft.
If you’re worried about forgetting your passwords, look into password management software!
11. Use Two-Factor Authentication
Two-factor authentication is a simple system. Every time you sign in to an account or make a transaction, you’ll have to enter a one-time PIN number sent to your phone number or email address. That makes sure that nobody can access your details or make transactions in your name unless they have not only your login details but also your phone or email.
Two-factor authentication is not foolproof and it may seem inconvenient, but it gives you an extra level of protection. Many financial and e-commerce sites offer this service, and it’s worth using any time it’s available.
12. Freeze Your Credit
A credit freeze will prevent anyone from gaining access to your credit file. This makes it impossible for identity thieves to apply for credit in your name. Many people request a freeze if they think their information has been compromised, but if you rarely apply for new accounts you can choose to keep a freeze in place. Just remember to lift the freeze if someone has a legitimate reason to check your credit.
Protection for your PII
Most people can protect their own PII in order to prevent identity theft. The methods outlined in this article will give you a layer of security and make you a difficult target for identity thieves.
If you believe that you’re at high risk of identity theft or your PII may have already been compromised, you can consider hiring professional services to protect your identity. These services are available on two main levels.
- Credit monitoring services watch your credit file and alert you if there are any changes that could be caused by identity theft. This will not help you with types of identity theft that do not involve credit accounts. Many financial companies bundle credit monitoring with other services, so check your credit cards and accounts before paying for credit monitoring.
- Identity theft protection services provide more assertive protection. Many services will go beyond credit reports, monitoring address change requests, court and arrest records, service applications, social media activity, and even dark websites where PII are often sold.
These services can give you extra protection, but they may also come at a substantial cost. You’ll have to assess your risk carefully before making the decision to spend more. For most people, taking the simple steps we’ve reviewed above is likely to be enough!