There are many ways your identity can be stolen, so there isn’t one sure-fire way to prevent identity theft.

However, fraudsters like to pick at the “low-hanging fruit.” That’s why taking these very simple steps today can go a long way towards preventing identity theft in your future.  

#1 — Protect Your Social Security Number

Identify theft related to Social Security Numbers is on the rise. Armed with your SSN, identity thieves can open up lines of credit in your name, racking up significant debt and sticking you with the bill.

Here are some of the best practices for reducing the chances of your social security number being stolen. 

  • Remove your social security card from your wallet. Instead, keep it filed away in a safe place at home. 
  • Be careful who you give your social security number to. When it’s requested, first ask if alternate forms of identification, such as a driver’s license or passport, can be used instead. In situations where you do have to give out your SSN, ask how it will be stored and protected.
  • Shred anything with your Social Security Number on it (or other sensitive information). Dumpster divers are a real thing, and they’re on the hunt for financial statements (which sometimes include bank account numbers), tax forms, credit and debit card statements, credit offers, and generally any bill with an account number or birthdate on it. A shredder can be an inexpensive but invaluable investment.
  • Do a search in your email archives for your Social Security Number. If any mentions pop up, make sure to delete them. 

#2 — Reduce the Amount of Junk Mail You Get

Much of the paper mail you receive contains personal information, which makes your mailbox your greatest non-technological identity vulnerability. 

Among the mailpieces most prized by would-by imposters are pre-approved insurance and credit card offers, which are sent by companies that screen you with a soft credit check. 

With the right mix of information, thieves can apply for these offers and use the credit without you even knowing about it — until it shows up on your credit report, that is. 

There are two ways to prevent these types of offers from ever coming to you in the first place:

  1. Use OptOutPrescreen.com or call 1-888-5-OPT-OUT. This is a service set up by the major credit reporting agencies (Equifax, Experian, and TransUnion) that allows you to opt out of receiving pre-approved offers for credit and insurance. This request will remain active for five years. 
  2. If you wish to permanently eliminate pre-approved offers, you can use the Permanent Opt-Out Election form provided by OptOutPr2eScreen.com. The only downside is that you’ll have to print out the form, sign it, and physically mail it in.

#3 — Check Your Credit Report Regularly

Having a fraudster open a line of credit in your name is one of the most harmful acts of identity theft. Not only can it negatively impact your credit history in the short-term, getting everything removed can take months (and many phone calls) — not to mention the fact once you know you’re a victim, you’ll need to take extra precautions going forward as there may be other fraudulent accounts you have yet to identify.

That’s why you want to regularly check all your credit reports. If any new accounts are opened, you’ll be able to take immediate action to prevent further damage.

A good rule of thumb is to put a reminder in your calendar to order a copy of your free credit report once every four months.

The credit reporting agencies are required to provide this report to you free of charge each year.

There are three of these agencies — Equifax, Experian and TransUnion — so once every four months will allow you to check each of them annually.

The site you want to use is AnnualCreditReport.com, which was established by a 2003 amendment to the Fair Credit Reporting Act. 

Another precaution you can take here is to get alerts any time there’s new activity on your credit report. While this used to be a premium service, today there are many companies that provide it free of charge. 

For example, most major banks and credit card companies offer some form of free credit monitoring. 

The big downside is that most free credit monitoring services only monitor activity from one of the three major credit bureaus. As such, you’ll still want to regularly check your credit report from the other agencies. 

Personally, I’ve used Credit Sesame’s free credit monitoring service for years (and I recommend it). 

#4 — Keep a Close Eye on Transactions

While sitting at the airport recently, I popped onto a financial tracking app I use and noticed a fraudulent $700+ StubHub charge. I quickly called American Express to notify them of the unauthorized transaction and all was taken care of. 

But if I hadn’t caught it so quickly, things could have been much worse. After all, there’s a lot of fine print when it comes to consumers not being responsible for fraudulent charges. For example, some credit card companies make you report charges within a certain timeframe for them to be covered. 

Beyond your Social Security Number, the next piece of information thieves want is your credit card number.

Of the 3 million cases of identity theft reported in 2016, 33% of them involved credit card fraud. 

How Your Information Gets Stolen

How do these crooks get your card details? One way is over the internet. Not all websites use strong encryption, and not all of them follow best practices when processing and storing your payment details. Plus, if you use your credit card on a public wi-fi network, it’s easy for a skilled hacker who is also on that network to steal your data. 

But it’s not just an online risk. So-called “skimmers” are small devices that thieves install in credit card readers. These devices record your card details and send the information back to the scammers, where they can use it online or even clone it onto a fake credit card to use in stores. 

With so many ways to steal your information and so many fraudulent charges taking place each day, it’s important to keep a close eye on transactions across all of your accounts. You want to take action right away if any fraudulent transactions do occur.

But with 100+ transactions per month and multiple credit cards and bank accounts, tracking each transaction can be a lot easier said than done. Enter technology.

An easy way to do this is by using financial tracking software. There are multiple free apps that allow you to aggregate your accounts and see each of your transactions.

One app I really like is TrueBill. With TrueBill, you get to see all the transactions across all your accounts in one place.

This is incredibly helpful, as you can pop into the app a few times a week to spot any unauthorized charges. The quicker you spot a charge, the quicker you can cancel the card and stop further damage.

The ideal scenario for any fraudster is running up thousands of dollars of charges on a credit card before the activity is spotted. Fortunately, you can easily prevent this with good finance tracking.

#5 — Protecting Your Online Data

Beyond physical mail and credit card information, hackers also covet your online passwords, which they can use to access your e-mail and other personal data stored electronically. 

Use Two-Step Authentication

The best way to prevent your passwords from being stolen is to use two-step authentication (also called two-step verification), which requires you to use both your password and your phone to log in to your account from a new device. 

Chances are you’ve already experienced this and just didn’t know it’s name. For example, your Apple ID requires two-step verification by default. Whenever you sign in from a new device, Apple pings your phone with a six-digit code to enter on that device.

This extra requirement makes it exponentially more difficult for hackers to access your data, because having your password is no longer sufficient — they’d also need to have your physical device.

Most online services now support two-step verification, and while enabling it across multiple apps that you use regularly can be a little bit of an inconvenience, it’s one that pales in comparison to waking up to find that you’ve been locked out of your own e-mail account (or, worse yet, that your bank account has been drained). 

Here are instructions for setting up two-step verification with popular email service providers:

Financial institutions — such as your bank, investment brokerage and insurance company — should also have two-step verification enabled whenever possible. 

Use Strong, Unique Passwords

From there, it’s important to set up strong passwords on all your online accounts, including your smartphone. 

Make sure not to use the same password for every site, and consider using a password manager like 1Password or LastPass, which makes it much easier to use unique, strong passwords for each of your accounts.

That’s a crucial security step, because always using the same password makes you more vulnerable if a service you use has a data breach. In that event, the hackers suddenly have access to all of your accounts that use that password — not just the one they hacked.

Also, if an account asks for verification questions, avoid using answers like your mother’s maiden name, which fraudsters may be able to track down. 

And finally, consider what information may be on your social media profiles: sometimes verification questions are things like, “Where did you go on your honeymoon” and “Where do you go to high school.” Answers to these questions are often readily available on Facebook and Instagram. 

What to Do If You’ve Had Your Identity Stolen

If you’ve been a victim of identity theft, it’s important to take swift action to prevent further damage. 

Here are the steps recommended by the FTC’s identity.gov website:

  • Call the companies where you know fraud occurred. Make sure to ask them to freeze your account so that nothing else is charged or opened. Plus, immediately change your login, passwords and PIN. 
  • Place a free fraud alert and get your credit reports. Calling one of the major credit reporting agencies and placing a free fraud alert will make it harder for anyone who wants to open a new account in your name. Then, as discussed above, make sure to get your free credit reports from each of the major bureaus at annualcreditreport.com or by calling 1-877-322-8228.
  • Report identity theft to the Federal Trade Commission (FTC). There’s both an online form and a number you can call (1-877-438-4338).

Frequently Asked Questions About How to Prevent Identity Theft

What is phishing, and how does it put my identity at risk? 

Phishing is a type of spam email in which scammers try to trick you into clicking on a link or opening an attachment — usually by impersonating a trusted source (like your bank or even a family member). These days, most people know better than to open emails from Nigerian royalty. But it can be difficult to tell the difference between a real email from your bank and a phishing email that looks almost identical. 

If you fall for the scam, one of two things happens: either a malicious file is downloaded to your computer (where it works in the background stealing your private information), or you’re prompted to enter personal details into an online form. For example, you might get an email purportedly from your bank telling you that you need to change your password, click on the link, and go through the process. At that point, you’ve given your password to the scammers. 

Most major web email providers have become adept at spotting phishing scams and filtering them directly to your spam folder, but you should still exercise caution. Instead of clicking an email link, visit the site directly; if you need to take an action, you’ll be prompted to do so. And make sure you’re running a high-quality antivirus program, which can help block malware.

Should I report identity theft to the local police?

The FTC’s guidance is that most people do not need to report ID theft to the local police, and that using the online reporting form is sufficient. However, there are a few exceptions:

First, if you know who the identity thief is, the information can help police investigate the crime. There’s not much use in reporting an anonymous Russian hacker to your local sheriff’s department, but they may be able to act on on specific, concrete leads. 

Second, you should report it to the police if the thief impersonated you in front of law enforcement. For example, they might have created fake identification cards with your details, and then used that ID during a traffic stop or other incident. If that’s the case, you need to let the police know immediately because you may be unjustly on the books for a civil or criminal violation, and failing to act accordingly can result in a cascade of legal consequences that are often difficult and time consuming to undo. 

Finally, sometimes credit card issuers or other parties require a police report in order to absolve you of responsibility for whatever action was taken under your name. 

What is a credit freeze?

A credit freeze is an indefinite lock on your credit file that is set and controlled by you. It works as a form of identity theft protection because it prevents third parties from accessing your credit report, which is a necessary part of applying for new credit. If you have a credit freeze in place, scammers can’t open new credit in your name. Of course, neither can you — but you can temporarily unfreeze it when you want to submit an application. 

The Bottom Line on Protecting Your Identity

Like it or not, identify protection is an important part of our lives today. Fortunately, simple steps go a long way towards making sure you’re not one of the many unlucky people who have to deal with the setbacks that come from having their identity stolen. 

To summarize the most important steps:

  • Protect your social security number by any means necessary.
  • Reduce the amount of junk mail fraudsters have access to.
  • Check your credit report three times a year, from each major reporting agency.
  • Monitor your transactions regularly for fraudulent charges.
  • Use unique passwords and two-step verification whenever possible.