Despite crackdowns by the Internal Revenue Service (IRS), state law enforcement and financial institutions, identity theft isn’t going away. A 2017 Identity Fraud Study, released by Javelin Strategy & Research, found the identity fraud incidence rate increased by 16%, the highest on record high since Javelin began tracking identity fraud in 2003. Fraudsters found two million more victims, taking in nearly one billion dollars more than last year.
The more you know about how to protect yourself, the better chance you have to not be a victim. Here are 13 tips help you protect yourself from identity theft, scams, and fraud:
- Understand that public wi-fi access really does mean public. When you’re sitting in Starbucks or your local library, be careful: your data may be vulnerable to interception. Don’t connect to an unknown wi-fi connection (make sure that it’s legitimate). If you have an alternative connection available like using cellular data, consider using that instead. If you must connect using public wi-fi, use a VPN (virtual private network). And save the really sensitive data – like online banking – for later. It really is best to avoid websites that could expose your passwords or financial information to potential cyberthieves on public connections.
- Take care with private documents. With so much emphasis on internet security, it’s easy to forget to safeguard paper documents. Don’t be careless with credit card statements, bank receipts, and copies of tax returns. File the copies you need and shred the ones that you don’t. (For information about what to keep and for how long, click here.)
- Keep your mailing address current. We’re an increasingly mobile society. It’s rare that you’ll retire in the home that you start out in: chances are, you’ll switch addresses more than once. When you do move, make sure that you contact your financial institutions, credit reporting agencies, and tax authorities so that your mail doesn’t end up in the wrong hands. To easily change your address with IRS, file a federal form 8822, Change of Address (downloads as a PDF). Allow plenty of time for processing. You should also file a change of address with the US Postal Service; you can make the change online here.
- Keep an eye out on bank and credit card statements. You don’t have to be obsessive but do check your accounts from time to time to make sure that the recorded transactions are actually yours. Investigate and immediately report any suspicious activity – even small transactions. Sometimes thieves will test the security of a card or availability of funds by making a number of small attempts first.
- Don’t give away the store. Companies love gathering your data. That data helps them make decisions about marketing which means the more data they can glean, the better – for them. When making purchases online or signing up for newsletters, only provide the information that the company needs: you don’t have to give out all of your information. When you do opt-in online, check the website’s privacy policy to find out how that information might be shared with other companies. It’s okay to decline to offer personally identifying formation, like your Social Security, online or in person to companies and service providers (even your doctor) – chances are, they don’t really need it.
- Use smart passwords. I know how hard it is to keep track of passwords. You likely have a number of websites that require passwords and it can be tempting to cut corners. Don’t. Use secure passwords (make sure yours isn’t on this list of terrible passwords) and update them regularly. Don’t use the same password for multiple sites; to help you keep track, use a password manager like LastPass.
- Be careful with games and memes. I love games and quizzes and memes. I really do want to know what Disney princess I could be (Belle, of course, because she loves books) or my rock star name (Sage Volt, apparently). Playing those games can be fun. But be careful when games and memes ask for personal information like your mother’s maiden name or the street you grew up on. Those questions seem innocent but can be attempts to secure out of wallet information used to figure out your password or otherwise gain entry into your online accounts. If you’re asked for that kind of information – even if it feels innocent enough – think hard before clicking and for heaven’s sake, don’t post those details on social media.
- Consider lying about personally identifying information. Chances are, your information is already easily available on the web – on Instagram or Facebook, for example (see again #7). But if you lie about your security answers, you remain in control. For example, maybe I’ll decide that the first car I ever owned was a Jaguar E-Type or that my mother’s maiden name is Cumberbatch. The key, of course, is to remember the fake answers. Using a consistent lie is a good idea. For more on the benefits of lying, click here – just don’t tell my mom.
- Don’t fall for phishing scams. Phishing comes in the form of an unsolicited email or a fake website that poses as a legitimate site (like those pretending to be IRS) in order to get you to disclose your personal or financial information. Don’t follow any links from these e-mails to any websites where you might be asked for your personal information. Verify that you’re on a legitimate site before sharing your data; if you must access a particular site, log out from any links that you’re not sure about and navigate directly to the site instead. And remember: the IRS will not initiate contact with you by email to discuss your account.
- Be stingy with your Social Security Number. These days, many companies ask for your Social Security Number not because they need it but because they want to use it as an identifying number. That’s not the intended use. Before you give out your Social Security Number, determine whether the company really needs the information – and why. If there’s not a legitimate purpose, don’t provide your Social Security Number when asked and don’t submit it online. (For more on Social Security numbers and privacy, click here.)
- Don’t give out personally identifying information on the phone. You should never give out personally identifying information like your Social Security Number (see #10) or credit card number over the phone without first verifying the legitimacy of the call. The best way to do that in most cases is to hang up and return the call using a known, legitimate number (and not one that the caller gave you). That’s also true for calls allegedly from the government: If you receive a call from someone claiming to be from the IRS, and you do not owe tax or if you are immediately aware that it’s a scam, do not give out any information. If you receive a telephone message from someone claiming to be from the IRS, and you do not owe tax or if you are immediately aware that it’s a scam, don’t call them back. Remember, the IRS does not initiate contact with taxpayers by phone and will not call to demand immediate payment without first having mailed you a bill (or threaten to have you arrested for not paying). If it’s a scam, just hang up: There’s no value in engaging with the scammers, no matter what your friends might say.
- Monitor your credit report. By law, you’re entitled to one free copy of your credit report each year from each of the major credit bureaus (Equifax, Experian, and TransUnion): that’s a total of three reports every year (you may be entitled to additional copies if you’re the victim of identity theft). To claim your free copy, visit www.AnnualCreditReport.com or call 1.877.322.8228. Review your credit report like you do your credit card or banking statements: check to make sure that the transactions and credit requests are those that you’ve approved and follow-up if you see any suspicious activity.
- Pay attention to fraud alerts. Many banks, like mine, will alert you whenever there’s a suspicious transaction on your account. It can be a little inconvenient if the transaction is legitimate but it’s loads better than having your card actually compromised and not knowing about it. Ask if your bank or lender has fraud alerts – and use them.
Even if you are super diligent, the reality is that everyone is vulnerable to identity theft. Many third parties have access to your data, including trusted advisors, merchants, health care providers and the government. If your data is compromised, it’s not the end of the world. Take a deep breath and then make an effort to mitigate any damage to your credit or your accounts, including contact your financial institution: you may need to get a new card, switch an account or even get a credit freeze (rules vary by state). You may also want to file a complaint with the FTC at identitytheft.gov.
If the identity theft is related to your taxes, respond immediately to any IRS notice and complete form 14039, Identity Theft Affidavit (downloads as a PDF), if necessary. For more, check out the IRS Taxpayer Guide to Identity Theft.