The best way to deal with identity theft is to prevent it in the first place. That’s not always possible, but there are definitely a few things you can do to protect yourself and minimize the chances of anyone getting hold of your information in the first place. I’m going to cover both online and offline scenarios, since most of us conduct transactions in both arenas.
Protecting against identity theft
There are a number of ways identity thieves get your personal information so they can then make transactions in your name, or even open credit cards, bank accounts, etc., in your name. I’m going to describe each method they use, then follow it with preventative solutions.
Dumpster Diving. Identity thieves go through people’s trash and find bills and other documents with identifying information.
Solution: shred anything that has your name, address, credit card or social security number or anything remotely identifying on it. Don’t think that because a letter from your credit card company only has the last four digits of your account, this is safe to toss. You don’t want these people connecting any part of your numbers with your name and address. Buy a shredder that shreds stuff up very small and also shreds credit cards. I’ve been very happy with an older version of this shredder for years, but there are plenty out there that will do the job well.
Documents you absolutely must shred include:
- Credit card statements. If they get hold of these and your credit card number, they not only have what they need to make transactions, but they can mimic your spending habits and stay under the radar longer. The longer it takes you to realize fraud has occurred, the harder it may be to sort it out.
- Address stickers from packages. Yes, I actually cut address labels off of packages delivered to me and run them through the shredder.
- Social Security statements. Pretty much anything you get from your government is going to need shredding, unless it’s a form letter with absolutely nothing but your address on it for identification.
- Junk mail with your name and address. I shred every piece of junk mail with my name and address on it, and that’s part of why I worked hard to stop my junk mail.
Phishing. It’s easier than you might think to make it look like you’re sending an email from a company you have nothing to do with. Thieves do this, with instructions for you to do something urgent about your account – usually, click a link and log in, but you’re not logging into the legitimate company website. You’re logging into what looks like it, but is actually a site where the thief can read your password. Now your account is accessible to him.
Solution: the simplest one is never to click a link from an email, even if you’re sure it’s legit. You can always just open the account up in your browser like usual to see if there are actually any alerts on your account like what the email was describing. I recently had several companies I transact with notify me that my password might have been compromised by a hacking. These emails told me how to log into my account and precisely how to navigate to whatever they wanted me to do (change password, read a particular notice, whatever). A legit email will give you another option besides clicking the link, because they know those of us concerned about phishing may be unwilling to click any link from an email.
Computer viruses. Some malware, called keyloggers, can send an identity thief a record of your every keystroke. This means passwords you’re typing in, logins, etc. If you get a virus, you may not know about it for some time, and during that time, the thief could get a lot of info.
Solutions: there are a few ways to tackle this one.
- Avoid viruses, as best you can. This is too complicated a topic to get into here, but make sure you’re running whatever firewalls or anti-virus software is recommended for your computer and take a few minutes a couple of times a year to read the latest about avoiding viruses (such as how to recognize suspicious email links, strange behavior from your computer and potentially infectious websites).
- Use LastPass or a similar login storing solution. LastPass stores all your passwords with encryption, behind a secure (https) connection, except for a master password that only you know (they can’t retrieve it for you if you lose it). All you need is one strong password, which means you can use super-strong passwords for all your accounts, and you won’t be typing in your various passwords everywhere you go online anymore, so keyloggers get nothing. But what about the master password? Yes, you have to type it in at LastPass, but they have this cool keyboard on the screen thing so you can just click it in. (On a computer you trust, you don’t have to log in more than once every few weeks, but with the screen keyboard, I feel safe logging in even on a public computer that’s pretty likely to have viruses.)
- Use strong passwords, and don’t the same ones everywhere. LastPass makes this easy because you don’t have to remember them all anymore. It has a built-in password generator that creates very strong passwords, or you can use a password generator online.
Skimming. This is the toughest one to fight. While performing a real transaction for you, a waiter or store employee can swipe your card through a small portable device (they hook easily onto a belt) and it will capture all the card information.
Solution: don’t use your credit cards at stores or restaurants, or at least restaurants, where it’s normal for a waiter to take the card out of your site. Sorry, but that’s really the only way to fully prevent this. Watch employees to make sure they don’t do anything strange with your card. I’ve discovered fraudulent transactions on my credit cards a couple of times, and I believe this is the only way they could have happened. I still use my credit cards at shops, however – playing the odds – and it’s been years since I had a problem. I rely on after-the-fact monitoring (which I’ll discuss later) to catch these crimes quickly so they can be easily sorted out.
Diverting your mail. Yes, an identity thief who has your current name and address can easily fill out a change of address form so the post office will start forwarding your mail to the thief’s address instead of your own.
Solution: again, shred any documents with your name and address on them. Be careful who you submit your contact information to online. If you fill out your contact info to win a car at the mall, make sure the contact card goes into the box where it belongs before you walk off. Prevention isn’t always possible, so notice if your mail seems light for a few days, and call the post office to see if they have a forwarding order on you or any member of your household. You may want to consider switching to electronic statements so that even when a thief successfully diverts your mail, he won’t get anything out of it.
Pretending to be from legitimate companies. Our favorite example around here: the Account Services scam. They may call, contact you by mail, or even cold call at your home. They typically are offering something that feels too good to be true, so watch for that feeling.
Solution: just don’t ever give financial or identifying information to anyone unless you solicited contact from them.
Prevention is never 100%, so monitor your accounts to make sure there aren’t any strange transactions on them. To detect fraud quickly, you need to be on top of your finances and be on the alert for anything out of the ordinary. I check my credit cards and bank accounts online about every two weeks and glance over the transactions to make sure they’re all from places I buy from, and the amounts look right. If you’re unsure of a transaction, just call your creditor and ask them for more information on it. It might start to sound familiar once they tell you what they know, or you might confirm for example that the transaction occurred in a city you weren’t in on the day it happened.
In addition to making fraudulent transactions on the accounts you monitor, identity thieves may also open accounts in your name (bank accounts, credit cards, phones, electricity, even a driver’s license, etc.) with their address. They rack up bills they never pay, and all this goes on your credit, not theirs. They’ve even been known to start collecting someone’s social security, get a job in someone else’s name, and even file tax returns in someone else’s name. If you get any of the following, start investigating immediately:
- Collection calls for debts that aren’t yours
- Rejected for a loan or new credit card or anything based on credit
- Contact regarding a home you never lived in, job you never had, etc.
If any of these things happen, you need to let your creditors know and file a report with the police.