7 Surefire Ways to Stop Identity Theft
With tax season right around the corner, many Americans are more concerned than usual with identity theft, and with good cause.
- Last year saw 6.4 million identity theft and fraud cases reported to the FCT, which comes out to about one every 5 seconds.
- WIRED credits data broker breaches alone with almost $21 billion in damages, while bank and payment fraud costs over $2 billion.
- Security.org reports that it takes 22 months on average to fully recover from identity theft, and in the meantime you often can't qualify for new loans, mortgages, or rentals.
- Average losses are just under $500, but nearly 125,000 people reported losing more than $10,000.
There's a lot of services out there that charge you money with promises to protect your identity, but in my opinion they overcharge and underdeliver. Instead, you can protect yourself for a fraction of the price with 7 easy tools and strategies.
Redefining "Identity Theft"
Before we dive in, we have to expand our understanding of what counts as "identity theft."
A lot of people I talk to seem to think that "identity theft" means that some stranger hacks your bank account and steals all your money. People often joke about being so broke that nobody would be interested. But that's only one type of identity theft, and if I feel confident guessing that it makes a pretty small percentage of the total number of cases.
Thanks to the gross negligence and ineptitude of agencies like Equifax and National Public Data, sensitive information such as your full name, Social Security number, and date of birth are already public, and thanks to people search websites, it's trivial to find information like address history, vehicle history, and phone number. This information may sound familiar to anyone who's ever opened a credit card or car loan: it's all the same information you need to open a new account.
Identity theft could also include impersonating you. Once again, you may not think you're worth impersonating, but you may be part of a community or have a job that someone could hijack in an effort to boost their credibility. This is especially worrisome in an age where it's common for employers to "Google" prospective employees.
All this is to say that "identity theft" is more than just "someone hacked my bank account." It includes opening new, fraudulent accounts in your name and impersonating you in some form or fashion.
Below I've come up with seven(ish) ways to help protect your identity from a wide range of threats including scams, new financial accounts, account takeover, and more.
Freeze Your Credit
Credit freezes are thankfully becoming a more well-known tool in the financial space, but many people still haven't heard of them or misunderstand what they do. A credit freeze is a free service that prevents the opening of new financial accounts. It will not prevent your credit score from raising or lowering as you continue to make financial moves (such as paying off a credit card), and you can unfreeze it any time as often as needed, so there's literally downside. Nearly everyone in America should freeze their credit.
NOTE: Be sure to sign up for a credit freeze. Many agencies also offer their own paid service with similar names, such as "security freeze." A credit freeze is required to be free by federal law and is much more effective.
Unfortunately, some researchers have found that a credit freeze can often be circumvented with a little social engineering and knowledge about your target. This is why I also recommend adding a fraud alert. Unlike credit freezes - which are in place until you disable them - fraud alerts must be renewed each year. On the plus side, you only have to activate it with one consumer credit reporting agency and then they pass it along to the others (unlike credit freezes, which have to be enabled with each agency).
I have a page with more details and links on how and where to do all this:
Nathan Bartram
Bonus mention: The IRS IP PIN
This blog post is focusing on how to protect your identity from a broad range of threats year-round, but in the introduction I did mention that tax seasons is upon us in the US. A common concern this time of year is stolen identity refund fraud, where someone files a tax return on your behalf and intercepts the return. The best way to protect against this is to file for an Identity Protection PIN (or IP PIN). This is available for free directly from the IRS to anyone with a Social Security number or taxpayer identification number in the US. When filing for a tax return, the IP PIN will be required to complete the filing, thus preventing unauthorized people from filing on your behalf and potentially taking the money.
A credit freeze with a fraud alert will solve nearly all of your concerns that someone might open new financial accounts in your name, but compromise of existing online accounts (like your bank) remains a valid concern.
Use A Password Manager & 2FA
Experts universally agree that if you can only do one thing to make your accounts more secure, it would be to use strong passwords on every account.
Since the average person has over 100 accounts, remembering all these passwords would be impossible. Thankfully, there are plenty of credible password managers out there who can store these passwords in a secure format and remember them for you. They can also help you generate them, and come with plenty of other quality-of-life features that make using a password manager an incredibly user-friendly and convenient experience.
Once more I have a page that offers more detailed advice on how password managers work and which ones I recommend.
Nathan Bartram
For maximum security, you should enable multifactor authentication (MFA) on any accounts that offer it. MFA is also known as two-factor authentication (2FA), two-step authentication, and other similar names.
There are many forms of MFA these days, such as emailing you a login link or texting you a code. For most people, TOTP is the best blend of convenience and security. This is the one where you download an app and scan a QR code, then it generates a new code every 30 seconds in the app.
I have a list of recommended apps, as well as more information about other forms of 2FA and how they rank.
Nathan Bartram
Remove Your Online Data
With a credit freeze in place and proper account security, it's unlikely that an attacker would be able to gain access to your existing accounts or open up new ones. Still, I'm a strong believer of redundancy (or "defense in depth" as we call in the information security space).
I've mentioned that much of our online data is available for free on various "people search sites," making it trivial for an attacker to quickly find information about you that would help them steal your identity (information like former addresses, family members, or vehicle history). A quick and easy way to get this information removed is to pay for a data removal service.
My top recommendation is EasyOptOuts, but keep in mind that these sites will keep re-adding your information so you'll have to keep paying for these services (unless you make some major changes to how you handle your data). Still, they can still be a great investment to help make you a harder target for would-be thieves. (I have some additional tips on how to manage your data on my website.)
EasyOptOuts
The New Oil is supported by our audience. If you're getting value out of our work, please consider supporting us.
Make Accounts More Private
There's already a wealth of free tools out there that potential attackers can use to quickly and easily find your other accounts across the web, such as all your social media accounts. Thanks to the rise of AI, once an attacker has found these they can easily have an LLM scan your posts and summarize any information that could help them better guess passwords and security questions - things like family members, dates of birth, pet names, job and housing histories, and more.
Make sure to go through all your accounts - especially social media accounts - and change the privacy settings. On many social media sites you can choose to hide various field in your profile (like bio or following) or even posts. In some cases you can selectively make some posts public and others "followers only" for flexibility. Be mindful what you share online and what data could be gleaned from it. Find and delete old accounts you no longer use to avoid risk of exposure. Consider using a tool like Redact to help remove old posts and content.
Plant Your Flag
"Planting your flag" is a simple but powerful idea: make an account now so that someone else can't pretend to be you later. This primarily applies to important real-world accounts like the Social Security Administration, the IRS, your internet service provider (ISP), cell carrier, bank, doctor, state unemployment portal, and any other similar accounts. And of course, be sure to use a password manager to store the account credentials, and enable 2FA.
Use Payment Masking Services
Another smaller and more common form of identity theft is having your payment information - like PayPal or credit card number - stolen and used for fraudulent purchases. Thankfully there's lots of ways to reduce this risk. An obvious but dying method is to use cash wherever possible in the physical world. For online payments, you can use payment masking services like Privacy.com or virtual debit cards offered by some banks. Even if your card number were to get stolen, these tools reduce the damage and make it quicker and easier to recover. (Once more, I have additional information on my website.)
Use An Ad-Blocker
One increasingly common of attack is scam ads - usually in the form of a scammer buying ad space on something like Google Search (where ads aren't always clearly marked) and then using those ads to push you to a fake website that downloads a malicious version of whatever you were looking for. So-called "malvertising" has become such a problem that even the FBI recommends using an ad-blocker.
The easy button is to switch to the Brave browser. It's available on all operating systems (Mac, Windows, Linux, Android, and iOS) and comes pre-bundled with a powerful ad-blocker.
If you're married to your browser, however, the best ad-blocking extension on the market is uBlock Origin, which is available for free on Firefox and Chromium-based browsers (like Chrome, Opera, Vivaldi, and Edge).
Phones are a little tricker. uBlock Origin Lite works on Safari for iOS, and Firefox does allow the full extension on Android. AdGuard may be a simpler, more versatile, and more comprehensive solution for phones though.
Raymond Hill
Conclusion
All of these services and techniques combined will make it nearly impossible to fall victim to identity theft:
- Credit freezes with fraud alerts make it impossible to open new financial accounts.
- Strong passwords with 2FA make it impossible to take over existing accounts.
- Removing your online data and setting social accounts to private removes the risk of social engineering, such as properly answering security questions.
- Planting your flag makes sure nobody else can fraudulently abuse accounts you may not be ready to use (like Social Security)
- Blocking ads reduces the risk of falling for a scam or downloading malware
This is just the tip of the iceberg. The truth is that there's lots more ways to help protect yourself against potential identity theft like using encrypted communications, making your phone more private, and careful use of disinformation. The fact is that the more privacy you have in general, the safer you are. Privacy means less data that can be weaponized against you by malicious advertisers, data breaches, scammers, social engineers, or pretty much anyone for any purpose.
It's important to realize that privacy isn't a paranoid, anxious response to a scary online world. It's about feeling confident and in control of your online self, image, and life. So if these tips resonated with you and made you feel like your online identity is a little safer, I encourage you to check out more of the tips at The New Oil.
Tech changes fast, so be sure to check out our website for all the latest recommendations, tools, services, and more.
Comments ()