How to Avoid Identity Theft and Account Hacks

Andrea McClelland, CFP^®

In the era of online accounts and digital transactions, protecting the integrity of your financial accounts, credit and personal identity is crucial. 

Personal information, such as your name, address, date of birth and Social Security number may be compromised in a variety of ways, including data breaches, phishing scams, or even theft of physical documents. Criminals may attempt to use this information to open credit cards or bank accounts, take out loans, or engage in financial crimes such as check fraud. Though there is no way to guarantee the safety of your information, there are steps you can take to significantly reduce the chance of becoming a victim of account hacks, credit fraud and identity theft.

Protect your Credit

• Check your report: Periodically review your credit report for errors and red flags such as transactions you did not make, an incorrect date of birth, places you've never worked, or unfamiliar home addresses. You can obtain your annual free report from the three major credit bureaus - Equifax, Experian, and Transunion - via annualcreditreport.com, the only authorized website for free credit reports in the U.S. Note that weekly reports are available free through December 2023. 
• Consider a credit freeze: A credit freeze is the most effective way to prevent identity thieves from using your personal information for financial fraud. You’ll need to initiate a freeze with each of the three major credit bureaus. A credit freeze can be temporarily lifted if you choose to apply for new credit or a new job; the “thaw” can typically be initiated online. 
• Or set up fraud alerts and/or credit monitoring: If you don’t want to initiate a credit freeze, another option is to sign up for free fraud alerts. You need only initiate a fraud alert at one of the three major credit bureaus. That bureau will alert the other two; you need to renew this service each year. Credit monitoring services can help track changes or suspicious activities within their credit reports. These tools provide alerts for new inquiries, accounts, or significant changes, aiding in early detection of identity theft or fraud. Some credit monitoring services are offered for free, such as Credit Karma. Paid services often provide additional features, such as identity theft insurance and access to credit scores from all three major bureaus. 
• Take action after a data breach: If you learn that a service you use has experienced a data breach, take immediate action. Start by changing the passwords for the affected account and any other accounts where you used the same password. Monitor your financial statements for unfamiliar activity and consider enabling account alerts. If the breached organization offers free credit monitoring services, take advantage of them. 
• Protect children’s credit: Minors are particularly vulnerable to identity theft and credit fraud, as they may not realize they are victims until they are old enough to apply for a job or credit card. Start by checking whether they have a credit report. A minor should not have a credit report;  if they do, they may be a victim of identity theft. The best approach to protect a minor’s credit is a freeze, which can be removed when they turn 18.

Practice Good Cyber Hygiene

• Use Strong and Unique Passwords: You’ve heard it before, but it bears repeating: use long, strong passwords. Avoid repeating or re-using passwords or portions of them. A password manager can help securely store all your passwords in one place. Most password managers have a password generator feature, which creates strong, random passwords, which you can then store and access within the password manager. If you choose to store your passwords on paper or on your computer, be sure to safeguard their location.  Visit our post on digital estate planning for more suggestions on password management and storage.
• Add Two-Factor Authentication: Two-factor authentication offers an extra layer of security to logins; add it to financial account logins or anywhere you share sensitive data. If it’s an option, consider using an authenticator app to generate your two-factor codes, which is considered to be more secure. If you use two-factor via text, be aware of SIM swapping, a tactic where hackers take control of a mobile phone number and intercept two-factor codes. If your phone suddenly stops working (you can’t make calls or send texts), or you get a notification from your cellular provider that your SIM card has been activated on a new device, contact your cellular provider immediately.
• Think Before You Click:  Be wary of phishing schemes (emails attempting to get you to share personal information), avoid opening attachments, clicking links in unsolicited emails, or responding to alerts claiming your “account has been locked.” 
• Protect Your Device: Install antivirus/malware software, and allow automatic updates on antivirus and other software. Updates often address security issues. Use password protection on electronic devices and consider encrypting sensitive data stored on your computer or external drives.
• Be Aware of Website Security: Most websites these days use encryption, signified by a lock image or 'https' in the URL; never transmit sensitive data (like credit card information) on a site that isn’t secure. 

Odds and Ends

• Limit Sensitive Mail: If you’re not interested in new credit card or insurance offers, consider using OptOutPrescreen.com to opt out of receiving these offers, which prevents fraudsters  from filling out and redirecting pre-approved applications.
• Stop And Hang Up: Remember that institutions like the IRS or Social Security Administration do not email or call you to demand immediate action.
• Never Give Personal Information To A Caller:  If in doubt, hang up and call the institution yourself. Don’t give your personal info to anyone who calls you, and don’t respond to a request to provide a two-factor code to “verify your identity.” 
• Medical ID Theft: Medical ID theft occurs when someone steals your personal information to obtain medical care, buy medications, or submit fraudulent billing to insurance providers. If you notice unfamiliar medical charges or receive bills for services you didn't receive, contact your healthcare provider and insurance company immediately. It's advisable to review medical EOBs periodically for accuracy. If you suspect medical ID theft, report it to your healthcare provider, insurance company, local law enforcement, and the Federal Trade Commission (FTC).
• Use A Shredder: Remember to shred sensitive documents. Aegis clients are welcome to drop off documents with us for shredding - check in to schedule a time to stop by.

What Should I Do If My Information Is Compromised?

If you discover that your information has been compromised, immediately notify the relevant institutions and follow their instructions. Report the incident to the FTC at identitytheft.gov and file a police report. You may want to lock your Social Security Number for a time. Locking your SSN means restricting access to it, making it more challenging for identity thieves to use your number for fraudulent purposes. Consider contacting Identity Theft Resource Center for assistance and resources.

Not sure where to start?

If these steps seem overwhelming, start by checking your credit report, initiating a credit freeze or fraud alerts, updating weak passwords, and adding two-factor authentication to financial accounts.

While protecting your identity and financial accounts can seem daunting, it's essential in today's digital world. By taking precautions, you can significantly decrease your risk and safeguard your financial well-being.