In this article:
There might not be a way to completely protect yourself from identity theft short of living completely off the grid. And even that might not be enough. Thieves love low-hanging fruit, however, and putting up your defenses can make you a more difficult—and therefore less appealing—target. Here are different tools you can use and actions you can take to help protect yourself from identity theft.
5 Must-Have Identity Protection Tools
Various tools can help you address specific vulnerabilities or make it easier to implement some identity protection best practices. Using more than one is likely the best strategy, as they could work together to help you prevent different types of attacks.
1. Password Manager
A password manager is a program that can generate and securely store account usernames and passwords. Some offer mobile apps in addition to browser extensions or downloadable programs.
Using a password manager, you can create unique passwords for all your accounts without having to write down or memorize them all. Having different passwords for all your accounts can help keep them secure if your login information for one account is compromised.
2. Antivirus Software
Modern computer and smartphone operating systems may come with antivirus software built in—all you have to do is make sure you enable the software. Or, if it's already enabled, make sure you don't turn it off.
You could also look for third-party antivirus and antimalware software options, such as Avast, AVG, Bitdefender, Malwarebytes and Kaspersky. Some of the options are either free or have free editions, although they may have fewer features than paid antivirus software.
3. Token-Based Multi-Factor Authentication
Two-factor or multi-factor authentication (MFA) adds an extra layer of security to your password-based accounts. MFA can work in different ways, such as requiring you to scan your fingerprint or enter a code sent via text message in addition to your username and password.
Enabling MFA on accounts that have your personal or financial information can help keep identity thieves out. If you get to choose, try not to use the text message MFA options as they could fail if the thief is able to compromise your phone number.
Instead, opt for a token-based system. For example, apps like Google Authenticator and Authy create time-based, one-time passcodes that you can use to log in to your account after enabling MFA.
4. A Virtual Private Network (VPN)
In general, you want to avoid logging in to important accounts or entering payment details while connected to a public Wi-Fi network. Even password-protected networks could be dangerous if the password is easily accessible—such as at your local coffee shop. (Also, remember to add a password to your home network if it doesn't have one.)
If you are going to use public Wi-Fi, a VPN can create an encrypted connection between your computer or mobile device and the VPN server. This setup can limit the risk of someone stealing your information, but it won't protect you from every type of attack or scam.
5. Identity Protection Services
Identity protection services are often subscription-based programs that come with a range of credit- and identity-related tools and services. They may monitor your credit reports and other databases, such as court records, and send you an alert if your information is found or there's a suspicious change.
Some identity theft protection services also come with identity theft insurance and recovery assistance. These can help you get through—and pay for—the identity recovery process. Experian IdentityWorks℠ offers several plans that all include these benefits.
5 Actions You Can Take to Protect Your Identity
Getting the right tools is a good place to start. But your security also depends on how you implement the tools and what steps you take to protect your sensitive information.
1. Be Skeptical of Inbound Messages
Even the most advanced technology can't keep people from willingly sharing their personal information. Identity thieves know this, which is why they often pretend to be a trusted or authority figure when sending out phishing and smishing messages.
In general, it's best to avoid sharing your Social Security number, account login information, credit card details or any other personal information unless you initiate the conversation. Remember, the thieves may be masters at making text messages, emails or phone calls look legitimate.
Real company representatives and government officials usually won't mind if you want to hang up and call them back as a safety measure. Also, a demand for payment via gift card or cryptocurrency is a red flag that you're dealing with a scammer.
2. Limit What You Share Online
You also want to be careful of what you share online—and suggest your family members do the same. Answering quizzes about your favorite animal or where you went to high school on social media might seem like harmless fun. But the answers could match the security questions that you've set up for resetting your account passwords.
Similarly, fraudsters may look for posts about birthday celebrations, travel, divorces, births, deaths and other major events. Limit who can see your posts and be careful about who you add as a "friend." Identity thieves and scammers may be able to use the information directly or as a means for building trust while impersonating someone else.
Children can also be victims of identity theft, and parents may want to discuss what's proper to share online. For example, teens may be so excited to get their driver's license or first debit card that they make the mistake of posting pictures of it online.
3. Keep Your Software Updated
There's a back-and-forth battle as hackers discover new vulnerabilities in software and companies release updates to plug the holes. If you don't keep your software up to date, including your operating system and antivirus software, you may be more susceptible to security exploits.
4. Auto-Lock Your Devices
Set your phone, laptop and other devices to automatically lock when they're not in use. Otherwise, someone may be able to quickly steal your information or install malware on a device you leave unattended. Auto-locking can also help protect your data if your device is lost or stolen.
5. Freeze or Lock Your Credit Reports
You can freeze your credit reports from all three major credit bureaus—Experian, TransUnion and Equifax—for free. A fraud alert asks creditors to take extra measures to verify your identity, while a credit freeze keeps them from accessing your credit reports when a new credit application is submitted—which can help keep identity thieves from using your information to open new accounts.
You'll also need to remember to "thaw" your frozen credit reports before submitting a legitimate application. Experian IdentityWorks℠ members can alternatively also use Experian CreditLock, which lets you instantly lock and unlock your Experian credit report.
How to Check for ID Theft
Identity thieves can use your information in different ways, such as taking out loans, filing fraudulent tax returns or even using your insurance information to pay for medical procedures. While prevention is best, knowing how to spot and check for identity theft is also important in case you're ever victimized. Here are a few warning signs:
- Unexpected tax forms, government benefits or medical statements in the mail
- Trouble qualifying for government benefits when you should be eligible
- Your mail doesn't arrive (you can use USPS Informed Delivery to get pictures of mail that's on its way sent to you via email)
- Receiving text messages or emails with login verification codes when you're not trying to access your accounts
- Unauthorized credit card or bank account transactions, including small (even 1 cent) "test" transactions
- New accounts or unusual activity in your credit reports
You can also use Experian's free, one-time dark web scan to see if your information can be found on the dark web, which is where identity thieves and other criminals often buy and sell pilfered personal information.
Catching identity theft and fraud early can help you quickly contact the proper organizations and shut down fraudulent accounts. If you have an identity protection service, reach out to the service provider to see what types of assistance and financial support your program can offer.