How to Prevent Identity Theft: Best Practices for Protection

With everyone’s personal information so readily available online these days, you’d be right to be concerned about identity theft. After all, it poses a significant and growing risk to individuals and organizations alike. With over 15 million Americans falling victim to identity theft annually and losing $24 billion a year, knowing how to protect yourself from identity theft is essential.¹

What are some practical strategies that you can use to help safeguard your personal information? Here are some best practices that will help you stay one step ahead of potential threats.

Understanding identity theft: What it is and how it happens

Identity theft occurs when someone illegally obtains and uses another person's personal and financial information to commit crimes, such as opening new accounts, taking over existing accounts, or paying for medical expenses.² But just how do criminals get access to your information? Here are some common methods to be aware of:

• Data breaches: Hacks of companies or organizations that expose customers' personal information
• Phishing scams: Emails, texts, or websites that trick individuals into divulging sensitive information
• Stolen wallets or documents: Physical theft of items containing personal information, like driver's licenses or credit cards
• Mail theft: Intercepting mail to obtain documents with personal details
• Skimming: Using devices on ATMs or point-of-sale terminals to capture credit card information
• Social engineering: Manipulating people into divulging confidential information through seemingly harmless conversations or interactions

Identity thieves may use this stolen information to:

• Open new credit accounts or take out loans in the victim's name
• Make unauthorized purchases on existing accounts
• File fraudulent tax returns to claim refunds
• Obtain medical care using the victim's health insurance
• Commit crimes under the victim's identity

10 Essential steps to prevent identity theft

There are numerous measures you can take to secure your personal information. Here’s what to do:

1. Freeze your credit

A security freeze is an action you take to restrict access to your credit files. Placing a credit freeze with the credit reporting agencies Equifax, Experian, and TransUnion prevents identity thieves from opening new accounts in your name. These are the same agencies that generate your credit score.

Contact each bureau individually online or by phone to initiate the freeze. You must provide personal information to verify your identity. The bureau will then give you a PIN to lift the freeze when needed. You can lift the freeze temporarily when you apply for credit or want to allow an employer to check your credit history. Store your PIN securely, as you need it to manage your freeze status.

Credit freezes offer strong protection against new account fraud, but require you to plan ahead for legitimate credit queries.

2. Regularly check your credit card and bank statements

Review your financial accounts weekly to detect unauthorized activity. Set up alerts for transactions and monitor them for potential fraud so you can take swift action. Remember that fraudulent charges are often small enough to blend in with regular spending, so be sure to look closely at your alerts.

You can also use your bank’s mobile app to scan transactions frequently. The sooner you detect and report suspicious activity, the lower your potential losses will be. Most banks limit your liability for unauthorized charges if you report them in a timely manner.

3. Strengthen your online accounts with strong passwords and two-factor authentication (2FA)

Strong passwords for online accounts help prevent unauthorized access. You should use a combination of uppercase and lowercase letters, numbers, and symbols. Make passwords at least 12 characters long and avoid personal information or common words.

If it’s available, enable two-factor authentication to add an extra layer of security. 2FA requires a second form of verification, such as a code sent to your phone, in addition to your password. This significantly reduces the risk of data breaches, even if scammers obtain your password.³

4. Install antivirus software on all your devices

Install reputable antivirus software to protect your devices from malware and spyware that steal your information. Antivirus software acts as a crucial barrier against many forms of cybercrime, including identity theft attempts using infected files or applications.

Keep the software updated to defend against the latest threats. Run scans regularly to detect and remove any potential security risks. Don't forget to secure your mobile devices as well.

5. Recognize the signs of phishing attacks and online scams

Stay alert to unsolicited emails, texts, or calls requesting personal information.

Phishing attempts often create a false sense of urgency, contain spelling or grammatical errors, and ask you to click on suspicious links. When in doubt, contact the company directly using a known, verified number or website. Never provide sensitive information in response to an unexpected request.

Educate yourself about common warning signs of phishing to better protect your personal data from these increasingly sophisticated scams.

6. Verify URLs or use safe browsing tools to avoid fake websites

Always check that website URLs start with "https://" and look for the padlock icon in the address bar before entering sensitive information online. This indicates that any information shared between the web server and your browser is encrypted, making it more secure. You can also use browser extensions, or add-ons to your web browser, that warn you about potentially dangerous sites.

These precautions help you avoid fake websites designed to steal your personal data. Verify the legitimacy of any site requesting personal or financial information.

7. Avoid using public Wi-Fi

Public Wi-Fi networks pose significant security risks, as hackers can easily intercept data transmitted over these unsecured connections.

Avoid accessing sensitive accounts like banking or email on public networks. Disable auto-connect features on your devices to prevent them from joining unsecured networks without your knowledge. Use your mobile data plan instead of public Wi-Fi whenever possible to maintain better control over your data security.

8. Limit the personal information you share online

Exercise caution when posting on social media. Avoid sharing your full birthdate, address, Social Security number or Social Security card, bank account details, account numbers, contact information, or phone number publicly.

Regularly check and update your privacy settings on all social platforms. Be wary of online quizzes or games that ask for personal details, as these often collect data for marketing or more nefarious purposes. Remember that information shared online can be used by identity thieves to answer security questions or impersonate you.

9. Remove your details from "People Finder" websites

Many websites collect and sell your personal information without your explicit consent. Take action to opt out of these services. Search for your name on popular people finder sites and follow their opt-out procedures to remove your data.

Repeat this process periodically, as information can reappear over time. Reducing your online footprint makes it harder for identity thieves to gather the information they need to impersonate you or open fraudulent accounts.

10. Handle sensitive documents and information with care in public

There are precautions you can take offline, too. Shield your PIN when using ATMs or making purchases to prevent others from seeing it. Be aware of your surroundings when discussing personal information on the phone, and avoid such conversations in public if possible. Keep important documents secure, especially when traveling.

Treat physical documents containing personal information, such as your driver’s license, credit files, copy of your credit reports, account statements, or credit card numbers with the same level of care you apply to your digital data.

Using identity theft protection services

Identity theft protection services, including that from MetLife’s benefits partner Aura, can help you safeguard your personal information. They monitor your credit reports and personal data continuously, alerting you promptly to any suspicious activity.

Suspicious activities these services can turn up include your Social Security number appearing on the dark web or attempts to open new credit lines in your name. This quick detection can be crucial in preventing identity theft attempts and minimizing any potential impact.

If your identity is compromised, these services, along with identity theft attorneys, can provide expert assistance in the recovery process.

But even if you don’t use a service, there are steps you should take if you suspect you’re a victim of identity fraud.

What to do if you’re a victim of ID theft

You noticed suspicious charges on your credit card or activity in your bank account that you didn’t make? Take these steps as soon as possible to secure your accounts and information, as well as resolve the unauthorized transactions.

1. Place a fraud alert: Contact one of the three credit bureaus to place a free fraud alert on your credit report. The bureau you contact will notify the two remaining credit bureaus.
2. Update your passwords: Change passwords for all your online accounts, especially for financial institutions, and consider using a password manager to handle your passwords.
3. Close compromised accounts: Contact your bank or credit card company immediately to close or freeze affected accounts.
4. File a police report: This creates an official record of the theft.
5. Contact the FTC: File a Federal Trade Commission report at IdentityTheft.gov for a personalized recovery plan.
6. Review your credit reports: Get free copies from AnnualCreditReport.com and look for suspicious activity.
7. Monitor your accounts: Keep a close eye on your statements and credit reports in the coming months.

Remember that recovering from identity theft can take time and patience. But taking the necessary steps now to keep your information as secure as possible can help lessen the likelihood that criminals will gain access to your accounts in the future. Just be sure to keep monitoring your accounts, so you can address any suspicious transactions right away. Of course, things like data breaches at companies are out of your control. But you’ll have peace of mind knowing you took all the measures you could to protect yourself.