Comprehensive Guide to Protecting Yourself from Identity Theft and Fraud

A friend of mine recently called, panicked, after discovering that someone had opened a credit card in her name. I gave her the usual advice, which you'll find below. Meanwhile, yet another third-party breach notification landed in my inbox—these seem to be as common as spam these days. Companies are still getting hacked, and our personal data is still getting leaked. I often tell people to assume that their social security number and other vital information are already out there on the dark web, and to take proactive steps to secure their accounts and protect their identity.

I recently led a Fraud Prevention Presentation for a community of elderly residents, who are particularly vulnerable to scams. Based on this experience, I’ve updated my anti-fraud checklist, incorporating feedback I've gathered over the past few months.

For those who are well-versed in tech, this should be a quick read—you'll be able to highlight the areas you need to address to bolster your security. And for those who might need a bit more guidance, this list can be handed to a trusted tech-savvy person who can help ensure your devices and information remain secure.

I’ve also included a set of Anti-Fraud Habits to help you reduce the risk of falling victim to scams.

Take a look, stay vigilant, and most importantly, stay secure!

• Mark Annati 8/2024

Anti-Fraud Habits

?? Ignore

• Ignore unsolicited calls, emails, texts, and social media messages.
• Respond only to known contacts. If unsure, always verify!

?? Stop

• Do not click on pop-ups, links, or attachments from unknown sources.
• Do not contact numbers provided in unsolicited messages.
• Do not give control of your computer to unknown individuals.
• Do not share personal information over the phone unless you initiated the call to a verified number.

?? Disconnect

• End communication with suspected scammers.
• Disconnect from the internet and shut down your device if you see suspicious pop-ups or locked screens.
• Avoid opening email attachments from unknown senders.

? Wait

• Resist pressure to act quickly; take your time to verify the situation.
• Wait for checks to clear before acting on them to avoid overpayment scams.

?? Verify

• Independently verify the identity of contacts by looking up their official contact information.
• Only download apps and software from verified, trusted sources.

?? Consult

• Discuss unusual communications with trusted friends or advisors.
• Research online for reports of similar scams.

?? Monitor

• Set up alert notifications for transactions and changes in your online accounts.
• Verify alerts for any transactions you make.

?? Protect

• Use strong, unique passwords for each account.
• Enable multi-factor authentication (MFA).
• Keep software and systems updated.
• Use secure Wi-Fi and ensure your home Wi-Fi has a strong password.
• Use reputable anti-virus software and firewalls.
• Enable pop-up blockers.
• Use a credit monitoring service and place credit freezes/locks.

??? Privacy

• Adjust privacy settings on devices and online accounts to limit data sharing.
• Properly dispose of personal documents.
• Be cautious about sharing personal information; use fake details for non-essential services.
• Pre-authorize who can access your personal health information.

?? Educate

• Stay informed about new scams by subscribing to newsletters from AARP, FTC, NCOA, CFPB, and Fraud.org.

Preventive Measures

1. Strengthen Your Online Security

• Use Strong, Unique Passwords: Create long, complex passwords that are unique for each of your accounts. Use a mix of letters, numbers, and special characters.
• Utilize a Password Manager: A password manager can help generate and store strong passwords, ensuring each of your accounts is secure.
• Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
• Consider Passkeys: Where supported, use passkeys instead of passwords. Passkeys are better than MFA because they eliminate passwords, are phishing-resistant, provide a seamless user experience, and rely on secure public-key cryptography rather than shared secrets.
• Regularly Update Your Software: Ensure that your operating systems, browsers, and other software are up-to-date with the latest security patches to protect against vulnerabilities.

2. Secure Your Devices

• Use Antivirus and Anti-Malware Software: Protect your devices with reputable antivirus software that can detect and remove malware.
• Activate Device Encryption: Enable full-disk encryption on your devices to protect your data in case your device is lost or stolen.
• Set Strong Device Locks: Use strong PINs or biometric locks (such as fingerprint or facial recognition) to secure your smartphones, tablets, and computers.
• Enable Pop-Up Blockers: Prevent malicious pop-ups that could lead to phishing or malware by using pop-up blockers in your browser.

3. Manage and Protect Your Personal Information

• Be Cautious with Sharing Information: Avoid oversharing personal information on social media or with untrusted websites. Limit what you share, especially your SSN, birthdate, and address.
• Shred Sensitive Documents: Shred any physical documents that contain personal information before disposing of them to prevent dumpster diving attacks.
• Opt-Out of Prescreened Credit Offers: Reduce the risk of mail theft and identity theft by opting out of prescreened credit card offers through OptOutPrescreen.com.
• National Do Not Call Registry: To reduce unsolicited calls, register your phone number at DoNotCall.gov. This will help limit the number of telemarketing calls you receive and can protect you from phone scams.
• Adjust Privacy Settings: Set privacy settings on your devices and online accounts to limit data sharing and protect your personal information. Ensure your social media profiles are private and only share information with trusted contacts.
• Use Fake Details for Non-Essential Services: For services that do not require your real information, consider using fake details to protect your identity.
• Manage Browser Cookies: When accepting cookie terms, modify the settings to limit tracking by blocking third-party cookies or allowing only necessary cookies. Regularly clear your browser cookies and cache to remove stored data that could track your online behavior.

4. Secure Your Financial Accounts

• Use Alerts: Set up transaction alerts with your bank and credit card companies to be notified of any suspicious or large transactions.
• Consider Virtual Credit Cards: Some banks offer virtual credit cards, which can be used for online transactions to prevent exposing your actual credit card number.
• Limit the Use of Your Debit Card: Use credit cards instead of debit cards for online or risky transactions, as they typically offer better fraud protection.

5. Secure Your Cloud and Phone Accounts

• Remove Unused Devices: Regularly review and remove unused devices linked to your cloud and phone accounts to limit potential access points for hackers.
• Validate and Update Recovery Information: Ensure that your recovery email addresses, phone numbers, and security questions are up to date.
• Create a Recovery Key: Some services allow you to create a recovery key that adds an extra layer of security. Keep this key in a safe place.
• Set Up a PIN or Password with Your Carrier: Prevent unauthorized SIM swaps or phone number transfers by setting up a PIN or password with your mobile carrier.
• Enable ‘Find My’ Services: Activate location tracking and remote wipe options for your devices in case they are lost or stolen.

6. Use Secure Wi-Fi and Internet Practices

• Use Secure Wi-Fi: Ensure your home Wi-Fi has a strong password and uses WPA3 encryption. Avoid using public Wi-Fi for sensitive transactions; if necessary, use a VPN.
• Disconnect and Shut Down if Suspected of Fraud: If you encounter suspicious activity, such as pop-ups or locked screens, disconnect from the internet and shut down your device immediately.

7. Manage App Privacy Settings

• Review App Permissions: Regularly check the permissions that apps on your devices are requesting. Only grant permissions that are necessary for the app’s functionality. Revoke access to sensitive data such as location, contacts, and camera if not required.
• Use App Privacy Settings: Access the privacy settings within apps to control what personal information is shared. Disable unnecessary data sharing and usage tracking.
• Opt-Out of Data Sharing and Marketing: Many apps and websites provide options to opt-out of data sharing and targeted advertising. Utilize these options to limit the sharing of your personal information.

8. Ignore, Stop, and Disconnect from Potential Scams

• Ignore Unsolicited Communications: Do not respond to unsolicited calls, emails, texts, or social media messages. Respond only to known contacts. If unsure, always verify.
• Stop Interactions with Unknown Sources: Do not click on pop-ups, links, or attachments from unknown sources. Do not contact numbers provided in unsolicited messages or give control of your computer to unknown individuals.
• Disconnect from Scammers: End all communication with suspected scammers and avoid further engagement.

9. Educate Yourself and Stay Informed

• Stay Updated on New Scams: Regularly educate yourself about new scams and identity theft tactics by subscribing to newsletters from reputable sources like AARP, FTC, and others.
• Consult Trusted Friends and Advisors: Discuss unusual communications with trusted individuals to verify their authenticity.
• Research Similar Scams: Look up reports of similar scams online to see how others have dealt with them.

10. Extra Steps for Anti-Malware and Ransomware Prevention

• Regular Backups and Restoration: Regularly back up important files to an external hard drive or cloud storage, ensuring these backups are disconnected when not in use to prevent ransomware infection. Periodically test your backups to confirm that files can be successfully restored if needed.

• Use Security Software: Install reputable anti-malware software with real-time protection, keep it updated, and run regular scans to detect and remove threats. Enable the built-in firewall on your operating system or use a trusted third-party firewall to block unauthorized access to your devices.
• Practice Safe Browsing and Download Habits: Download software and apps only from official websites or trusted app stores, and be cautious of free downloads that may contain hidden malware. Always review the permissions requested by new apps and only allow those that are necessary for the app's functionality.
• Have a Response Plan: If you suspect your device is infected with ransomware or malware, disconnect from the internet immediately to prevent further spread, and seek professional help instead of paying ransoms. Report any suspicious activities or files to your anti-malware software provider or seek expert advice.

11. Wi-Fi Hack Prevention

• Change Default Router Settings: Change the default administrator credentials to something unique and strong, as default usernames and passwords are often known to hackers. Disable remote management if it's not needed to prevent unauthorized access to your router’s settings.
• Update Router Firmware: Router manufacturers often release firmware updates to patch security vulnerabilities. Check for firmware updates regularly and apply them to keep your router secure.
• Use a Strong Wi-Fi Password: Use a long, complex passphrase for your Wi-Fi network that includes a mix of letters, numbers, and special characters. Avoid using common phrases or easily guessable information.
• Enable Network Encryption: If your router supports it, enable WPA3 encryption, which is the latest and most secure Wi-Fi encryption standard. If WPA3 is not available, use WPA2.
• Disable WPS (Wi-Fi Protected Setup): WPS can be vulnerable to brute force attacks, making it easier for hackers to gain access to your network. Disable WPS in your router settings to reduce this risk.
• Isolate Devices with Guest Network: If you frequently have guests who need to use your Wi-Fi, set up a separate guest network. This keeps guest devices isolated from your main network and reduces the risk of unauthorized access.
• Monitor Connected Devices: Log into your router’s admin panel and review the list of connected devices. If you notice any unfamiliar devices, investigate and, if necessary, change your Wi-Fi password.
• Reduce Wi-Fi Signal Range: If possible, adjust the transmit power of your router to limit the range of your Wi-Fi signal. This reduces the chance of your network being accessed from outside your home.
• Use a VPN for Added Security: Use a VPN (Virtual Private Network) when accessing sensitive information over Wi-Fi, especially when using public networks. A VPN encrypts your internet traffic, making it harder for hackers to intercept your data.

Actions to Take If Your Information Is Compromised

1. Monitor Your Credit and Financial Accounts

• Regularly Check Credit Reports: Obtain and review your credit reports from all three major bureaus (Equifax, Experian, TransUnion) for any unauthorized activity. * Equifax: www.equifax.com | Phone: 1-800-525-6285 * Experian: www.experian.com | Phone: 1-888-397-3742 * TransUnion: www.transunion.com | Phone: 1-800-680-7289
• Set Up Alert Notifications: Monitor for unauthorized transactions and changes in your financial and online accounts.
• Verify Alerts: Always verify any transaction alerts you receive to ensure they were initiated by you.

2. Place a Fraud Alert or Credit Freeze

• Place a Fraud Alert: Contact one of the credit bureaus to place a fraud alert on your credit file, making it harder for identity thieves to open accounts in your name.
• Freeze Your Credit: Consider freezing your credit to prevent any new accounts from being opened in your name. You can unfreeze your credit temporarily or permanently when needed.

3. Report Identity Theft

• File a Report with the FTC: Go to IdentityTheft.gov to file a report and create a recovery plan if you suspect you’ve been a victim of identity theft.
• Notify Your Financial Institutions: Immediately inform your bank and other financial institutions if you believe your accounts are compromised.
• Report to Law Enforcement: File a report with your local police and consider reporting to the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.

4. Secure Affected Accounts

• Change Passwords and Enable MFA: If you suspect an account has been compromised, immediately change the password and update security questions. Enable MFA to add an extra layer of security.
• Update Recovery Information: Ensure that all recovery options for your accounts are current and secure.

5. Protect Your Tax Information

• File Taxes Early: File your tax return as soon as possible to prevent tax fraud. If a fraudulent return is filed using your SSN, you’ll need to contact the IRS immediately.
• Consider an IRS Identity Protection PIN (IP PIN): An IP PIN is a six-digit number that prevents someone else from filing a tax return using your SSN.

6. Document and Secure Important Information

• Keep Photocopies of Important Documents: Store copies of credit cards, passports, and insurance cards in a secure place. Share access to these with a trusted person if needed.
• Memorize Key Contacts: Memorize or securely store contact information for banks, credit bureaus, and other important entities.

Actions to Reduce Fraud Impact

1. Account Protection

• Enable Recovery Options: Ensure that recovery options are enabled and up-to-date for important accounts like email, cloud storage, and financial institutions.
• Regularly Update Passwords: Periodically change your passwords, especially for sensitive accounts.
• Set Up Alert Notifications: Configure alerts for account activities, such as logins, transactions, or changes to your personal information.

2. Device and Cloud Security

• Use Strong Passcodes and Biometrics: Secure your smartphones and other devices with strong passcodes and biometric authentication.
• Enable Remote Wipe and Location Services: Use ‘Find My’ services to locate or remotely erase your devices if they are lost or stolen.
• Back Up Data Regularly: Ensure that your data is regularly backed up to the cloud or another secure location to prevent data loss.

3. Phone Number Security

• Set Up a PIN or Password with Your Carrier: Protect against unauthorized SIM swaps by securing your mobile account with a PIN or password.
• Enable Account Change Alerts: Receive notifications for any changes made to your phone account to quickly respond to unauthorized actions.

Actions to Take if You Believe You Are Actively Being Frauded

1. Disconnect Immediately

• Cease All Communication with the Scammer: Stop engaging with the suspected fraudster immediately.
• Disconnect from the Internet: If necessary, disconnect your device from the internet and shut it down to prevent further compromise.

2. Verify Suspicious Communications

• Contact Institutions Directly: Independently verify any suspicious communications by contacting the institution using verified contact information.

3. Report the Fraud

• Notify Authorities: Report the incident to the FBI IC3 at www.ic3.gov, and local law enforcement.
• Inform Financial Institutions and Credit Agencies: Notify your banks and credit agencies to place fraud alerts and protect your accounts.

4. Monitor and Protect Affected Accounts

• Check for Unauthorized Transactions: Continuously monitor your accounts for any unauthorized transactions or changes.
• Change Passwords and Enable MFA: Secure all affected accounts by updating passwords and enabling MFA.