Ways to Avoid Data Scams and Identity TheftThere are no guaranteed ways to avoid data scams and identity theft, but you can help limit your risk by following these measures:
Protect your devices. Make sure that your computer and devices are password or ID-protected and that their operating systems and all programs stay up-to-date. Also, use updated anti-virus and firewall software on computers. Encrypt any sensitive files, such as tax returns and bank statements.
Set up strong and unique passwords. Avoid simple or easily-guessed passwords such as names, initials, or number sequences, and don’t use the same password for more than one login. The best way to keep a different and robust login for every site is to use a password manager, a piece of software that securely stores logins and keeps them protected under a master password.
Back up your devices. If your computer, tablet, or phone becomes lost, damaged, or infected by malware, you could lose irreplaceable files, including family photos and other vital data. To protect against this, run regular backups of all of your devices to an external drive or secure cloud storage. Ideally, you should have at least two backups, one off-site.
Pause before you click: Be on the alert and don’t click on any link, or respond to any text message, or open any email attachment unless you are absolutely certain of the source. Many identity-theft “phishing” attacks involve requests to check a financial account, or to update personal information, or to review a document. Scammers can spoof email addresses and phone numbers, so your best defense is constant vigilance.
Don’t fall for scams. One common strategy used by identity thieves is to claim to be from the IRS and threaten jail time or a lawsuit for allegedly unpaid taxes. To combat this growing issue, the IRS recently launched an educational campaign called, “Taxes. Security. Together.” Another oft-used ploy of scammers is to pose as tech support for your supposedly “infected” computer. Scams like these are effective because they play on common fears. Protect yourself by never responding to unsolicited phone calls, emails, texts, or pop-up windows that ask for personal information or for access to your computer. If you suspect that your computer has been compromised, shut it down immediately and take it to a service that specializes in data recovery and virus removal.
Set up two-factor authentication. Where possible, sign up for 2-factor authentication to protect your logins to financial institutions and any sites that host your personal data, including shopping sites that store your credit card.
Don’t over-share on social media: Posting personal details about your life and family can make you more vulnerable to identity theft.
Know who is getting your information. Criminals often pretend to be part of trusted and recognizable organizations. Cultivate a healthy paranoia before you share any personal information over the phone or online.
Shred before dumping: Before discarding paper documents, shred anything containing personal data, including credit card offers or other unsolicited mail containing your pre-printed information. For the best security, opt for a micro-cut shredder instead of a cross-cut or strip-cut shredder.
Check your Credit Reports: Keep a watchful eye on your credit reports and online Social Security account.
Additional tips and resources:
- Educate yourself as much as possible about financial scams and how to avoid them. Fidelity offers a helpful article on the topic. www.fidelity.com/viewpoints/personal-finance/preventing-identity-theft
- Consider “freezing” your credit (especially if you do not plan on applying for credit cards, auto loans, or mortgages). You can unfreeze and refreeze credit when necessary, though it may sometimes be inconvenient to do so. www.consumer.ftc.gov/articles/0497-credit-freeze-faqs
- You are entitled to receive your credit report from each of the three credit-reporting agencies once per year, so spread out your credit vigilance by staggering your requests for the reports from each agency. www.credit.com/credit-reports/credit-reporting-agencies/
- Register for the Do Not Call List (www.donotcall.gov)
- Stop unsolicited and unwanted mail (www.catalogchoice.org)
- Avoid logging into a financial account (or any other sensitive personal account) using public Wi-Fi (e.g. at airports, restaurants, and coffee shops).
- Store a copy of your passwords in a bank safe deposit box so if something happens to you, a family member or your attorney can access these accounts on your behalf.
- Consider using a donor advised fund for making all of your charitable contributions. Avoid making credit-card donations to any charity—even ones you know—in response to phone solicitation. Note that caller ID numbers can be “spoofed” to make it appear that the call is coming from an authentic source when it is not.
- Never give out any personal information in response to a phone call from an unknown party, even if the caller claims to be affiliated with a known organization. If it is a call from an entity you normally do business with, call them back using the identifying number you already have, not the number on caller ID or a number the person on the phone tells you to call.
- When available, enable built-in tracking so that you may be able to locate or wipe your device if it is lost or stolen (e.g. “Find My iPhone” on Apple devices)
- Consider signing up for email or text alerts from your financial institutions and credit card companies to notify you whenever a transaction has occurred in your account. Some credit card companies can also send a push notification to your smartphone immediately after a charge occurs.