Identity theft is a serious problem online. Hackers are given so many weaknesses to exploit that it’s become easier than ever.
Before the rise of the Internet as the main means of communication and conducting business, identity theft was primarily done by fishing through physical trash for documents, or physically breaking into a building or one’s home in order to steal data. Now all the data they need is often just a couple of mouse clicks away.
Here are just a few devastating results that identity theft can result in:
- Applying for credit cards or loans in your name.
- Withdrawing funds from your bank account.
- Using your health insurance to obtain medical care.
- Using your Social Security number to steal your tax refund.
- Selling your information on the dark web to other criminals.
- Creating fake social media profiles with your name and photo to conduct fraud.
- Blackmailing you in case they have sensitive information that could damage your public reputation.
Of course, it’s not always that easy for the bad guys. If their target has taken proper security measures, a perceived walk-in-the-park scenario can suddenly look more like a digital rendition of Mission Impossible.
So how can you avoid identity theft online? Here are the main strategies you can utilize immediately to bolster your defenses:
1. Identify phishing websites
A phishing website is basically a fake website that mimics a real business. For example, a hacker could make a website that looks very similar to Facebook. If you don’t notice that it’s fake, you could enter sensitive information to make an account or to try log into your current account, and have the information you enter stolen.
Most of the time a phishing website will ask for more information than is required for completing a task such as making an account. In case of an opt-in website that requires some sort of credentials for access, it could ask for your credit card number, address and a host of other identity related bits that go beyond normal.
This should give you a reason to pause and make sure that it’s a legitimate business you’re dealing with. The first thing you can do is check the domain name. If it’s faceb0ok.com instead of facebook.com for example, it’s obviously a fake site.
So how could you end up on a website like that in the first place? Well, it can happen by accidentally entering the wrong domain name in your search bar. A common scam are emails, that link to a phishing website. An email could pretend to be from your bank, and have all the necessary visual effects, such as the logo and business jargon. If you decide to visit the bank’s website, you could end up on a fake site, without even realizing its strange web address or domain name.
A fake site will also mimic the real site’s visual setup, but from what I’ve seen so far, their logo and design will usually be a bit off. But what if the phishing website is not mimicking a website that’s already online? What if it’s pretending to represent a local business that doesn’t even have an online presence, or you simply can’t find their real website?
In that case, it’s best to call them on their official phone number (obtained from a different source than the website you believe might be fake) and ask the business for their real website address, or simply conduct business through phone if possible.
Some things that a phishing website might ask from you besides a username and password, are:
- Social Security number
- Credit card number
- Bank account number
- Driver’s license number
- Home address
- Phone number
- Health insurance id or information
However, you need to have a nuanced approach about all of this, because if you’re registering for a credit card, or a Payoneer card for example, you will need to insert a lot of sensitive information and that’s completely normal. But if you’re unsure if the site is legitimate or is just phishing for your sensitive information, contact the company through their official phone number to stay on the safe side.
Keep in mind that simply visiting a phishing website won’t do any harm. It’s only when you enter information that it can actually extract it. However, a phishing website may offer some other services which can lead to identity theft, such as downloadable content.
If you happen to download a file from a scam website, it might carry malware which can spy on you to reveal sensitive data. If a free download sounds too good to be true, it usually is.
2. Use up-to-date security software
It’s highly recommended using at least 1 anti-virus and 1 anti-spyware program, or using one that can detect both types of malware. It’s also important to perform regular scans of your computer, either manually or by setting schedules scans in regular intervals.
Once a week is typically enough. What I’ve noticed is that security programs will perform scans faster if they’ve done them not too long ago. So while your first scan can take 15-20 minutes, if you perform it regularly it can drop to 5-10 minutes. Slower performance for 5-10 minutes is really not a big deal when you thing about it, considering how much trouble you can avoid by doing so.
And what trouble exactly will this solve? Aside from sudden bugs and super slow performance that some malware can produce, identity theft is the second most common concern. Some viruses and spyware can track your web usage and keystrokes. So when you enter sensitive information, like a password, the hacker can see it. They could also read your online correspondences and blackmail you.
If a hacker infiltrates the camera on your computer or phone and get to see what you’re doing it can also be very disturbing and used for blackmail. I’m not saying you’re doing anything terribly wrong or unique in front of your camera, but it’s definitely not pleasant thinking that some guy is eating popcorn and taping your extravagant private behavior.
One thing that I do for preventing camera blackmail is cover my camera with tape or a piece of paper. Call me paranoid, but I’ve seen multiple successful people do this, including Mark Zuckerberg and he seems to know more about spying than I do (oh snap!).
So the risk of malware infiltrating your devices can be reduced by using best rated security software. I’ve learned this from my own experience multiple times when my computer and phone started acting strange (slow performance, breaking Internet connection etc), and the issue got solved with an anti-malware program.
I know it’s a pain in the buttocks, but so are many other things that we do in this world, and this one at least provides some tangible benefit.
3. Get a credit score report
Credit score is a statistical equation that takes into consideration various habits and behaviors of a borrower. There are different types of scores, but the one most commonly used by lenders is the FICO 8 score.
Thinks that determine your credit score include payment history on past credits, amount of available credit currently used, length of credit history and time since the last transaction, mix of credit types available and umber of new accounts that were recently opened.
So if you suspect that someone might be using your identity for monetary gain, checking your credit score report will quickly provide the answer. Monitoring your credit score can go a long way to preventing identity theft, or stopping it before it does any real damage.
By law, you can get three free credit reports per year from Experian, Transunion and Equifax. These credit bureaus work together through the website called AnnualCreditReport.com.
You can use this to your advantage to instantly see and print your credit report. Here is the process; first you call the toll-free number: (877) 322-8228. After the simple verification process on the phone is over, they’ll mail you the reports. Done!
Keep in mind that you can get one free credit report per year from each of these three companies. So if you use it, you’ll have to wait for a year before using this free service again. However, you can pay to receive a credit report any time you want.
Here are some other reputable services you can use to monitor your credit score:
- Credit.com: Provides free scores and financial info. In exchange, you give them your permission to receive offers and suggestions from lenders.
- Credit Karma: works in the same way. With both options you get to check your score once per month.
- MyFico.com: A premium service, with each check-up costing $19.95, including FICO 8 score and other versions as well.
On top of these options, you can also check if your current credit card company or lender can provide a free credit score report as part of their services.
Because of some differences in reporting, your scores from each bureau may be slightly different, so don’t panic if you use two or more platforms to check your credit score and there are small discrepancies. But if the differences are significant, that’s a good indicator that an identity thief might be using your credit score for ill purposes.
4. Only purchase from reputable websites
Reputable websites are those that have a great reputation. Kind of obvious right? But that’s really the gist of it. Amazon.com is more secure for entering sensitive information than a site where a regular Joe is selling shady supplements or software.
But this doesn’t mean that you have to fear buying products from less popular websites. If a website has the little lock by it’s name, it means that it has a reputably security certificate and that any information your enter on the website is private. In other words, it can’t be seen by anyone else, it’s encrypted.
For example, you can see that securitylatest.com has the lock, followed by https:// instead of just http://. This means that it’s properly secured and is acknowledged as being secure by Google Chrome.
There are also reports that suggest that Google penalizes websites that don’t have a security certificate by making them harder to find in Google, and in case the site isn’t secure you may also get a visual warning if you’re using Google Chrome or a different popular browser like Internet Explorer and Mozilla Firefox.
This is an easy way to check if the website is secure enough to share your sensitive information with, either to conduct a purchase, download files or create an account.
5. Inquire about missing bills and other mail
If the bills for products and services you’ve payed for haven’t arrived, it could mean that they’ve been redirected to a different address. A thief would do this in order to keep you unaware of them spending your money. Definitely check your bank account status and transactions history. Also check the settings to see if the right email for notifications is still present.
In case of bills and other mail not arriving at your physical location, the same procedure should be applied. Contact your bank by calling their customer service, sending an email and/or using your online account access to check the previously mentioned parameters for yourself.
6. Act quickly on bills for products you didn’t buy
If you receive an email notice for a bill you’re not responsible for, be sure to contact your bank/card provider as soon as possible to assess the situation immediately and possibly shut down your account in order to prevent further damages.
7. Be wary of public WiFI
Public WiFi is like a public toilet; anyone can use it. Which means that in both cases viruses, physical or digital, can exploit the weaknesses of the immune system of your body or that of your devices to break in and create havoc.
Using a VPN service is the best way to avoid this problem. A VPN service secures your Internet connection from being infiltrated by third parties. While having one is recommended for home and office connections, it’s even more important if you’re using public WiFi to which everyone has access to, which can be contaminated by hacking activity.
Here’s a good video guide on the best free VPN services in 2019 which you can use immediately to improve your defenses:
8. Secure your router
If you have an open wireless network at home or in your workplace, basically anyone who is close enough to the router can access your network. That could be a neighbor or the guy in the office space downstairs. Even worse, a hacker who’s sitting in his car close to your location.
To prevent this from happening, there are a number of things you can do. If your network doesn’t have a password already, that should be the first thing on your list.
Set a password: First open your router setup screen and look for a Wireless Security section. Once you’ve entered the password you want, any device that wants to connect to your network will need to know the password. If your router has a default password, it could be easily guessed by someone else. So make sure that you set a password that only you know.
Set a security scheme: You might stumble upon WEP, WPA and WPA2 security schemes when you access the Wireless Security section of your router’s setup. You can choose between these 3 options, but it’s recommended to use WPA or WPA2 because they provide better security. The advantage of using WEP is that it’s more compatible with older devices like some gaming consoles and TiVo for example. If you have one of those, you might have to use WEP. It’s the least secure of the three options but it’s still better than nothing if WPA and WPA2 are not available.
Disable remote administration: This option allows your router’s settings to be changed by anyone who’s able to connect through a wireless connection. This is an additional security risk so it’s better to disable it. You can find this option in the Administration section of your router’s setup. Once you’ve done this, settings can be changed only from the computer that is directly connected to the router with a network cable.
Change the SSID name: This is the name of your wireless router. It appears when you or anyone else that’s close to the router is looking for a network to connect to. Many routers will show up with their default SSID. The problem with this is that a Linksys router for example will use the name “Linksys”, which reveals the brand of the router. This can help the hacker to exploit the vulnerabilities of that particular router. So it’s best to change the name of the router to something different. But don’t use your name or anything that can help the attacker identify you with the router. Use something random, like a video game character’s name for example.
Disable SSID broadcast: Wireless routers will show their SSID (name) to anyone who comes close enough with a connectable device. You can turn this “broadcasting” off so that the SSID doesn’t appear to random strangers. The downside of turning it off is that you’ll have to manually enter the SSID when you want to connect any new device to your network.
Enable router firewall: Only some routers have this option, but if your’s does, it’s another solid and free security layer.
9. Improve and use different passwords
What makes a good password? You’ve probably noticed that some websites like Clickbank will ask for a combination of upper case and lower case letters, with numbers sprinkled on top. They almost always demand that your password has a certain number of characters or more.
Basically, the more variables the password contains, the harder it becomes to crack. I usually use around 8-10 upper case and lower case letters in combination with one or two numbers AND special characters. This makes it REALLY difficult to crack the password with a decrypting program, let alone manually.
Having said that, even if your password is super complicated and only you understand it, it’s still an identity theft risk if you use it all over the web. Chances are that at least one of those websites will experience a security breach in the future, which could place your login credentials for all other places where you’ve used the same password in danger. So on top of using a long and complicated password that combines letters, numbers and special characters, make sure to use a different password for every website.
You might be wondering: how will I remember all of these passwords? The easiest way is to have a small notebook. I’m talking about a physical notebook, not some program on your electronic device that can be exploited with malware. Get a notebook and/or a piece of paper, write down all your different passwords, and keep them in a safe place.
After a week or so of entering these usernames and passwords, you’ll remember them and won’t even need these visual reminders any longer. I have a couple of passwords and if I can’t remember which one is for a certain website, I will type in many of them until I get to the right one.
You have to agree that this is way safer than using just one or two passwords on various platforms and hoping for the best.
10. Update your username and password
Schedule 30-60 minutes to apply the previous tip. Go through your login credentials on each website you remember that you’ve entered them and change them to new ones. On some you won’t be able to change the username, but you should be able to change the password on every website.
This is one of those tips where theoretical knowledge won’t help unless you actually apply it. I don’t have to remind you that yesterday, you said tomorrow, so.. JUST-DO-IT!
11. Improve your privacy on social media
Can strangers view your Facebook, Instagram, Twitter and other social media profiles without having to ask for your permission? If you’re using fake name, birth date, job description and other personal information that’s fine, but these social media platforms are more and more vigilant about users having to use real information.
What I’ve noticed is that it’s impossible to delete your Facebook profile pictures completely. They still remain on the profile even if they’re no longer visible to other users! The same is true for your chat messages.
So how can you prevent identity theft by both strangers and possibly if someone hacks these social media platforms and uses the messages and pictures as well?
First you should use a strong username and password that is different for each platform. Secondly, set the privacy settings so that people can’t view your profile without being accepted as a friend or follower. Even if you do this, I also recommend not placing your full information such as workplace and even name if you don’t have to.
To this list we could also add freelance websites like Upwork.com, Freelancer.com and Linkedin.com which serve to connect professionals to do business online or in real life. The problem here is a bit more complicated because as a professional, it’s in your interest to be found more easily by a potential client, and to provide accurate description of your skills and experience. So an identity theft could happen through these platforms even more easily.
The best advice that I can give is to have a “professional name” or a pseudonym under which you conduct business. By having two names, you can more easily separate your professional and private life and avoid identity theft, blackmail and online harassment.
This is especially helpful if you have political views which aren’t very popular and could get you into trouble. It’s always best to cover your tracks when you can, and have multiple identities instead of one to confuse your opponents. To quote the Phantom Menace himself, Emperor Palpatine; Use my knowledge I beg you!
12. Beware of sketchy phone apps
Many smartphone users download any crazy app that looks interesting. I’ve done this in the past, downloading multiple phone light apps without considering the consequences.
Suddenly I was bombarded by clickbait advertisements at random, and who knows what processes were working in the background to slow down my phone’s performance. I had to put my phone back to factory settings to get rid of the issues. After that, I started Googling phone apps malware threats and found out that many users have reported malware from downloading flashlight apps through Google Play Store. Go figure!
Most of us think that Google Play Store is safe because it’s monitored by Google, but in reality anyone can create an app and place it there for free or paid download, even a malicious hacker. How can you avoid getting malware on your phone that will allow a hacker to read through your messages, watch you through camera and steal your information? There’s no 100% safe way to do it. However you can minimize the risks involved by doing these three things:
- Download only highly rated and popular apps
- Check out user reviews to see if anyone mentions malware or strange things happening with their phone since they installed the app
- Don’t allow an app access to your information and camera, unless it’s a well known and reputable app like Instagram or Tinder.
Final Word on Identity Theft Protection
The more of our personal information we share online, the more likely it is that this information will be exploited for identity theft. For too long has anonymity been wrongly considered a weakness.When in fact it’s the greatest strength when it comes to securing your privacy and finances from hackers. If they can’t see you, they can’t attack you.
So most of these tips revolve around making yourself a less obvious target. Like exposing less of your real information on social media, and changing your router name to something that can’t be connected directly to you.
The second strategy is to improve your defenses if a hacker still decides to perform identity theft. Strong passwords, security software and securing the router, all of those tips fall into this general strategy.
And we have some other strategies that reduce the chances of inviting malware into your life unintentionally, such as downloading shady phone apps or giving out sensitive information to phishing websites or small websites that aren’t secure. All of these tips are helpful, and I hope you use as many of them as you can to avoid online identity theft now and in the future.