by Larry Magid
This post first appeared in the Mercury News

In 2019, the Federal Trade Commission’s Consumer Sentinel Network took in 650,572 identity theft reports, which represented 20% of all fraud reports. The agency said that 88% of those were credit card fraud with 29% tax fraud — an important reminder as we approach the April 15 tax filing deadline.

There are victims in nearly every age group, with the biggest chunk (170,255) between the ages of 30 and 39. When it comes to reports per 100,000 population, Georgia leads the way (427) followed by Florida (304) and California (257) with Texas and Nevada tied for fourth (256).

Children are not exempt. Because they typically have very clean credit records, their social security number can be used by scammers to open up accounts. Sometimes they or their parents don’t learn about the theft until they apply for a student loan or their first credit card.

Of course not all identity theft is reported to the government, so these numbers are likely somewhat low.

There are things you can do to reduce the chances of being a victim, and if you are a victim, there are things you can do to recover. Let’s start with prevention.

Preventing identity theft

Keep your Social Security number confidential. Never reveal to anyone unless you are certain it will be used for legitimate purposes like when you’re applying for credit from what you’re certain is a legitimate lender, checking you credit report or score with a legitimate credit reporting site or setting up an identity theft protection service.  There are a few other legitimate reasons why a company might ask for your Social Security number (like when applying for insurance) but they are rare. Some doctors ask or it, but they don’t really need it to provide service or be reimbursed by your insurance or Medicare. If you are sure it is necessary to provide your number online, make sure you’re on a legitimate site (not an imposter site) and that you see the letters https in the browser (the s stands for “secure.”). And don’t provide this or any other highly confidential information if you’re on a public Wi-Fi site like at a coffee shop or airport.

Also be careful when it comes to other forms of personally identifiable information (PII), such as your full date of birth, your driver’s license number and even your home address and phone number. This type of information, combined with other data, can be used by identity thieves.

Be very careful about responding to emails, phone calls, texts or social media messages that ask you to log-in to what you think might be your bank, insurance company, medical provider or any government agency like Medicare or Social Security. Rather than clicking on a link, type in the web address yourself, and be very careful to get it right. Scammers sometimes register sites with similar addresses to take advantage of typos.

Social media accounts can also be used by thieves to collect information about you. While it’s great to share some aspects of your life, be aware that details about you can be used to piece together information needed to steal your identity.  Use the service’s privacy features to limit who has access to your information. Facebook gives you a lot of control over who can see what, so — in addition to protecting your posts — make sure you’re limiting who, if anyone, can see things like your phone number, friends list, email address and other details about you.

Freezing your credit with the three major credit reporting bureaus (Equifax, Experian and TransUnion) can make your report unavailable for opening a new credit card or loan in your name. You can always unfreeze it if you do apply for credit. This is one example where the credit bureau might legitimately ask you to provide your Social Security number.

Protecting against identity theft is yet another reason to have very strong passwords (advice at ConnectSafely.org/passwords) and use two-factor authentication that requires you to get a code sent to you by text, email or some other method each time you log into a site from a new device, app or browser.

And don’t just think about your digital information. Your mailbox can be a treasure trove for identity thieves so never leave important documents sitting there. Have someone take in your mail when you’re out of town and consider signing up for the Post Office’s free Informed Delivery service, which will send you emails with images of the exterior, address side of letters and packages.

Consider asking your financial intuitions to stop sending you paper statements and instead access them online using strong passwords and two-factor authentication.

Also consider signing up for an identity theft protection service such as Norton/LifeLock, Identity Guard or IDNotify. These services typically alert you to any unusual or large  credit or financial activity and scour the dark web for your personal information. Check with your financial institutions to see if any offer customers a free or reduced-price service. Fidelity, for example, offers free access to IDNotify for some of its investment customers.

Invest in a shredder and use it for all your financial and medical documents or anything else with private information, including pre-approved credit letters. I do recommend you securely store paper copies of bank statements or periodically print-out and store statements from your online accounts, just in case there’s a glitch in your online accounts.

Go online to check your credit card purchases, checking and saving account transaction and even your medical statements to make sure no-one is using these accounts in your name. Some banks and other services (including Intuit-owned Mint) will display your credit score and a big change in your score could indicate a problem.  Credit bureaus are required to provide a free annual credit report but you must request it. You’ll find a link at consumer.ftc.gov but be sure you’re accessing it through this FTC site to be sure you’re being routed to legitimate sites.

Warning signs and recovery tools

The FTC has a webpage with warning signs including withdrawals from your bank account that you can’t explain, not getting bills or other mail you expect, merchants refusing your check, calls about debts that aren’t yours, unfamiliar accounts on your credit report, medical bills from services you didn’t use, IRS notices about returns in your name that might include false information such as an employer you didn’t work for.  If you suspect you might be a victim of identity theft, start by contacting any organization or business.

If you do think you’ve been victimized, visit IdentityTheft.gov to file a report and contact any banks, insurance companies, medical providers or agencies that may be involved. You’ll find more good advice at ientidtytheft.gov/Steps.

Larry Magid is a tech journalist and internet safety activist.