Have you ever had your “bank” call you to ask you to confirm your password or received a “missed delivery” text pushing you to click on a tracking link? Or, how about an email urging you to provide sensitive information? If the answer is yes, then the chances are that you have — at some point — been the target of an identity theft attempt.

Even the most tech-savvy amongst us aren’t alone. Identity theft is an ever-increasing threat that’s seen a staggering 33% of Americans and 24% of U.K. citizens become victims.

As experts in fraud, people often turn to us for advice on how to protect themselves against all the different ways criminals can exploit us and our information. Although the thought of changing passwords and checking account settings might sound tedious, these are just some of the actions that you need to take as part of your digital armor against fraudsters.

Here, we share our tips and best practices for keeping your personal information safe — as well as the steps to take if you find yourself a victim of identity theft.

What is identity theft?

According to the U.S. Department of Justice,  identity theft comprises “all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain”.

Simply put, identity theft (or identity-related fraud), occurs when someone falsely represents you or your identity — by using personal information such as your name, date of birth, address, phone number, and financial details like bank accounts or credit cards — to carry out fraudulent activities.

What can fraudsters do with your personal information?

These days, once they’ve gained your personal information, there are countless ways that fraudsters can use it, including impersonation, taking control of your bank accounts and/or opening new ones, and creating new fake identities.

Here’s just a snapshot of common fraudulent activities that can be carried out using your information:

  • Bank accounts and phone contracts can be opened, and credit can be applied for in your name — ultimately leaving you with the financial burden.
  • Existing accounts can be taken over, enabling them to siphon down your money and/or extend your line of credit in order to increase the amount of money they can steal.
  • New accounts can be created and existing accounts can be created to be used for money muling (a type of money laundering whereby a third party transfers or moves illegally acquired money on someone else’s behalf) which may result in you being suspected of committing a crime.
  • Synthetic IDs can be created using elements of your information and others’ to form a brand-new entity.

How to protect your financial accounts and personal information

As technology advances, so do the tactics employed by fraudsters seeking to exploit vulnerabilities. Let’s look at how you can safeguard your bank account information, passwords, and personal and social media information, and how to deal with data breaches.

Protecting your bank account

Your bank will never ask you to divulge confidential security details, passwords, or a One-Time Password (OTP). Fraudsters often attempt to deceive individuals by posing as bank employees and soliciting such information through calls or emails.

  • If you receive unsolicited calls or emails requesting this information, hang up the phone, report and delete the email, and contact your bank directly to verify the legitimacy of the request.
  • If possible, switch from paper to online statements for all your cards and accounts. If you do still receive paper statements, notify the sender if they don’t arrive when expected since this could indicate that they may have been stolen or redirected, or that they might include unrecognized transactions.
  • Secure your accounts with strong passwords and two-factor authentication.

Protecting your passwords

Did you know that over 80% of password breaches are related to stolen, weak, or reused passwords?

It can feel like we need a password for everything nowadays and it can feel overwhelming trying to remember all your passwords for each account, but if we think about the type of data they protect it’s imperative that we keep it secure. To create secure passwords, make sure you take the following into account:

  • Ensure that your passwords are at least 12 characters long and contain letters, numbers, and special characters or a sequence of random words.
  • Use random characters, but don’t follow easy-to-recognize patterns – e.g. “qwert” or “12345”.
  • Avoid using similar passwords that change only a single word or character.
  • Don’t use any personally identifiable information in your passwords – e.g. date of birth, year of marriage, name of the street you live on, or the name of your pet.

More tips for protecting your passwords

  • Browsers like Google Chrome enable you to easily and securely store your passwords across all of your devices to help you keep track of them. Additionally, consider using a password manager, ensuring that the master password is robust for added security.
  • All those pesky device updates you keep getting reminders of, make sure you put some time aside to ensure that they’re all up to date as they’ll include the latest security patches.
  • With people continuing to work from home, it is your infrastructure that becomes the weak link in a business’s defense. Routers come with standardized usernames and passwords, that mean they can be easier to crack than those you access from the office. Treat your router like you would you phone or computer and set up strong protection by logging into your router and changing the username to something unique and the password to something strong e.g. at least 12 characters that include uppercase, lowercase, numbers, and symbols.

Protecting your personal and social media information

With the influx of spam emails, texts, and WhatsApp messages, it can be challenging to detect which ones are fraudulent and malicious — especially when you’re rushed or distracted. Beware of links that lead to seemingly legitimate websites that will attempt to capture your personal and/or financial information. The attachments in these types of messages may also contain hidden malicious code that can hide on your device, putting you at risk of your data being harvested without your knowledge.

Here are some other tips for protecting your personal and social information:

  • Safeguard your personal information by shredding any letters or communications that include your name, address, or financial details — including delivery labels on packages.
  • Regularly review your social media account security settings and check who can view your account and content.
  • Don’t share pictures that display any personally identifiable information, including your car’s number plate, your front door, or your place of work. This information can be used to exploit further information about you.
  • Avoid using free public Wi-Fi, particularly when accessing sensitive apps or websites (such as mobile banking) as these networks lack the security that your work or home networks do.

 Related: How to identify a scam email

What to do in the event of a data breach

Data breaches occur when hackers gain access to huge databases containing personal information such as your name and email. When sensitive information is leaked, you can be at risk of becoming a victim of identity theft.

  • Be aware of notifications from any providers or companies, and promptly change your password if alerted.
  • Be cautious of potential fake emails posing as affected companies that offer password reset links. Instead, visit the sites directly without clicking on any provided links.
  • Visit websites like https://haveibeenpwned.com/ to check if your personal details have been compromised in a breach.

What to do if you become a victim of identity theft

Becoming a victim of identity theft can be a frightening and stressful experience, which makes it all the more important to regularly review the tips and best practices above.

However, if you do find yourself a victim, here are the essential steps to take in order to minimize exposure and enhance the security of your information.

  • Contact the relevant organization — whether it’s a bank, credit card company, or another entity, where you suspect someone has used your identity — to inform them about the situation.
  • Check your other accounts for unfamiliar transactions that may have been initiated by the fraudsters — they may have used your identity to make transactions with existing accounts.
  • Report any lost or stolen documents, including passports, driving licenses, credit cards, and checkbooks, to the organizations that issued them.
  • Request a copy of your credit file to check for any suspicious credit applications.

Remain vigilant and be cautious of unexpected communications or contact from individuals, companies, and entities