Identity Theft & Cyber Crime Prevention Tips

This guide below contains tips to help prevent identity theft and account compromise.

Identify theft is a rampant crime worldwide. Hopefully it never happens to you. However, should this crime happen to you, we encourage the following:

File a police report.
The police are very unlikely to help your case however the filed report will be useful to you as you execute data takedown requests, account security hardening, and any insurance claims.

Understand that you will very likely not find the thief or perpetrator.
Adopt the mindset of prevention going forward rather than finding and penalizing the thief.

Our identity theft and cyber crime prevention tips below will help prevent an account compromise.

By implementing these recommendations and staying vigilant, you can reduce the likelihood of falling victim to identity theft and protect your personal information from unauthorized access.

1. Freeze your credit in the three major credit bureaus (Equifax, Experian, TransUnion) for each family member.

  • Credit freezes prevent unauthorized individuals from opening new credit accounts in your name, reducing the risk of identity theft.

    Threat actors are highly skilled at finding enough information on targets and then using that information to obtain credit at a store or apply for a new credit card. The new credit card is often stolen from your residential mail or shipped to an alternate address.

  • No cost. Ignore any prompts from Equifax, Experian, TransUnion to pay $20 - $30/mo. for credit monitoring. Freezing your credit and lifting a credit freeze is a free service.

    Please check with each credit bureau for the length of each freeze, some only last a year and you will need to re-stablish the credit freeze. Keeping your credit on freeze all the time is good identity theft prevention.

  • Spend a few minutes temporarily lifting the freeze when necessary, such as applying for loans or credit cards.

  • Set up a login with each credit bureau and navigate to the security freeze option.

    References: https://www.usa.gov/credit-freeze

    Utilize a password manager to keep track of login credentials (see details in Step 4).

  • Consider paid services like Regal Credit, for managing your security freezes and additional monitoring.

  • There are several other, less popular, credit reporting agencies (Innovis, etc.) that also offer the ability to perform a security freeze.

    Review the EULA, privacy policy, and fine print for any service to ensure personal information is not re-sold to third parties. The lack of company contact details, missing privacy policies on the company website, and/or superfluous promises for 100% security are all red flags to not use that particular service.

2. Protect Your Social Security Number (SSN)

  • Safeguarding your SSN prevents unauthorized access to your personal data.

  • No cost.

  • Minimal impact

    1. Safeguard your SSN, avoid carrying your card, securely store or shred paperwork containing it, and refrain from sending it via insecure methods.

    2. Open your personal my Social Security account at www.ssa.gov. Create your account and remove the risk of someone else obtaining your SSN and trying to create an account in your name. Add two-factor authentication during initial setup.

    3. Sign up for extra security. After logging in, go into the “Security Settings” tab to begin the upgrade process.

      Add Extra Security” is the first option in the Security Settings tab. Follow the instructions to add extra security. Finishing this process usually takes 5 to 10 business days. An upgrade code will be mailed to your home address. The letter will also include step-by-step instructions to finalize the security upgrade.

  • Completely block your and others electronic access to your SSN by contacting the Social Security office (1.800.772.1213). Any automated telephone and electronic access to your Social Security record will be blocked. To reverse this, you will also need to call and prove your identity.

3. Subscribe to an Identity Protection Service

  • Automated service alerts you to potential threats and may include insurance coverage for identity theft-related losses.

  • Monthly subscription fees range from $20 to $35 for services such as Aura, Identity Guard, and LifeLock.

  • Requires proper setup and periodic review of notifications.

  • Select a reputable identity protection service and configure monitoring preferences. ProAlign staff use Aura due to its excellent reviews. ProAlign staff prefer a monitoring service separate from any of the three credit bureaus.

4. Enable 2FA and Utilize a Password Manager

  • Two-factor authentication (2FA) or MFA (multi-factor authentication) adds an extra layer of security, while password managers simplify password management.

  • No cost for 2FA or MFA, those settings can be found in your mobile or desktop device. Password manager subscriptions typically range from $20 to $35 per month. Many are free for personal use.

  • Minor setup process for both 2FA and password manager usage. Using a password management tool may seem new at first, however the convenience and security they offer quickly becomes standard routine.

  • Choose a reliable password manager and enable 2FA/MFA wherever possible. ProAlign staff use 1Password due to its security rigor and top rating. 1Password has a browser add-on for convenience when using a desktop. 1Password includes a mobile version that can be setup as the default (vs keychain) on your mobile device.

    Once comfortable with your Password Manager, ensure all logins use a unique password which is updated regularly. Your Password Manager can also help you track email addresses.

    Using separate email accounts for shopping, delivery services, personal correspondence, social media, coupons, and needs is a recommended operational security measure.

  • When possible, use an authentication application as the second factor instead of a text since stealing a mobile phone or SIM stealing remains a risk.

    1Password’s desktop version has an edit feature that also allows for search of a breached password to help identify where all you might have used that password.

5. Utilize Antivirus Software

  • Antivirus software detects and prevents cyber threats, safeguarding against phishing emails and malicious attachments.

  • Monthly subscription fees range from $3 to $5 per device for services like MalwareBytes, Bitdefender, or Norton.

  • Minimal setup required, primarily installation. Be sure to regularly update your antivirus software otherwise the program is ineffective.

  • Select a trusted antivirus application such as Malwarebytes for comprehensive protection. ProAlign staff uses Malwarebytes based on feedback from our cyber security partners who also recommend Malwarebytes for businesses.

    For Windows users, Malwarebytes works with Microsoft defender for dual protection. Malwarebytes also includes multi-device (family) subscription.

6. Maintain Privacy on Social Networks

  • Limiting personal information on social media reduces the risk of identity theft and scams.

  • No financial cost.

  • Requires personal discipline and time to review privacy settings.

  • Research and adjust privacy settings on social media platforms and minimize sharing personal details on your public and private profile such as family names, birth dates, home addresses, email addresses, high school details, etc.

    Ensure usernames do not contain your name, significant graduation/birth/wedding years, pet names, hobbies, nor associated cities/states.

  • ProAlign can perform a detailed analysis for your personal available data called a Digital Footprint. This will include openly available information from the surface web as well as the dark web such as social media data, breach data, third-party published data, documents, and/or images.

    The report includes links to where your personal information was found and recommendations to help remove or take down information. See this relevant article.

7. Employ Encrypted Email for Financial Logins

  • Encrypted email ensures secure communication and protects sensitive financial sites, primary targets of cyber threats. The common practice of a widely used Gmail account as your main email for financial institutions provides increased opportunity for threat actors.

    A significant benefit of most encrypted email platforms is their capability to generate alias email addresses. For instance, individuals often employ distinct email aliases for sensitive accounts like cryptocurrency holdings. In the event of a security breach, users can simply delete the compromised alias and substitute it with a new one.

    Additionally, tracking breach incidents becomes easier as users can pinpoint the source of the compromised email and the affected application. Notably, all alias emails consolidate into a single inbox for streamlined management.

  • Monthly subscription fees range from $10 to $15. Some services, like Proton Mail, have free options.

  • Having an additional email address to check is often an added step but well worth it for security minded individuals.

    The password managers mentioned in Step 4 make separate email account management very easy.

  • Select an encrypted email service. ProAlign staff uses Proton Mail.

    Employ it as the email for your financial institutions. If desired, create different email aliases for each financial institution.

  • Ensure personal social media profiles utilize encrypted email services for login credentials.

    Once comfortable with Proton Mail, Proton Drive can be used to electronically store copies our driver’s license, passports, etc. If ever requested by our financial institutions or travel agents, we can provide a secure link instead of attaching these documents to an email.

8. Prevent Phone SIM Card Swap

  • A common identity theft technique is to steal your mobile phone number. Adding preventative measures helps thwart this technique.

    A SIM Card Swap is when someone takes over your phone number. You may stop getting calls and texts, or you may get a notice that your phone has been activated/de-activated.

  • No cost.

  • Initial setup of an additional PIN to your mobile number as well as SIM Card Lock.

  • In addition to adding two-factor authentication, contact your mobile network provider and set up a PIN or password on your cellular account. A SIM card lock is a security feature provided by mobile network providers to protect the SIM card from unauthorized access.

    If the SIM Card Lock is activated, it requires the user to enter a PIN code every time the mobile device is powered on.

9. Utilize a VPN Service

  • VPNs provide anonymized browsing, especially important for browsing on public Wi-Fi networks. Using a VPN helps minimize the risk of data compromise or internet traffic interception.

    With Public Wi-Fi, folks sitting around you are on the same open network and can steal information. Choose a more secure location, choose a Wi-Fi which requires a password, and employ a VPN when logging onto financial sites in public.

  • Monthly subscription fees range from $2 to $5 for services like PIA (Private Internet Access) or NordVPN. ProAlign staff recommend PIA (Private Internet Access) which is under $2 per month when you opt for the three-year plan.

  • Seamless integration on home desktops, laptops, and mobile devices. Certain websites will not function properly when using a VPN.

  • Select a reputable VPN service, like PIA, and install it for enhanced security. Make sure it is turned on when using any public Wi-Fi.

  • VPN can also assist watching streaming services outside the US. Changing the VPN connection region may also be required for the streaming service to work.

    Certain VPN providers, such as PIA, allow you to select your VPN server’s location.

10. Additional Suggestions

  • Be cautious of unsolicited requests for personal information and avoid responding to suspicious communications from people pretending to be banks, stores or government agencies.

    When in doubt, call the service/entity directly using contact details found outside of the suspicious communication (email, letter, voicemail, or text).

  • Opt-out of credit bureau marketing lists to reduce the risk of intercepted offers being used for identity theft. Opt-out at optoutprescreen.com, the official consumer credit reporting industry website.

    Opt-out of other types of junk mail at DMAchoice.org.

  • Take advantage of the passcode, fingerprint scan, or face recognition to get into your phone. For iPhone users, register with iCloud so that you can remotely wipe your phone if it gets stolen.

    Avoid charging your phone at a public station since hackers can install malware into the charging station.

    Reference: What to do if your phone is hacked

  • Prevent identity theft by promptly collecting mail and monitoring for any suspicious activity.

    Thieves also can reroute your mail by submitting change-of-address requests in your name, so keep track of expected mail that doesn’t arrive. In addition, put your mail on hold while you’re away.

  • Use the post office or a USPS mailbox. If a thief gets your bank account and routing number from a check you were mailing, fraud is even easier.

    Changing to paperless billing for utility accounts can also help keep your details away from potential mail thieves. For added security, consider a locked P.O. box.

  • Regularly review credit card and bank statements for unauthorized transactions including small charges that increase over time. Credit card fraud is the most common type of identity theft.

  • Dispose of documents containing personal information securely to prevent identity theft via physical means like dumpster diving.

  • With a debit card, your funds are immediately gone and harder to get back including funds siphoned from linked accounts.

    Report loss or suspicious activity immediately. A credit card company can better assist you during a compromise.