For most of human history, we’ve had to safeguard what’s ours from those who would take it by force or fraud. Although your odds of being robbed are lower now (headlines notwithstanding) than they have been for most of the preceding centuries, fraud is more common than ever.
In 2020, the FTC’s Consumer Sentinel Network recorded 4.7 million reports from citizens, with fraud accounting for 2.2 million, and identity theft (often the result of fraud, or an enabler of fraud) making up another 1.4 million cases. Not all of those reports involved actually losing money to the scammers, but even so, the total reported losses topped $3.3 billion.
Protecting from fraud costs financial institutions, large corporations and government agencies billions of dollars in programming resources and other security measures, which ordinary citizens don’t have at their disposal. The good news? There are a number of simple, quick, high-impact steps you can take — right now, today — to sharply reduce the risk that you’ll become a victim of fraud.
1) Protect Your Phone Number
It’s downright frightening how badly your identity and online security can be compromised with just your phone number, especially given how many sites and apps require it as your basic identifier. In a worst-case scenario, scammers could pull a SIM-swap or port-out attack and take over every account that’s linked to your phone.
To thwart them, reach out to your provider and set up password protection for your account. Without that password, scammers will have to work much harder to take over your number.
2) Check Your Phone Number, Email and Passwords against Known Breaches
One of the highest-profile ways your data can get into the wrong hands is by way of a big-time data breach. There’s not a whole lot you can do about those — except keeping the number of companies with your data to a minimum — but you can check whether your own information has been exposed. A site called Have I Been Pwned? maintains a huge database of info from known breaches, where you can type in your own numbers, passwords and emails to see if they’ve been compromised.
It’s not always necessary or practical to change your email addresses and phone numbers, but at least passwords can be revamped in a hurry. Which brings us to the next tip.
3) Up Your Passwords Game
Passwords are, to be blunt, a major pain in the butt. If they’re secure, they’re hard to remember, and if they’re easy, they’re not secure. There are lots of tips out there to help create good passwords you’ll actually remember, but most of us just cheat and use the same few passwords everywhere (which is a Really Big Issue if those few show up in a data breach).
Using some form of password manager, and then setting a new, more secure password for each of your accounts (or better yet, letting the password manager do it), is one of the most powerful things you can do to protect yourself.
4) Set up Multi-factor Authentication
On a related note, passwords aren’t the only way to secure your accounts. You should also say “Yes” to multi-factor authentication (MFA), sometimes called two-factor authentication (2FA), wherever it’s offered. This just means there’s a second test required before anyone can access your accounts. The most common method is sending a text or email (you’ve probably used that one), but there are better options.
Biometric authentication, using facial recognition or your device’s fingerprint reader, is one of those. You can also opt for hardware “keys,” or a third-party authenticator service like Google’s.
5) Review Your Credit Report
One of the first places fraud will show up is often on your credit report. Opening accounts in your name and maxing them out is one of the standard ways fraudsters and scam artists operate, and all of that activity shows up on your credit report. In normal times, you’re entitled to a free report every year from each of the “Big Three” agencies, but you may be entitled to additional free reports if your information was compromised in a major breach or if you have other reasons to suspect fraud.
6) Set Up a Credit Freeze or Fraud Alert
If you want to take things further, you can set up a credit freeze (anytime) or a fraud alert (if you believe you’ve been compromised) with the credit agencies. A credit freeze means nobody can pull a credit report from those agencies — usually an essential preliminary to opening an account — unless you lift the freeze. A fraud alert means it can’t happen without your explicit say-so.
This will occasionally be inconvenient for you as well, because if you do want to apply for credit yourself, you’ll need to lift the freeze or respond to the fraud alert first. Compared to the trouble that comes from being defrauded, though, that’s a modest price to pay.
7) Have the IRS Assign You an Identity Protection PIN
Fraud artists can make your life stressful in a number of ways, and one of the most intrusive comes when they mess with your taxes. Tax fraud might include filing a return in your name (and claiming your refund), or claiming a deduction for your dependents, for example.
You can nip this in the bud by having the IRS create an Identity Protection PIN for you. It’s a six-digit number that changes with every tax year; the IRS sends it directly to you. Without it, scammers won’t be able to impersonate you for any tax-related activity.
The only downsides are that it takes a bit of setting up (if you aren’t able to establish your identity through the online tool, you’ll need to verify your identity in person), and it can slow your refund if you file a paper return.
8) Set Up Alerts Wherever They’re Available
One thing about fraud is that it doesn’t just affect you. Your bank, your credit card providers, and your insurers are just as keen to prevent fraud as you are, because they’re often the ones left on the hook after you’ve gotten any fraudulent charges reversed. Many of those providers offer the option of sending alerts to your device of choice whenever there’s activity (either significant or suspicious) on your account.
By all means, set them up. You may get tired of seeing notifications whenever you yourself use your account, but getting one when you haven’t done anything can be that early warning that saves you a world of trouble later on.
9) Give Your Statements a Long, Hard Look
Those alerts are highly useful, but there’s no substitute for really looking at your statements. If you still get yours on paper, go through them line-by-line every month without fail. If you get them online, you can check ‘em as often as you see fit (every day, if you like) for suspicious activity.
The moment you see activity on one of your accounts that you can’t explain, whether it’s a bank account, credit card, line of credit or even your insurance — because medical identity theft is a whole thing in its own right — you need to follow up on that and find out what’s going on.
10) Stop Telling the Whole World Your Business
“Oversharing” isn’t just a matter of boring — or sometimes scandalizing — your friends and family; it can also mean you’re making things unnecessarily easy for fraudsters and scammers. Could any rando following your social media accounts put together answers to the usual verification questions that companies ask for security purposes (mother’s maiden name, first pet, your old high school, your birthplace, first job)? Have you publicly posted your phone number anywhere? Do you put your email address out there publicly? Those are all things to be avoided.
Take some time to review your social media accounts, tweak your privacy settings, and maybe audit your followers to weed out anyone whose presence you can’t explain.
Protecting from Fraud Is an Ongoing Effort
Ultimately, it’s your own attitudes and habits that will give you the best protection against fraud. Don’t click the link in that email or text. Don’t automatically provide your information just because an app or site asks. Learn how to manage app permissions on your phone, and restrict apps to things they really need to know.
Educating yourself about fraud and scams is the most important prevention method of all, and signing up for an identity protection product like Spokeo Protect is an inexpensive and effective way to give yourself some peace of mind.
Generations of moms have told their kids, “If it sounds too good to be true, it probably is.” Just keeping that one rule in mind can help protect you from a surprising number of frauds and scams.
Sources
- Consumer Sentinel Network: Data Book 2020
- Mozilla Blog: Mozilla Explains: SIM Swapping
- US Federal Trade Commission: Port-Out Fraud Targets Your Private Accounts
- Microsoft Support: What Is: Multifactor Authentication
- Google Account Help: Get Verification Codes with Google Authenticator
- US Internal Revenue Service: Get An Identity Protection PIN (IP PIN)