The Smart About Money website will be retiring on July 31, 2021. Learn more about this decision.


7 Steps to Stop Cyber Identity Theft

Man on computer learns how to protect himself from cyber identity theft

Identity theft is on the rise. Nearly 7 percent of all U.S. consumers — 16.7 million people — were victims in 2017. Thieves stole $16.8 billion, which was an 8 percent increase over the year before. Due to improved security like embedded chip credit cards, thieves are 81 percent more likely to commit “card not present” fraud where they don’t have your actual card, according to a Javelin Research study.

The most common way thieves access your personal information is through malicious links in an email, data breaches at places where you have accounts or unprotected computer hardware. Your Social Security number, bank accounts and credit card numbers can be used to set up phony accounts or to hack your existing accounts.

Account takeovers cost U.S. consumers $5.1 billion in 2017, which is a 120 percent increase over 2016. On average, each consumer lost $290 and 16 hours of time to resolve issues.

1. Guard Your Email

Thieves are most likely to hit through email attachments. They can impersonate your contacts or use email templates and fake websites that look very similar to real companies where you have accounts. Even emails that seem to come from people you know might be fake. So, if one of your contacts sends you a strange email that seems out of character, don’t email them back, but call them to ask about it. Don’t click on any attachments unless you’re certain of its safety.

2. Protect Yourself on Social Media

The default privacy settings on social media accounts like Facebook usually are very open. If you don’t want thieves to access your personal data, control who can see your posts (friends, friends of friends, etc.). Limit biographical information such as your birthday, hometown and workplace — the less you share publicly online, the fewer chances thieves have to scam you. And watch out for strangers sending friend requests. Never click on attachments sent in messages or posted in comments sections if you don’t know the person.

It’s also a good idea to turn off geo-tagging, which stores and sometimes posts your location online. Turn off location-based services, like Bluetooth and GPS, except when you need them. And you know all those apps that ask to connect to your account? It can be convenient, but any time you allow other apps to access your Facebook or other social media through plug-ins, you open yourself up to possible hacks.

3. Create (and Protect) Strong Passwords

Use password protection, multifactor authentication and fingerprint identification on all your devices. Don’t share your passwords with anyone unless you really trust them — not even family members. Use a password manager or digital wallet (such as Roboform or Lastpass) to securely store all your passwords.

Follow the password guidelines for the specific site or account, but in general, a good password has at least 12 characters and includes numbers, capital letters and symbols. One password trick is to use the first letters of each word of a phrase you will remember. For example: “My 5th grade teacher was Mrs. Brown in 2001” would make the password: M5gtwMBi#2001.

4. Protect Yourself in Public

Always log out of public computers — especially if you’ve been on your email — and don’t “remember” login and password information in browsers. Always use secure logins with https:// when available.

When working on your own devices, it’s safer to use a 3G or 4G connection instead of public Wi-Fi. Turn off Wi-Fi when you’re not using it, enable your firewall and disable “network discovery” in settings. If you travel a lot or often work in public places, consider getting a Virtual Private Network (VPN). A VPN is a group of networked computers that encrypts your communications so they can’t be intercepted by thieves. Many employers and schools have their own VPNs.

Security experts recommend covering your webcam and microphone with tape to prevent hackers from spying on you. Thieves sell hacked live streams of unsuspecting victims’ webcams for a fee. And always completely wipe your hard drive before donating or selling a computer or old phone. Research your specific make/model online for instructions.

5. Update Software and Operating Systems

Run virus software on a regular basis. Even though it can be annoying to constantly receive notifications of updates to your operating systems and software, it’s important to regularly update these because they contain fixes to known viruses.

Copy a version of your computer’s hard drive on to an external drive on a weekly or monthly basis. An external hard drive connects to your computer using a USB cable. If something happens to your computer, you still have your files. Unplug your hard drive when it’s done. If your hard drive is connected to your computer when it’s hit by a virus, thieves can get everything.

Consider subscribing to online back-up services with “versioning,” which keep a record of older versions of files rather than just the most recently saved. Some services are only about $5 per month.

6. Create a “My Social Security” Account

Your Social Security number is the gateway to your identity. Once thieves have this number, they can open accounts in your name. Create your own account at to monitor activity. Some of the most common scams using Social Security numbers include:

  • Tax identity fraud: You might find out when you try to file your taxes that a return has already been filed in your name. File early to avoid thieves filing first.
  • Medical fraud: Look for tests or treatments you did not order, medical conditions in your record that are not yours, or unexpected rejection of insurance coverage because you’ve reached your benefit limit.
  • Child identity fraud: Thieves use your child’s Social Security number to create their own accounts. Check to make sure your child doesn’t already have a credit report around their 16th birthday.
  • Elder identity fraud: Seniors are especially vulnerable to fraudsters because they’re often lonely. Thieves befriend seniors to get access to their accounts or to sell them unnecessary or overpriced products and services.

7. Beware of “Malvertising” and Ransomware

Ransomware is when thieves infect your computer with a virus that encrypts your files. Often they infect your computer through email attachments that you click on, booby-trapped websites or online ads infected with viruses (called “malvertising”).

Once your computer is infected with the virus, a document or screen saver appears demanding that you pay a certain amount (usually between $200-$10,000, according to an IBM survey) to unlock your files. They give you instructions for how to pay them with Bitcoin.

Ransomware is becoming so common that some thieves will direct you to a secure online payment portal, complete with customer service and FAQs. This is because the thieves don’t really want to destroy your files — they just want your money. Don’t automatically pay the ransom. In many cases, you can negotiate for a better price (up to 30 percent less than the original amount).

There are support networks out there to help victims. If you’re hit with a common form of ransomware, you might be able to find a decryption key without having to pay the ransom. Visit and for help. If you are unable to find a decryption key and don’t want to pay the ransom, copy your entire hard drive, including all ransom notes, to an external hard drive. You might be able to get a key later. Even if you decide not to pay the ransom, report the incident to the FBI at

If Your Identity Is Stolen

If you are a victim, start by creating a personalized identity theft recovery program at Depending on the severity of the theft, you may want to file a police report. If you think the thieves got your Social Security number, request a fraud alert and credit freeze right away by contacting one of the three credit bureaus (that bureau will notify the other two). Eventually, contact all three credit bureaus to officially report the theft, using the sample communications found at

Call the companies where the fraud happened:

  • Close or freeze accounts.
  • Change logins, PINS and passwords.
  • Have them remove fraudulent charges.
  • Ask them for written confirmation of the removal.

There is no guaranteed way to protect yourself from identity theft, but taking these proactive steps can limit your risk. If you find yourself in crisis after a scam or fraud, use this worksheet to start your recovery plan and check out SAM’s free Life Events and Transitions Plan course.

[Any reference to a specific company, commercial product, process or service does not constitute or imply an endorsement or recommendation by the National Endowment for Financial Education.]

Ver este artículo en español: 7 pasos para evitar el robo de identidad en Internet