11 Steps You Can Take to Protect Yourself from Identity Theft Fraud

1. Enable two-factor authentication (2FA)

Enable 2FA on your email, financial accounts, social media accounts, and anywhere else that offers this security feature. Two-factor authentication requires a second layer of authentication in addition to your password to complete your login, such as entering an SMS code sent to your phone or approving a push notification. This is the single most important step in protecting your accounts.

2. Use an encrypted password manager

Using a password manager makes it easy to set and maintain different and complex passwords for all your accounts. The best passwords are:

• Long (the longer the better!)
• Include upper and lower case letters and symbols
• Unrelated to your personal information (sorry, pet names are not a good idea)
• Do not include any dictionary words.

It might sound scary to store all your passwords in one place. The good news is that password managers are extremely secure. These companies understand that they are holding the crown jewels for their customers and take that responsibility seriously.

When choosing a password manager, look for one that hasn’t been breached in the past and includes 2FA. Consider other features in addition to password storage such as Virtual Private Network (VPN), dark web monitoring, and digital legacy (i.e., granting access to someone in the event of your death).

Transitioning to a password manager can feel overwhelming but you don’t have to do it all at once. Start with your most important accounts, like financial and email logins. Allow the password manager to generate encrypted passwords for you and get the hang of how that works. Use the password manager to log into those accounts for a while to get comfortable with it. Then, start changing the rest of your passwords over time. Every time you visit a website where you have an account, click the “Forgot Password?” option and have your password manager set your new password.

Password managers go beyond just your personal security – they can also help with security for your family including your children and aging parents. Should you need access to your parents’ finances or other accounts, a password manager makes it easy to share and protect the necessary credentials.

3. Be aware of new technologies

With every new technology comes the risk of new threats. Take QR codes, you’ve probably seen these in advertisements, at conferences, or restaurants instead of paper menus. While many of these QR codes are harmless, they do open the door to more risk. For example, QR codes often have shortened URLs which can make it much more difficult to tell if you are about to click on a phishing link or the real deal.

Artificial Intelligence is another new technology that we’re seeing just about everywhere – improving productivity, helping the federal government toward a “soft landing,” and maybe, someday, even in wealth advice (Does AI have a place?).

But along with all the good, artificial intelligence is being used for fraud. People have received phone calls from scammers using AI to imitate a loved one’s voice, claiming to be kidnapped or in an accident and convincingly asking for sensitive information or cash.

In our cybersecurity podcast episode of OFF THE WALL, we discuss the rise of AI and other technologies in cybersecurity. “Hackers will always take advantage of whatever is new in the environment,” says Bill Phelps, a cybersecurity Expert and Strategist with over 26 years of experience. “In the long term, AI is probably going to be a really important tool against attackers. But in the short term, the attackers are usually quicker to pick up a new technology.”

To counteract the fraudulent use of AI, try an “out of channel” response. This means responding to the communication through a different medium. If they call you, try texting back. If they email you, try calling them instead. This disrupts the scammers’ expectations and can cause them to move on to another target.

4. Have an action plan

Everyone should have a plan – on both an individual and professional level. This includes small business owners. If you think your small business is too small of a fish to fry compared with large companies, think again – ransomware is extremely profitable for cybercriminals and disproportionately hits small businesses.

One big way to protect yourself, especially as a small business, is to conduct a “tabletop exercise.” Develop some cyber incident scenarios and test your key personnel to see if they know what to do. This will help you build a system so everyone learns how to handle a cybersecurity incident without hesitation. Some questions to ask could include:

• Do you know who to call (lawyer, IT provider, insurance company, etc.)?

• Is there a communication chain in place (internal and external) and do you know what it is?

• Do you know how to change and secure company credentials?

• Do you need an external party to independently assess your situation?

• Do you know how to activate your most recent backup before things go awry?

As part of your plan, be sure to include immediate calls to your wealth manager and other financial resources to let them know the situation so they can be on the lookout for suspicious attempts to access your accounts.

5. Freeze your credit

Freeze your credit at all three credit bureaus – Equifax, Experian, and Transunion – to keep new credit files from being opened. Don’t wait for a problem to freeze your credit; it’s pretty easy to unfreeze it if you want to apply for a loan or credit card and then refreeze after you have what you need.

Credit freeze services are mandated by law and are free. The credit bureaus will always offer to sell you other products, but you don’t need to buy any of them to freeze your credit.

6. Monitor your financial accounts

Keep an eye on transactions and shifts in your portfolio to help stay on top of your accounts and catch potential issues as early as possible. At the most basic level, this involves reviewing your statements regularly and shredding all your mail when done.

By signing up for Card Not Present alerts with your financial institutions, you can find out about suspicious activity via text or email as soon as it happens and dispute the charge or shut down your account right away.

7. Use encrypted email

Don’t use unencrypted email to send or store sensitive information like usernames, passwords, PINs, account numbers, and personal identification. Instead, share information via secure file upload to a data vault (eMoney and Monument’s client portal have data vaults), email encryption, or the old-fashioned way…over the phone.

8. Don’t use your debit card to make purchases online

Always use a credit card for online purchases.

With debit card fraud, money leaves your account right away. With credit card fraud, you haven’t lost actual cash. It’s easier to reverse a charge on a credit card than to repay lost cash, so debit card fraud is more complicated and time-consuming to resolve. Also, consumer protections on credit card theft are higher than debit card theft.

9. Use a secure network

A secure network is essential, especially if you use Wi-Fi to conduct any financial transactions. Secure your home network with a strong password, and avoid using public Wi-Fi at the airport, hotel, coffee shop, etc. for any sensitive transactions. Secure a public network connection with the Wi-Fi hotspot feature on your phone or with a Virtual Private Network (VPN) service. Consider keeping the VPN on all the time. Once you have a VPN set up on your laptop or mobile device, you may find it more of a hassle to turn it off than to simply use it.

10. Beware of phishing and spoofing

Phishing and spoofing are some of the oldest tricks in the hacker’s handbook – because they work. These are emails, texts, and phone calls at home and at work that appear to be from someone you know and trust, but they are not. Even with ongoing cybersecurity training, “10 to 15 percent will always click on the phishing email,” says Bill Phelps.

That said, modern criminals often send sophisticated emails that look and feel legitimate – even to those who are aware of the threats. What can you do to mitigate the likelihood of falling victim to a phishing scam? Look for some of these phishing red flags:

• Email address: Before you click anything, take a look at the email address it came from. If the email address makes no sense for the company it says it comes from, you should be cautious with the contents.
• Urgency: Are you being asked to do something right away? Phishing emails often ask you to do something immediately to avoid some kind of dire consequence.
• Spelling and grammar errors: Official emails from a reputable company are not often riddled with typos and errors. Stilted language with grammatical errors is also a red flag.
• Requests for money or personal information: NEVER provide login information, social security numbers, account numbers, or other personally identifiable information through a link in an email, text, or unsolicited phone call. Neither government agencies nor Monument will ever contact you by phone or text demanding personal information.
• Call to action: Phishing emails often ask you to click a link or download an attachment. NEVER click on a link or download an attachment from an unknown person, especially in a text which could allow a scammer to commandeer your phone.

The “out of channel” technique mentioned earlier is a safe way to find out if the communication is legitimate. If you received an email, look up the company’s website for the phone number and call. If they called, look up the company’s website to find other legitimate ways to contact them (or verify the phone number) and confirm. DO NOT use the contact details in the suspicious email.

11. Keep backups

If you own a business, implement a robust backup system to protect your wealth-building asset in the event you cannot access your files. Cybercriminals and ransomware exceeded $1 billion for the first time in 2023. This specialized field is extremely lucrative for criminals and devastating for business owners locked out of their data.

Use an online backup service or external hard drive to back up your files in case your computer is hit with ransomware or destructive malware. Make sure you know how to restore files from your backup if and when needed; it is worth testing this process to be sure it works. Know who to call to help you access those backups (like an IT professional or your managed service provider).

Small businesses are impacted heavily by ransomware attacks. In addition to maintaining backup files and restore procedures, cyber insurance could be a good investment as well as having a third party help monitor your system.