Monument Wealth Management Articles

11 Steps You Can Take to Protect Yourself from Identity Theft Fraud

Apr 12, 2024 FAQs

Share on your favorite platform, or by email

According to the Federal Trade Commission (FTC), in 2021, there was an identity theft or fraud report filed every six seconds! That’s only counting people who filed a report with the FTC so the real incidence is even higher. And while your identity could be stolen by a lone hacker, cybercrime is increasingly enacted by organized international groups with increasingly sophisticated technology. It feels like an arms race.

Even with many organizational precautions in place, you must be a partner in keeping your data and wealth secure. How can you protect yourself from identity theft? Here are eleven tips that can help.

1. Enable two-factor authentication (2FA)

Enable 2FA on your email, financial accounts, social media accounts, and anywhere else that offers this security feature. Two-factor authentication requires a second layer of authentication in addition to your password to complete your login, such as entering an SMS code sent to your phone or approving a push notification. This is the single most important step in protecting your accounts.

2. Use an encrypted password manager

Using a password manager makes it easy to set and maintain different and complex passwords for all your accounts. The best passwords are:

  • Long (the longer the better!)
  • Include upper and lower case letters and symbols
  • Unrelated to your personal information (sorry, pet names are not a good idea)
  • Do not include any dictionary words.

It might sound scary to store all your passwords in one place. The good news is that password managers are extremely secure. These companies understand that they are holding the crown jewels for their customers and take that responsibility seriously.

When choosing a password manager, look for one that hasn’t been breached in the past and includes 2FA. Consider other features in addition to password storage such as Virtual Private Network (VPN), dark web monitoring, and digital legacy (i.e., granting access to someone in the event of your death).

Transitioning to a password manager can feel overwhelming but you don’t have to do it all at once. Start with your most important accounts, like financial and email logins. Allow the password manager to generate encrypted passwords for you and get the hang of how that works. Use the password manager to log into those accounts for a while to get comfortable with it. Then, start changing the rest of your passwords over time. Every time you visit a website where you have an account, click the “Forgot Password?” option and have your password manager set your new password.

Password managers go beyond just your personal security – they can also help with security for your family including your children and aging parents. Should you need access to your parents’ finances or other accounts, a password manager makes it easy to share and protect the necessary credentials.

3. Be aware of new technologies

With every new technology comes the risk of new threats. Take QR codes, you’ve probably seen these in advertisements, at conferences, or restaurants instead of paper menus. While many of these QR codes are harmless, they do open the door to more risk. For example, QR codes often have shortened URLs which can make it much more difficult to tell if you are about to click on a phishing link or the real deal.

Artificial Intelligence is another new technology that we’re seeing just about everywhere – improving productivity, helping the federal government toward a “soft landing,” and maybe, someday, even in wealth advice (Does AI have a place?).

But along with all the good, artificial intelligence is being used for fraud. People have received phone calls from scammers using AI to imitate a loved one’s voice, claiming to be kidnapped or in an accident and convincingly asking for sensitive information or cash.

In our cybersecurity podcast episode of OFF THE WALL, we discuss the rise of AI and other technologies in cybersecurity. “Hackers will always take advantage of whatever is new in the environment,” says Bill Phelps, a cybersecurity Expert and Strategist with over 26 years of experience. “In the long term, AI is probably going to be a really important tool against attackers. But in the short term, the attackers are usually quicker to pick up a new technology.”

To counteract the fraudulent use of AI, try an “out of channel” response. This means responding to the communication through a different medium. If they call you, try texting back. If they email you, try calling them instead. This disrupts the scammers’ expectations and can cause them to move on to another target.

4. Have an action plan

Everyone should have a plan – on both an individual and professional level. This includes small business owners. If you think your small business is too small of a fish to fry compared with large companies, think again – ransomware is extremely profitable for cybercriminals and disproportionately hits small businesses.

One big way to protect yourself, especially as a small business, is to conduct a “tabletop exercise.” Develop some cyber incident scenarios and test your key personnel to see if they know what to do. This will help you build a system so everyone learns how to handle a cybersecurity incident without hesitation. Some questions to ask could include:

• Do you know who to call (lawyer, IT provider, insurance company, etc.)?

• Is there a communication chain in place (internal and external) and do you know what it is?

• Do you know how to change and secure company credentials?

• Do you need an external party to independently assess your situation?

• Do you know how to activate your most recent backup before things go awry?

As part of your plan, be sure to include immediate calls to your wealth manager and other financial resources to let them know the situation so they can be on the lookout for suspicious attempts to access your accounts.

5. Freeze your credit

Freeze your credit at all three credit bureaus – Equifax, Experian, and Transunion – to keep new credit files from being opened. Don’t wait for a problem to freeze your credit; it’s pretty easy to unfreeze it if you want to apply for a loan or credit card and then refreeze after you have what you need.

Credit freeze services are mandated by law and are free. The credit bureaus will always offer to sell you other products, but you don’t need to buy any of them to freeze your credit.

6. Monitor your financial accounts

Keep an eye on transactions and shifts in your portfolio to help stay on top of your accounts and catch potential issues as early as possible. At the most basic level, this involves reviewing your statements regularly and shredding all your mail when done.

By signing up for Card Not Present alerts with your financial institutions, you can find out about suspicious activity via text or email as soon as it happens and dispute the charge or shut down your account right away.

7. Use encrypted email

Don’t use unencrypted email to send or store sensitive information like usernames, passwords, PINs, account numbers, and personal identification. Instead, share information via secure file upload to a data vault (eMoney and Monument’s client portal have data vaults), email encryption, or the old-fashioned way…over the phone.

8. Don’t use your debit card to make purchases online

Always use a credit card for online purchases.

With debit card fraud, money leaves your account right away. With credit card fraud, you haven’t lost actual cash. It’s easier to reverse a charge on a credit card than to repay lost cash, so debit card fraud is more complicated and time-consuming to resolve. Also, consumer protections on credit card theft are higher than debit card theft.

9. Use a secure network

A secure network is essential, especially if you use Wi-Fi to conduct any financial transactions. Secure your home network with a strong password, and avoid using public Wi-Fi at the airport, hotel, coffee shop, etc. for any sensitive transactions. Secure a public network connection with the Wi-Fi hotspot feature on your phone or with a Virtual Private Network (VPN) service. Consider keeping the VPN on all the time. Once you have a VPN set up on your laptop or mobile device, you may find it more of a hassle to turn it off than to simply use it.

10. Beware of phishing and spoofing

Phishing and spoofing are some of the oldest tricks in the hacker’s handbook – because they work. These are emails, texts, and phone calls at home and at work that appear to be from someone you know and trust, but they are not. Even with ongoing cybersecurity training, “10 to 15 percent will always click on the phishing email,” says Bill Phelps.

That said, modern criminals often send sophisticated emails that look and feel legitimate – even to those who are aware of the threats. What can you do to mitigate the likelihood of falling victim to a phishing scam? Look for some of these phishing red flags:

  • Email address: Before you click anything, take a look at the email address it came from. If the email address makes no sense for the company it says it comes from, you should be cautious with the contents.
  • Urgency: Are you being asked to do something right away? Phishing emails often ask you to do something immediately to avoid some kind of dire consequence.
  • Spelling and grammar errors: Official emails from a reputable company are not often riddled with typos and errors. Stilted language with grammatical errors is also a red flag.
  • Requests for money or personal information: NEVER provide login information, social security numbers, account numbers, or other personally identifiable information through a link in an email, text, or unsolicited phone call. Neither government agencies nor Monument will ever contact you by phone or text demanding personal information.
  • Call to action: Phishing emails often ask you to click a link or download an attachment. NEVER click on a link or download an attachment from an unknown person, especially in a text which could allow a scammer to commandeer your phone.

The “out of channel” technique mentioned earlier is a safe way to find out if the communication is legitimate. If you received an email, look up the company’s website for the phone number and call. If they called, look up the company’s website to find other legitimate ways to contact them (or verify the phone number) and confirm. DO NOT use the contact details in the suspicious email.

11. Keep backups

If you own a business, implement a robust backup system to protect your wealth-building asset in the event you cannot access your files. Cybercriminals and ransomware exceeded $1 billion for the first time in 2023. This specialized field is extremely lucrative for criminals and devastating for business owners locked out of their data.

Use an online backup service or external hard drive to back up your files in case your computer is hit with ransomware or destructive malware. Make sure you know how to restore files from your backup if and when needed; it is worth testing this process to be sure it works. Know who to call to help you access those backups (like an IT professional or your managed service provider).

Small businesses are impacted heavily by ransomware attacks. In addition to maintaining backup files and restore procedures, cyber insurance could be a good investment as well as having a third party help monitor your system.

Protect Your Wealth – and Grow It

Want to learn more about how to protect yourself or your small business from cyberattacks and identity fraud? Be sure to listen to our full podcast with Bill and Cathleen Phelps for steps you can take to protect your wealth by minimizing the likelihood of falling victim to identity fraud.

Looking for a wealth management team that prioritizes the safety of your personal data and wealth? See if we’re a fit for you!

Cathleen D. photo

Cathleen D. Phelps

Client Experience Manager

Cathleen has two big drivers-–a challenge and a love of learning. She cannot resist a challenge or a problem to solve, and cannot rest until she’s conquered it. Every morning, Cathleen runs or works out at Crossfit for an energy boost that gets her mind awake and going, ready to face whatever the day brings. She admits there’s always something that needs figuring out, and if she needs to learn something new to do it, that’s even better!

Learn more ...


Please remember that past performance is no guarantee of future results.  Different types of investments involve varying degrees of risk, and there can be no assurance that the future performance of any specific investment, investment strategy, or product (including the investments and/or investment strategies recommended or undertaken by Monument Capital Management, LLC [“Monument”]), or any non-investment related content, made reference to directly or indirectly in this blog will be profitable, equal any corresponding indicated historical performance level(s), be suitable for your portfolio or individual situation, or prove successful.  Due to various factors, including changing market conditions and/or applicable laws, the content may no longer be reflective of current opinions or positions.  Moreover, you should not assume that any discussion or information contained in this blog serves as the receipt of, or as a substitute for, personalized investment advice from Monument. To the extent that a reader has any questions regarding the applicability of any specific issue discussed above to his/her individual situation, he/she is encouraged to consult with the professional advisor of his/her choosing. No amount of prior experience or success should be construed that a certain level of results or satisfaction will be achieved if Monument is engaged, or continues to be engaged, to provide investment advisory services. Monument is neither a law firm nor a certified public accounting firm and no portion of the blog content should be construed as legal or accounting advice.

A copy of Monument’s current written disclosure Brochure discussing our advisory services and fees is available for review upon request or at Please Note: Monument does not make any representations or warranties as to the accuracy, timeliness, suitability, completeness, or relevance of any information prepared by any unaffiliated third party, whether linked to Monument’s website or blog or incorporated herein, and takes no responsibility for any such content. All such information is provided solely for convenience purposes only and all users thereof should be guided accordingly.

Historical performance results for investment indices, benchmarks, and/or categories have been provided for general informational/comparison purposes only, and generally do not reflect the deduction of transaction and/or custodial charges, the deduction of an investment management fee, nor the impact of taxes, the incurrence of which would have the effect of decreasing historical performance results.  It should not be assumed that your Monument account holdings correspond directly to any comparative indices or categories. Please Also Note: (1) performance results do not reflect the impact of taxes; (2) comparative benchmarks/indices may be more or less volatile than your Monument accounts; and, (3) a description of each comparative benchmark/index is available upon request.

Please Remember: If you are a Monument client, please contact Monument, in writing, if there are any changes in your personal/financial situation or investment objectives for the purpose of reviewing/evaluating/revising our previous recommendations and/or services, or if you would like to impose, add, or to modify any reasonable restrictions to our investment advisory services.  Unless, and until, you notify us, in writing, to the contrary, we shall continue to provide services as we do currently. Please Also Remember to advise us if you have not been receiving account statements (at least quarterly) from the account custodian.