Identity theft is one of the most terrifying consequences of the digital age. An almost unknown crime 25 years ago, it happens with alarming regularity today. According to the Bureau of Justice Statistics, 7 percent of Americans over 16 years old were identity theft victims in 2012, the most recent year for which such statistics were compiled.
With the risk rising, the Federal Trade Commission (FTC) has published a website specifically aimed at helping victims of ID theft navigate the many steps needed to avoid financial ruin. IdentityTheft.gov is a clear and straightforward guide to dealing with such a catastrophe, though be advised it's little more than a checklist. You'll still need to do the heavy lifting yourself.
But it's a handy checklist nonetheless, one that pulls together all the info you need to react to a personal data breach. The site divides your actions into categories. It starts with "what to do right away." That includes notifying the fraud department at credit card companies and other businesses that are affected, freezing compromised accounts and changing log-ins for all of your accounts.
From there, the site explains how to contact credit bureaus and how to get a free copy of your credit report.
Critically, the site helps you do things you probably wouldn't think of on your own, such as notifying the FTC and filing a police report. When you combine the Identity Theft Affidavit from the FTC with the police report, you get an Identity Theft Report that conveys certain legal rights, notably keeping creditors and debt collectors from taking action against you.
Of course, it's a good idea to avoid reaching the point that you need to visit an FTC checklist to begin with. Here are several best practices and simple precautions everyone should take to stay safe and minimize their risk of identity theft.
Always use HTTPS. This might sound geeky, but use the "https" version of websites whenever they're offered. So, when you go to any online service that requires you to log in, try entering "https://"in the browser. If available, it'll protect your data with end-to-end encryption.
Manage your passwords smartly. You've heard this many times, but it bears repeating: Use unique, strong passwords for all of your accounts. And to avoid the need to memorize dozens or hundreds of passwords, store them in a reputable password manager like LastPass or Dashlane.
Use two-factor authentication whenever it's offered. If you (or a hacker) try to log in using a different browser or device, your password will need to be supplemented by a one-time code, generally sent to your mobile phone. It won't make you invulnerable, but it will dramatically reduce your exposure.
Foil social hacks. Hackers can sometimes convince customer support staff to circumvent security by pretending to be you. Banks and online services are getting savvy about these kinds of social exploits, but they still happen. Protect yourself by giving criminals less personal data to work with -- minimize the personal info you share online. Don't blindly accept connection requests from strangers on LinkedIn and Facebook, and avoid publishing personal info on public sites.
And those secret questions that you can use if you forget your password? Lie. Make up fictitious, nonsensical answers and record them somewhere safe (like in the notes of your password manager). No one needs to know the street you really grew up on.
Beware of phishing attacks. Finally, be generally skeptical. The Internet isn't kind to the naive or uncritical user, so never click links to financial institutions or other sensitive sites from within emails. Instead, type the URL into the address bar directly.
And be cautious about anyone claiming to be from your bank or the government. You should always call them back using their published phone number, for example. Remember that in the same way that your bank will never ask for your password over the phone or email, the government (specifically, the IRS) will not ask you for money over the phone, either.