Best Practices: Avoiding Identity Theft

April 22, 2019

What steps are you taking to prevent identity thieves from stealing your personal information? The most important first step you should take is to freeze your credit, but there are many good habits you can develop and use every day. Read on to find out how to keep your personal information safe in cyberspace.


Part 1: Use the Internet Securely

Always keep in mind these security tips while you surf the web, do your online shopping, and go through your email inbox:


Password Protection

  • Never share your passwords or PINs with anyone.
  • Never write your passwords down where they could be easily found by others.
  • When creating passwords, don't use information that could be easily linked to you (like your birth date, Social Security number, phone number, or the names of pets or hobbies).
  • Use passwords that contain both letters and numbers, preferably not recognizable words (for example, Tr33h0u$3)
  • Use a unique password for each system. Always use a different password for each system you access.
  • Change your online account passwords often. We recommend that you change your passwords every 30 days (or at least every quarter).
  • The Federal Trade Commission (FTC) provides helpful password tips at


Website & PC Security

  • If you are providing financial or personal information online, be sure the site is secure. Look for a URL that begins with "https://" and the closed padlock icon () to the left of the URL.
  • Do business only with financial institutions and online merchants that you know and trust.
  • Watch out for copycat sites that may try to look like a financial institution. Confirm you are using the correct web address for your bank by checking multiple sources such as statements and marketing materials.
  • Don't reply to any email or pop-up message that requests you update or provide personal information.
  • Never leave your computer or mobile device unattended while using any online banking or investing service.
  • Always log off completely and close your browser or app when you are finished with a secure session.
  • Only access your personal financial information from a computer you trust. Internet kiosks and cyber cafes are not as secure as your personal computer.
  • Install, use and regularly update anti-virus and anti-spyware software on your computer.
  • Make sure your computer is up-to-date with security patches for your operating system and applications. Windows users should turn the Auto-Update feature on. Security patches may be found at vendor's websites. Check the sites periodically as these patches are frequently updated.
  • Consider using a personal firewall to prevent hackers from invading your personal computer, especially if you are using DSL or a cable modem to access the Internet. A firewall can make you virtually "invisible" online and will help to block out communications from unauthorized sources.
  • If you use wireless networking, make sure to turn on all security features such as WPA encryption. Change the default password and SSID on your wireless router.


Email Safety

  • If an offer received via email or on a website sounds too good to be true, it probably is.
  • Email is not secure. Never email personal financial information such as account numbers or your Social Security number.
  • Don't open email or attachments from senders you don't know. And even when you know the source, exercise caution. An attachment may be malware that compromises your computer's security.
  • Beware of email scams. Never respond to unsolicited email or click a link within a suspicious email asking you to validate your account information or provide personal information.
  • Use email filtering software to screen for spam and identify suspect messages.
  • Turn off the "preview" function of your email program. The feature can be a security risk.
  • Use secure messaging when it's available.



Part 2: Fraud Tactics and Examples

It is important to be aware of the common scams that are being used to attempt identity theft. You will often see these reported on your local news. Here are a few to watch out for:


Phishing: Email Subject Line: “A Notice from the Internal Revenue Service”

Phishing scams are a common fraud tactic, and the IRS has a long list of phishing emails where the scammers are impersonating the IRS. Scams like these usually peak during tax season.

If you get an email purporting to be from the Internal Revenue Service, you should know that the IRS doesn’t initiate contact with taxpayers by email to request personal or financial information. Don’t ever click on or respond to these kinds of emails, or any email demanding your personal information.

If you receive an email you suspect is fraudulent, report it by forwarding it to


Malware: “This Is an Update from Norton Anti-Virus”

Malware-Based Phishing” is what happens when a scammer attaches a harmful computer program — or malware — onto emails or websites.

Malware is a computer program is made to look helpful, but if downloaded to your computer, will record all your keystrokes and what websites you visit. The malware then uses what it learns to steal your identity.

One example is an email that’s disguised as coming from Norton Anti-Virus. It prompts you to install an updated web browser “to improve your computer security.”

Don’t fall for it! When you click on the link, you’re downloading malware.

To protect yourself, be vigilant when downloading any program from the web. Contact the organization that supposedly sent you this email message, either by sending a separate email or making a phone call. Tell the company you got an email urging you to download a specific file, and you want to know if it’s legitimate.


Caller ID Spoofing: Fraudulent Calls from the Social Security Administration Number

Caller ID “spoofing attacks” are scams where identity thieves falsify the phone number they are calling from to try to trick you into providing personal information. Caller ID spoofing is also used by telemarketers: they use a phone number close to your own to make you think the caller is a neighbor or someone you know.

If you get a call showing that it is coming from the Social Security Administration (SSA), be leery. Scammers are spoofing the SSA’s 1-800 number to try to steal personal information. In this scam, they will say they are with the SSA and need your social security number to update your benefits payment, or they could threaten to stop payments if you don’t give them the information.

The real SSA will not threaten you to get personal information, and they will not promise to increase your payments in exchange for you providing the information.

If you have any doubt, call the SSA directly at 1-800-772-1213 – this is the same number you may see come up on your caller ID. Because caller ID spoofing has become more prevalent, it good practice to never provide any personal information to anyone who has called you – if you must provide your personal information over the phone, do so only when you have placed the call to an official phone number.


Skimmers: Credit Card Theft Devices

A “skimmer” is a device identity thieves install on an ATM or at a store’s checkout counter to copy the information from your debit or credit card.

It scans the data from your card’s magnetic strip and keeps it in an electronic storage device. That way, an identity thief can use your card to make unauthorized purchases.

Skimmers are not some bogus, imaginary urban legend. They really exist, and they can be difficult to notice. Read more about how to spot and avoid skimmers.

To combat skimming, make it a habit to periodically check your credit report or better yet freeze your credit.Visit our Information Center for details on how to do this.


Child Identity Theft

Children’s social security numbers can be used by identity thieves to open bank accounts and credit cards and apply for government benefits, loans or utility services.

Warning Signs:

  • Turned down for a government student loan because the benefits are being paid to another account with the child’s social security number.
  • Received a notice from the IRS saying the child did not pay income taxes, or that their social security number was used on another return.
  • Collection calls for products or services you did not receive

We recommend that you freeze your child’s credit. Please visit our website for instructions on how to freeze credit. Remember it is very important to retain the PINs, user IDs & passwords you establish when freezing credit as there will be times that you will need these to request a temporary suspension of the freeze.