Your ID-Theft Prevention Kit

The bad guys are more clever than ever. But you can still keep them at bay.

Count yourself lucky if no one has tried to steal your good name. Cyber crooks are becoming ever more organized and sophisticated.

To stay safe, it's not enough these days to ignore e-mails from widows of African dictators and those alerts that your eBay account (or your bank account) has been frozen. It's time to get serious about safeguarding your personal information.

Swipe to scroll horizontally
Row 0 - Cell 0 VIDEO: Protect Your Debit Card
Row 1 - Cell 0 VIDEO: How ID Thieves Target the Deceased
Row 2 - Cell 0 Fraud Alert vs. Credit Freeze
Row 3 - Cell 0 Protection You Don't Need

Instead of just phishing, thieves are "spear phishing," gathering details to add credibility when they send you a bogus pitch. MySpace and Facebook are fertile fields. "Through social networking, criminals are getting very smart in doing research on individuals," says Ron Teixeira, of the National Cyber Security Alliance, which includes the Department of Homeland Security, the Federal Trade Commission and major Internet companies. The thieves' goal is to use one of your interests to lower your defenses.

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%
https://cdn.mos.cms.futurecdn.net/hwgJ7osrMtUWhk5koeVme7-200-80.png

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

Say you're job-hunting. Crooks posing as recruiters find your resume and send an e-mail asking for your Social Security number and other information, ostensibly for a background check. Then they open a credit-card account in your name and spend to the limit.

Or you're on the road and eager to pay some bills from your bank account so you don't miss a deadline. There's a free Internet hookup in your hotel, right beside the coffee and croissants. Don't use it. Thieves are known to load keystroke loggers on hotel computers so they can gather your access codes.

There's more. Fake IRS e-mails about tax refunds go out by the millions in an effort to grab your Social Security number. So do requests for donations from charities that look legitimate but just want to get your credit-card number. And now crooks are making the most of the electionsQsending e-mails requesting campaign donations, or setting up look-alike Web sites to collect credit-card numbers and other personal information. Thieves even steal health-insurance codes to get treatment at your expense.

And what about those e-mails and phone calls claiming to be from your bank, warning that your account has been compromised? That's a ploy to get you to call a number that turns out to be the crooks' phone bank.

Computers, credit reports, bank accounts, your wallet and your home are all potential security leaks. We'll tell you how to plug each of them.

Your Computer

This is one of the easiest targets to secure. Three types of programs make a big difference, and you may already have some or all of them. The first is antivirus software. Next is a firewall to guard the stream of information that flows through your Internet connection. Then there's anti-spyware software, which scans for surveillance programs that monitor your keystrokes.

Make sure you keep the software current. Many security programs now update automatically, but check about once a week, especially if you aren't online very often. (For more information on defensive software, go to www.staysafeonline.org, or read "Protect Your PC," July 2007.)

When you're replying or posting to a site, don't use a link that's included in an e-mail, which can easily be faked. Instead, type the correct address yourself. Make sure that "https://" appears in the URL before you send credit-card numbers. "It isn't foolproof, but the bad guys generally don't go through the pain and suffering of getting a security certificate," says Bill Rosenkrantz, of Symantec, which makes Norton security software.

If you're suspicious of an e-mail or phone call from your bank or credit-card company, call the customer-service number on the back of your card or bill. That's safer than clicking on a link or calling a number that you've been given.

And be careful about providing details about yourself on a social-networking site. "Don't disclose your date of birth or other information that could lead someone to piece together enough information to impersonate you," says Susan Grant, of the Consumer Federation of America.

Avoid accessing bank or investment accounts in public. "You shouldn't be logging in to sensitive stuff at a public Wi-Fi hot spot," says Rosenkrantz. "Crooks can hijack that network and replace some of the entries," he says, sending your information to criminals.

[page break]

Your Credit Report

Monitoring your credit report will tip you off that someone is impersonating you when you least expect it. "You could have your wallet stolen today, and it may be two years before your information percolates through the bad guys' hands to the person who eventually tries to use it," says Sally Hurme, of AARP Financial Security.

You can get one free credit report a year from each of the three credit bureaus by going to www.annualcreditreport.com. Stagger your requests so you can get a report from one of the bureaus every four months.

Ask lenders about any strange activity, and look carefully at cards you haven't used for a while. Be suspicious of mistakes that appear minor. "When my clients tell me something odd is going on, one of the first things I look at is the address on their credit report," says Mark Fullbright, a fraud specialist with Identity Theft 911, an ID-theft-resolution service. Thieves often change the billing address so you won't know if your bank sends out a letter alerting you to a problem.

You can place an initial fraud alert on your credit report if you're worried that you have beenQor could beQthe victim of identity theft. That's a good idea if you see any suspicious activity on your report or bills, if your wallet or other information has been stolen, if you've been the victim of a security breach, or even if you're concerned that you've revealed too much personal information.

A fraud alert requires lenders to take extra steps, such as calling you at a phone number you provide, to verify your identity before granting credit in your name. To place a 90-day alert, which you can renew indefinitely, contact one of the three credit bureaus (Equifax.com, Experian.com or Trans-Union.com). Any one of them will notify the others.

Fraud alerts, however, aren't foolproof. For extra protection, you can request a credit freeze, which blocks potential lenders from getting access to your credit report without your authorization. The ability to request a credit freeze may be new to you because this tool became available in all states only last November. Your current creditors are exempt from the freeze, and you can use a PIN or password to open your file for certain lenders or for a certain time period if you apply for credit.

To be secure, you need to freeze your record at all three bureaus. Costs vary by state, but expect to pay $10 to freeze your account at each bureau and another $10 to lift the freeze, even temporarily. The charge is usually waived for victims of identity theft, and some states offer freezes at no charge to residents older than 65.

It can take as little as 15 minutes or as long as three days to lift a freeze, depending on the state. That makes the procedure inconvenient if you need to make a purchase with no advance planning.

Because of the time and money involved, a freeze may not be worth it if you're about to apply for new credit. But it can offer effective protection for someone who is particularly worried about ID theftQespecially seniors who can't check their records regularly and people whose information has been stolen in a security breach. "We think it is a good, proactive step to take," says Christine Nielsen, assistant attorney general in the Illinois consumer-fraud bureau.

Your Home and Wallet

Plenty of personal information is still stolen by digging through Dumpsters, raiding mailboxes and copying credit-card numbers in a restaurant. Your wallet or purse can be a thief's ultimate prize. "The old scams are still out there, and they work," says Fullbright.

Know when your bills and statements usually arrive, and call the creditor if one is more than a week late. A thief could have changed your address.

Check your credit-card and bank records online to spot any suspicious activity long before your monthly statement arrives. Some clues are very subtle. "Thieves sometimes skim your credit cards and test them by making a $1 contribution to a charity," says Adam Levin, chairman of Identity Theft 911. "That's how they put a toe in the water."

Shred personal information that includes your credit-card number, bank account or Social Security number. Lock your mailbox and don't leave outgoing mail in the box. And teach your kids at college to take the same precautions online and around campus. "We see a tremendous number of security breaches in educational institutions," says Paul Stephens, of the Privacy Rights Clearinghouse.

Slim down your wallet to just one or two credit cards and essential IDs. There's no need to carry your Social Security card unless you expect that you'll have to show it.

Some security experts recommend that you ask your bank for an ATM card that does not double as a Visa or MasterCard. In one scam, crooks install a scanning device in a supermarket, gas station or restaurant checkout that transmits the information from the magnetic strip on your card and can be used to copy the card. "You have individuals who have not lost their card and think everything is fine, then all of a sudden they see suspicious charges on their bills," says Stephens.

When your credit-card number is used without your permission, you have 60 days to report the incident after you receive the bill with the hot charges. You're liable for only $50 of unauthorized charges, and most banks waive even that.

With a debit card, a crook can clean out your checking account. Banks generally have ten business days to investigate and replenish your account if they find there has been fraud. Your liability is generally limited to $50 if you report the problem within two days and $500 if you notify the bank within 60 days. The bigger annoyance is the lack of access to your account while the bank investigates.

ID theft is no longer a novelty, but the combination of emboldened criminals and supposedly private information bouncing around the Internet gives swindlers more opportunities. The more seriously you take the threat, the less likely you'll wind up someone's victim.

NEXT: Do You Need ID-Theft Protection Services?

Kimberly Lankford
Contributing Editor, Kiplinger's Personal Finance

As the "Ask Kim" columnist for Kiplinger's Personal Finance, Lankford receives hundreds of personal finance questions from readers every month. She is the author of Rescue Your Financial Life (McGraw-Hill, 2003), The Insurance Maze: How You Can Save Money on Insurance -- and Still Get the Coverage You Need (Kaplan, 2006), Kiplinger's Ask Kim for Money Smart Solutions (Kaplan, 2007) and The Kiplinger/BBB Personal Finance Guide for Military Families. She is frequently featured as a financial expert on television and radio, including NBC's Today Show, CNN, CNBC and National Public Radio.