With breaches like Equifax in 2017 impacting 56% of Americans, you can no longer assume your personal information is private and important information like SSN, Date of Birth, phone Numbers, and home addresses are readily available tin criminal networks and on social media.

In response to the increasing attacks of online accounts and services, I put together a list of 11 things you can do to help protect yourself. I strongly encourage you to take the time to go through the below and at a minimum freeze your credit with the 5 Credit Bureaus. While these best practices will not prevent your identity from being stolen, it will make it harder for criminals to cause damage to your reputation. As always, please remember: I am NOT your lawyer or financial advisor so please take care and ensure the option is valid for your situation.

If you are looking for deep dive into options for personal privacy, I highly recommend checking out the book Extreme Privacy: What It Takes to Disappear by by Michael Bazzell. He also freely shares some of his guides on his website https://inteltechniques.com/index.html covering Credit Freezes and Data Removals. Alot of this following post is inspired by his work.

- Best Practices for Everyone -

  1. Get a Password Manager
    • Change the passwords on your accounts to meet best practices
      • Minimum of 15 characters and not a single dictionary word
        • Password Managers can auto generate passwords for you
      • No single password should be used across multiple accounts
    • Great place to store all the pins and details for Credit Freezes
    • The Password to your Password Manager needs to be passphrase that you can easily remember, since it is guarding all your secrets.
    • Options:
  2. Enable 2 Factor Authentication for all accounts that support it (https://twofactorauth.org/)
  3. Enable a PIN on your Mobile Account to minimize risk of SIM Swapping
    • Sprint customers:
      • Log in to your account on Sprint.com then go to My Sprint > Profile and security > Security information and update the PIN or security questions then click Save.
    • AT&T subscribers:
      • Go to your account profile, sign in, and then click Sign-in info. Select your wireless account if you have multiple AT&T accounts, then go to Manage extra security under the Wireless passcode section. Make your changes, then enter your password when prompted to save.
    • T-Mobile users:
      • Set up a PIN or passcode the first time you sign in to your My T-Mobile account. Pick Text messages or Security question and follow the prompts.
    • Verizon Wireless customers:
    • If you are on a Company/Corporate managed plan this is already enabled for you
  4. Set up an IRS account with your Social Security Number to help prevent criminals from creating an account using your identity
  5. Check your free Credit Report
    • https://www.annualcreditreport.com
      • Start with Equifax
      • 1 Free report, per year, from each of the three largest credit bureaus.
        • This means that you can get three free credit reports every year.
        • Instead of viewing all three reports at the same time, create a schedule to spread out the viewings.
      • Close Unused Open Credit Accounts
      • If you find any fraudulent activity:
        • Contact any financial institution that hosts any fraudulent accounts and notify them of the issues
        • Request your report from the other two credit bureaus to verify no additional fraud not listed on the 1st report
          • Follow the applicable steps in the ID Theft Section
  6. Credit Freeze
  7. Freeze Employment and Salary History
    • The Work Number (Equifax)
      • Call:800-996-7566
      • Write them: TALX Corporation, ATTN: Employment Data Report Dept 19-10, 11432 Lackland Road, St. Louis, Missouri 63146
  8. Opt-Out of Unsolicited Credit/Insurance Offers (These are the pre-approved credit and insurance offers that you receive in the mail)
  9. Have your physical mail scanned to you via the post office
  10. Get Notified if your Online Account is part of a Hack/Breach
  11. Remove Your Info from Public Data Broker Websites
    • https://joindeleteme.com/
      • Automated for about 40 sites, Paid Service with data removal every 3 months.
    • https://www.privacypros.com/
      • Paid Service and Expensive. Remove you from the largest list of sites (161) since they do manual checks and provide quarterly reports.
      • Best if you are someone who has a public profile or are concerned about being Doxed.
      • Caution: The firm used to be privacyduck.com, founded by a well-known privacy advocate named William Nash-McAdam who passed away in July 2021. The firm shutdown after his death and was relaunched under Parker Lewis.
    • You can also do it yourself for free, however a lot of these data brokers are only required to remove your data for 60 days.

- If you are a Victim of Identify Theft -

  1. Get organized and Document Everything
    • As you go through this process, keep a file folder or journal with information from the incident and your reports, including any case numbers.
    • Hang onto any notes, copies of emails and other documentation. If you face any identity issues or find inaccuracies on your credit history sometime in the future, you’ll need to reference this paper trail.
  2. Check your Credit Reports from the 3 Main Bureaus (Equifax, Experian, TransUnion)
  3. Contact any financial institution that hosts any fraudulent accounts and notify them of the issues
    • IF Employment Related:
      • Contact your employer’s human resources department to document the incident
      • Contact the State’s Employment Department. You’ll need the following information handy so they can verify your identity
        • The last four digits of your social security number
        • Your date of birth
        • Your address
        • Your current phone number
        • Information on how you learned a claim was filed on your behalf.
  4. File an online or nonemergency police report with the law enforcement agency whose jurisdiction you live in.
    • A tip from Seattle police: “Some government services and accommodations are available to victims of identity theft that are not available to the general public, such as getting certain public records sealed”
  5. Contact the Federal Trade Commission (FTC) and the Internal Revenue Service (IRS). File a short report with the FTC:
  6. Place a Fraud Alert:
    • A fraud alert is free.
      • Business must verify your identity before it issues new credit in your name.
      • You can renew the fraud alert after one year
    • Extended Fraud Alert:
      • Available if someone stole your identity
      • Lasts for 7 years
      • Copy of FTC Identity Theft Report / Police Report
  7. Do Everything above in the Best Practices Section

- Additional Resources -