ID Theft & Privacy Checklists

Here are U.S. PIRG's identity theft and privacy tips, including descriptions of different types of ID theft; checklists  for preventing, detecting, and resolving ID theft; a checklist for protecting your online privacy; and links to additional resources. These documents can also be downloaded here.

TYPES OF IDENTITY THEFT

There are a variety of ways stolen data can be used, depending on what was taken. Different types of ID theft and fraud include:

Financial Identity Theft  

Existing Account Fraud: If a thief obtains a credit or debit card number, the thief can access existing bank and credit accounts for in-person transactions.

New Account Identity Theft: With a full name and Social Security number (SSN), a thief can open up new credit accounts.

Tax Refund Fraud

With a full name, SSN, and a birthdate, a thief can attempt to file your taxes and claim your refund.

Health Care/Medical Fraud

With a full name, SSN, a birthdate, (and sometimes an existing health insurance account number), a thief can attempt to receive benefits and services in your name.

Reputational & Physical Harm

Some breaches involve personal information that can be used to blackmail, stalk, or otherwise inflict reputational or physical harm against data breach victims.

Phishing

With just a phone number or email address, a thief can use “phishing” scams to attempt to collect more information needed to commit any of the above more severe crimes.

PROTECT YOURSELF FROM IDENTITY THEFT

Use these checklists to help you prevent, detect, and resolve identity theft.

PREVENTING IDENTITY THEFT

The first key to protecting yourself from ID theft is prevention.

ID Theft Prevention for Online & Electronic Activity

  • Consider locking your laptop at your work desk or when you’re in a public place.

  • Set a password for your computer, smartphone, and tablet. Use six digits instead of four for your smartphone password.

  • Set online account passwords that include at least 10 characters and a combination of capital letters, numbers, and symbols in the middle of the password, not the beginning or end.

  • Avoid using the same password for different accounts. Consider using a password manager.

  • Turn on two-factor authentication for your online accounts if available. You will receive additional codes for accessing your online accounts, in addition to your passwords.

  • Keep all software updated. Turn on automatic updates for all software, including antivirus programs.

  • Don’t show information on social networking sites that is commonly used to verify your identity, such as date of birth, city of birth, mother’s maiden name, name of high school, etc. If you do, don't use that information to verify your identity.

  • Turn on your laptop’s firewall and turn off file sharing and “network discovery” for public WiFi connections.

  • Turn off automatic connections to WiFi networks on your electronic devices.

  • Send personal information online through fully encrypted websites or apps. Encrypted websites start with https. The non-profit Electronic Frontier Foundation has the HTTPS Everywhere extension for your web browser that will make sure you’re using encrypted communications on websites that support encryption. In addition to using encrypted websites, online transactions are best conducted over secure encrypted WiFi connections or your phone’s data network, versus an unsecure WiFi connection.

  • Consider using a Virtual Private Network (VPN) when in public.

  • Secure your home router. Steps for doing so are available on the Federal Trade Commission’s website.

  • Disable Bluetooth connections on devices when not in use.

  • Watch out for “phishing” scams where identity thieves request personal information by pretending to be a legitimate entity, such as a bank or the IRS. Ignore unsolicited requests for personal information by email, links, or over the phone - and only contact entities by means you know to be legitimate.

  • Use credit cards instead of debit cards for all online and in-person purchases if possible. Consumers have more legal protections against fraud with credit cards and can also avoid having to wait for stolen funds from checking accounts to be replenished. Consider only carrying debit cards for trips to the ATM or cash-back transactions.

  • Sign up for your “my Social Security” account If you receive Social Security benefits through direct deposits. This will help prevent a scammer from opening an account in your name and changing your direct deposit information.

  • Dispose your old computers and mobile device safely to keep data out of the wrong hands. You’ll want to look up steps for your specific device, but below are basic steps.

For computers: Save data you want to keep and transfer, “wipe” or overwrite your hard drive many times, and keep it out of the landfill by recycling, donating, or reselling it. (Deleted files can still be recovered if you don’t wipe your hard drive clean many times.)

For mobile devices: Backup your phone, reset your device, remove or erase SD & SIM cards, and keep it out of the landfill by recycling, donating, reselling, or trading it.

ID Theft Prevention for Offline Activity

  • Do not disclose your full nine-digit Social Security number unless absolutely necessary, and never use it as an identifier or password. Question those who ask for it. If someone calls claiming to be from your bank security department, it’s best to hang up and call the number on your card.

  • Lock your records and financial documents at home.

  • Lock your mailbox if it's lockable.

  • Shred documents containing personal information (name, account numbers, any part of your social security number, and birth date) before throwing them away.

  • Opt out of pre-approved (pre-screened) credit & insurance offers. Credit and insurance companies buy “prescreened” lists from the credit bureaus to make pre-approved offers to prospective customers. While such offers provide consumers with information about possible credit options, identity thieves may steal these pre-approved offers and apply for them with your personal information. Optoutprescreen.com is the official website where by law you can opt out of receiving these offers for five years or permanently. You can also opt back in any time.

  • Use the chip side of chip enabled cards, instead of the magnetic strip side, for in-person purchases whenever possible. Beware devices called skimmers and shimmers that criminals install on ATMs and card readers at checkout lines or gas pumps to steal your credit card information. When using ATMs and card readers, look and touch for signs of tampering, such as mismatched colors or loose parts. Always cover your hand while hand typing a PIN, and avoid using ATMs in secluded locations. ATMs at banks are the least likely to have skimmers.

  • Use credit cards instead of debit cards for online and in-person purchases if possible. Consumers have more legal protections against fraud with credit cards and can also avoid waiting for stolen funds from checking accounts to be restored.

  • Place credit freezes on your credit reports. Our separate “credit freeze” tips explain how to prevent new account identity theft by freezing your credit reports.

  • File your taxes as soon as possible to help prevent tax refund fraud. A fraudster can still file taxes in your name even if you’re not required to file taxes or aren’t eligible for a refund.

  • Protect your deceased loved ones from identity theft by notifying appropriate institutions of their deaths.

DETECTING IDENTITY THEFT

  • Check your monthly statements for unauthorized charges. Be suspicious of phone calls about surprise debts.

  • Sign up to receive email and/or text notifications of account activity and changes to account information.

  • Instead of paying for over-priced subscription credit monitoring, use your free annual credit reports as your own credit monitoring service. Every 12 months, federal law gives you the right to receive one free credit report from each of the three main credit bureaus, Equifax, Experian and TransUnion. Instead of requesting three at the same time, request one credit report from one of the bureaus every four months. Verify that the information is correct and that accounts have not been opened without your knowledge. Free credit reports are available online at AnnualCreditReport.com, by phone at 1-877-322-8228, or by mail. There are other non-official sites that offer free reports too. 

Beware of sites that promise free reports and credit scores but may use trial-offer gimmicks to urge you to switch to paid credit monitoring or other services. There are some sites that offer no strings attached, free monitoring services - just expect to see ads. And also know that the credit scores on those sites are most likely not FICO scores as used by most creditors.

  • Check if your online accounts have been hacked. Haveibeenpwned.com is a free tool you can use to check whether your online accounts may have been compromised in data breaches.

RESOLVING IDENTITY THEFT

  • Visit Identitytheft.gov, the government’s official website that will walk you through clear checklists of actions you can take to recover from identity theft.

PROTECT YOUR ONLINE PRIVACY

Use this checklist to help you control how your personal information is used or shared.

  • Cover the camera on your laptop to prevent hackers from watching and recording you.

  • Consider your options for blocking websites, advertisers, and others from tracking your online activity on your computer, including: adjusting your cookies settings on your browser, installing a tracking blocker for your web browser, or opting out of targeted advertising. Note that “private browsing” settings by themselves still allow your activity to be communicated to third-parties during a browsing session.

  • Consider your options for blocking advertisers from tracking your online activity on your mobile device, including turning off ad tracking and resetting “device identifiers.” You can also research ways of controlling ad tracking on your other smart devices, such as internet connected entertainment systems.

  • Check your the privacy settings on your mobile device to control the access that different apps have to your personal information, including location, personal contacts, photos, calendar, and health data. Many apps have the ability of tracking your location even when you’re not using them.

  • Check your privacy and other settings in your Facebook account to control tools such as face recognition, location history, and ad preferences.    

  • Check your privacy settings in your Google account to control tools such as the collection of your web searches and other activity and the ads you see.

  • Check your privacy settings in your other apps and social media accounts.

IDENTITY THEFT & PRIVACY RESOURCES

Issue updates

Blog Post | Consumer Protection

Addicted to Hand Sanitizer: A Wells Fargo Scandal Update | Ed Mierzwinski

More questions continue to be raised about the Wells Fargo scandal. When did it really start- 2013, 2011 or 2005? What did execs know and when did they know it? How many frontline employees were fired because they complained as whistleblowers? Does setting up a fake account constitute criminal identity theft? Should deposed chairman and CEO John Stumpf go to jail? If the culture was pure, how did a frontline worker get "addicted to (drinking) hand sanitizer? Should he pay back more bonus compensation? Here's a flyaround of some of what's going on. By the way, did you know that even the Better Business Bureau has thrown Wells out?

> Keep Reading
Blog Post | Consumer Protection

Consumer Financial Protection Bureau: By the numbers | Kathryn Lee

The Consumer Financial Protection Bureau released a breakdown of their successes they’ve had in the short five-year period they’ve been established. We're very proud to have been a part of building it and defending it; we're also very proud of the many achievements the youthful CFPB has made to make the financial marketplace fairer for consumers.

> Keep Reading
Blog Post | Consumer Protection

Will Wells Fargo CEO Tell Senate "No Clawbacks" of Exec's Golden Parachute? | Ed Mierzwinski

Wells Fargo CEO John Stumpf goes before the Senate Banking Committee Tuesday (9/20) to explain the recent $185 million in combined civil penalties by the CFPB and other regulators over a sales goals incentive scandal that led to employees opening some 2 million fake, secret accounts without the knowledge of customers. How will he respond to the growing public clamor for a clawback of bonuses paid his top retail executive Carrie Tolstedt, whose retirement with a $125 million golden parachute package had been announced earlier this summer? 

> Keep Reading
Blog Post | Consumer Protection

Wall Street Ramps Up Attacks on Wall Street Reform | Ed Mierzwinski

On Friday, the House overwhelmingly approved a Wall Street-driven proposal to weaken oversight of private equity firms, taking a chunk out of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. But wait, there's so much more: On Tuesday the House Financial Services Committee takes up the so-called "Financial Choice Act," which eviscerates most of Dodd-Frank's key reforms, from stripping powers of the Financial Stability Oversight Council to repealing the Volcker Rule, which reins in risky betting practices that use depositors' money. As for the CFPB (which just this week issued its biggest fine to date, $100 million against Wells Fargo Bank for opening hundreds of thousands of fake and secret consumer accounts to meet sales goals), the proposal would defund and defang it and delay or stop its efforts to rein in unfair practices of payday lenders, debt collectors and banks. Many of the Financial Choice Act's provisions also pose threats as budget bill "riders."

> Keep Reading
News Release | U.S. PIRG | Consumer Protection

CFPB Issues Record $100 Million Fine on Wells Fargo For "Beyond Outrageous" Sales Practices

On September 8 the CFPB announced a record $100 million civil penalty plus consumer restitution against Wells Fargo, among the  nation’s largest banks, for a series of unfair and abusive sales practices by “thousands” of employees that included opening “secret” accounts for “hundreds of thousands” of existing customers, solely to meet sales goals to receive financial incentives. The CFPB action was joined by simultaneous orders announced by the U.S. Office of the Comptroller of the Currency (OCC) ($35 million civil penalty) and the City of Los Angeles ($50 million civil penalty). Our statement follows.

> Keep Reading

Pages

News Release | TexPIRG | Consumer Protection

30th Annual Survey Finds Dangerous Toys on Store Shelves

Dangerous or toxic toys can still be found on America’s store shelves, according to TexPIRG (Public Interest Research Group) Education Fund’s 30th annual Trouble in Toyland report. The survey of potentially hazardous toys found that, despite recent progress, consumers must still be wary when shopping this holiday season.

> Keep Reading
News Release | U.S. PIRG | Consumer Protection, Make VW Pay

Volkswagen’s $1000 Gift Cards Fall Short

Statement by Mike Litt, National Consumer Advocate with U.S. PIRG, on Volkswagen’s offer of $1,000 in gift cards to customers affected by its emission scandal.

> Keep Reading
News Release | TexPIRG | Consumer Protection

TexPIRG Recommends Staying Away From Paid Monitoring Services as FTC announces LifeLock settlement

Credit monitoring and other services that are usually offered to data breach victims and other concerned consumers do nothing to prevent identity theft; they only detect certain types of fraud after it has occurred. 

> Keep Reading
News Release | U.S. PIRG | Consumer Protection

PIRGs, Others Ask CFPB & FTC To Investigate Experian/T-Mobile Data Breach

In a letter sent today, a number of state PIRGs and other leading privacy and consumer groups urged the CFPB and FTC to fully investigate the recent breach of an Experian subsidary that exposed 15 million T-Mobile customer and applicant records to the threat of new account identity theft. The letter asked whether the regulators could require Experian and the other two nationwide credit bureaus -- TransUnion and Equifax -- to give victims free security freezes to protect their credit reports.

> Keep Reading

Pages

Blog Post | Consumer Protection

Court Reinstates Case Against Bank That Aided Senior Citizen Fraud | Ed Mierzwinski

This week, the 3rd Circuit, U.S. Court of Appeals overturned a lower court decision that had denied class action status to victims of a scheme targeting senior citizens who were suing Zions Bank and its payment processor affiliates for aiding the fraudsters. U.S. regulators led by the Department of Justice have been fighting this and similar schemes, yet powerful special interests have managed to create a false narrative in Washington, DC that has been picked up by opponents of consumer protection laws. They falsely claim that the government's target is "legitimate" payday lenders and gun dealers. Wrong, the target is financial crimes against consumers, many consumers.

> Keep Reading
Blog Post | Consumer Protection

IRS Admits Data Breach Worse Than Thought, Will Congress Do Wrong Thing Anyway? | Ed Mierzwinski

This week, the IRS has admitted that thieves accessed the personal information -- enough to allow them to take your tax refund -- of an additional 220,000 taxpayers, on top of the 114,000 reported in May. Meanwhile, we remain  concerned that Congress will use continued publicity about the Target breach and other breaches as an excuse to pass dangerous data security legislation. Dangerous? Yes, because it would only protect against limited financial identity theft harms, but eliminate stronger state protections against the harms posed by the IRS breach, the health insurance breaches and the OPM breach.

> Keep Reading
Blog Post | Consumer Protection

House To Vote On Godzilla-Sized Rule Blocker, As Financial Committee Considers Smaller Rollbacks | Ed Mierzwinski

UPDATED: REINS Approved, near party line vote. Today, the House Financial Services Committee takes up a package of smaller rollback bills, many of which are opposed by Americans for Financial Reform and the PIRGs. Meanwhile, the House will bring up the Godzilla of all anti-health and safety bills, the REINS Act. Fortunately, the President has promised a veto.

> Keep Reading
Blog Post | Consumer Protection

The CFPB is 4 years old and has a lot to show for it! | Ed Mierzwinski

Tuesday, July 21, marks four years to the day since the Consumer Financial Protection Bureau opened its doors to protect consumers and make financial markets work. We've summarized some of the ways CFPB works for you on a new web page.

> Keep Reading
Blog Post | Consumer Protection

How the CFPB’s Data Keeps Getting Better and Better | Mike Litt

As the CFPB turns 4 years old on July 21, here is some information on how it works for you and how we at PIRG use its data to produce reports, such as our new report on mortgage complaints to the CFPB. We've also got some photos from the Americans for Financial Reform "CFPB at 4" event.

> Keep Reading

Pages

View AllRSS Feed

Defend the CFPB

Tell your senators to oppose the “Financial CHOICE Act,” which would gut Wall Street reforms and destroy the Consumer Financial Protection Bureau as we know it.

Support Us

Your donation supports TexPIRG's work to stand up for consumers on the issues that matter, especially when powerful interests are blocking progress.

Consumer Alerts

Join our network and stay up to date on our campaigns, get important consumer updates, and take action on critical issues.
Optional Member Code