Five Ways to Keep Identity Thieves Guessing

Identity theft continues to be more than just a costly headache. Fraud scams and identity theft reports continued to top the list of scams reported to the FTC in 2024. In fact, nearly 6.5 million incidents were reported to the FTC last year, and over 1 million of those incidents included an instance of identity theft. These numbers prove that while scams and identity theft continue to evolve, so do the tactics that criminals use to commit these crimes. Read on to learn about some lesser-known steps you can take to help avoid becoming the next victim of identity theft and fraud.

1. Use fake answers for your security questions

One simple way to add a layer of protection to your accounts is to choose wrong or nonsense answers to security questions. If at age 16, you drove a green SUV, the security answer to “What was your first car?” might be “big avocado” rather than “green Ford Explorer.” The idea is to choose an answer that only has meaning to you and cannot be easily guessed. Real answers to your security questions may have been published in the past if you have ever participated in social media quizzes, polls, and challenges. Avoid using your real information, especially information typically found in security questions, like your mother’s maiden name or the name of the street you grew up on, in any situation, no matter how seemingly harmless it may seem. A moment of fun could lead to many lost hours spent repairing damage to your identity.

2. Opt in for multi-factor authentication

When available, enable multi-factor authentication (“MFA”) to your online accounts. MFA is a type of authentication that adds two or more layers of security beyond a password. If only two factors are used, it is sometimes referred to as two-factor authentication or 2FA. While passwords should always be difficult to guess, and you can work to protect the answers to your security questions, adding another step to the login process decreases the chance that a hacker can gain access to your accounts. MFA typically works by sending a verification code by SMS text, by email, or by voice to a phone number listed on your profile. You must enter the provided code before being allowed to complete the login process. MFA should always be added when available. To know whether your account provider offers MFA, you may need to investigate your online options or give the company a call to ask, as it is not always offered proactively. Or you can check out this unofficial registry of companies offering multi-factor authentication. Also keep in mind that adding this security step to your login process may prevent a bad guy from locking you out of your own account if they were to gain access by getting your password and then adding their own email and mobile number as the verification contacts. It can be incredibly difficult to regain control of your account after it has been hacked, so be sure to add this feature as soon as possible.

3. File your taxes early

As this IRS Taxpayer Guide to Identity Theft website states, “tax-related identity theft occurs when someone uses your stolen personal information, including your Social Security number, to file a tax return claiming a fraudulent refund.” One simple way to avoid scammers getting a hold of your tax refund is to file before they do! Surprisingly, this type of fraud affects an estimated hundreds of thousands of Americans every year. Often, the scam isn’t uncovered until an individual tries to file their own return and their refund is rejected because it has already been claimed. Get everything in order now and file early. This way you can both mark the chore off your list and avoid leaving your refund out there for someone else to claim.

4. Be smart and stay private on social media

Two ways people put themselves at risk on social media are by disclosing their location and engaging with strangers. It’s incredibly rare to truly need to share your location with a large group of friends and followers, yet location sharing is often an app’s default setting. Some social media platforms keep location sharing on all of the time in the background, so you can always see another user’s location. This allows ill-meaning individuals to access your home and work address, your travel routines, when you might be out of town, and your favorite vacation destination. Mobile location settings are often lifesavers when navigating in a new city or avoiding traffic jams, but allowing the social media universe to know where you are at all times is never necessary and can be detrimental to the security of both your identity and your possessions. While most people know to limit the information they share with those they meet online, there are still thousands of cases each year of people losing their money or identity information to a romantic interest or a new friend who wasn’t who they claimed to be. Remember to keep your personal information private if you make connections online.

5. Routinely check your “in-app” privacy settings

Occasionally, posts, articles, or notifications will remind us to review our privacy information, and for a time after doing a reassessment, our settings will remain locked down. However, sharing a public post from a business (to qualify for a prize, for instance) can reset your privacy preferences for future posts. Creating an intentionally public post, like when you have an item to sell or need to find a missing pet, can also change privacy settings on a future update that you intend to be more personal. On a regular basis, check your privacy settings in the apps where you are active, and take an extra second to check each social post before publishing to ensure that it is reaching only who you intend. Consider culling your friends list to those in your inner circle, or set most of your updates to only reach a select number of friends and family. Games and shopping apps are often checking your background in the same way to show you more relevant and personal ads. Locking down what you are sharing will help you protect your information while also using the internet to stay connected with friends and family in the way that you intend.

Add an annual task to your calendar to check in on these security measures and get started now. Also verify that your account passwords aren’t reused or easy to guess (especially on banking, mortgage, and investment accounts).

And remember, if you suspect that your identity has been compromised, you have access to an Identity Theft Recovery Advocate as a benefit if you have our top checking accounts. These professionals are trained and ready to help you reverse the damage and get back on track quickly. Our experienced advocates know how to spot identity theft and, when necessary, will support you through the process of repairing any damages.