An unfamiliar bill. A call from a bank asking about unknown charges. Being turned down for a loan or an apartment because of red flags in your credit check. All these are signs your identity may have been stolen.
Forms of identity theft include using stolen payment-card information to make a purchase; taking control of existing accounts with banks and online payments platforms such as PayPal; and opening new accounts with online sites such as eBay and Amazon, mobile carriers or utilities.
The No. 1 consumer complaint filed with the Federal Trade Commission for the past 14 years, identity theft is on the rise. More than 13 million people were victims of identity theft in 2013, according to the latest report from Pleasanton, Calif.-based Javelin Strategy & Research. It's also big money for the thieves, with Javelin estimating $18 billion in identity theft-related losses in the United States for 2013. [Best Identity-Theft Protection Software]
"The situation around credit card and identity theft is getting worse, and shows no signs in the near or intermediate term of getting any better," said Christopher Budd, a threat-communications manager at Tokyo-based anti-virus company Trend Micro.
Identity theft can happen to anyone — there's no single group that is more or less susceptible to being victimized.
"We're not so smart and careful that we can control everything," Budd warned.
How identity theft happens
Your identity can be stolen because a store's point-of-sale terminal was compromised, as happened in the recent massive Target data breach, or because someone cloned your credit card when you were paying a bill at a restaurant, or perhaps because a malware infection on your computer intercepted your financial details.
Your identity can also be stolen by non-digital means. For example, someone could fish an old checkbook or credit card statement out of your trash.
"We're at a point where people have to start taking active responsibility for protecting themselves, because no one else is going to do it for them," Budd said.
Here are 10 tips that can help you protect your identity.
Don't use your Social Security number as ID
Eighty percent of the top 25 banks and 96 percent of top credit-card issuers will let you access your accounts with your Social Security number (SSN) instead of an account number, according to Javelin. Tell your bank you will never do this; that way, your bank will know anyone trying to access the account with the SSN isn't you. In general, don't blindly hand over your SSN when it's asked for. Instead, ask why such information is necessary, and if there is an alternative form of ID that can be used.
Secure your personal data
If you keep your financial records online, on a computer or on a mobile device, secure these records behind a strong password. Change passwords frequently on all accounts, and turn on two-factor authentication wherever possible. Check activity regularly for any account that involves money, not just bank and credit cards. For example, regularly check statements from your mobile carrier to make sure additional devices or services haven't been added. [How to Turn On 2-Step Verification]
Be savvy about email
Whenever a data breach makes headlines, scammers piggyback on the news by sending out fake emails to already jittery consumers, containing bogus fraud alerts and fake password-reset links. Treat every email you get about a potential data breach, or warning about potential fraud, with skepticism. Don't ever click on a link or open an attachment in a data-breach-notification email message.
Protect your devices
Make sure your computer and mobile devices are running the latest versions of their operating systems and software, as well as up-to-date versions of anti-virus software. Don't use Windows XP systems for online shopping or banking, especially not after April 8, 2014 when Microsoft officially ends support for the operating system. Consider using super-secure "hardened" browsers or virtual software when accessing sensitive accounts. [Best Anti-Virus Software 2014]
Buy a shredder and use it
Identity theft doesn't always require a computer. Professional identity thieves know that garbage cans and company dumpsters are rich troves of financial documents, including canceled checks and credit card and bank statements. Don't toss out your identity with the trash — instead, shred anything sensitive before you throw it away. [Best Paper-Shredding Services]
Sign up for alerts and monitoring
Ask your financial institution to email you whenever funds are transferred out of your account. If your credit card company offers an alert service for suspicious charges, take it. Consider instituting a credit freeze with the three major credit bureaus to prevent new accounts being opened in your name; you can do so every 90 days. Consider paying for a real-time identity-theft and credit-monitoring service. You can also look into identity-monitoring services, which monitor thousands of black-market websites and notify you if your data ever shows up. [Best Credit Monitoring Services]
Don't take calls from the IRS
The Internal Revenue Service, or any organization authorized to act on behalf of the IRS, will not initiate contact via email, social media, text message or telephone. The government will use the good old postal service first. If you get a call, text or email claiming you owe back taxes or exorbitant fines, it's likely fake. Don't hand over your credit card number. Hang up instead, and call the IRS directly if you have questions.
Lock your mailbox
Every day, millions of bank statements and credit card bills land in mailboxes. Passports and Social Security cards are also sent through the mail. If you have an old-style curbside mailbox, it's easy for anyone to steal your mail. Invest in a locking mailbox; many come with a slot into which mail can be deposited, while others have keys you can share with the mail carrier. [7 Ways to Lock Down Your Online Privacy]
Get copies of your credit reports and check for any unusual account activity you don't recognize. Even a quick check of social-media sites and search engines can reveal if someone is impersonating you. When you find a problem, report it immediately. A quick response will reduce the amount of damage you will have to suffer.
Take data-breach notifications seriously
One-third of the people who received data-breach notification letters became identity-fraud victims in 2013, according to Javelin. Forty-six percent of consumers with compromised debit cards in 2013 became fraud victims in the same year, compared to only 16 percent of consumers with a compromised Social Security number. If you receive a data-breach notification letter that includes an offer for a free monitoring service, take advantage of it. Take all the steps recommended in the notice, such as changing passwords and monitoring financial statements closely. [How to Survive a Data Breach]
More on Tom's Guide and MNN: