Kathleen G. Kane - Pennsylvania Office of Attorney General - Protecting Pennsylvania Consumers

 Click for the Spanish Translation

checklist with green backgroundPreventative Measures ? Checklist
 
1. Shred all sensitive documents that you intend to dispose of, including bank statements, credit card bills, receipts, utility bills, ATM receipts, and pre-approved credit offers.
One of the most common methods of identity theft is so-called ?dumpster diving? where a thief will root through trash bins in search of sensitive documents.

2. Use unique passwords that only you know.
Ideally, all your passwords should be a minimum of eight characters in length and employ at least one symbol that is not a number or letter, such as an ampersand (&), percent symbol (%) or any of the other symbols created by pressing ?shift +? a number at the top of your keyboard. Never use the same password for all of your accounts and change your passwords every month. Avoid re-using old passwords or using birthdates, friends? names, maiden names or common codes such as ?God,? ?password,? ?administrator,? etc. MOST IMPORTANTLY, NEVER USE YOUR SOCIAL SECURITY NUMBER AS A PASSWORD.

3. Never write down your passwords or keep them on your person.
Try to memorize all passwords so that the information is not susceptible to theft. Moreover, if you forget your password, procedures are in place with your financial institutions to reset or remind you of your password. While these procedures may be involved and time-consuming, they are better than risking your financial security.

4. Be wary of giving out your social security number, account number, credit card number, passwords or user ID.
Treat any communication seeking this information or directing you to a website or toll-free number wherein you are asked to enter your Social Security number, account number, credit card number, user ID or password with suspicion. If the communication pertains to an existing account or government program in which you are already enrolled, the person or entity contacting you should already have this information. (See our sections on Phishing, Pharming and Vishing) When in doubt, hang up the phone or delete the email and consult your local Blue Pages, the back of your credit card or a previous financial statement for a trusted contact number. If the call was legitimate, the entity or agency will know what you are calling about and direct you to the appropriate personnel. When approached about opening a new account or enrolling in a new program, do not hesitate to check up on the solicitor before supplying it with sensitive information. In the alternative, simply ask if the entity is willing to substitute another number for your Social Security number. While many companies use your Social Security number to identify your account with them, they are often willing to substitute another number for this purpose.

5. Secure your mail.
Never leave mail unchecked for long periods of time. Much like dumpster-diving, identity thieves often attempt to pilfer sensitive documents from full mailboxes. The longer a mailbox is left unchecked, the more likely it is to contain sensitive information. If you are going to be away, request that the Postal Service hold your mail until your return by calling 800-275-8777. Similarly, if you never receive your expected bill, immediately contact your credit or service provider as an identity thief may have diverted your mail to another address. Opt-out of junk mail by contacting the sender and requesting that they remove you from their mailing list; calling 888-5-OPT-OUT (888-567-8688) to be removed from mailing lists for free credit card offers; or contacting the Direct Marketing Association to request your name be removed from their mailing lists. When sending outgoing mail, do not leave the items in an unsecured mailbox. Instead, drop your outgoing letters in a blue mailbox or take it to your local post office. Never put identifying information, such as account numbers, on the outside of your mail.

6. Use extreme caution when surfing the internet.
Only provide personal identifying information over secured sites using encryption technology. It is all too easy for identity thieves to intercept your sensitive information over the internet. By using secured sites, as denoted by an ?https? URL in your web browser?s address bar or a small yellow padlock in the lower right corner of your web browser, you can ensure that no other persons on the internet can view your data transfer. Data encryption further scrambles the information you send over the internet so that eavesdroppers only see meaningless random characters.

In addition to using encryption and secured sites, make sure you have up-to-date virus protection on your computer in order to protect against malicious programs, such as Trojan Horses, that can record your keystrokes, websites you have visited and any personal information you have saved on your computer. Even if you have adequate virus protection, you should avoid storing your personal information on your computer. Another way of ensuring the security of your personal information over the internet includes the use of disposable email accounts for each transaction you complete over the internet in order to avoid spam emails.

7. Check your credit report today!
Often times, victims of identity theft are never even aware of the theft until it is too late and their credit rating has been seriously damaged. However, you are entitled to a free copy of your credit report every 12 months. Take advantage of this entitlement in order to be absolutely certain that the information upon which your credit rating depends is accurate. See our Contacts List ? Credit Reporting Bureaus for information on how to receive a free copy of your credit report.