Having your identity stolen can be a real nightmare. Take these simple steps to protect yourself immediately.

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Unless you have Luddite levels of paranoia, chances are you have a significant personal presence online. Hackers and ne’er-do-wells can leverage that presence to steal your identity, with disastrous results for you. You could wake up one morning and find your bank account empty, or find that you can’t even see the balance because you’re locked out. You might discover a surprise lien on your house. If some malefactor committed a crime using your identity details, the police could come pounding on your door.

How can you head off these potential disasters? Here are some simple tips that can help you stop identity theft. None of these will guarantee your safety against a hacker who has targeted you personally, but so many people fail to protect themselves that most criminals go for the easy marks. These tips can help make sure you, and your identity, aren't among the chumps.

Never discard or recycle bank statements, bills, or any documents that contain your personal information. Invest in a home document shredder, and use it. When in doubt, shred! It worked for Ollie North, and it can work for you, too. Do check with your local waste removal service about what to do with the shreds, as they may not be accepted for paper recycling.

You don't need constant hands-on access to vital documents like birth certificates, tax returns, social security cards, and so on. Keep those in a fireproof home safe or lockbox. That's a better choice than a bank safe-deposit box. Safe-deposit box contents aren't insured for their full value, the boxes aren’t guaranteed proof against fire or disaster, and banks have been known to drill out boxes and remove their contents(Opens in a new window) without notice.

But don’t stop there—get a lockbox for your digital docs as well! By using encryption software, you can ensure that a snoop who gains access to your computer won't be able to see your sensitive documents, much less read them.

A breach at any secure site could conceivably reveal your login credentials to thieves, so you should always change your password after a breach. If you’ve used that same password on dozens of other sites, that’s bad. Very bad! Hackers and thieves know that people are lazy, so when they get hold of login credentials for one popular site, they quickly try them on other sites. You can minimize the collateral damage by using a different strong password for every secure site. Of course, you'll need a password manager to keep them straight, and you need to use it correctly. That includes protecting the password manager itself with one very strong master password that you can remember but that nobody else would guess.

Even the strongest master password can be captured by a keylogger or a shoulder-surfer. You can further protect your password treasure trove by enabling multi-factor authentication (MFA). With MFA active, access to your passwords requires both the master password and another factor such as your fingerprint or a code received on your phone. Just knowing the master password won't let a hacker gain access.

You can’t avoid providing personal information when you want certain things, for example, a mortgage, or a new insurance account. In those situations, though, you've initiated the process, and you've verified you're dealing with a legitimate company. When a company contacts you asking for personal info, whether by snail-mail, email, or phone, zip your lip. Don't fall for the scam. If you feel the contact might be legitimate, ask for a way to contact them after you've done some investigating.

It's nice to get help from tech support for any computer problems you may have. Don't be fooled, though, by self-proclaimed tech support experts who contact you by phone, email, or otherwise. Yes, they may claim that your computer is sending out viruses. They may insist that you’ll be in big trouble if you don’t have them clean it. They'll come up with any wild story, but eventually they'll start asking for passwords, or requesting remote access to your computer. Hang up, and block the caller.

That smartphone in your pocket is an identity thief's dream. It has your email, IM, social media, and other apps, potentially logged in and available. It contains personal data galore, including all your contacts. A thief who has unfettered access to your phone owns your identity, period.

You absolutely must use a strong authentication method to lock the phone. A four-digit PIN just won’t cut it, nor will a too-simple swipe pattern. Your best bet is biometric authentication, such as fingerprint or facial recognition like that offered by modern iPhones, backed by a seriously strong passcode using all characters, not just numbers. Hey, you only need to type that passcode after you upgrade your operating system.

Getting a data-stealing Trojan installed on millions of computers is hard work. It's much easier to simply trick victims into giving away their credentials. Phishing websites mimic banking and other sensitive sites, in hopes that some poor sap will log in, giving up both username and password. They may even redirect to the actual site, so you don't realize you've been robbed of your credentials.

Don't give your identity away. If you get an email apparently from your bank, don't click any links. Instead, log on to the bank's site directly. Look for a secure HTTPS URL and lock icon, and be sure the URL in the address bar is correct. And if your antivirus or browser flags a site as fraudulent, stay away!

Phishing is a problem in the workplace, too. In an attack dubbed spear phishing, malefactors craft extremely convincing emails, designed to fool employees or executives into giving away their passwords, or even transferring money into shady accounts. Stay alert when using your work email.

Nobody should use a PC or laptop without the protection of a powerful antivirus, or, better, a full-blown security suite. A few security suites include antitheft protection for laptops; there are also standalone utilities that can lock down a lost or stolen laptop and even help recover it. Security products for mobile devices tend to combine antivirus and antitheft. Android devices are particularly vulnerable, but any device can get lost or stolen, so install protection.

Don't stop there; install a Virtual Private Network, or VPN, as well. Your local security software protects your data on your own devices, while the VPN protects it as it travels the internet. Using a VPN also serves to hide your personal IP address, thereby preventing websites from identifying your location based on that address.

Sharing your posts and pictures with your circle of social media friends is fun, but you might be sharing with identity thieves if you're not careful. It's very important to correctly secure your social media. Check your privacy settings from time to time, as the social media services are fond of making changes.

For an eye-opening experience, download your data from Facebook and other social media sites. Seeing what’s already out there may inspire you to lock down your account more thoroughly.

You're eligible for one free credit report per year from each of the big three credit agencies. You can sign up for reports from TransUnion, Equifax, and Experian at www.annualcreditreport.com. Yes, the Equifax breach exposed personal data for 143 million Americans in 2017, but that breach didn’t put the company out of business. Pro tip: don't get the reports all at once. Get one at a time, four months apart. That will give you better coverage overall. Also consider signing up for the free, ad-supported Credit Karma service, which keeps a watchful eye on your credit score.

One more thought. You've surely seen advertisements that promise protection against identity theft. In truth, these services can't prevent identity theft, but they provide an early warning system, and can be a great help when you’re dealing with the consequences. The best ones combine identity theft monitoring and remediation with security protection for your devices, at a price substantially less than buying those two services separately. Check our roundup of identity theft protection software and consider how much you’d pay for peace of mind.

You don't have to turn your life upside down to protect against identity theft. Follow these simple tips and you'll have a very good chance of thwarting the identity thieves.

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

Your subscription has been confirmed. Keep an eye on your inbox!

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my "User to User" and "Ask Neil" columns, which began in 1990 and ran for almost 20 years. Along the way I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.

In the early 2000s I turned my focus to security and the growing antivirus industry. After years working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.

Read Neil J.'s full bio

PCMag.com is a leading authority on technology, delivering lab-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.

© 1996-2022 Ziff Davis. PCMag Digital Group

PCMag, PCMag.com and PC Magazine are among the federally registered trademarks of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate any affiliation or the endorsement of PCMag. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.