Skip to content
Advertiser Disclosure: We may earn a commission when you click links to products from our partners. Learn more.

How to Protect Yourself from Identity Theft (and What to Do If It Happens)

By · · 10 min read
Hacker hand stealing data from credit card

1.4 million identity theft reports were filed with the FTC in 2023. A credit freeze, strong passwords, and knowing what to do if your info is stolen are your best defenses. Here is the complete guide.

In 2023, Americans reported 1.4 million identity theft cases to the Federal Trade Commission, with total losses exceeding $10 billion. The most common types: credit card fraud, government benefits theft, tax refund fraud, and new account fraud (someone opening accounts in your name).

If you have a Social Security number, a credit card, or an email address, you are a potential target. Your personal data has almost certainly been exposed in at least one data breach (check at haveibeenpwned.com). The question is not whether your data is out there. It is whether you have the defenses in place to prevent someone from using it.

The good news: the most effective protections are free, take 30 minutes to set up, and dramatically reduce your risk. Here is the complete playbook.

The single most important thing you can do: freeze your credit

A credit freeze (also called a security freeze) prevents anyone from opening new credit accounts in your name. When a lender runs a credit check to approve a new credit card or loan application, the freeze blocks access to your credit report. No access means no approval. The fraudulent application gets denied.

How to freeze your credit:

You must freeze your credit at all three bureaus separately:

  1. Equifax: equifax.com/personal/credit-report-services/credit-freeze/
  2. Experian: experian.com/freeze/center.html
  3. TransUnion: transunion.com/credit-freeze

Each freeze takes about 5 minutes online. You will create an account (or log into an existing one) and request the freeze. You receive a PIN or password that you will need to temporarily lift the freeze later.

Cost: $0. Credit freezes have been free nationwide since 2018, thanks to the Economic Growth, Regulatory Relief, and Consumer Protection Act.

When you need to lift the freeze: If you apply for a new credit card, mortgage, auto loan, or apartment, the lender needs to check your credit. You temporarily lift (“thaw”) the freeze at the specific bureau the lender uses (they will tell you which one). You can lift it for a specific time period (1 day, 1 week) and it refreezes automatically.

Does a freeze hurt your credit score? No. Your score is unaffected. Existing accounts (current credit cards, loans) continue to work normally. The freeze only prevents new accounts from being opened.

This is the #1 recommendation. Every financial expert, from the Consumer Financial Protection Bureau (CFPB) to NerdWallet to Clark Howard, recommends freezing your credit as the baseline identity theft prevention. If you do nothing else in this guide, do this.

Beyond the credit freeze: layered protection

Monitor your credit reports

Pull your free credit reports from AnnualCreditReport.com (the only federally authorized source) at least once per year. You can now pull free reports weekly from all three bureaus.

Review every account listed. If you see an account you do not recognize (a credit card you never opened, a loan you never took out), that is a sign of identity theft. Dispute it immediately with the bureau.

Credit monitoring services like Credit Karma (free) alert you when new accounts appear on your credit report or when your credit score changes significantly. Set up alerts and review them when they arrive.

Protect your Social Security number

Your SSN is the master key to your identity. Protecting it means:

  • Never carry your Social Security card in your wallet. Keep it in a safe or locked drawer at home.
  • Only share your SSN when legally required: tax filings, employment (W-4), opening bank/brokerage accounts, applying for credit. If someone asks for your SSN, ask why they need it and if an alternative identifier works.
  • Do not share your SSN over the phone unless you initiated the call and verified the recipient.
  • File your tax return early (January or February). Tax refund fraud happens when someone files a fraudulent return using your SSN before you file yours. Filing early beats them to it.
  • Create an account at ssa.gov (Social Security Administration). This prevents someone else from creating an account with your SSN and redirecting your benefits.

Use strong, unique passwords

According to Verizon’s Data Breach Investigations Report, compromised passwords are involved in 80%+ of data breaches.

  • Use a password manager (Bitwarden is free and excellent, 1Password and Dashlane are paid but feature-rich). Generate unique 16+ character passwords for every account. You only need to remember one master password.
  • Never reuse passwords. If your password for an old shopping site gets leaked (it probably has), every account using that same password is compromised.
  • Enable two-factor authentication (2FA) on every account that offers it, especially email, banking, brokerage, and social media. Use an authenticator app (Google Authenticator, Authy) rather than SMS text codes when possible. SMS codes can be intercepted via SIM-swapping attacks.

Secure your email

Your email is the gateway to every other account (password resets go to your email). If someone gains access to your email, they can reset passwords on your bank, brokerage, and credit card accounts.

  • Use a strong, unique password for your email.
  • Enable 2FA on your email account.
  • Use a separate email for financial accounts (banks, brokerages, credit cards) than the one you use for shopping, social media, and newsletters. This reduces exposure if a retailer gets breached.

Be cautious with public Wi-Fi

Public Wi-Fi networks (coffee shops, airports, hotels) can be intercepted. Do not log into banking or brokerage accounts on public Wi-Fi without a VPN (Virtual Private Network). If you must access financial accounts on public networks, use your phone’s cellular data instead.

Watch for phishing

Phishing emails and texts impersonate banks, the IRS, Amazon, or other trusted entities to steal your login credentials or personal information.

Red flags:

  • Urgent language (“Your account will be suspended!”)
  • Links that do not match the official website (hover over links before clicking)
  • Requests for your SSN, password, or verification code
  • Emails from addresses that look almost right but are slightly off (support@arnaz0n.com instead of amazon.com)

Rule: Never click links in unexpected emails or texts. Go directly to the company’s website by typing the URL in your browser. If the IRS, your bank, or your brokerage needs to contact you, log into your account directly.

What to do if your identity is stolen

If you discover fraudulent activity, act immediately. Time matters.

Step 1: Place a fraud alert (immediate)

Contact any one of the three credit bureaus and request a fraud alert. That bureau is legally required to notify the other two.

  • Equifax: 1-800-525-6285
  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289

A fraud alert lasts one year (extendable to seven with an identity theft report). It requires creditors to verify your identity before opening new accounts. This is a lighter version of a credit freeze.

If you have not already frozen your credit, do both: fraud alert AND credit freeze.

Step 2: Report to the FTC (same day)

File a report at IdentityTheft.gov. This is the FTC’s official identity theft reporting portal. It generates a personalized recovery plan and an Identity Theft Report that you can use to dispute fraudulent accounts and file a police report.

Step 3: File a police report (within 24 hours)

File a report with your local police department. You may need the police report number to dispute fraudulent accounts with banks and creditors. Many departments allow online filing.

Step 4: Contact affected companies (within 24 hours)

If a fraudulent credit card was opened in your name, call the card issuer’s fraud department and report it. If your bank account was compromised, contact your bank immediately. They will close the fraudulent account, issue new account numbers, and begin the investigation.

Under federal law (Fair Credit Billing Act), your liability for unauthorized credit card charges is limited to $50 (and most issuers waive this entirely with zero-liability policies). For debit cards, your liability depends on how quickly you report: $0 if reported before charges occur, $50 if within 2 business days, up to $500 if within 60 days, and unlimited after 60 days.

This is one reason we recommend using credit cards over debit cards for everyday spending: better fraud protection.

Step 5: Dispute fraudulent accounts on your credit reports

File disputes with each credit bureau for any accounts or inquiries you do not recognize. Include your Identity Theft Report from the FTC. The bureau has 30 days to investigate and remove fraudulent information.

Step 6: Monitor for ongoing fraud (next 12 months)

Identity theft can recur. Monitor your credit reports monthly for the next year. Keep the credit freeze active. Watch your bank and credit card statements for unauthorized charges.

Consider IRS Identity Protection PIN: the IRS IP PIN program assigns you a unique 6-digit PIN that must be included on your tax return. Without it, a fraudulent return cannot be filed using your SSN.

Common types of identity theft and how to prevent each

Credit card fraud: Someone uses your existing card number for unauthorized purchases. Prevention: Enable transaction alerts on all cards. Review statements monthly. Use virtual card numbers for online shopping (offered by Capital One, Citi, and others).

New account fraud: Someone opens a credit card, loan, or bank account in your name. Prevention: Credit freeze blocks this almost entirely.

Tax refund fraud: Someone files a tax return using your SSN and claims your refund. Prevention: File early (January/February). Get an IRS IP PIN.

Medical identity theft: Someone uses your insurance information for medical services. Prevention: Review Explanation of Benefits (EOB) statements from your insurer. If you see charges for services you did not receive, report immediately.

Child identity theft: Criminals use children’s SSNs (which have no credit history to trigger alerts). Prevention: Freeze your children’s credit at all three bureaus. Yes, you can freeze a minor’s credit.

Synthetic identity theft: Criminals combine real information (your SSN) with fake information (different name and address) to create a new identity. Prevention: Credit freeze and monitoring. This is harder to detect because the accounts do not appear under your name.

Should you pay for identity theft protection?

Companies like LifeLock, Aura, and Identity Guard charge $10 to $30/month for identity theft monitoring and insurance.

What they provide: Credit monitoring (you can get this free from Credit Karma), dark web monitoring (somewhat useful), identity theft insurance (typically $1 million, covers recovery costs), and recovery assistance (a specialist helps you dispute fraudulent accounts).

Our take: The most important protections (credit freeze, credit monitoring, strong passwords, 2FA) are free. Paid services add convenience and insurance but are not necessary for most people.

If you want peace of mind, a $10/month service is reasonable. If you prefer to save $120/year, the free tools listed in this guide provide the same core protection.

Your identity theft prevention checklist

Complete these in order. Total time: about 30 minutes.

  1. Freeze your credit at all three bureaus (15 minutes)
  2. Set up a password manager and update passwords on financial accounts (30 minutes over a few days)
  3. Enable 2FA on email, banking, and brokerage accounts (10 minutes)
  4. Create accounts at ssa.gov and irs.gov to secure your SSN (5 minutes each)
  5. Sign up for Credit Karma or similar free monitoring (5 minutes)
  6. Set up transaction alerts on all credit and debit cards (5 minutes)
  7. Check haveibeenpwned.com for exposed email addresses (2 minutes)
  8. Get an IRS IP PIN for tax filing protection (5 minutes)

Items 1 through 3 provide 90% of the protection. Do those today.

Frequently asked questions

Does a credit freeze affect my existing credit cards? No. Your current cards, loans, and bank accounts work normally. The freeze only prevents new accounts from being opened.

How do I unfreeze my credit to apply for a new card? Log into the bureau’s website (Equifax, Experian, or TransUnion) and temporarily lift the freeze. You can set it to lift for 1 day, 1 week, or a specific date range. It refreezes automatically.

Is a credit freeze the same as a fraud alert? No. A freeze blocks access to your credit report entirely (stronger protection). A fraud alert tells creditors to verify your identity before approving new accounts (lighter protection, relies on the creditor actually checking). A freeze is always preferable.

My data was exposed in a breach. What should I do? Freeze your credit if you have not already. Change passwords on any accounts that used the same credentials as the breached service. Monitor your credit reports for the next 6 to 12 months. If the breached company offers free credit monitoring, accept it.

Can identity theft affect my credit score? Yes. Fraudulent accounts, unpaid bills on accounts you did not open, and hard inquiries from applications you did not make can all damage your credit score. Disputing and removing these items restores your score, but the process can take 30 to 90 days.

Should I freeze my children’s credit? Yes. Children’s SSNs are valuable to identity thieves because they have clean credit histories and the fraud may not be discovered until the child turns 18 and applies for their first credit card. Freeze your children’s credit at all three bureaus. Each bureau has a specific process for minor freezes.

The bottom line

Identity theft prevention is not optional in 2026. Your data is already out there. The question is whether you have the layers of protection in place to prevent someone from using it.

Freeze your credit. Use a password manager. Enable 2FA. These three actions, all free, block the vast majority of identity theft attempts. The 30 minutes it takes to set up these protections can save you months of dealing with fraudulent accounts, disputed charges, and damaged credit.

Do it today. Not tomorrow. Not next week. Today. Your financial identity is worth 30 minutes of setup.

Protect and grow your finances

Leave a Reply

Your email address will not be published. Required fields are marked *