Identity Theft

Q&A: Relative’s oversharing puts family at risk

September 15, 2025 By Liz Weston Leave a Comment

Dear Liz: Your recent column on identity theft touched a nerve. My husband and I are very cautious about online security and don’t post details on social media that could be used in identity theft. But his mother constantly overshares, has no privacy filters on her accounts and ignores our requests to avoid posting our children’s names or our birthdays. Last week she posted “Happy 7th birthday to my beautiful granddaughter Bailey!” So now the world knows our daughter’s name and exact birth date. How can we get her to stop?

Answer: Older generations sometimes poke fun at younger generations for documenting every detail of their lives on social media. But many older folks ignore a basic rule of internet etiquette, which is that you shouldn’t post about others without their consent. Children, especially, need to be protected from exploitation by identity thieves, cyber bullies, sexual predators and data-mining tech companies. Your mother-in-law clearly doesn’t understand the hazard she’s creating, but her desire for attention does not outweigh your need for privacy or your right to protect yourselves and your children.

Now, first things first. Your mother-in-law may not understand how privacy settings work, so your husband could offer to help her set those up. That alone can help limit the damage she can inflict.

Next, consider having a face-to-face conversation with her where you and your husband calmly explain your concerns and repeat your request that she refrain from posting your private information. (Your husband may need to solo on this one if your relationship with her is contentious.) Focusing on her past mistakes could make her defensive, so consider framing this with “we” statements such as “We’ve made the decision to keep private details off the Internet to protect our children from predators and reduce our vulnerability to identity theft.”

Clearly explain the consequences if she ignores the request. You and her husband will need to discuss this beforehand, obviously, but the repercussions should be significant enough to communicate how important this is. With some grandparents, the idea of you no longer sending photos and details of the grandkids’ lives may be enough. With others, you may need to limit all contact.

Q&A: How do I protect myself from identity theft?

September 9, 2025 By Liz Weston Leave a Comment

Dear Liz: I am regularly notified by my identity theft protection service that there has been a data breach somewhere where my data is stored. I don’t know what in the world I’m supposed to do about this. I try to follow all the recommended precautions, but I also wonder: now that all Social Security data is somewhere in the cloud under some mystery person’s control, is it even worth trying to keep up?

Answer: You’ve discovered the oxymoron inherent in an identity theft protection service. Such companies can’t actually protect you from identity theft, and knowing your data has been compromised is of limited value if you can’t actually do anything to prevent its misuse.

Focus instead on what you can do to make yourself less of a target. Start by freezing your credit reports at the three major bureaus: Equifax, Experian and TransUnion. Credit freezes are free and make it hard for identity thieves to open new credit accounts in your name. You can easily and quickly “thaw” your reports temporarily if you need to apply for credit.

You’ll still need to monitor your credit reports for suspicious activity, and you can request free reports from AnnualCreditReport.com. (Type that name directly into your browser. If the site asks for a credit card, you’re in the wrong place.)

Get serious about online security. Create unique passwords and use multi-factor authentication wherever it’s available, but especially on financial, email and social media sites. Consider using a virtual private network to further protect yourself. Erase all personal data from phones and other gadgets before discarding.

Prevent tax refund fraud by getting a free Identity Protection PIN from IRS.gov. You’ll need to use the PIN to file your tax return, but that should prevent someone else from ginning up a false return and claiming a refund using your ID.

Limit the information you share on social media and elsewhere. Keep your birthday, your pets’ names and your children’s names private. Learn how the privacy features work on the sites you use. Look for options to disable location sharing, limit access by strangers and manage which third-party apps can access your account.

Finally: monitor, monitor, monitor. Regularly review every financial account for suspicious transactions and report any you find immediately. Check medical statements and health insurance records for unauthorized activity as well.

Q&A: Should I be afraid of payment apps?

June 24, 2024 By Liz Weston

Dear Liz: I pay rent via check (yes, I am aware of the risks). My landlord would prefer that I use Zelle, which has drawbacks. People have had their bank accounts drained. Also, I heard that peer-to-peer money transfer apps should only be used by friends and family, not for business, and not for large sums of money.

Answer: As you may know, Zelle payments are made instantly. If you send the money to the wrong party, you could be out of luck. Federal law protects you if your account was hacked, but not if you make a mistake or have been duped into sending money to a scam artist. (Zelle does investigate allegations of fraud, however, and may return the money if you’ve been deceived.)

Many people are comfortable using Zelle and other payment systems to send money to people and businesses they know well, while others aren’t. If you continue to use checks, make sure to mail them directly at the post office or use a shipping service that offers a tracking number, such as Fedex. Monitor your account closely and set up alerts that notify you when checks over a certain amount are cashed. Fraud related to check theft has soared, so you’ll need to be extra vigilant if you continue sending paper checks.

Q&A: Safeguarding your personal data is hard. Here are a few tips.

May 13, 2024 By Liz Weston

Dear Liz: I was recently alerted that my Social Security number has been found on the dark web. My information was part of the AT&T breach that took place recently. I am no longer an AT&T customer and haven’t been for several years, but they have not made any contact with me. What do I do to keep myself safe and how do I get my information removed from the dark web? Why hasn’t AT&T reached out to me?

Answer: As a consumer, you don’t have much power. Companies often demand your personal data, such as Social Security numbers, before they’ll do business with you. Once your information is in their databases, you have no control over what happens to it. And if your information is leaked, there’s no way to remove it from the dark web.

You can’t even be sure how your information got there, given the sheer volume of database breaches in recent years. If you’re an adult with a Social Security number, chances are pretty good that number can be found on the black market sites where criminals buy and share information, says Eva Velasquez, chief executive of the Identity Theft Resource Center, a nonprofit that helps identity theft victims.

In other words, your data may have been compromised long before the latest incident, which AT&T says affected 73 million current and former customers. AT&T began notifying impacted customers via letters or email starting in April. Those customers should have received an offer for free credit monitoring.

There are a few things you can do to make yourself a bit less vulnerable to identity theft, such as putting freezes on your credit reports, not clicking on links in texts or emails if you didn’t initiate the transaction and using digital wallets or other secure payment methods.

Also, don’t be your own worst enemy. Beware of sharing personal information (birth dates, address, phone number, etc.) on social media. Consider limiting your audience to people you know and trust, Velasquez says.

The Identity Theft Resource Center also recommends using passkeys, a technology that replaces passwords, whenever you’re offered that option. If a passkey is not available, the center suggests using passphrases of 12 characters or more rather than shorter passwords. A passphrase is a sequence of words that can be personalized for easier memorization, typically with numbers added and a mix of capital and lowercase letters. The center gives an example of a passphrase for a 2015 University of Texas graduate: “H00kEmH0rns2015.” You’ll still need unique passphrases for every account and site. You also should turn on two-factor authentication or multi-factor authentication where available. This requires an extra step, such as getting a code on your phone or from an app, but this will make your accounts harder to compromise.

Q&A: Alternatives to paper checks

March 4, 2024 By Liz Weston

Dear Liz: Because I am concerned about check fraud, I pay most of my bills online. However, I still need checks for paying my housekeeper, gardener, etc. I use a gel ink pen to deter fraud but was wondering if there is something else I should consider doing.

Answer: Checks you hand to people you know are probably less risky than those you send through the mail, but there may be better options.

Most Americans have accounts with at least one peer-to-peer payment app such as Venmo, Zelle or PayPal. These can be a secure and convenient way to pay people you know.

Be sure to create a strong, unique password for your account and to keep the apps updated. Whatever payment method you use — checks, online payments or peer-to-peer apps — continue to monitor your linked bank or credit card accounts so you can spot and quickly report any suspicious transactions.

Q&A: Identity theft fears? Get a credit report, credit freeze

June 13, 2022 By Liz Weston

Dear Liz: I divorced 32 years ago. Recently, I received calls from a collection agency about a debt that has not been paid. I discovered that my ex used my phone number as one of his contact numbers. My number is supposed to be unlisted and unpublished, but he found it online. I have stopped receiving calls from the agency, but how do I stop this from happening again?

Answer: Please check your credit reports to make sure your ex didn’t swipe even more sensitive digits: namely, your Social Security number. If his credit is bad, he may be tempted to pretend to be you in order to get credit cards, loans or other accounts. That’s identity theft, and there are steps you should take now to protect yourself.

You can access your credit reports for free at AnnualCreditReport.com. (If you’re asked for a credit card number, you’re on the wrong site.) Look for any accounts that aren’t yours and consider freezing your credit reports at each of the bureaus. Credit freezes prevent someone from opening new accounts in your name. You can thaw the freeze whenever you need credit, also for free.

You can’t prevent someone from adding your phone number to their credit applications, but under federal law you can tell a collection agency to stop contacting you, and it must comply. Make the request in writing.