If you think cyber-crime only happens in the movies, think again. Year over year, the number of cyber-attacks on individuals, specifically identity theft, continues to rise. But there are steps you can take to protect yourself from getting hacked.

According to the 2019 Identity Fraud Study from Javelin Strategy & Research, the number of consumers who were victims of identity theft in 2018 was 14.4 million. Identity theft occurs when someone assumes the identity of another and gains access to sensitive data.

How Thieves Get Your Information

Solving an identity theft is much harder than avoiding one, so it’s good to know where your information might be compromised.

First things first: No one is stealing your information by breaking into your house and reading the passwords off of the sticky notes on your monitor. Writing your passwords down isn’t the best solution, but it’s pretty low risk for your private computer. Obviously, don’t do it in the office or at school. Here are some of the most common ways that identity thieves can collect information:

· Phishing is an attempt to gain your information by disguising oneself as a legitimate organization. You might get an email telling you that there’s a problem with your credit card account and you need to log in to fix it, but when you click on the link, it takes you to a convincing clone of your credit card provider’s website. Once you enter your login credentials on the fake site, they can use them on the real site to steal your money.

· Password leaks. It’s rare that thieves actually guess or crack someone’s password. Instead, they wait until a huge batch of passwords are leaked from something like Adobe, eBay, LinkedIn, or one of many others that have happened in the last few decades.

“So what,” you might think. “There’s no financial information on my LinkedIn account.” But the thieves can then develop bots that try the same username and passwords on every major banking or credit card website. If you’ve reused passwords, they’re in.

· Login scams. This one has been going around Craigslist and other marketplace sites for a while. Basically, a thief will pretend to be verifying your identity for the sake of buying something from you. They’ll say “Google just sent you a code, can you tell me what it is?”

In reality, they’ve just tried to log into your Gmail account. Gmail forces you to enter a verification code when you forget your password, but they only send the code to the real you. When you give the thief the code, they can access your Gmail account. From there, they can hold it for ransom or troll through your old emails for other useful login or financial information.

· Prize scams. A good rule of thumb is that if you’re told you won a prize and you don’t remember entering, it’s a scam. Lots of fake emails will tell you that you’ve won a vacation or a cash prize, but they need your credit card info to verify your identity. Don’t fall for it.

How to Protect Yourself From Getting Hacked

The internet can be a wild place, and scammers are constantly getting cleverer when it comes to tricking victims. Luckily, there are few precautions you can take:

1. Use a password manager. If you have to write all your passwords down, that’s a step in the right direction, but a true password manager is the most secure option. It allows you to create, track, and enter a brand new password for every website you visit, thus protecting you from password leaks.

2. Use a dynamic password. You do not need to come up with a random jumble of letters and numbers that you’ll never remember for every password. Instead, think of a “base” password with letters, numbers, and punctuation – something like “J0HN’Spa$$word.” Then adapt it to each website you use. For your bank, set your password to “J0HN’Spa$$wordbank.” For Facebook, use “J0HN’Spa$$wordfacebook.” Each password is secure, but unique and easy to remember.

3. Don’t use the internet to provide sensitive information. If you need to give out your password, Social Security number, or another form of sensitive information, never use email, chat, or web forms.

4. Double check suspicious calls. If you receive a phone call from a company that you don’t know or trust asking for personal information, hang up. Call the company directly to make sure they were the original callers.

5. Question anything that’s too good to be true. Phony work-from-home companies offer aggressive compensation after you provide a credit card number for your “starter kit.” Call the organization said to be paying you to confirm pay rate and return on your personal investment. If an offer, any offer, seems too good to be true, it probably is.

6. Beware of email scams. No reputable company will ask you to confirm sensitive information over email. Similarly, distant relatives and Nigerian royalty are most likely not trying to wire you hundreds of thousands of dollars. As always, if you’re questioning the legitimacy of a message, call the company or individual directly to confirm.

7. Get multiple forms of proof. Get written confirmation of what a company is doing with your information, get in touch with security providers to make sure a company is covered under their protections, and always track your correspondence.

8. File your taxes early. Don’t wait until April (or July) – thieves can file a false tax return to try to get their hands on your refund, and then when you file, the IRS will tell you that they already have a return in your name. Once you have your forms in hand, file away! The earlier you can get it done, the harder it will be for someone to defraud you.

9. Look for secure websites. It’s surprisingly easy to fake a legitimate-looking website, so you can’t count on your ability to recognize it on sight. Instead, look for a little padlock icon in the address bar, confirm that the URL is the real site, and if you’re skeptical, call the contact number to confirm.

Stay Safe Online

In today’s digital world, you can’t take the security of your personal information for granted, nor can you stay 100% safe from every threat online. What you can do is to take precautions. If you follow these steps, you stand the best chance of keeping your information and your identity safe.

Smartphones, computers, and online storage devices all store vital information. Passwords are one of the first key elements to protecting that information. You can make login information more secure by pairing the password - something you know (knowledge) - with another factor, such as something you have (possession) or something you are (inherence). Something you have might be a smartphone, and you can prove you have the phone by reporting back the PIN code that was sent to it in a text message. Something you are could include your fingerprint or other bio-metric data. When two of these factors are combined to secure an account it is called two-factor authentication.

Two-factor authentication is an important layer of defense beyond your password. It decreases your risk of falling victim to a compromise because criminals need access to two separate items to compromise your account – for instance your password and your smartphone (to receive the PIN code). Cyber criminals regularly “leak” (release) login credentials from compromised websites. They then use these leaked login names, email addresses, and passwords to find other accounts using the same credentials. This allows them to easily impersonate you online, gain access to work and personal accounts, sign online service agreements or contracts, engage in financial transactions, or change account information. Enabling two-factor authentication makes it more difficult for criminals to use this technique against you, because a password would not be sufficient to gain access.

Turning on two-factor authentication is really important on websites that process financial transactions (banks), contain sensitive information (Facebook), or could be used to impersonate you (Twitter). You can usually enable two-factor authentication through the security settings, and directions to enable two-factor authentication are available in the help section of each website (It may be called “login verification” on some websites). If you can’t find the directions on how to enable two-factor authentication on a specific website, an Internet search for “enabling two-factor authentication on” and the name of the website will usually get you the directions. To be more cyber secure, turn on two-factor authentication and pair it with a strong, unique password.