IE 11 is not supported. For an optimal experience visit our site on another browser.

6 common habits that put you at risk for identity theft

Data breaches and hacks are often unavoidable, but security experts say there are some everyday habits that put consumers even more at risk.
Image: Woman on phone with credit card
Before providing your credit card information or social security number over the phone, make sure that it’s absolutely necessary.Tom Grill / Blend Images - Getty Images

According to a report by Javelin Strategies, U.S. residents lost $16.8 billion to fraudsters in 2017, and the number of victims increased 8 percent over the previous year.

U.S. residents lost $16.8 billion to fraudsters in 2017.

Unfortunately, identity thieves are getting smarter, which means that consumers have to be even more vigilant when it comes to protecting their personal information and their financial well-being. Thieves are launching more complex schemes, but consumers also don’t think twice about many common practices that put their data — and their money — at risk.

It’s easy to be cavalier with your passwords and personal information — and to believe identity theft won’t happen to you. Here are six common habits to break right now.

You use the same simple password for multiple online accounts

Security experts agree that using weak passwords is one of the most common bad habits that puts consumers at high risk for identity theft. Data shows that people tend to reuse passwords for multiple logins despite the security risk, and often these passwords are simple words or phrases that themselves contain personally identifiable information. This means that if a bad actor gets ahold of one password, he or she suddenly has access to your bank accounts, your Gmail history and your Amazon cart.

Shockingly, “password” and “123456” are still among the most popular passcodes. To secure your accounts, skip the easy-to-guess options and the basic requirements to tack on a number and capital letter — instead, use a random password generator to create unique, complex passwords for each account, change your passwords often, and keep track of your logins with a password manager app.

The answers [to password recovery questions] can be found through social media. People should make it a habit to lie outrageously and uniquely for each website.

Password recovery systems are another gaping security hole, says Lance Cottrell, chief scientist at Ntrepid, a privacy and security-focused technology company. A thief can easily find your mother’s maiden name or the city where you got married by browsing your Facebook profile. Make your responses to these questions just as difficult to guess as your actual passwords.

“Often the answers [to password recovery questions] can be found through social media,” Cottrell says. “People should make it a habit to lie outrageously and uniquely for each website, keeping track of the lies in a password manager.”

You avoid checking your banking and credit card statements on a regular basis

Checking your account balances isn’t always fun, but not doing so means you could miss fraudulent transactions that indicate your identity has been stolen. You should scan your account statements and your credit report frequently for purchases you didn’t make and lines of credit you didn’t request.

“Reviewing your bank accounts, credit card statements and credit reports regularly won’t necessarily prevent identity theft, but it will help you catch it early before you incur too much damage,” says Brianna Jensen, an identity theft expert with consumer security site ASecureLife.

Credit card fraud is one of the most common types of identity theft. You are eligible for a free report from each of the three major credit bureaus once a year, so request one every few months in addition to reviewing other financial statements at least weekly.

You overshare on social media and don’t check your privacy settings

Social media is rife with scammers who take advantage of weak privacy settings to lure you in. Even if you don’t fall victim to a phony Facebook lottery, thieves can still glean personal information from your supposedly private profiles. Geotagged photos, birthday posts, and childhood throwbacks give savvy criminals answers to those oversimplified security questions and generally help them impersonate you.

“Don’t share any information with sites unless you are comfortable with that information being posted on a postcard and sent to your own house,” says Ron Schlecht, managing partner at cybersecurity firm BTB Security.

Cut thieves off by tightening your privacy settings and limiting what you post. Check your settings every time a social media platform releases an update or asks you to agree to a revised privacy policy.

You send sensitive information via email or unsecure messaging services

Nigerian princes aren’t the only ones scamming consumers through email. If you include account numbers, attach sensitive documents or simply write things you’d never share publicly, you open yourself up to identity theft. Even if you have a strong password or use two-factor authentication to protect your own account, your messages are only as secure as those you send your information to.

Plus, when you delete messages from Facebook, Slack or email, that data still lives in a place that’s accessible to thieves who can intercept or hack into accounts or servers.

“Our inbox, sent and deleted folders are treasure troves of sensitive information about ourselves and our family,” says Mike Fleck, vice president of security at Covata, which provides data security solutions for businesses. Avoid sending account numbers and sensitive documents via unencrypted messages.

You rarely update your apps and device software

Frequent app updates aren’t just there to annoy you. They actually patch critical security holes that would otherwise leave your data vulnerable to hackers and viruses.

“What might have been secure enough yesterday is no longer secure enough today — sometimes because bugs have been discovered and sometimes because technologies have evolved,” says Gary McGraw, vice president of security technology at software security company Synopsys.

If your devices have an automatic update setting, enable it. And if you get a notification that a new software version is available, address it immediately.

You give away too much information — especially when you are in public

There are very few situations that actually require you to provide any kind of personally identifiable information in public or to someone you don’t know, so be wary of anyone who requests this.

For example, a telemarketer calls and asks you to confirm your name and address. You have no way to verify that person’s credentials, which means you just gave your name and location to a stranger, which they can then use to piece together your personal profile. Other situations are less sinister but just as risky: You don’t think twice about providing your credit card number to confirm an appointment or stating your social security number for your doctor’s office over the phone, but you never know who is listening nearby.

Before you give away any information, whether in person, over the phone or online, make sure that it’s absolutely necessary to do so and that your data will be communicated or transmitted securely.

Experts say that data breaches, hack and identity theft are an all-too-common — and often unavoidable — reality, so consumers should take steps to avoid becoming victims whenever possible.

“The most dangerous habit a person can have is to be too trusting,” says Mark Gazit, CEO of data analytics provider ThetaRay. Whenever you’re dealing with your financial information and personal data, “you must assume that you will be hacked.”

More ways to protect your data

Want more tips like these? NBC News BETTER is obsessed with finding easier, healthier and smarter ways to live. Sign up for our newsletter and follow us on Facebook, Twitter and Instagram.