15 Tips To Help You Protect Yourself From Identity Theft And Related Tax Fraud

Identity theft remains a significant concern for taxpayers and the IRS—and it could get worse in the coming weeks. With summer on the way, identity fraud could peak—in 2024, consumers reported that most identity fraud incidents happened in the summer months, when spending is typically high.

According to the Javelin Strategy & Research 2025 Identity Fraud Study, consumers lost a total of $27.2 billion in 2024 due to identity fraud, marking a 19% increase from the previous year. The increase in fraud, which includes new-account fraud, account takeover fraud, and existing card fraud, may be attributed to a rise in cyber attacks and data breaches, particularly those involving cloud service providers and data brokers.

Those statistics are scary, but increased awareness can help. The more you know about how to protect yourself, the better chance you have of avoiding becoming a victim. Here are 15 tips to help you protect yourself from identity theft and tax fraud related to identity theft:

1. Understand that public Wi-Fi access means public. When you’re sitting in Starbucks or your local library, be careful: your data may be vulnerable. Don’t connect to an unknown or unstable Wi-Fi network. If you have an alternative connection available, such as using cellular data, consider opting for that instead. If you must connect to public Wi-Fi, use a VPN (virtual private network). And save really sensitive data—like online banking—for later. It’s best to avoid websites that could expose your passwords or financial information to potential cyber-thieves on public connections.
2. Take care with private documents. With so much emphasis on internet security, it’s easy to forget to safeguard paper documents. Don’t be careless with credit card statements, bank receipts, and copies of tax returns. Securely file the copies you need to keep and shred the ones that you don’t. (For a look at what to keep and what to throw out after Tax Day, click here.)
3. Keep your mailing address current. We’re an increasingly mobile society. It’s rare to retire in the home that you start out in: chances are, you’ll switch addresses more than once. When you move, be sure to notify your financial institutions, credit reporting agencies, and tax authorities so that your mail doesn’t end up in the wrong hands. To easily change your address with the IRS, file Form 8822, Change of Address or if it’s close to the tax filing season, you can simply use your new address on your tax return. You should also file a change of address with the US Postal Service.
4. Keep an eye out on your bank and credit card statements. You should regularly check your accounts to make sure that you recognize all of the transactions. Immediately report any suspicious activity, and double-check any transactions that you don’t remember making.
5. Don’t give away the store online. Companies that do business online love collecting your data. That data helps them make marketing decisions, which means the more data they can gather, the better it is for them. When making purchases or signing up for newsletters, only provide the information the company needs—you don’t have to share all of your information. When you opt in to provide personal information, check the site’s privacy policy to see how that information may be shared with other companies. (Thanks to increased privacy policies in Europe and some states, most websites must now disclose that information.)
6. Use smart passwords. Chances are that you have several websites that require passwords and it can be tempting to cut corners—don’t. Use secure passwords (make sure yours isn’t on this list of most common passwords) and update them regularly—if you can’t think of good ones, use a password generator. Don’t use the same password for multiple sites and don’t use variations on your password when you make updates (adding a ! at the end doesn’t mean it’s secure). If you find it hard to keep track of multiple passwords, consider using a password manager.
7. Say yes to multi-factor authentication. You can add an extra layer of security to your online accounts by using multi-factor authentication (MFA), a sign-in process that requires a password plus an additional step or action, like entering a code from your phone or an app. Banks and agencies—including the IRS—increasingly require you to use MFA to sign in to your accounts. When given the opportunity, take advantage.
8. Be careful with games and memes. I love games, quizzes, and memes. I really do want to know what Disney princess I could be (Belle, of course, because she loves books) or my Bridgerton name (Lady Eliza Jones of Cranhill, apparently). It can be good fun. However, be careful when games and memes request personal information, such as your mother’s maiden name, your first pet, or the street you grew up on. Those questions seem innocent, but they can be attempts to secure out-of-wallet information used to figure out your password or gain entry into your online accounts. If you’re asked for that kind of information—even if it feels like it’s meant to be fun—think hard before clicking and don’t share the details on social media.
9. Don’t fall for phishing and other scams. Phishing typically show up in the form of an unsolicited email that attempts to trick you into clicking on a link or opening an attachment. It may appear to be from a company you know or trust, like a bank or a credit card, or a federal agency like the IRS or Social Security Administration (SSA). Avoid clicking on any links in these emails that lead to websites asking for your personal information. Confirm that you’re on a legitimate site before sharing your data. If you need to access a specific site, log out of any questionable links and navigate directly to the site instead. And remember, the IRS will not reach out to you via email, phone, or text to discuss your account.
10. Be stingy with your Social Security Number. Social Security numbers are a valuable commodity and a top target for identity thieves. That’s because Social Security numbers have become synonymous with our personal identification numbers. It is how we are identified at the doctor’s office, school, banks, and even sometimes, at work. But the reality is that the Social Security number wasn’t intended to be anything other than a way of identifying workers and other qualifying individuals for purposes of Social Security benefits. Today, many companies ask for your Social Security Number, not because they need it, but because they want to use it as an identifying number. Before you give out your Social Security Number, determine whether the company really needs the information—and why. If there is no legitimate purpose, don’t provide your Social Security Number when asked in person and don’t submit it online.
11. Monitor your credit report. By law, you’re entitled to one free copy of your credit report each year from each of the major credit bureaus (Equifax, Experian, and TransUnion) for a total of three reports every year (you may be entitled to additional copies if you’re the victim of identity theft). To claim your free copy, visit www.AnnualCreditReport.com or call 1.877.322.8228. Review your credit report just as you would your credit card or banking statements—check to ensure that you request the transactions and credit requests.
12. Pay attention. Many banks, like mine, will alert you whenever there’s a suspicious transaction on your account (I always get a notification when there’s an international charge, for example). Ask if your bank or lender offers fraud alerts, and use them.
13. Freeze your credit. You can also freeze your credit. It’s free, but you’ll have to place a freeze with the three big consumer credit reporting agencies (again, those are Equifax, Experian, and TransUnion). When you freeze your credit, creditors cannot access your credit report. That means that no one—including you—will be able to open any new accounts in your name during the freeze. To apply for credit or to run a credit check for purposes of signing a lease or applying for a new job, you will need to lift your credit freeze permanently or temporarily. Freezing your credit should happen in real time if you do it online or over the phone, but it can take up to one business day. If you do it by mail, agencies have three days to act. Unfreezing your credit should happen in real time if you do it online or over the phone, but it can take up to one hour. Again, if you do it by mail, agencies have three days to act. Importantly, freezing your credit does not impact your credit score.
14. Create a fraud alert. Freezing your credit does not create alerts or prevent someone who already has access to your account from making bogus charges. If your bank doesn’t do it automatically (see again #12), consider setting up alerts for transactions on your bank accounts and credit cards.
15. Consider adding a “trusted contact.” Since 2018, the Financial Industry Regulatory Authority (FINRA) has required investment companies to ask customers whether they’d like to designate another adult the firm can contact. This trusted contact doesn’t control a customer’s accounts or the ability to see what’s in them. But the investment company can contact this designee if it sees suspicious activity in an account and can’t reach the owner—his is especially helpful for seniors who may need assistance monitoring accounts. Banks and financial institutions aren’t required to offer a trusted contact, but may do so—just ask.

Even if you are super diligent, the reality is that everyone is vulnerable to identity theft. Remember that lots of third parties have access to your data, including trusted advisors, merchants, health care providers and the government.

If your data is compromised, take a deep breath and then make an effort to mitigate any damage to your credit or your accounts, including contacting your financial institution if you’ve detected fraud. You may need to get a new card, switch accounts, or even request a credit freeze (rules vary by state). Additionally, consider filing a complaint with the FTC at identitytheft.gov. If the identity theft involves your taxes, respond immediately to any IRS notice and complete Form 14039, Identity Theft Affidavit, if necessary.