3. Treat social networks like dark street corners. You never know who's lurking among your friends and acquaintances. Hackers have targeted Gmail, Facebook, and LinkedIn, and users of those sites should be especially wary of clicking on embedded links, even those "recommended" by friends. Hackers also send emails that appear to be from social networking sites but are, in fact, fake emails designed to capture personal information. Again, users should avoid clicking on links embedded in emails.
4. Use the Net to your own advantage. If you bank online, you don't have to wait until the end of the month to check your statement. You can log in anytime and make sure nothing is amiss. An errant charge is often one of the first signs of identity theft, so check statements carefully and alert your bank immediately of any problems.
5. Get free help. Many credit card issuers offer free and automatic identify-theft protection to customers. (That's one advantage credit cards have over debit cards.) If you see erroneous charges on your statement, call your credit card company, which should investigate on your behalf. The law requires credit card companies to dispute erroneous charges. For most people, paying a monthly fee for extra monitoring services is unnecessary. (Once a year, consumers can get their credit report free of charge through annualcreditreport.com.)
6. Think of a new word. Consumers are tasked with remembering dozens of passwords for various retailers, banks, and accounts, making it almost impossible to remember them all, especially since they often include mixes of numbers and letters. Keep careful track of your passwords in a secure document, rely on mnemonic devices to boost your memory, or come up with some other clever strategy—but don't stick with simple passwords that are easy for strangers to guess. Also, change your passwords on a regular basis.
7. Never, ever give your Social Security number to anyone online. If a site asks for it during the checkout process, it's probably a scam site.
8. Shred or safely store financial mail. Bank statements, investment documents, and other financial paperwork can give thieves clues about account numbers, Social Security numbers, and other personal information. Destroying documents with a cross-cut shredder works, but you can make it easier on yourself (and the environment) by limiting your paper trail wherever possible. Shifting to online banking and document storage can reduce your chances of falling victim to a dumpster diver.
9. Fight back quickly. If you are hacked, step one is calling your bank, says McNelley. That's because banks have sophisticated systems in place that can immediately begin closely monitoring your account for signs of identity theft. They can also and shut down and replace any accounts if necessary. In fact, banks are often the first to notice something amiss, even before the victim.
As long as consumers report fraud in a timely manner, the law limits their liability to between $50 and $500, says Sims.
10. Trust your gut. "You often hear, after consumers used an ATM with a skimming device, they had a bad feeling about it. If you do have that feeling, listen to it," says McNelley, and remove yourself from the situation.
Taking these simple steps is like remembering to lock your door at night, or turn on your alarm system. Says McNelley, "Bad guys go for the house that's unprotected. If you take the basic measures, then generally you have less risk about getting compromised."
Kimberly Palmer (@alphaconsumer) is the author of the new book Generation Earn: The Young Professional's Guide to Spending, Investing, and Giving Back.