Why: This is the single most effective way to prevent identity thieves from opening new accounts in your name.

How:

Contact the three major credit bureaus (Equifax, Experian, and TransUnion) online.
Request a 'Security Freeze' for your profile.
Save the PINs or passwords provided in a secure location; you will need them to 'thaw' your credit later.

Done when: You have received confirmation from all three bureaus that your credit is frozen.

Why: Reusing passwords is a primary cause of identity theft; a manager allows for unique, complex keys for every site.

How:

Download a reputable open-source password manager like Bitwarden or KeePassXC.
Create one strong 'Master Password' that you do not use anywhere else.
Migrate your most important accounts (Email, Banking) to the manager first.

Done when: The software is installed and your primary email account password is saved within it.

Why: MFA adds a second layer of security, making a stolen password useless on its own.

How:

Go to security settings for your Email, Bank, and Mobile Provider.
Select 'Authenticator App' (TOTP) rather than SMS/Text messages, as SMS can be intercepted via SIM swapping.
Scan the QR codes using an app like Aegis (Android) or Raivo (iOS).

Done when: Your email and primary bank account require a code from your app to log in.

Why: This prevents 'SIM Swapping,' where a thief transfers your phone number to their device to bypass SMS security codes.

How:

Call your mobile service provider's customer service or log into your account portal.
Request to add a 'Port-Out PIN' or 'Transfer PIN'.
Ensure this PIN is different from your account password and stored in your password manager.

Done when: Your mobile carrier confirms that no number transfers can occur without the specific PIN.

Why: Physical mail is a goldmine for identity thieves looking for pre-approved credit offers and account numbers.

How:

Select a 'Cross-Cut' or 'Micro-Cut' shredder; avoid 'Strip-Cut' as they can be easily reconstructed.
Place it near where you sort your mail to ensure immediate destruction of sensitive documents.
Shred all documents containing names, addresses, or account details before recycling.

Done when: A shredder is set up and all pending sensitive mail is destroyed.

Why: Reducing the amount of sensitive mail you receive lowers the risk of mail theft.

How:

Visit the official industry website for credit offer opt-outs (e.g., OptOutPrescreen in the US).
Choose the 'Permanent Opt-Out' option to stop receiving firm offers of credit or insurance.
You may need to mail a signed form for the permanent version.

Done when: You have completed the online opt-out process.

Why: Early detection allows you to stop a thief before they drain your accounts.

How:

Log into your online banking and credit card portals.
Navigate to 'Alerts' or 'Notifications'.
Set alerts for: 'Transaction over $0.01', 'International Transaction', and 'Profile Change'.

Done when: You receive a test notification or email for a small purchase.

Why: These services scan data breaches to see if your email or passwords have been leaked.

How:

Use a reputable free tool like 'Have I Been Pwned' to check your current status.
Enable the notification feature to be alerted of future breaches.
Many password managers also include this feature natively; ensure it is toggled 'On'.

Done when: You have checked your primary email and signed up for breach alerts.

Why: Thieves may use your identity to gain employment or claim benefits, which will show up on your earnings record.

How:

Create or log into your account on your national social security website (e.g., 'my Social Security' in the US).
Review the 'Earnings Record' for any years or amounts that look unfamiliar.
Check for any active claims you did not initiate.

Done when: You have verified that your reported earnings match your actual work history.

Why: In a crisis, you need all your documentation in one place to prove your case to banks and police.

How:

Prepare a physical or encrypted digital folder.
Include copies of your ID, a list of all bank/credit accounts with customer service numbers, and contact info for credit bureaus.
Print out a blank 'Identity Theft Affidavit' (e.g., from IdentityTheft.gov) to have ready.

Done when: The folder is organized and accessible in an emergency.

Why: Speed is critical to limit financial liability and damage to your reputation.

How:

Step 1: Call the company where the fraud occurred and close the account.
Step 2: Place a 'Fraud Alert' on your credit reports (this is different from a freeze).
Step 3: Report the theft to your national authority (e.g., FTC in the US) to get an official recovery plan.
Step 4: File a local police report to provide a legal paper trail.

Done when: You have read and understood these steps and kept a summary in your recovery folder.

Why: Even with a freeze, errors can occur or existing accounts can be compromised.

How:

Set a recurring calendar invite for every 4 months.
Use 'AnnualCreditReport.com' (or your local equivalent) to get one free report from a different bureau each time.
Look for: Accounts you don't recognize, inquiries you didn't make, or incorrect addresses.

Done when: A recurring calendar event is set and the first report has been reviewed.

Why: Thieves use 'oversharing' (birthdays, pet names, high schools) to guess security questions or craft phishing attacks.

How:

Set all profiles to 'Private' or 'Friends Only'.
Remove your birth year, phone number, and home address from public view.
Delete 'Friends' or 'Followers' you do not know personally.

Done when: Your profiles are restricted and sensitive personal data is hidden from the public.

Why: Outdated software often has security holes that allow malware to steal your credentials.

How:

Enable 'Automatic Updates' on your smartphone, computer, and router.
Check for updates on your browser and its extensions.
Restart your devices at least once a week to ensure patches are applied.

Done when: All primary devices are running the latest available security versions.

Identity theft protection

Projekt-Plan