The holiday season brings joy, laughter, and… scams. As holiday gift buying and online shopping pick up, there’s plenty of opportunity for hackers, identity thieves, and phishing scammers to spoil your holiday cheer and add a heaping serving of stress to your plate.

Identity protection is an increasingly hot topic, and rightfully so. Scams and other fraudulent activity can be detrimental to your financial plan — not to mention the amount of time you could spend trying to retrieve what’s lost. 

As it becomes more and more difficult to prevent identity theft, we put together this information and tips to help you better protect your personal information this holiday season and all year round.

What is identity theft?

Identity theft happens when someone gets access to your personal information and uses it for their own financial gain.

This personal information may include things like your social security number, bank account number, driver’s license number, date or birth, or financial statements.

With this personal information, identity thieves and scammers can potentially access your bank and credit card accounts, open new credit card accounts, create utility accounts in your name, steal your tax refund, make online purchases, or charge healthcare costs.

How does identity theft happen?

A scammer can steal a person’s identity or personal information in a variety of ways, both online and offline. There’s certainly no shortage of creative ways people try to harm others for their own financial gain. Here are some of the most common ways people steal personal information and run scams.


Have you ever received a suspicious email with a link to make a payment or claim a compelling discount or offer? Odds are, that was a phishing attempt.

Phishing happens when a scammer sends an email posing as a reputable company (like a bank, retailer, government agency, employer, utility company, or credit card company) and requests some form of personal or sensitive information, like passwords or credit card numbers.

As soon as you click their link, download an attachment, or enter your password or other information, scammers will use your data to try and compromise your financial accounts.

Phone scams

Phishing doesn’t just happen online. Scammers can also pose as legitimate institutions and request personal information over the phone.

This has been known to happen with scammers pretending to represent utility companies, internet service providers, lenders, debt collectors, and even the IRS. People have also been scammed by people who call them to let them know they’ve been selected to win rewards, cash prizes, or all-expense paid trips.

Data breaches

Sometimes, your personal information may be compromised even when you haven’t personally done anything to provide access to scammers. The most common way this happens is through large-scale data breach.

With a data breach, hackers are able to gain access to a large database that includes hundreds of thousands of individual’s personal information. Some notable data breach examples include Equifax, Yahoo, The Home Depot, and Facebook.

Once this information has been compromised, hackers will often sell the data to other scammers who will then use the information to try and access other accounts and personal information.

Mail theft and dumpster divers

Believe it or not, a lot of scammers and identity thieves will simply steal important documents straight from your mailbox or your trash. They’ll poach mailboxes and trash cans, searching for any personal information like bank statements, tax documents, pre-approval offers, discarded credit cards, or pay stubs. 

Who is most susceptible to identity theft? 

The scary truth is that everyone is susceptible to identity theft — even newborns and young children. That said, some people are more susceptible than others.

According to the FTC, adults aged 60 and higher are much less likely to report losing money to fraud than younger adults.

When older adults do lose money to fraud, however, the amount lost tends to be substantially higher than younger adults.

Ultimately, anyone — regardless of age — can be a victim of fraud, and everyone should do all that they can to protect their personal information.

How do you know if someone is using your identity?

It’s not uncommon for a scammer or hacker to compromise your accounts or identity but wait to take any action. On the other hand, there are many scammers out there who will immediately start making purchases in your name and causing you financial harm once they have the information they need.

Here are some things to look out for as indicators that your personal information has been compromised:

  • Suspicious charges and unauthorized transactions. This is perhaps the number one sign that someone has compromised your identity or account information. If you start noticing payments or charges to your bank account or credit card that don’t seem right, someone has likely gained access to your information.
  • Unfamiliar credit report notifications. If new accounts start popping up on your credit report, and you know you weren’t responsible for opening them, then chances are a scammer has used your identity to open an account and charge items. 
  • Unexpected bills or debt collection notices. Similar to unfamiliar transactions on your credit or debit card, you may also notice random, inexplicable bills showing up in your mailbox. If you start receiving unexpected invoices in the mail from legitimate institutions or start getting unanticipated calls from debt collectors, you may be a victim of identity theft. 
  • Unknown insurance claims. If you receive a bill for medical services you didn’t receive or see claims on your insurance explanation of benefits that you don’t recognize, it may suggest someone has compromised your information and is using your healthcare benefits for their own care.
  • Notice of a data breach. If you receive notice of a data breach or compromised account from your financial institution, social media platform, retailer, or other institution where you have an online account, you should assume your sensitive information has been collected and consider yourself at high risk of fraud.

The best ways to prevent identity theft and protect your personal information

Many of the ways to protect yourself against scammers, hackers, and identity thieves are relatively straightforward and easy to do. Some may take additional time and effort on your part, but the brief inconvenience does not come close to the cost — financially, emotionally, and time wise — of regaining access to your accounts and recuperating potential losses.

Here are some of the best and most important ways to protect yourself online and in-person.

Use strong passwords

Yes, that means staying away from your pet’s name, your birthday, your spouse’s name, and other easily guessed passwords. 

Additionally, longer passwords are much better than short passwords, regardless of complexity. 

It takes 43 million years (no, that is not a typo) for a hacker to guess via brute-force attack a 15-character password that includes upper and lowercase letters. For passwords with only 7 characters, the guessing time shrinks all the way down to just 6 minutes — even when numbers and special characters are used.

Creating longer, stronger passwords may make it a bit more inconvenient and time-consuming to access your accounts. You may not be able to remember all of your really strong passwords off the top of your head, but it will be significantly more difficult for scammers to get into your accounts. 

To make it a bit easier on yourself, you may want to use a password manager. We recommend iCloud Keychain for iOS devices, LastPass, and 1Password. In addition to storing your passwords securely, password managers can also help you generate random, strong passwords.

Avoid reusing passwords

Avoid using the same password (or password variations) for multiple accounts — even if it’s a strong one. When you use the same password multiple times and one account becomes compromised, the scammer will potentially have access to every other online account that uses that password, too. This is another area where using a password manager can be really helpful for you.

Password-protect your devices and wireless router

Even though many devices now feature advanced security features like facial recognition and fingerprint readers, you should still add password protection as well. This will help keep people from accessing data on your personal and work devices, like laptops and cell phones. 

By password-protecting your wireless router, you’ll better prevent unauthorized actors — like hackers — from potentially accessing information and devices shared on the network. Refer back to our first tip and make sure you use a strong password here, too.

Enable multi-factor authentication

Multi-factor authentication, also known as two-step verification, adds another layer of security to your online accounts. When enabled, having a password alone won’t be enough for someone to access your account. 

Multi-factor authentication will send a code or prompt via text message, email, push notification, or authentication app, which you must verify to gain access to the protected account. So, if a scammer steals your password but doesn’t have access to your authentication device (like your mobile device or authentication app), then they won’t be able to get into your account.

Freeze your credit

You can freeze your credit for free with Equifax, the National Consumer Telecommunications and Utilities Exchange (NCTUE), Experian, Innovis, and TransUnion. You can easily unfreeze your credit temporarily if you need to open an account or apply for a loan, but when your credit is frozen, scammers won’t be able to create new lines of credit in your name.

Monitor your credit report and other financial statements

Keep a close eye on your financial accounts and closely review your credit report, at least annually. By monitoring your reports, you’ll be able to spot any new accounts or suspicious activity. 

You can request a copy of your credit report for free through 

Set up fraud and transaction alerts

Most financial institutions, creditors, and lenders offer fraud alerts and notifications for transactions. This will help you monitor your accounts and receive real-time alerts for suspicious activity. When it comes to your personal and financial data, every second counts.

Install antivirus software on your devices

This added layer of security will help monitor, notify, and thwart potential malware attacks.

Avoid public Wi-Fi

Public Wi-Fi networks are hotbeds for hackers who can access your information through the unsecured network. 

Instead of connecting to a public Wi-Fi network at an airport, park, coffee shop, or hotel, use a personal hotspot. This will help better protect your data and keep hackers out. 

If you must use a public network, be extra mindful to avoid shopping, banking, or accessing sensitive data while connected.

Keep private information private and protected

Don’t share personal information or data in response to an email or phone call. Legitimate institutions — especially financial institutions — should never ask you for this type of information unprompted or via email. 

If you get a suspicious request, look up the verified email address or phone number from the institution and call to confirm the request is real — and, if it is, ask why they need it.

Secure your social security number

Don’t carry your social security card in your wallet, and store it in a safe place. Only share your social security number when it’s absolutely necessary.

Don’t click suspicious links or download attachments from unknown senders

If you receive an email out of the blue from “someone you know” asking you to click a link or download an attachment, make sure you double-check the sender’s email address. You can also hover over the link to see the destination URL. 

If either of these seem suspicious, don’t click or download anything. Downloading an infected file or visiting an infected website can install malware on your computer and give scammers access to your personal information.

Check your mail regularly

Be sure to check your mail as promptly as possible to minimize opportunities for thieves to steal your important mail. You may even consider a lockable mailbox.

Eligible households can also sign up for USPS Informed Delivery, which allows them to digitally preview their mail. This gives you an idea of what to expect in the mail each day - so you can easily notice if something is missing. If you’re going to be out of town for a while, you can request a hold on mail deliveries for up to 30 days, too.

Shred sensitive documents

Scammers won’t stop at stealing your mail — they’ll go through your trash, too! If you throw out financial statements, tax documents, credit cards, utility bills, or other sensitive information, make sure to shred them first. This includes pre-approval letters, too.

Enroll in paperless statements

Whenever you can, request paperless statements from financial institutions and utility companies. This will reduce the risk of having sensitive documents stolen from your mailbox or trash.

Opt out of junk mail and pre-approved offers

You can opt out of receiving most junk mail and pre-approval letters at or by calling 1-888-5-OPT-OUT (1-888-567-8688).

Like paperless statements, this will ultimately reduce the amount of sensitive information you receive in your mailbox and minimize your vulnerability to dumpster diving scammers.

Limit what you share on social media

Of course, you should avoid sharing some of the obvious things on social media, like passwords, social security numbers, or credit card numbers. But you should also take extra care to avoid sharing less obvious information too, like your pet’s names, your maiden name, your exact date of birth, or even when you’re out of town on vacation.

All of this information can be used against you to guess passwords, security questions, or know when to raid your mailbox.

Use credit instead of debit

Whenever possible, choose credit cards over debit cards or bank transfers. Credit cards are often more secure, and it’s more likely you’ll be protected from liabilities and unauthorized charges when using a credit card. Just make sure you monitor your account closely and report any unauthorized charges as soon as possible.

Wipe and factory reset old devices

Whenever you’re selling, giving away, or trading in old devices, like laptops or cell phones, make sure to wipe all information and data stored on the device. Whenever possible, it’s best to completely reset the device and restore it to factory settings. 

For more information, check out the Federal Trade Commission’s (FTC) resource on disposing old computers.

What should you do if you’re a victim of identity theft?

Few things feel grosser than having someone steal your personal data and then use it to cause you harm and stress. Here are some ways to soften the blow and make sure you minimize the impact as much as possible.

  • Notify institutions with impacted accounts. When you notice your account or information has been compromised, immediately contact the institution in charge of the account with fraudulent activity. This may be a healthcare provider, credit card company, lender, bank, or other organization. Let them know about the suspicious activity so that they can take the appropriate action to freeze your account and potentially trace the perpetrator.
  • Change affected passwords. Update your password as soon as you can on the account that has fraudulent activity and any other accounts that use the same or similar passwords. You should also update your passwords immediately after being notified of a potential data breach. If you’re not already, make sure you’re using very strong passwords.
  • File an identity theft report with the FTC. You can file an identity theft report and get a personal recovery plan. The report can be filed online at or by phone at 1-877-438-4338.

How we help protect client data

As financial advisors, we manage and review sensitive and personal data for our clients every day. It’s our responsibility to manage and protect this information to the best of our ability. Here are some of the ways we do that.

  • Daily monitoring of all transactions in and out of accounts under our management.
  • Enforce two-factor authentication for all employees. At Elwood & Goetz, all employees are required to enroll in two-factor authentication to access files, calendars, emails, contact records, and financial planning software.
  • Sharing of highly sensitive information is restricted to in-person meetings, courier by mail, or over the phone (with security verification check). Highly sensitive information is not shared electronically.
  • Password-protect all devices and shared files.
  • Firewall and antivirus software installed across devices and secure, password-protected networks.
  • Professional IT support team constantly monitoring company-owned networks and devices. Security updates and software patches are pushed to devices automatically.
  • Use a dedicated password manager to store and create strong, unique passwords for all logins and software applications.
  • Unless we are given explicit permission, we never share any identifying information about a client. We do not publicly disclose any of our client relationships unless we receive direct consent.

Our job is to help bring our clients financial peace of mind, and we take that obligation seriously. We also advise our clients on how to protect their data and accounts on their own. 

As soon as one of our clients notifies us of suspicious activity on any of their accounts, we create heightened alerts on all of their financial accounts, restrict access to all files we’ve shared, ensure their credit is frozen, alert their financial institutions, and provide them with recommendations for reporting the fraudulent activity.


Identity theft is a serious crime, but that doesn’t stop hackers and scammers from attempting to access your sensitive and personal data for their own financial benefit. 

In fact, as more and more of our lives move online, hackers and scammers are becoming more active and more sophisticated. According to the FTC, the agency received close to 1.4 million reports of identity theft in 2020 — more than double the reports it received the year before.

Identity theft and fraud come in many forms, from large-scale data breaches to dumpster divers, phishing scams, and mailbox thieves. 

While hackers and scammers constantly search for new ways to access your personal and financial information, you become more vulnerable to their harmful and criminal behavior.

When they get access to your personal information — like your social security number, credit card number, or account passwords — they can cause you great financial harm and stress.

They’ll use this personal data to open lines of credit, charge large purchases to your accounts, steal your tax refunds, and run up healthcare costs.

The best way to protect yourself is to make your accounts and data as secure as possible by using strong and unique passwords, enabling multi-factor authentication, freezing your credit, protecting private information (like your social security number), and monitoring your credit report and bank statements regularly.

If you notice strange, suspicious, or unauthorized activity — like credit card charges, new lines of credit, unexpected bills, or unfamiliar healthcare expenses — you may be a victim of identity theft or fraud.

When this happens, you should work with the institutions where you’ve been affected to freeze your account, report the identity theft to the FTC and credit bureaus, request a copy of your credit report to look for any other suspicious activity, and update your passwords.

For more information, you can download our checklist for assessing your risk and protecting yourself against cyber threats, common scams, and other fraud.