Avoid identity theft online

Identity theft is when someone uses personal information about you in an attempt to impersonate you. Identity thieves often do this to make purchases, establish accounts in your name, and sometimes commit more serious crimes.

To avoid identity theft, take these steps in your online activities:

• If you host a website, whether personal or business related, never post your picture or full contact information, and be very careful about what biographical information you publish; less is better.
• Do not provide personal sensitive data unless you are certain of both the security of the site and the legitimacy of the need for the information. See About sensitive data at IU.
• Check periodically to determine if any of your personal data has been made publicly available without your knowledge. See Determine if your Social Security number or other sensitive information is secure.
• When submitting personal information online, make sure you are at a secure website.
• For any accounts you manage online (for example, utilities, credit cards, banking), always use a password. Don't create a password derived from easily available information (for example, birthdays, mother's maiden name, last four digits of your Social Security number). Many accounts will ask for your mother's maiden name as an additional means of identifying you; instead, consider providing an unrelated password. If you must store financial information on your computer, use a strong password. See Your IU passphrase.
• When doing business online, confirm that you're dealing with a legitimate organization. One way to check this is by calling the company's customer service number from your account statement or telephone book.
• Always read website privacy policies. Make sure you understand how your personal information will be secured and used.
• Keep your computer's virus protection software updated.
  Note:

  For recommendations about antivirus software, see Recommended antivirus software at IU.
• Do not use an automatic login feature (that is, when your operating system saves your username and password) and always log off or lock your computer when you step away from it.
• Before you dispose of your computer or give it to another user, make sure you delete all personal information stored on it. The best way to do this is to wipe and rebuild the operating system. For information about how to do this in Windows, see Safely rebuild your Windows computer.
• Don't download files or click hyperlinks provided by strangers. At IU, to guard against this, many types of files are blocked from being sent to or from your email account. For a list of these files, see Types of attachments blocked from IU email accounts.
• Use a firewall as your first line of defense in protecting private information. Most modern operating systems, such as Windows 10 and macOS, have a built-in firewall; however, these might not be enabled by default. For more, including how to enable your computer's firewall, see About firewalls.

If you become a victim of online identity theft, immediately contact the institutions through which you have accounts that were involved and your local law enforcement office. At IU, contact your IUPD campus office; see Contact your campus police department. You may also want to contact the fraud departments of the three major credit bureaus, Equifax, Experian, and TransUnion, so that they may place an alert on your file, blocking further fraudulent activity, or request a freeze on your consumer credit report; see Identity theft.

If the theft involved an IU person or a university technology, in addition to the steps above, file a report with the University Information Security Office (UISO) at it-incident@iu.edu.

For more, see:

• Federal Trade Commission
• Identity Theft Resource Center
• Identity theft
• Department of Education MISUSED home page