Identity Theft and Retirement: How to Protect Yourself

Identity theft is a problem that impacts millions of people annually. Retirees and older Americans have recently been targeted at higher rates than other segments of the population.
Identity Theft and Retirement: How to Protect Yourself

Adults aged 65 and older lose about $3 billion every year to identity theft. The average victim of identity theft will lose $7,633 over the course of five years.1

Steps to Take Now

If you’re a retiree or you’re approaching retirement age, it’s important to fully understand how to protect yourself from identity theft. Here are some steps to take right away to reduce your risk:
• Your smartphone contains information about your bank account, personal data, contacts, photos of you, and more that could be used to steal your identity. You can immediately raise your smartphone’s security level with a few quick changes to its privacy settings. Start by disabling access to Location Services, Camera, and Microphone for all except your trusted apps which need that access to function properly. For these select apps, set their access to "While Using the App". For example, you may want to allow Google Maps or Lyft to access your Location Services, and Zoom to use your Camera and Microphone.2,3
• Create a PIN or a stronger password for your cellular account. SIM swapping attacks are becoming more common. In this type of fraud, an identity thief will steal bits and pieces of your personal information in order to convince your cell phone provider to transfer your number and account into the thief’s possession. Once the thief has control over your phone, they can break into all accounts connected with the phone. 3
• Protect your online communications by setting your home wi-fi network to encrypt your transmissions and by changing its preset passwords. You can find more information about securing your home wi-fi network at the Federal Trade Commission website, 8
• Install anti-virus software and firewall software on your computer. 1
• Set up multi-factor authentication for all your financial and social media accounts that offer this option.10
• Replace all your passwords with strong, complex passwords that are hard to hack. Avoid using commonly known or easily discovered information, like your birthday or a pet’s name, in a password. Use a distinct password for each account.1

Ongoing Monitoring is Essential

Identity theft is an ongoing threat, and guarding against it requires vigilance. Here are several important behaviors you can adopt in order to save yourself countless hours of headaches and many thousands of dollars during your golden years:
• Common identity theft strategies include opening new accounts, credit cards, or loans in your name. Be on the lookout for notifications related to financial actions you did not take, including account opening (or closing), or notices related to a loan or credit card you did not apply for.
• Debt collection calls from accounts you did not know existed are a red flag. Check into these kinds of issues right away and keep digging until you discover why you’re receiving these kinds of notifications.1
• Pay attention to credit card bills and bank statements. Do you see items listed that you didn’t buy? Are the statements accurate? This could indicate that someone has accessed your credit card information.1
• You may believe you’re immune to identity theft if you don’t have social media accounts and don’t use online banking. However, your information can still be accessed in other ways, as the extensive 2017 Equifax breach and other recent data breaches have illustrated. Setting up online accounts can actually protect you, by preventing someone else from fraudulently establishing those accounts using your name and information.1,4,5
• Shred financial documents before discarding them, and consider going paperless whenever you have the opportunity, to reduce the number of physical documents that contain sensitive information about you. 1
• Collect your mail every day, and put a hold on your mail delivery while you travel, to reduce the risk that sensitive information sent via post could be stolen. Do not leave documents with personal information unattended in your car, even if it’s locked. 1
• Guard your social security number carefully. Never carry your social security card with you, and don’t carry documents that list your social security number on them unless it’s absolutely necessary.1
• Regularly change your passwords. Never reuse a password.1
• Review your credit report annually, and consider freezing it, which adds another layer of protection against unauthorized access.1
• Check your credit score on a regular basis. Does it accurately represent the reality of your financial health?1
• Be very wary of giving out your personal information over the phone, in person, or online. Before revealing sensitive information, be certain that you trust the recipient. Rather than responding to a call, clicking on a link in an email or text message, or filling out an attached form, hunt down the secure website of the organization yourself, or look up their official phone number and place the call yourself.1
• Be mindful of security when conducting any transaction online. Avoid using public Wi-Fi networks to check bank accounts, social media accounts, or email. Before typing any sensitive information into a website, check that the website address begins with "https" not just "http", and check for a lock icon next to the address bar. 1,8
• Keep your email inbox clear of personal and sensitive bits of information. In the event that an identity thief gains access to your email account, this will make it harder for the person to find information they can use to breach your financial accounts.1

The Equifax data breach in September 2017 was a grim reminder of the fact that a loss of personal data can happen even if you’re extremely conscientious about passwords, and online behaviors. This breach affected just under half of the population of the United States. Though Equifax is compensating consumers and offering credit monitoring services to victims who request it, it’s hard to recoup on the emotional cost of having to recover an identity that’s been stolen. Individuals who are retired or nearing retirement are being affected at unprecedented rates and the financial devastation at this stage in a person’s life can be hard to recover from. Equifax victims are being compensated, but victims of identity theft resulting from negligence can lose countless hours and a lot of money that will never be recovered despite their best efforts. 4,5

Tax Related Identity Theft

Tax-related identity theft occurs when someone uses your stolen personal information, including your Social Security number, to file a tax return claiming a fraudulent refund.If your Social Security number is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these actions: 6
• Continue to pay your taxes and file your tax return, even if you must file a paper return.
• Respond immediately to any IRS notice: Call the number provided.
• If your e-filed return is rejected because of a duplicate filing under your Social Security number, or if the IRS instructs you to do so, complete IRS Form 14039, Identity Theft Affidavit PDF. Use a fillable form at, print, then attach the form to your return and mail your return according to instructions.
• Visit for steps you should take to protect yourself and your financial accounts.

Protective measures for tax-related identity theft are available. If you do your own taxes using an online provider, you have the option of using multi-factor authentication as another layer of protection. The IRS strongly encourages the use of this option. It helps prevent identity thieves from accessing your online account with your tax provider. Starting in January 2021, all taxpayers who can verify their identities are eligible for an Identity Protection PIN, a 6-digit PIN that offers additional protections for your Social Security number on your tax return. 6


1 -

2 -

3 -

4 -

5 -

6 -

7 -

8 -

9 -

10 - primer on multi-factor authentication: