It’s never a bad time to think about a sobering reality: your personal information has most likely already been stolen. Many entities have our personal information – credit card and bank account numbers, Social Security numbers, and health-related information – and data breaches have exposed it. So, what can we do to protect ourselves after the fact?

Here are three steps to protecting yourself against identity fraud. 
1) Place a security freeze on your credit accounts with the three main credit bureaus so no one can open a new credit line in your name; 
2) Establish online access to your financial accounts and monitor them regularly (you can typically set up text alerts for activity on these accounts);
 3) Use unique passwords for every online account; consider purchasing a password manager that creates complex passwords and stores them 

Two-factor authorization
 
Another good way to protect yourself from identity thieves is by opting into two-factor authentication. This means that to log in to a given site, you enter your password, and then are prompted to enter an authentication code. You either receive the code via text, phone, or email, or you use an app that generates the code. Once you enter that code, you are able to log in. This additional layer of security is meant to protect you in case a criminal has your login information. But like other protections, scammers have found a way around it.
 
Credit reporting company Experian warns that scammers are using bots — automated programs — to convince people to share their two-factor authentication codes. The bot makes a robocall or sends a text that appears to come from a legitimate entity, like your bank . It asks you to authorize a particular charge, and if you didn’t recognize the charge, to enter your authentication code. In reality, the bot is trying to log into your account, but it needs that code to break into your account  
 
Two-factor authentication codes work as intended, but if a criminal is able to convince you to share it, it has no value. Anytime you are prompted by an unsolicited communication to share a recently received authentication code, it’s a scam. Change your password to that account ASAP.   
 
Be a fraud fighter!  If you can spot a scam, you can stop a scam. 
 
Report scams to local law enforcement. For help from AARP, call 1-877-908-3360 or visit the AARP Fraud Watch Network at www.aarp.org/fraudwatchnetwork.