Yaniv Masjedi is the CMO at Nextiva, a provider of cloud-based, unified communication services. Previously, he headed the marketing department at Aura. Yaniv studied Political Science and History at UCLA. Follow him on Twitter: @YanivMasjedi.
Alina Benny is a writer and editor at Aura, covering the gamut of security topics for the company, including online safety, identity theft, and fraud. Before Aura, she oversaw part of Nextiva’s marketing efforts. She holds a bachelor's degree in Electronics Engineering from the Cochin University of Science and Technology and has nearly a decade in content marketing. Twitter: @heyabenny
High on the list of recommendations to protect your identity (and your SSN) is a credit freeze or security freeze. Other ways to specifically restrict access to your SSN include blocking electronic access and using E-Verify’s self-lock feature.
Setting these up are three entirely different processes.
Credit freezes, for example, require you to contact each individual credit reporting agency (Experian, TransUnion, and Equifax).
To block electronic access to your SSN, you have to call your local Social Security office or 1-800-772-1213.
Finally, you can turn on the SSN Self Lock online via the Department of Homeland Security’s (DHS) “myE-Verify” website.
While there’s no one way to freeze your SSN, it’s easy to see why you could confuse the three available options. If you're looking for ways to protect yourself from identity theft in 2023, here's how you can protect your SSN.
{{show-toc}}
Who Can Lawfully Ask for Your SSN?
Any entity that reports your income or determines eligibility for government benefits can ask for your SSN. Here are some examples of such entities:
Banks and insurance companies
Credit card companies, lenders, and entities authorized to collect a credit application from you
All three credit reporting agencies — TransUnion, Equifax, and Experian
Any company or service that reports back to the Internal Revenue Service (IRS), such as personal finance advisors, or financial transactions over $10,000
In most other cases, you’re entitled to ask for alternate ways to identify yourself:
State identification card
Driver’s license
U.S. passport
U.S. military card (front and back)
Certificate of Citizenship
Employment Authorization Document
✅ Take action: If you think someone is misusing your personal information, try Aura’s identity theft protection free for 14 days to secure your identity.
When Scammers Are Out To Bilk You, You Need To Do More
The Identity Theft Research Center (ITRC) reported that pandemic-related payments were the most stolen type of funds lost to identity theft cases in 2021 [*].
What can unlock these unemployment insurance benefits and Small Business Administration (SBA) or Paycheck Protection Program (PPP) loans? Your SSN.
Identity thieves may get your SSN by:
Stealing your wallet, purse, or mail to obtain your physical card
Duping you into sharing personal information on a scam website
Dumpster diving
Buying your information on the Dark Web
Impersonating government agencies such as the IRS over the phone or via phishing emails
While you can’t prevent all of these, the Social Security Administration (SSA) recommends these steps to safeguard your SSN:
Keep track of your Social Security card. Unless absolutely necessary, refrain from routinely carrying your card or any identification that displays your SSN.
Claim and use your my Social Security account. This account houses all of your Social Security information — statements, earnings history, and ways you can contact the SSA.
Request to block electronic access. This service blocks both electronic and telephonic access to your Social Security records. Unless you unlock your account, no one can view or modify your information.
Self-lock your SSN on my E-Verify. Once locked, identity thieves can’t use your SSN to get a job with an E-Verify employer.
What Is an SSN Self Lock? How Does It Work?
The DHS rolled out this feature to prevent employment-related fraud via the E-Verify program. Potential employers on E-Verify can confirm that an applicant is eligible to work in the United States.
Self Lock prevents this authorization and is especially useful if someone is unlawfully using your SSN for employment. The lock lasts for one year and can be extended upon expiry each time.
To sign up for Self Lock and freeze your SSN:
Go to myE-Verify and follow the prompts to create an account. myE-Verify will email you a link to start the application.
After you create the account, you’ll take a short Identity Proofing quiz.
Next, you’ll land in your myE-Verify dashboard. Scroll down, and click Manage my SSN.
Click Lock My SSN.
Set your Self Lock challenge questions. Then click Lock My SSN.
To unlock your SSN:
Sign into your myE-Verify account.
Click Manage my SSN.
Click Unlock my SSN.
To unlock your SSN, you must also answer the challenge questions you chose when locking it.
When Should You Lock Your Social Security Number?
Locking your SSN isn't always the best option. However, there are a few situations where you'll want to use an SSN Lock:
1. You’re already employed (or retired)
If you’re not actively looking for employment, turning on Self Lock will return a Tentative Non-confirmation (TNC) notice when an E-Verify employer tries to run a background check.
That employer is also responsible for sending you a notice of this TNC. You may unlock your SSN anytime an employer that you know wants to verify your employment authorization.
2. Unexpected or missing mail
Identity thieves may also watch your snail mail and email for your SSN. It’s become a tactic of choice — with mail theft complaints increasing by 161% from 2020 to 2021 [*]. Key signs someone has eyes on your mail include:
Not receiving bank statements or invoices
Receiving new credit cards that you never applied for
Strange or unfamiliar medical bills
What to do: If your mailbox is in a communal area, lock your mailbox and only give access to the mailman. Also request and monitor your free credit reports from annualcreditreport.com and dispute any new unfamiliar credit accounts that you see.
The IRS sent you a letter about a suspicious tax return that you did not file.
You can’t file your legitimate tax return online because of a duplicate SSN.
You receive a tax transcript in the mail that you didn’t request.
Someone created an online account with the IRS in your name.
Your existing account has been accessed or disabled without your knowledge.
What to do: Request your tax transcript on the IRS website. You’ll quickly learn if someone has submitted a fraudulent tax return in your name. You can also call the IRS at 1-800-908-9946, or send the IRS Form 4506-T by mail to get your transcripts.
4. You received an unemployment award letter
If you received a Notice of Unemployment Insurance (UI) Award, it could indicate that someone has filed for Unemployment Insurance with your SSN.
Fraudsters can also apply for Supplemental Nutrition Assistance Program (SNAP) food benefits, welfare or temporary assistance, and even Medicaid in your name if they have your Social Security number.
What to do: Contact the unemployment office for every state in which you believe there may be fraudulent activity in your name. Request a 1099-G form to check for multi-state UI income.
5. Notices to verify employment termination
Fraudulent UI claims in your name may also trigger action from your employer. Government agencies reviewing applications for federal aid programs will contact employers for additional context about an applicant’s departure or termination of employment.
What to do: Notify your company in writing, such as via email. This demonstrates that you responsibly informed your employer of potential identity fraud.
6. Discrepancies on your Social Security statement
Someone who steals your SSN may also use it to get a job or pass a background check. All subsequent earnings will show up in your Social Security statement.
The SSA recommends checking your statement for errors at least once a year so that retirement benefits are paid accurately in the future.
An SSN lock can be a drastic preventative measure. There are other ways to keep personal information safe and stop scammers from misusing your SSN.
Switch to a secure password manager
Strong passwords will make it more difficult for hackers to access your information. Think of passwords as the gatekeepers to your online private data.
Elements of a strong password include:
Is at least eight characters long
Comprises three or four unrelated words
Contains numbers and special characters
Is not used across multiple accounts
But managing (and remembering) all your passwords can be tedious. About 68% of Americans use the same password across accounts [*]. The solution? Use a password manager app, which creates and stores all your unique passwords.
Aura’s password manager is a Google Chrome extension that lets you save, access, and sync your passwords across devices.
Be selective about security questions
Answering security questions is a common way to verify your identity — something you’ve likely come across before.
If you use security questions for password recovery, choose answers that are memorable and do not change over time.
Remember to:
Use an open-ended question that could have multiple correct answers unlike your date of birth.
Opt for less-obvious answers to security questions, such as your mother's maiden name or the city in which you were born.
Choose a question with an answer that you can easily recall.
Avoid answers that change over time (like opinions or favorites).
Omit answers that require case sensitivity.
Turn on multi-factor authentication (MFA)
One way to secure your online accounts is to use multi-factor authentication (or MFA). This authentication method offers additional verification layers on top of just a username or password.
MFA ensures that an unauthorized third party can’t access your accounts without some of these additional checks:
One-time passwords sent via SMS or email
An app like Google Authenticator
Biometric checks such as facial or fingerprint recognition
A visual check in which you must identify the correct image, as with CAPTCHA
Browse online with a VPN
Intrusive pop-ups and data-stealing malware downloads can make online browsing strenuous. To prevent browsers from collecting data around your online activity, consider:
Signing out of your browsers and installing extensions that double down on privacy and security. If you’re on websites that support HTTPS, HTTPS Everywhere can force an encrypted connection so that your data remains private.
If you’re on public Wi-Fi, use a Virtual Private Network (VPN) to hide your online traffic and location.
Phishing messages often look official and are designed to trick you into believing that they come from your bank or credit card company — when, in fact, they are actually coming from a scammer.
Phishing emails dupe you into sharing sensitive information, like credit card numbers and other personally identifiable information (PII). When carried out through text messages, these scams are called “smishing.” Signs of phishing and smishing messages include:
Originates from a generic domain (Gmail, Yahoo!, etc.) or from a spoofed domain
Takes an urgent or threatening tone and contains grammatical or spelling errors
Includes suspicious links or attachments
These are just a few examples of what gives away a phishing email.
Always assume public Wi-Fi isn’t secure
Hackers can place themselves between your device and public Wi-Fi, so that any information you send goes straight to them. This isn’t to say that you should completely avoid public networks.
Learning about man-in-the-middle (MitM) attacks, for example, can help you be more vigilant when you’re on Wi-Fi. These attacks can mirror legitimate Wi-Fi access points and pilfer any data you share via that network. To stay safe online, be sure to use private networks, MFA, and a VPN.
Allow automatic software updates
63% of the top 1,000 apps are updated monthly on Google Play Store alone.[*] Having the latest versions of your software will strengthen your protection against fraud.
These software updates don’t just enhance user experience but also install critical security fixes. Installing these updates on time is one of the simplest ways to protect your devices from hacks and scams.
Here’s how to install automatic software updates via the official app store:
On an Android device: Open the Google Play Store app, and tap Menu > Settings > Auto-update apps.
On an iOS device: Open Settings > App Store and turn on App Updates.
Keep your financial records safe
Digital safety: Never give out your account login information when receiving communications from what seems to be your bank. A financial institution will never contact you first and ask for your PIN, full passwords, or security numbers.
Physical safety: Destroy or shred any documents that include your name, address, or financial details before you throw them away. Securely store any financial documents in a locked compartment in your home.
A fraud alert flags your credit report and encourages lenders to verify your identity before issuing new lines of credit in your name.
A credit freeze blocks your credit file so that lenders can’t even access your credit report. Credit freezes also block new credit applications until you “thaw” the freeze with each of the three major credit bureaus.
Understanding the differences between a credit freeze and fraud alert can help you take swift action if you think you’re a victim of identity theft.
✅ Take action: Aura’s $1,000,000 identity theft insurance covers lost wages, phone bills, and other expenses due to identity theft. Try Aura free for 14 days and see if it’s right for you.
Have More Questions? Contact Social Security
If you have more questions about your Social Security number and identity fraud, visit the official SSA website at www.ssa.gov/fraud/.
You may also reach the SSA at 1-800-772-1213 or at 1-800-325-0778, from 7:00 am to 7:00 pm every weekday.
Protect yourself as best you can by using these preventative measures, and don’t hesitate to resist or hang up on someone who insists on obtaining your SSN.
Identity protection is critical with the increasing rise in fraud cases. The real risk of identity theft is incomprehensible to most people — until their information has already been stolen.
With Aura, you get fraud alerts up to 4x faster than the competition; and each adult on your plan is covered by a $1 million insurance policy for eligible losses due to identity theft.
Aura also bundles identity theft protection and credit monitoring with digital security software. Every Aura plan includes proactive safety tools including a password manager, VPN, antivirus software, and more.
Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.
Is this article helpful so far?
Yes
No
Skip
Need an action plan?
No items found.
Is your child ready for a cell phone? Take this quiz to find out.
