Skip to main content
Hafnia Financial
10 Ways to Protect Your Identity — Especially When Managing Financial Data — Hafnia Financial
Back to Blog
identity theftfinancial data protectioncredit freezemulti-factor authenticationfraud preventionHafnia Financial

10 Ways to Protect Your Identity — Especially When Managing Financial Data

Hafnia Financial
June 5, 2026
11 min read

Identity theft is one of the fastest-growing financial crimes in the United States. According to the Federal Trade Commission, consumers reported losing more than $10 billion to fraud in 2023 — the first time that threshold had ever been crossed. Investment accounts, retirement funds, and financial planning portals are among the most attractive targets for identity thieves, because the potential payoff is large and the theft may go undetected for months.

At Hafnia Financial, protecting our clients’ financial information is a fundamental responsibility — but it is one that works best as a shared effort. No firm’s safeguards can fully substitute for the habits and awareness of the individual whose identity is at stake. The ten steps below are practical, actionable measures that can meaningfully reduce your exposure.

1. Use Strong, Unique Passwords for Every Financial Account

Reusing the same password across multiple accounts is one of the most common and consequential mistakes people make. If a single site is breached — and breaches happen constantly, often at companies with no obvious financial connection — a recycled password gives criminals access to every account that shares it.

Best practices:

  • Use a password of at least 16 characters combining uppercase and lowercase letters, numbers, and symbols.
  • Never reuse a password across financial accounts, email, or any account linked to personal data.
  • Use a reputable password manager, such as Bitwarden, 1Password, or similar, to generate and store unique passwords securely. You should not need to remember more than one master password.

2. Enable Multi-Factor Authentication (MFA) Everywhere It Is Offered

Multi-factor authentication requires a second form of verification — beyond your password — before granting account access. Even if a criminal obtains your password, MFA prevents them from logging in without also having access to your phone, email, or authentication app.

Practical guidance:

  • Enable MFA on every financial account that offers it, including your brokerage, bank, and retirement accounts.
  • Where possible, use an authenticator app, such as Google Authenticator or Authy, rather than SMS text messages, which are more vulnerable to SIM-swapping attacks.
  • Enable MFA on your primary email account as well — email is often the recovery mechanism for financial accounts, making it a high-value target.

3. Monitor Your Credit Reports Regularly

A credit report is one of the earliest places that identity theft becomes visible. New accounts opened in your name, unfamiliar inquiries, or sudden changes in your credit profile can all indicate that someone is using your identity.

You are entitled by federal law to a free credit report from each of the three major bureaus — Equifax, TransUnion, and Experian — through AnnualCreditReport.com, the only federally authorized source for free reports. Review each report carefully for accounts, inquiries, or addresses you do not recognize. If you find something suspicious, dispute it immediately through the relevant bureau and contact your financial institutions.

Consider enrolling in a credit monitoring service that provides real-time alerts when new activity is detected on your file.

4. Place a Credit Freeze If You Are Not Actively Seeking Credit

A credit freeze — also called a security freeze — prevents new creditors from accessing your credit file, which makes it substantially harder for an identity thief to open new accounts in your name. It does not affect your existing accounts or your credit score.

Freezing your credit is free and can be done directly with each of the three major bureaus online, by phone, or by mail. You must freeze your credit separately with all three bureaus for full protection. You can temporarily lift the freeze when you need to apply for credit, and reinstate it afterward. The FTC recommends a credit freeze as the most effective tool available to consumers for preventing new-account fraud.

To place your freeze, contact each bureau directly:

Equifax

  • Online: equifax.com/personal/credit-report-services/credit-freeze
  • Phone: 1-800-685-1111
  • Mail: Equifax Security Freeze, P.O. Box 105788, Atlanta, GA 30348-5788

TransUnion

  • Online: transunion.com/credit-help/credit-freeze
  • Phone: 1-888-909-8872
  • Mail: TransUnion LLC, P.O. Box 160, Woodlyn, PA 19094

Experian

  • Online: experian.com/freeze/center.html
  • Phone: 1-888-397-3742
  • Mail: Experian Security Freeze, P.O. Box 9554, Allen, TX 75013

Keep a record of any PIN or confirmation number provided when you place each freeze, as you will need it to lift or remove the freeze in the future.

5. Be Vigilant About Phishing Emails, Texts, and Calls

Phishing — fraudulent communications designed to trick you into revealing account credentials, personal information, or financial data — remains the most common method criminals use to gain initial access to accounts. Modern phishing attempts are often sophisticated, with emails that convincingly mimic your bank, brokerage firm, or the IRS.

How to protect yourself:

  • Never click a link in an email or text message purportedly from a financial institution. Instead, navigate directly to the institution’s website by typing the address yourself.
  • Be skeptical of any unsolicited communication creating urgency — “your account will be suspended,” “verify your information immediately” — regardless of how official it appears.
  • Know that the IRS initiates contact by mail, not by phone, email, or text. Any call or email claiming to be from the IRS demanding immediate payment or personal information is a scam.
  • Your financial advisor will never ask you to wire funds to an unfamiliar account or send gift cards as payment for any purpose. If you receive such a request, treat it as fraud and verify by calling your advisor directly at a number you know to be legitimate.

6. Secure Your Home Network and Avoid Public Wi-Fi for Financial Tasks

Public Wi-Fi networks — in coffee shops, airports, hotels, and other shared spaces — are inherently insecure. Criminals can intercept unencrypted traffic on these networks and capture login credentials or session data.

Protective measures:

  • Never access financial accounts, investment portals, or tax documents over public Wi-Fi.
  • Secure your home Wi-Fi network with WPA3 or WPA2 encryption and a strong, unique router password. Change the router’s default administrator credentials.
  • Consider using a Virtual Private Network (VPN) when working remotely or traveling, which encrypts your internet connection regardless of the underlying network.
  • Keep your router firmware updated, as manufacturers regularly release security patches.

7. Review Financial Account Statements Promptly and Regularly

Many financial crimes go undetected for extended periods because account holders do not review their statements. Small unauthorized transactions are sometimes used as tests by criminals before larger withdrawals are attempted.

Review bank, brokerage, and retirement account statements as soon as they are available — monthly at minimum. Set up transaction alerts through your financial institutions so that any activity above a threshold you define triggers an immediate notification. Report any transaction you do not recognize to your financial institution promptly. Under Regulation E, consumers have stronger protections when they report unauthorized electronic transactions quickly.

8. Protect Your Social Security Number Carefully

Your Social Security number (SSN) is the master key to your financial identity. With it, a criminal can open credit accounts, file fraudulent tax returns, apply for government benefits, and access existing financial accounts.

Protective practices:

  • Do not carry your Social Security card in your wallet. Store it in a secure location at home.
  • Provide your SSN only when it is legally required — for tax documents, new account applications, and employment paperwork. Many requests for your SSN are optional; it is appropriate to ask whether providing it is mandatory.
  • Shred any document containing your SSN before discarding it, including old tax returns, financial statements, and pre-approved credit offers.
  • Consider filing your federal and state tax returns as early as possible each year. Tax-related identity theft — in which someone files a fraudulent return using your SSN to claim your refund — is significantly harder to execute once a legitimate return has already been filed.

9. Be Thoughtful About What You Share Online and on Social Media

Social media and online profiles provide criminals with raw material for social engineering attacks — manipulating individuals into revealing confidential information by exploiting personal details. Information that appears harmless in isolation, such as your employer, hometown, family members’ names, or the name of your first pet, is often the answer to security questions used to reset financial account passwords.

Practical steps:

  • Audit your social media privacy settings and limit public visibility of personal information.
  • Avoid sharing details online that are commonly used as security questions: mother’s maiden name, high school, first car, childhood street.
  • Be cautious about accepting connection requests from individuals you do not know, particularly on platforms where you discuss financial topics.
  • Do not post photographs of financial documents, checks, or account statements, even partially obscured.

10. Know What to Do If Your Identity Is Compromised

Despite best efforts, identity theft can still occur. How quickly and effectively you respond can significantly limit the damage. If you believe your identity or financial accounts have been compromised:

  • Contact your financial institutions immediately to report the suspected compromise and place holds or alerts on affected accounts.
  • Place a fraud alert or credit freeze with all three major credit bureaus: Equifax, TransUnion, and Experian.
  • File a report with the FTC at IdentityTheft.gov, which will generate a personalized recovery plan and assist you with the steps specific to your situation.
  • File a police report with your local law enforcement agency. A police report number is often required by financial institutions and the IRS when disputing fraudulent accounts or tax filings.
  • If fraudulent tax returns may have been filed using your SSN, contact the IRS Identity Protection Specialized Unit at 1-800-908-4490 and request an Identity Protection PIN (IP PIN) for future filings.
  • Notify your financial advisor promptly. We can help coordinate with your custodian, Charles Schwab & Co., Inc., and assist in monitoring your advisory accounts for any unauthorized activity.

Conclusion

Identity protection is not a one-time task — it is an ongoing habit. The measures described above are cumulative: each one adds a layer of protection, and the combination of several of them makes you a significantly harder target. Criminals are opportunistic, and they tend to move toward easier targets when they encounter meaningful resistance.

At Hafnia Financial, we take the security of our clients’ information seriously at every level of our operations. If you have questions about the security practices surrounding your advisory accounts, or if you believe your financial identity may have been compromised, please contact our office directly.

Sources

  1. Federal Trade Commission. Consumer Sentinel Network Data Book 2023. FTC.gov. Available at: ftc.gov/reports/consumer-sentinel-network
  2. Federal Trade Commission. Credit Freeze FAQs. Consumer Information. Available at: consumer.ftc.gov/articles/what-know-about-credit-freezes-fraud-alerts
  3. Federal Trade Commission. IdentityTheft.gov — Official government resource for identity theft victims. Available at: identitytheft.gov
  4. Consumer Financial Protection Bureau. Regulation E: Electronic Fund Transfers. Available at: consumerfinance.gov/rules-policy/regulations/1005
  5. Internal Revenue Service. Identity Theft Central — Tax-related identity theft information and resources. Available at: irs.gov/identity-theft-central
  6. Internal Revenue Service. Get an Identity Protection PIN (IP PIN). Available at: irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin
  7. AnnualCreditReport.com — The only federally authorized source for free annual credit reports from Equifax, TransUnion, and Experian. Available at: annualcreditreport.com
  8. Cybersecurity & Infrastructure Security Agency (CISA). Multi-Factor Authentication. Available at: cisa.gov/topics/cyber-threats-and-advisories/multi-factor-authentication
  9. National Institute of Standards and Technology (NIST). Digital Identity Guidelines (NIST SP 800-63). Available at: pages.nist.gov/800-63-3
  10. Charles Schwab & Co., Inc. Security Center — Resources for protecting your Schwab accounts. Available at: schwab.com/security-center

Important Disclosures

Hafnia Financial, Inc. is a registered investment adviser (CRD #315096) registered with the California Department of Financial Protection and Innovation (DFPI). Registration does not imply a certain level of skill or training. Information presented in this article is for educational purposes only and is not intended to constitute personalized investment, financial, tax, or legal advice, nor does it make an offer or solicitation for the sale or purchase of any specific securities, investments, or investment strategies.

A copy of Hafnia Financial’s Form ADV Part 2A is available upon request or through the SEC’s Investment Adviser Public Disclosure website at adviserinfo.sec.gov.

Important Disclosure

This article is provided by Hafnia Financial, Inc., a California registered investment advisory firm, for informational and educational purposes only. The information contained herein does not constitute investment advice or a recommendation to buy, sell, or hold any security. Investment advisory services are provided only pursuant to a written advisory agreement. Hafnia Financial, Inc. does not provide tax or legal advice. Past performance is not indicative of future results. All investments involve risk, including the possible loss of principal. There can be no assurance that any investment strategy will be successful. The information presented is based on sources believed to be reliable, but Hafnia Financial, Inc. does not guarantee its accuracy or completeness. Readers should consult with a qualified financial professional before making any investment decisions based on their individual circumstances. Fixed insurance products, including fixed and fixed indexed annuities, are offered separately through Jan Gleisner, licensed insurance agent (CA Lic. #0D77385). Insurance products are not securities, are not offered through or supervised by Hafnia Financial, Inc., and may involve commissions and other insurance-related compensation. Hafnia Financial, Inc. is registered with the California Department of Financial Protection and Innovation (DFPI). Registration as an investment adviser does not imply a certain level of skill or training. Last updated: June 2026

Need Personalized Financial Guidance?

Our team is here to help you navigate your unique financial situation.

Schedule a ConsultationBrowse More Articles