How to Prevent Identity Theft: A Step-by-Step Guide for Seniors and Caregivers

Identity theft costs Americans over $10 billion a year, and seniors are the single most targeted demographic. The reason is straightforward: older adults have spent decades accumulating savings, building good credit, and maintaining consistent financial habits — which makes their identities especially valuable to criminals.

The good news is that most identity theft is preventable. Not with complicated technology, but with a few specific actions taken in the right order. This guide walks through exactly what to do, starting with the single most powerful tool available.

Why Seniors Are at Higher Risk

Before getting into the steps, it helps to understand why criminals target older adults specifically.

Seniors are more likely to have clean credit histories, retirement accounts, and home equity. A stolen identity with a 780 credit score and $400,000 in assets is worth far more to a fraudster than a younger person's identity with limited credit history.

Older adults are also more likely to carry their Medicare card (which displays the Medicare Beneficiary Identifier, or MBI), to share information with callers who sound authoritative, and to use the same passwords across multiple accounts. None of this reflects carelessness — it reflects generational habits that criminals have specifically learned to exploit.

Step 1: Place a Credit Freeze (Do This First)

A credit freeze is the most effective single action you can take to prevent identity theft. It locks your credit file so that no one — not a lender, not a criminal, not anyone — can open a new account in your parent's name without your knowledge.

It is free. It does not affect existing accounts or credit scores. It can be lifted temporarily if your parent needs to apply for new credit, and then re-frozen.

How to freeze credit with all three bureaus:

• Equifax: equifax.com/personal/credit-report-services/credit-freeze/
• Experian: experian.com/freeze/center.html
• TransUnion: transunion.com/credit-freeze

You must freeze at all three. A freeze at only one bureau still leaves two open doors. Each bureau will create an account and provide a PIN or password — save these in a secure location, because you will need them to temporarily lift the freeze later.

If your parent is in Canada, TransUnion and Equifax Canada both offer similar protections. Australia has a 21-day "credit ban" system through Equifax AU and Experian AU that can be extended to 12 months.

One important note: A credit freeze does not protect existing accounts. It only prevents new accounts from being opened. For existing account protection, you need the steps below.

Step 2: Set Up Transaction Alerts on All Bank Accounts

Most banks offer free transaction alerts through their mobile app or online banking. These alerts send a text or email any time a transaction occurs above a threshold you choose.

Go to your parent's bank app and look for: Profile → Notifications → Transaction Alerts

The alerts to enable:

• Any transaction over $100 (or $50 if you want tighter oversight)
• International transactions
• Card-not-present transactions (online purchases)
• Balance falls below a set amount
• New payee added

This creates a real-time "tripwire" system. If a scammer gains access to an account and initiates a transfer, you will know within minutes rather than discovering it during the next monthly statement review.

Step 3: Secure the Email Account

This step is less obvious but critically important. Your parent's email account is the master key to their financial life. If a criminal resets a bank password, the reset link goes to email. If they reset an investment account, same thing. Whoever controls the email controls everything connected to it.

Actions to take:

1. Enable two-factor authentication (2FA) on the email account. This means even if a criminal gets the password, they still cannot log in without a second code. Use an authenticator app rather than SMS if possible, since SIM-swapping attacks can intercept text messages.

2. Create a strong, unique password for the email account — not used anywhere else. A password manager like 1Password or Bitwarden makes this practical without requiring memorization.

3. Check the recovery phone number and backup email. Scammers sometimes change recovery options to lock out the legitimate owner. Verify these are correct.

4. Review connected apps. In Gmail, go to Google Account → Security → Third-party apps with account access. Revoke anything unrecognized.

Step 4: Use a Financial Monitoring Service

Bank transaction alerts catch activity after it happens. Dedicated financial monitoring services go further — they learn what "normal" looks like for your parent and flag anomalies before serious damage is done.

Three services specifically designed for elder financial protection:

Carefull ($12.99/month) uses AI to flag unusual patterns: a sudden string of large transfers, duplicate payments, subscriptions your parent didn't know they were paying, or activity that happens at 3am. It also includes identity theft insurance coverage.

EverSafe works similarly, monitoring across multiple institutions and sending alerts to a designated family member. It learns spending baselines over time so a small, unexpected wire transfer to an unknown account triggers an alert even if the dollar amount seems modest.

True Link Financial offers a prepaid Visa card with granular spending controls. You can configure it to allow grocery stores and pharmacies while blocking cryptocurrency exchanges, gift card purchases, wire transfers, and international transactions — the specific channels scammers use to extract money.

If a paid monitoring service is not in the budget, at minimum designate yourself (or a sibling) as a Trusted Contact Person (TCP) on your parent's brokerage and investment accounts. A TCP is a person the institution can call if they suspect fraud. The TCP cannot move money — they can only be contacted. It is free to add through most brokerages and requires only a phone call.

Step 5: Reduce Exposure of the Medicare Number

Medicare fraud is a significant category of elder identity theft. The Medicare Beneficiary Identifier (MBI) on a Medicare card functions like a financial account number — if a criminal gets it, they can bill Medicare fraudulently under your parent's identity, which eventually creates claim conflicts that affect your parent's legitimate care.

Practical steps:

• Your parent does not need to carry their physical Medicare card most of the time. Photograph it and store it securely, then leave the card at home.
• Never share the MBI over the phone unless your parent initiated the call to a number they looked up independently.
• If the MBI has already been shared with an unknown caller, report it to Medicare (1-800-MEDICARE) and request a replacement card with a new number.

Step 6: Check the Credit Report Annually

A credit freeze prevents new accounts from being opened, but reviewing the credit report annually catches anything that may have slipped through before the freeze was placed — or catches fraud on existing accounts.

All three bureaus provide one free credit report per year at AnnualCreditReport.com (the only federally authorized free source — other sites that promise "free" reports often charge hidden fees).

What to look for:

• Accounts you do not recognize
• Hard inquiries from lenders your parent did not contact
• Addresses your parent has never lived at
• Employers listed that are unfamiliar

If you find unfamiliar accounts, report them to the FTC at IdentityTheft.gov, which will generate a personalized recovery plan and pre-filled dispute letters for each affected creditor.

Step 7: Opt Out of Pre-Screened Credit Offers

Pre-screened credit card and loan offers that arrive by mail are a physical identity theft risk — they represent an open invitation to open a new credit line in your parent's name if the mail is intercepted or stolen.

Opt out at OptOutPrescreen.com (the official site operated by the credit bureaus). This removes your parent from lists sold to credit card companies and lenders. The opt-out lasts five years online or permanently with a mailed form.

Also register with DMAchoice.org to reduce catalog and direct mail that often arrives addressed to "Current Resident" — these can also be used for social engineering by callers who pretend to know your parent's purchasing history.

Ongoing: The Monthly 15-Minute Routine

Prevention is not a one-time setup. Make these five checks a monthly habit:

1. Check the email inbox for password reset emails your parent did not initiate — these are a red flag that someone is trying to access accounts.
2. Scan the bank statement for any unfamiliar recurring charges, even small ones ($9.99/month subscriptions are a common way criminals test whether a stolen card is active).
3. Check for new apps installed on the phone or computer — specifically remote access software like TeamViewer or AnyDesk.
4. Verify the credit freeze is still active at all three bureaus (log in once a year to confirm).
5. Review the Trusted Contact Person listing to ensure contact information is current.

The Elder Scam Shield guide covers all of these steps in detail, including ready-to-use conversation scripts for talking with parents who are resistant to oversight, exact account settings across major banks, and a response checklist for if identity theft does occur. If you want the full system in one document rather than piecing it together from multiple sources, the guide is available here.