Preventing Identity Theft

Identity theft is when someone uses your personal or financial information - like your Social Security number or bank credentials — without permission, usually to commit fraud.

A scam tricks you out of money or personal information; identity theft is when your personal information is stolen to impersonate you and commit fraud.

Cybercriminals steal personal information to commit fraud, for financial gain, and other illegitimate reasons.

For more information review this article from the National Cybersecurity Alliance titled Why Do Scammers Target Older Adults?

Common methods include phishing emails, public Wi-Fi, fake phishing websites, malware, phone scams, investment fraud, charity scams, health insurance scams, sweepstakes, lottery scams, tech support scams, etc. These scams all use high-pressure tactics to urge you into handing over sensitive information or money, often demanding swift action with consequences if you don’t comply. Criminals will also steal mail or documents containing sensitive information and breach websites where your data or personal information is stored.

A cybercriminal can make an email message appear as though it is coming from a trusted email address, but it is sent from a different source. This is called spoofing.  Check the body of the email for typos or formatting errors. You should always treat unsolicited emails that urgently request personal or security information with extreme caution. Watch for bad grammar, a strange email address, misspelled words, poor formatting, and unusual requests with attachments and links. If you receive an email that you weren’t expecting, contact the sender directly via phone or a separate message to verify legitimacy.  CalPERS won’t ask for personal information via email or text.

You may unintentionally click on a harmful link, download an infected third-party app, or open an infected email attachment that results in malware being downloaded onto your cell phone or computer. Be cautious of what you click on. Malware is software designed to gain unauthorized access to a computer or device (e.g. cell phone).

Review these CalPERS PERSpective articles:

• Help Yourself and Your Older Loved Ones Avoid Fraud
• 6 Tips to Protect Your Personal Information Online

For more information review these articles from the National Cybersecurity Alliance:

• Online Safety Basics
• How to Spot and Avoid Phone Scams
• How to Avoid Charity Scams
• Why Do Scammers Target Older Adults?
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What Is Phishing and How To Avoid It

CalPERS won’t ask for personal information via text. Be on the lookout for:

• Text messages from an overseas phone number
• Text messages from an email address not associated with the sender such as a message from your financial institution that originates from a @gmail.com email address
• Messages that come from a number or contact you don’t recognize
• Messages that state you must act quickly or something bad will happen
• Suspicious links asking you to click, especially if they look strange or shortened
• Requests for sensitive information like passwords, bank details, or codes
• Promises of prizes, money, or gifts for little or no reason
• Spelling or grammar mistakes
• Impersonation: The message claims to be from a company or person you know, but something seems off

For more information review these articles from the National Cybersecurity Alliance:

• Online Safety Basics
• Why Do Scammers Target Older Adults?
• What Is Smishing? How Text Message Scams Work (And How To Avoid Them)
• How to Avoid Charity Scams
• Tread Lightly Online: How to Check and Manage Your Digital Footprint

Some suggestions include:

• Using strong, unique passwords
• Enabling multi-factor authentication (MFA)
• Using a password manager or authenticator app
• Shredding sensitive documents before disposal
• Avoiding oversharing personal information
• Monitoring your credit regularly
• Being alert for phishing scams
• Refraining from clicking on suspicious links or pop-ups
• Being cautious of unexpected emails or phone calls
• Keeping all software and browser up to date
• Collecting your mail daily to prevent theft
• Considering enrolling in identity theft protection services

Review these CalPERS PERSpective articles:

• Help Yourself and Your Older Loved Ones Avoid Fraud
• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• How to Spot and Avoid Phone Scams
• Why Do Scammers Target Older Adults?
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What Is Phishing and How To Avoid It
• Manage Your Privacy Settings

To remain vigilant and protect your account security:

• Check your financial statements regularly and don’t let items sit in your mailbox too long.
• Oftentimes you can setup automated alerts to be notified of any changes to your account via an email or text message. This will allow you to monitor account activity as well as and changes. 
• Use strong, unique passwords or passphrases for each account. Enable multi-factor authentication (MFA) whenever possible. 
• Be cautious with emails, texts, and calls—don’t click on suspicious links or share personal information. 
• Keep your software and devices updated to protect against security flaws. 
• Regularly review your account activity for any signs of unauthorized access. 
• Don’t reuse passwords across different sites. 
• Log out of accounts when finished, especially on shared devices. 

Some signs your identity has been stolen include, difficulty accessing your online accounts, unexpected bills for services you didn’t receive, unfamiliar charges on accounts, denied credit, calls from debt collectors, missing mail, IRS notification of more than one tax return filed in your name, and a drop in your credit score.

If you suspect your information has been stolen or misused, act immediately. Contact CalPERS at 888 CalPERS (or 888-225-7377) to report identity theft or any suspicious activity on your account. Additionally,

• Notify your financial institution or credit card company
• Change the login credentials for all your financial institutions including CalPERS
• Contact credit bureaus to place a fraud alert or credit freeze on your credit report:
  • www.equifax.com
  • http://www.experian.com
  • http://www.transunion.com
• Monitor all accounts and credit activity, and report the incident to the Federal Trade Commission (FTC) at identitytheft.gov
  • To report in Spanish, go to RobodeIdentidad.gov
• Review your credit reports and let creditors know about unauthorized activity so they can investigate
• If interested in a free recovery plan, you can contact the Identity Theft Resource Center:
  • www.idtheftcenter.org
  • 1-888-400-5530
  • ITRC@IDTheftCenter.org
• If you or someone you know is a victim of elder fraud, contact the U.S. Department of Justice’s National Elder Fraud Hotline 833.372.8311
• Reach out to local law enforcement

For more detail, review this CalPERS PERSpective article with 7 Steps to Fight Back Against Identity Theft.

More information is available from the National Cybersecurity Alliance:

• Hacked Accounts: What to Do Right Now
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Manage Your Privacy Settings
• Online Safety Basics
• Why Do Scammers Target Older Adults? 

If you notice unauthorized activity on your myCalPERS account , contact CalPERS immediately at 888 CalPERS (or 888-225-7377). If phoning internationally, call 1-916-795-3000.

Review these CalPERS PERSpective articles

• Help Yourself and Your Older Loved Ones Avoid Fraud
• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Manage Your Privacy Settings
• Online Safety Basics
• Why Do Scammers Target Older Adults?
• How to Spot and Avoid Phone Scams
• How to Avoid Charity Scams
• What Is Phishing and How To Avoid It
• What Is Smishing? How Text Message Scams Work (And How To Avoid Them)
• What is Multifactor Authentication (MFA) and Why Should You Use It?

A fraud alert allows a credit check but adds identity verification, while a credit freeze blocks all credit checks, even legitimate ones.  A credit freeze offers more protection but must be temporarily lifted if you need to apply for new credit. Placing a fraud alert and a credit freeze are both free and don’t affect your credit score.

An initial fraud alert lasts for one year, but you can choose to renew it. A credit freeze lasts indefinitely, until you remove them. Credit freezes can be added and removed as needed when you apply for credit.

You don’t need to wait until your Social Security number or other personal details are compromised in a data breach or misused by an identity thief to act. A credit freeze is a proactive step, and by placing a freeze on your credit, you block access to your credit report — making it difficult for new credit accounts to be opened in your name. The freeze is free and does not impact your credit score. A credit lock is also available by each credit bureau — it‘s recommended that you research each option to determine what is right for you. 

No, neither will not stop you from using your existing credit cards or other accounts.

To set up a credit freeze, contact each of the three major credit bureaus (Equifax, Experian and TransUnion). You’ll need to verify your identity (SSN, address, date of birth, etc.). You can lift or remove the freeze any time using a PIN or account login. You’ll need to request the freeze separately with each of the three credit reporting agencies. The freeze can be requested online through the following websites.

• Equifax : Equifax Credit Freeze
• Experian: Experian Credit Freeze
• TransUnion: TransUnion Credit Freeze

Phishing is when cybercriminals attempt to trick you into giving away personal information, like passwords or bank details, by pretending to be a trustworthy person or company, usually through fake emails, messages, or fake websites. Review these CalPERS PERSpective articles

Help Yourself and Your Older Loved Ones Avoid Fraud

How You Can Protect Your Personal Information

6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What Is Phishing and How To Avoid It

A phishing site is a fake website designed to look like a real website to trick you into entering personal information like user IDs, passwords, credit card number, and account details. Cybercriminals sometimes pay to promote phishing sites on search engines, so they rise to the top of search results. If you’re not manually typing in a website URL, be careful what you select to ensure that you’re going to the legitimate site. If you suspect you’re visiting a phishing site, exit the site immediately and change any passwords you may have entered, then report the site to the associated organization.

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What Is Phishing and How To Avoid It

Yes. Scammers attempt to copy logos, fonts, and layout from real websites.  Always check the URL and avoid clicking links from unsolicited messages. To ensure you visit the official CalPERS website, carefully examine the URL’s domain. The official CalPERS domain will always end with calpers.ca.gov. Understanding the structure of a domain helps you distinguish between legitimate sites and phishing attempts. For more tips, visit “Tips to Avoid Fake Websites”.

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What Is Phishing and How To Avoid It

Look for “https” in the web address and a padlock icon near the URL. Avoid clicking links in emails — instead, manually type the web address into your browser. Phishing sites often use slight misspellings, extra characters, or a different domain.

CalPERS won’t ask for personal information via email or text. Check the sender’s email address carefully.  Recognizing a phishing email isn’t always easy. You should treat unsolicited emails or texts that urgently request personal or security information with extreme caution. Watch for bad grammar, a strange email address or phone number, misspelled words, poor formatting, and unusual requests with attachments and links. If you receive an email or text that you weren’t expecting, contact the sender directly via phone or a separate message to verify legitimacy.

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What is Phishing and How to Avoid It 
• What Is Smishing? How Text Message Scams Work (And How To Avoid Them)

It’s safe to click on links in emails only when you’re confident the message is legitimate, and whether it’s from a person you know or organization. Cybercriminals can impersonate friends, family, coworkers, or businesses using fake or hacked accounts. Always check the sender’s email address carefully and look out for anything unusual like unexpected links, typos, or urgent language. If something feels off, don’t click.  Instead, confirm with the sender directly or visit the official website.

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• What is Phishing and How to Avoid It

Yes. This is called “vishing”. Cybercriminals may impersonate financial institutions, Medicare, or even law enforcement. They often create a sense of urgency to pressure you into sharing personal information, account details, or sending money.  Cybercriminals can make the phone number appear as though it comes from a trusted source or familiar phone number, when it’s really it’s from a different phone number. This trick is used to fool people into answering the call. To protect yourself, never give out sensitive information over the phone unless you contacted the person or business directly using a verified phone number.

Review these CalPERS PERSpective articles

• Help Yourself and Your Older Loved Ones Avoid Fraud
• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Why Do Scammers Target Older Adults?
• How to Spot and Avoid Phone Scams

If you receive a call asking for personal information like your password, Multi-Factor Authentication code, or Social Security number, do not respond. Hang up immediately. CalPERS will not ask for sensitive information over the phone. To verify and report any suspicious contact , call CalPERS directly at 888 CalPERS (or 888-225-7377). If calling internationally, phone 1-916-795-3000.

Review these CalPERS PERSpective articles

• Help Yourself and Your Older Loved Ones Avoid Fraud
• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Why Do Scammers Target Older Adults?
• How to Spot and Avoid Phone Scams
• How to Avoid Charity Scams

CalPERS will always call from the official number: 888-225-7377. If you receive a call from any other number asking for personal information, it may be a scam. Hang up and call the official number directly to report it. Additionally, official emails from CalPERS will come from addresses ending in calpers.ca.gov. Be cautious of look-alike domains (e.g., @calpers-support.com, or @calpersca.gov).

CalPERS will never ask for sensitive information by email or send you messages that pressure you to “act now” or “verify your account immediately”. If you receive a suspicious email or one from a different sender claiming to be from CalPERS, do not click on any links or attachments. Report it to CalPERS immediately.

Review this CalPERS PERSpective article titled Help Yourself and Your Older Loved Ones Avoid Fraud.

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Why Do Scammers Target Older Adults?
• How to Spot and Avoid Phone Scams
• How to Avoid Charity Scams

MFA is a security method that requires you to provide two or more pieces of evidence (like a password and a code sent to your phone) to prove your identity when logging in. MFA significantly reduces the chance of someone accessing your account even if they have your password.

Review these CalPERS PERSpective articles

• Help Yourself and Your Older Loved Ones Avoid Fraud
• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Why Do Scammers Target Older Adults?
• What is Multifactor Authentication (MFA) and Why Should You Use It? 

No. You should never share your username, password, or MFA code with anyone- even someone you trust. Per CalPERS policy, only the member is allowed to log in to their myCalPERS account. Cybercriminals often pose as coworkers, support staff, or friends to trick you. Sharing this information puts your account and sensitive data at serious risk.

More information is available from the National Cybersecurity Alliance:

• Online Safety Basics
• Why Do Scammers Target Older Adults?
• What is Multifactor Authentication (MFA) and Why Should You Use It?

Authenticator apps generate secure codes for logging in to accounts. They are safer than text message codes because they can’t be intercepted. Google Authenticator and Microsoft Authenticator are the most popular authenticator applications. This is another option for MFA, on top of texted, phoned, or emailed passcodes.

Log in to your myCalPERS account, go to Security Settings under the Multifactor Authentication & Account Recovery, and select Enable an Authenticator App to begin the setup process. Once enabled, each time you log in to your myCalPERS account, you’ll open your mobile device’s authenticator application, then enter the six-digit code to access your account.

Use what’s called a passphrase — a long password made up of several words or a sentence, which is easier to remember and usually more secure than a single word password. Avoid names, birthdays, or common words and use at least 15 characters. Example of a strong passphrase: MyD0gR@nsFast!2

For more information review this article from the National Cybersecurity Alliance on Online Safety Basics. 

To manage complex passwords, use a password manager — a tool that can create and store secure, complex passwords so you don't have to remember them.

For more information review this article from the National Cybersecurity Alliance on Tread Lightly Online: How to Check and Manage Your Digital Footprint.

Choose questions only you can answer or use a custom response (even a false one) that you will remember but others can’t guess. Avoid common or easy to guess answers.

Digital wallets like Apple Pay and Google Pay are considered one of the most secure ways to pay. Your actual card number is never shared with the merchant, instead one-time-use virtual card number is generated for each transaction. Plus, your payment information is encrypted and stays on your device, making it much harder for hackers or skimmers to steal. 

You should never give out sensitive details such as your date of birth, Social Security number, driver’s license number, bank account or credit card numbers, online banking usernames, passwords or PINs, one-time passcodes (OTP), and personal details used for security questions over the phone — unless you’re certain of who you are speaking with and why the information is needed. Cybercriminals often pose as banks, government agencies, or even familiar companies to trick people into revealing private data. If you receive a call requesting this type of information, hang up and call the organization back using the official phone number listed on their website. 

Review these CalPERS PERSpective articles:

• Help Yourself and Your Older Loved Ones Avoid Fraud
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Why Do Scammers Target Older Adults?
• How to Spot and Avoid Phone Scams
• How to Avoid Charity Scams

Yes. Be careful about what you post and with whom you interact. Don’t accept friend requests from strangers. Avoid sharing sensitive details like your birthday, phone number, or email address on social media profiles. Sharing less personal information makes it more difficult for someone to steal your identity. Be cautious about sharing photos while on vacation and think twice about posting that quiz of things most that most people wouldn’t know about you. This feeds cybercriminals personally identifiable information.

For more information review this article from the National Cybersecurity Alliance on Online Safety Basics.

Only share your Social Security number (even the last four digits) with trusted sources, such as your financial institutions, credit bureaus, or any other official government agencies. Never give it out over the phone, by email, or on social media.

If you received a notice of a data breach or find your information in a dark web scan, you should change your passwords immediately for any affected accounts. When companies offer free credit monitoring, take advantage of it. You can obtain your free annual credit report from www.annualcreditreport.com.

Remain vigilant and protect your account security:

• Check your financial statements regularly and don’t let items sit in your mailbox too long. 
• Setup automated alerts to be notified of any changes to your account via an email or text message. This will allow you to monitor account activity as well as and changes.
• Use strong, unique passwords or passphrases for each account. Enable multi-factor authentication (MFA) whenever possible.
• Be cautious with emails, texts, and calls—don’t click on suspicious links or share personal information. 
• Keep your software and devices updated to protect against security flaws. 
• Regularly review your account activity for any signs of unauthorized access. 
• Don’t reuse passwords across different sites. 
• Log out of accounts when finished, especially on shared devices. 

Staying alert and following these steps helps keep your accounts safe.

Review these CalPERS PERSpective articles:

• Help Yourself and Your Older Loved Ones Avoid Fraud
• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

For more information review these articles from the National Cybersecurity Alliance:

• Tread Lightly Online: How to Check and Manage Your Digital Footprint
• Manage Your Privacy Settings
• Online Safety Basics
• Why Do Scammers Target Older Adults?
• How to Spot and Avoid Phone Scams
• How to Avoid Charity Scams
• What Is Phishing and How To Avoid It
• What Is Smishing? How Text Message Scams Work (And How To Avoid Them)
• What is Multifactor Authentication (MFA) and Why Should You Use It?

If you notice slower performance, unexpected pop-ups, passwords not working, new apps or files you didn’t download, your device may be compromised. Antivirus software is recommended on your PC as well as maintaining the latest operating system to help block malicious software that could steal your information.

Review privacy policies and adjust security and sharing setting for apps or platforms you use, such as mobile banking, social media, or e-commerce sites.

Review these CalPERS PERSpective articles

• How You Can Protect Your Personal Information
• 6 Tips to Protect Your Personal Information Online

More information is available from the National Cybersecurity Alliance:

• Manage Your Privacy Settings 
• Tread Lightly Online: How to Check and Manage Your Digital Footprint

Yes. Adding a PIN or biometric lock (like fingerprint or facial recognition) is one of the simplest and most effective ways to protect your device. If it’s lost or stolen, this prevents unauthorized access to your personal apps, emails, banking information, and stored password.

If you lose your mobile device, act quickly to protect your information: 

• Use “Find My Device” (Apple or Android) to locate, lock, or erase your phone remotely. 
• Contact your carrier to suspend service and prevent unauthorized use.
• Change passwords for key accounts like emails, banking, and your CalPERS login. 
• Report the loss to your organization’ s security team if you use your device for work.
   

Every year, millions of devices are lost, stolen, or fail. Without a backup, you risk permanently losing important files like documents, photos, and videos.

For more information review this article from the National Cybersecurity Alliance on Online Safety Basics.

An external backup saves your data to an external hard drive or USB stick, rather than directly to your device. 

For more information review this article from the National Cybersecurity Alliance on Online Safety Basics.

Cloud backup stores your files online so you can access them from anywhere. It's safe from physical damage and is often encrypted. 

Review this CalPERS PERSpective article on How to Secure Your Digital Files.