Identity theft impacts up to ten million Americans directly every year, with millions more becoming vulnerable to attack. The first step to preventing financial losses that occur through identity theft is to understand how it happens.

High-profile examples are in the news every day, and attackers use a wide variety of tricks to gain your confidence. “Phishing” is one such gambit. In this attack, a thief will send out an email claiming to be from a legitimate, trusted source, such as a bank. The thief will duplicate the bank’s logo, creates a return email address that also looks legitimate, and then spoofs a web site address. The email will usually tell you to log onto the web site to verify your account information. But in reality, the web site you click on is a ruse. It too, will look legitimate, and contain the bank’s logos, and may be an exact duplicate of the bank’s real web site. But in reality, when you enter in your password and account number, that information goes straight to the attacker–who then proceeds to clean out your account.

Prevention of identity theft is a simple matter, since most thefts occur as a result of a ruse such as the one described above. Rule number one is to be aware of any emails claiming to be from a financial institution, or anyone requesting you to verify an account number. If you receive an email from your bank asking you to log in, do not click on the link provided in the email. Go directly to your bank’s web site by entering in the URL directly into the browser. And if there is any doubt, a quick phone call to your bank’s customer service office will reveal whether the request was legitimate.

It’s easy to spot a phishing e-mail, and prevent being a victim of identity theft. These emails typically do not include a personal salutation, but instead, says something like “Dear account holder.” An email from your bank is more likely to address you by name. Phishing emails often contain spelling or grammatical errors and are poorly written, and often have a sense of urgency. They may claim that your account is in danger of being closed if you do not log in immediately.

Any unsolicited email that asks for account information should be suspect. Even if it contains an authentic business logo, and appears to be from a trusted source, verify with a phone call before providing information.

Phishing is just one of dozens of tricks a thief can use to steal your identity. Password theft is another. You can protect against this type of attack simply by using more difficult passwords for your various accounts. Instead of using the bank’s default password, or creating a password that is the name of your spouse, your dog, or your alma mater, create a password that is at least eight characters long and contains both alpha and numeric characters. Passwords that are easily guessed can cause identity theft.

Another easy, but effective way to prevent identity theft is to shred your utility bills and credit card statements after you’re done with them. A dumpster diver can easily retrieve those statements from your trash bin, and use them to steal your identity.

If you are a victim of identity theft, file a police report, contact the credit bureau’s fraud department, contact any credit card companies or other financial institutions that may be involved, and file a report with the FTC.