Facebook website © Justin Sullivan, Getty Images

Let's make one thing clear: You can't prevent social media-related identity theft. Even if you delete your Facebook account, turn off Twitter and cut yourself off from all other social media, there's still enough information about you out there to help the bad guys access your financial life.

It's in the stuff you've already posted, other people's posts about you and in huge databases that have been tracking you on- and off-line.

"There's no such thing as preventable identity theft," said Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. "People have put out so much information, there are so many sites that are tracking you and so many breaches have occurred."

Even Michelle Obama may have been hit by hackers who apparently were able to pull credit reports on celebrities by piecing together publicly available information.

What you can do is to try to make yourself less of a target -- and know what to do if you get hit.

Making yourself less visible isn't easy in a world where your something as seemingly innocuous as your Facebook "likes" can reveal your political and sexual orientation and readily available facial recognition software can not only track you from site to site but can figure out your Social Security number.

Liz Weston

Liz Weston

The bad guys are very patient, and they cast a wide net. They're tapping public information databases and matching that with the information they find on Facebook and elsewhere. They're looking for the tidbits of information to figure out where you bank, what your credit accounts are and how they can masquerade as you.

"Fraudsters spend a great deal of time pulling together a portfolio of the person they're targeting," said Ron Green, a former Secret Service agent and deputy chief security information officer at FIS, a company that provides banking software and information technology.

"They're very patient," Levin agreed. "They cobble together the information . . . and then remake your bed, except with them in it."

The puzzle pieces that used to be private are no longer very hard to get.

"Social media is making a lot of people just provide that information freely," Green said.

Levin made the same point more colorfully: "We can't help ourselves . . . people just wholesale spew information about themselves."

Here's what you need to do:

Scour your timeline for "personally identifiable information." Anything that could be used to guess your password, or your answers to security questions that authenticate you on financial sites and elsewhere, would be of prime interest to an identity thief. That includes, but isn't limited to:

  • Your full name (including middle name).
  • Your full birth date.
  • Your children's names.
  • Your pets' names.
  • Your hometown.
  • Your mother's maiden name.
  • The names and dates of schools you've attended.
  • Your home address.

Security experts recommend purging as much of this personally identifiable information as possible -- with the understanding that it's probably cached somewhere or may already have been accessed by a thief.

"It would be worth doing because you've probably lessened the 'threat surface,'" or the amount of readily available information that could be used against you, Green said. "But you really can't put the genie back in the bottle."

Using a handle or nickname is better than using your real name, although Facebook discourages that (and it's tough to change your name after you've established your account).

If you do nothing else, though, take your birthdate under wraps since that date is used to confirm the other information a criminal may have compiled about you -- not to mention that people often use birthdates in their passwords. If you really need to get birthday greetings on your actual birthday, rather than a few days before or after, at least conceal the year you were born.

Also know that many phones and cameras can "geotag," or embed information in photo files that show where the pictures are taken. A savvy criminal could access that information and figure out your address, so Levin recommends turning off geotagging, also known as "location services".

Practice good password hygiene. You're supposed to use different passwords at every site, but, at a minimum, you shouldn't reuse your Facebook password at email and financial sites. If you're having trouble keeping track of multiple passwords, consider programs such as LastPass or 1Password that can store them in encrypted form.

Beware of apps. Free games and quizzes seem like fun, but typically their purpose is to suck up information about you and your friends. At best, your information will be used to spam your friend list, or sold to marketers. At worst, the programs might be designed by identity thieves. That "personality test" you took could be just a cover for extracting clues to your passwords or security questions. You can turn off Facebook apps by clicking the little gear on the top right of your screen; select "privacy settings" and then look on the left side for "apps."

More from Liz Weston: