Is that necessary? It sounds like something that only happens to other people. Don't you believe it. I was a bit sceptical about the claimed prevalence of identity theft myself, until I got a call from my bank asking whether I'd spent about $US700 on an online gambling site. The bank ended up reversing the charge on my credit card but the inconvenience of going through an investigation and getting a new card isn't one I'm keen to repeat.

A survey by Galaxy Research for credit collection agency Veda Advantage found more than one in five Australians over 16 had experienced some type of identity crime. More than 1.5 million Australians had credit cards illegally skimmed, 1.2 million had bank accounts illegally accessed and almost 1.2 million had personal mail stolen.

So what can I do to protect myself? As last week's cover story reported, locking your mailbox and avoiding "phishing emails" – those that claim to be from a bank, internet provider or even the Tax Office and ask you to click on a link to verify your account details or other personal information – is a good start. So are basic safeguards such as having up-to-date computer security software, doing an annual check of your credit file (I Can Do That, September 2) and checking your account statements.

The Australian Securities and Investments Commission (ASIC) says if you are transacting online, you should ensure the website is secure. Type in the web address yourself and whenever you are asked to provide personal information, check the address starts with "https" (the S stands for "secure"). That little padlock down the bottom of the page also indicates a secure website.

Choose a password that is hard to guess and that includes a mix of numbers and letters (your spouse or pet's name is probably out). ASIC suggests you change your passwords frequently and store them in a secure location. While there's a real temptation to use the same password for everything (it's often the only way to remember it), this makes you much more vulnerable to identity fraud.

ASIC says you should always log out when banking online and should avoid doing online banking and other secure transactions on public computers. It says email is not secure so you should never put financial information in an email.

Pop-ups on your web browser can be used to install software to spy on you or steal your identity and should be disabled. The Government website staysmartonline.gov.au suggests you set up a separate email account for shopping and news groups. If you need to, you can then change this address without disrupting your other online activities. Only share your primary email address with people you know.

It says you should also be careful about signing up to mailing lists, because spammers use the unsubscribe button to validate addresses, and only make online purchases from companies that have a clear privacy policy.

The old low-tech advice – such as not throwing personal information out with your garbage, keeping an eye on your credit card when it is used for physical transactions and not telling anyone (even family) your PIN or passwords – will help to protect you against identity theft.

OK, so let's say I do all this and some scumbag still uses my details for their online poker game. Am I protected? The Electronic Funds Transfer Code of Conduct determines who is liable if there's an unauthorised transaction on your account or credit card. It requires financial institutions to give you your money back where it is clear you haven't contributed to the loss but you may still be liable if your financial institution can prove you contributed to the loss by acting fraudulently, not keeping your PIN or password secret or unreasonably delaying telling your financial institution that your card has been misused, lost, stolen or that someone else may know your PIN or password.

However, there are still limits on your liability. ASIC has more details on identity theft and how the EFT Code works at fido.asic.gov.au.