The first defense is to avoid easily guessed passwords and parking personal information on social websites. Make sure the computer and cell phone you use regularly are running robust virus/spam/phising protection. Then create a small maze of defensive devices - you can't stop them entirely, but you can slow them down.
So, what's a strong password anyway? It's a text string impossible to remember. If it's hard for you to remember, it's harder yet for a thief to guess. So the first strategy is to not use a universal password. That would be like putting all your eggs under one rabbits ass. Second, mix letters, caps and numbers and use at least eight of them. Avoid common words, trite phrases, birthdays, home addresses, offspring/spouses names, or places. Once you craft a set of these gems park them off-virtual-world in a small home safe.
Don't put your goodies on your cell/smart phone or wallet. These are too easily stolen.
Use an avatar, phantom, or alias on sites that don't require your real name or face. Your personal email account should only be given to banks and businesses you entrust your social security number to. Use an alternate email address for the bulk of your online contacts.
When you get credit card bills, or any bill always look it over carefully verifying in your mind and with family each charge. When a bank or credit card company calls one day to say you've been had, change everything everywhere - all passwords, and even accounts.
Finally, never, ever, ever that means not once open an email where you don't recognize both the sender and the subject. The same applies to phone calls. Finally, check the credit services from time to time and scan the entire report looking for suspicious activity.
Back in the old days you could see the thief coming. Now they can take your crap from ten thousand miles and two continents away. Isn't modern life fun?
