Question: I am a kupuna who is getting those debit/credit cards in the mail that I never ordered. I did freeze my credit afterward. How long should I leave it frozen?

Answer: Forever, although you can unfreeze it briefly when you need to apply for credit and refreeze it as soon as the creditor(s) you’ve authorized access the information they need, said Brett Johnson, once an infamous cybercriminal but now a cybersecurity consultant and public speaker fighting online fraud. AARP Hawaii is bringing him to the islands for three free, public talks next week on Maui, the Big Island and Oahu (details below).

Johnson says a credit freeze, also known as a security freeze, which restricts access to a consumer’s file with the major credit-reporting bureaus, is the best way to prevent fraudulent credit cards, loans and other accounts from being opened. Once a person’s stolen identity has been used successfully for fraudulent purposes, as yours has, it tends to stay in circulation among cybercriminals, who are more organized and networked than consumers might assume, he said. “There have been victims who leave the freeze on for years, and they figure everything’s OK and they lift it, and within days new accounts are being opened,” he said.

He urges people to freeze their credit as a preventive measure — don’t wait for a fraudulent account to be opened. Cybercriminals seek “low- hanging fruit” to rake in quick cash, so people who take the following steps can make themselves less of a target, he said:

>> “Freeze the credit of every single person in the house. That stops new account fraud to a major degree. It works great for kids, too.”

>> Set up online access to financial accounts — bank accounts, credit cards, 401(k)s, etc. — with strong passwords and multifactor authentication. Regularly monitor the accounts, including by placing activity alerts.

>> Use complex, unique passwords for each online account, including email accounts, preferably with a password manager. “Do not use the same or similar passwords across accounts. Ever.”

>> Verify any unsolicited request for personally identifying or financial information. “Never respond in the moment to an unsolicited request, whether it’s by mail, phone call, email, text or a knock on door. Just don’t. Step back and take that extra step to verify. If someone calls out of the blue saying they’re from your bank, hang up and call your bank. Sometimes it’s that simple.”

At his talks next week, titled “Inside the Mind of a Con Artist,” Johnson will explain how cybercriminals classify and target potential victims, and how they rely on a combination of technical skills, social engineering and ruthless compartmentalization to exploit the vast trove of stolen personally identifying information for sale on the dark web. Johnson, who was a leader of the online crime ring ShadowCrew in the early 2000s and later served time in prison, also will share fraud prevention tips and answer questions from the audience, eager to make a positive contribution after his past actions. “It took me a long time to understand that we are here not to hurt each other, but to help each other. I wake up every morning trying to do that.”

>> Aug. 18 at 9 a.m. at the Maui Beach Hotel in Kahului

>> Aug. 19 at 9 a.m. at the Hilo Hawaiian Hotel

>> Aug. 20 at 9 a.m. the Ala Moana hotel in Honolulu. (The fraud prevention seminar begins at 9 a.m., and Johnson will begin speaking at about 9:45 a.m. His talk will also be simulcast on AARP Hawaii’s Facebook page and YouTube channel.)

Register for any of the events at 808ne.ws/AARPevent or via aarp.org/hi. You don’t have to be an AARP member to register.

Write to Kokua Line at Honolulu Star-Advertiser, 500 Ala Moana Blvd., Suite 7-500, Honolulu, HI 96813; call 808-529-4773; or email kokualine@staradvertiser.com.