How To Prevent Identity Theft and Its Devastating Effects

Share this:

Sofia Kaufman

Chief People Officer at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Is It Possible To Prevent Identity Theft?

    After Jessica Roy’s wallet was stolen and her debit card was used to charge $50 at a gas station, she thought the worst had passed. But then the letters started arriving. First, it was a few new credit cards and bank accounts in her name. Then, a $14,000 bad check written at Big Lots. Finally, a stolen Tesla.

    Years later, even after the original thieves were caught, Jessica continued to face the consequences of having her identity stolen [*].

    Identity theft has become the most pervasive — and one of the most damaging — crimes in America. According to the Federal Trade Commission (FTC) [*]:

    Over 5.7 million Americans were affected by fraud or identity theft last year, with losses in the billions.

    While no one can claim to completely prevent identity theft, there are steps that you can take to secure your identity and protect your finances, benefits, and reputation from scammers. 

    In this guide, we’ll explain the biggest identity theft risks of 2023, and show you how you can make yourself and your loved ones less vulnerable targets for scammers.

    What Are the Greatest Identity Theft Risks in 2023?   

    Identity theft happens when someone uses another person’s personally identifiable information (PII) to commit fraud, steal money, or gain benefits by pretending to be that person.

    Identity theft isn’t a single crime. Instead, it’s part of a wide spectrum of fraudulent crimes that includes financial fraud, account takeovers, criminal identity theft, and benefits fraud. 

    And it’s getting worse.

    According to the Identity Theft Resource Center (ITRC), 50% of identity theft victims are repeat victims.

    Worse yet, almost a third of all victims lose more than $10,000 — while nearly half of all identity theft cases go unresolved [*].

    Identity theft risks are always evolving. Here are some of the greatest threats to your identity in 2023:

    • Data breaches: Hackers regularly breach major companies and leak sensitive information to the Dark Web. At this point, cybersecurity experts say it’s almost guaranteed that your Social Security number (SSN) and other critical information is available on the Dark Web.
    A graph showing the spike in annual data reaches over recent years
    The spike in annual data breaches over recent years. Source: Statista
    • Investment scams: Investment scams involve tricking people into investing in fraudulent platforms or schemes. In the recent “pig butchering scam,” victims are convinced to trade cryptocurrency for “massive returns.” But the platform is fake, and their money disappears. 
    • Fake websites that steal passwords and login credentials: Scammers are more interested in your account passwords and login credentials than information like your SSN. Fake websites (known as “pharming websites”) are set up to look like the real thing. But when you sign in, you send your account password straight to scammers.
    • Fraudulent tax returns: Scammers file a tax return with the Internal Revenue Service (IRS) in your name, collecting your refund and often setting you up for an IRS audit.
    • Online purchase scams: Scams in which fraudsters set up fake e-commerce websites or ads were the most common type in 2022 [*]. In these scams, criminals try to sell fake products, usually asking victims to pay by money order, gift card, or wire transfer.
    Take action: Don’t face identity theft and fraud alone. Try Aura free for 14 days and get access to #1-rated identity theft protection, 24/7 Fraud Resolution Specialists, $1 million in identity theft insurance, and more.

    How To Prevent Identity Theft: 10 Steps

    1. Freeze your credit file
    2. Use a secure password manager
    3. Enable two-factor authentication (2FA)
    4. Learn to recognize a phishing attack
    5. Practice safe browsing habits
    6. Regularly check your bank, card statements
    7. Reduce your online footprint
    8. Remove your details from data broker lists
    9. Keep your devices and software up to date
    10. Check if your data is on the Dark Web

    To help prevent identity theft, you need to stop criminals from accessing your personal information, online accounts, and devices. Here’s what you can do to secure yourself and your family from identity thieves. 

    1. Freeze your credit file with all three credit bureaus

    If scammers gain access to your personal data or financial information, they can open new accounts or lines of credit in your name. In 2021 alone, the FTC received over 360,000 complaints of identity thieves opening fraudulent credit card accounts [*].

    A credit freeze blocks access to your credit reports, preemptively preventing fraudsters from opening new accounts in your name. 

    But there’s one caveat: You need to freeze your credit with all three major credit bureaus individually (Experian, Equifax, and TransUnion). If you only freeze your credit with one or two, scammers may still be able to open accounts in your name. 

    Here’s how to freeze your credit report with the major credit bureaus:

    Have your name, birthdate, address history, and Social Security card ready. Then, contact each credit bureau individually – Equifax, Experian, and TransUnion – and request a credit freeze. Keep in mind that this can take up to 24 hours to take effect.

    Experian Security Freeze — P.O. Box 9554, Allen, TX 75013
    Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788
    TransUnion LLC – P.O. Box 2000, Chester, PA 19016

    For added security, consider signing up for a credit lock program. This enables you to instantly lock your credit via one click of a button (with a monthly subscription).

    Aura credit protection and monitoring with one-click Experian credit file lock
    Aura lets you lock and unlock your Experian credit report with a single click. Learn more about how Aura helps prevent identity theft

    2. Use a secure password manager

    Your passwords are the first — and sometimes last — line of defense against hackers and scammers. With access to your passwords, malicious actors can gain access to your accounts and wreak havoc on your personal life, financial accounts, credit score, and reputation.

    Yet, over half of Americans admit that they haven’t changed their passwords in over a year [*]. Even worse, almost two-thirds say they use the same password on multiple accounts — which means a single cyberattack could compromise all of your accounts at once.

    Results of a survey on passwords from Google
    Google asked 3,419 adults in the United States about their password habits. Source: Google

    A password manager helps store your passwords securely so that you don’t risk losing them or having them stolen by hackers. A manager also helps you remember all of your passwords rather than writing them down in unsafe places, like on slips of paper.

    Here’s what to do:

    • Research and choose a reputable password manager. For example, Aura’s top-rated identity theft protection service includes a secure password manager with every plan.
    • Use the password manager to create and store new, unique, and strong passwords for all your accounts. Aura’s password manager can even warn you if your passwords are too weak or have been compromised in a recent data breach. 
    • Add the password manager to your web browser to save logins and sync your passwords across web, browser, and mobile devices. This gives you easy access to all of your passwords when you need them. 

    📚 Related: How Long Does It Take To Recover From Identity Theft?

    3. Enable two-factor authentication (2FA) on all accounts 

    Passwords alone aren’t enough to keep hackers out of your online accounts. With data breaches, malware, and cyberattacks on the rise, hackers are constantly finding new ways to steal or bypass your passphrases and access your accounts.

    Two- or multi-factor authentication (2FA and MFA) provides a second layer of defense against hackers. 

    Example of an authenticator app
    An authenticator app requires a secondary code or other security measure to access your accounts.

    With 2FA enabled, your accounts require a secondary security measure before you can log in — for example, a one-time-use code sent to your email, or biometric security such as your fingerprints. 

    Here’s what to do:

    • Enable 2FA on all of your accounts that offer this feature. Start with the most important accounts, including financial institutions, social media, and email. You can use the 2FA directory to find out which accounts support it.
    • While most people use SMS to receive their one-time 2FA codes, these can be intercepted by SIM swapping and other hacking methods. Instead, use an authenticator app like Authy or Google Authenticator.
    • Keep your backup codes in safe places so that you can access your accounts if something goes wrong.

    4. Learn the warning signs of a phishing attack

    Phishing attacks happen when scammers impersonate someone you trust (usually a well-known company or government agency) so that they can steal your money, passwords, or identity.

    Unfortunately, phishing is becoming far more common — with a record million+ phishing attempts recorded in just the first three months of 2022. [*]

    Phishing attacks can occur over email, phone calls (known as “vishing”), SMS (known as “smishing”), social media, and fake websites.

    Knowing the signs of a phishing attack is the only reliable way to avoid becoming a victim. 

    Warning signs of a phishing attack include:

    • Spelling and grammatical mistakes. Legitimate companies hire copywriters and editors to maintain professional standards. Mistakes can be a sign that a message is fraudulent. 
    • Unprofessional-looking email addresses. If the sender claims to be from a particular company, check their address against the address listed on the company’s website. Often, they use a generic public address (like Gmail or Yahoo!). 
    • Requests for personal information. Scammers often ask for your Social Security number, Medicare or health insurance information, driver’s license, credit card numbers, or login credentials. Never share personal information via telephone, email, text, or other channel unless you initiate contact and know for sure whom you’re speaking with.
    • High-pressure tactics. Threatening language, social engineering, or attempts to create a sense of urgency are clear indicators that you’re dealing with a scammer.

    📚 Related: What Happens If You Open a Phishing Email?

    5. Practice safe browsing habits, and use privacy tools like a VPN

    Cybercriminals are constantly looking for ways to steal your information while you browse online. With safe browsing habits, you can avoid the dangers of unsecured networks, compromised websites, and online traps set by hackers.

    A virtual private network (VPN) helps establish a secure, private “tunnel” between your device and the internet. This helps to obscure your identity, encrypt your location and web traffic, and prevent hackers from spying on your online activity. 

    Here are some tips to stay safe online:

    • Use a VPN when browsing, shopping, banking, or going online in public. Aura includes a premium VPN with military-grade encryption. While using it, your IP address and traffic will be masked completely, preventing hackers from snooping. 
    • Only access websites starting with HTTPS. These websites display a padlock next to the URL in the address bar, letting you know they’re secure. Websites with only HTTP-level security are more prone to attacks and may be infected with malware.
    Example of a "secure" URL from a government website.
    Government websites include a disclaimer to look out for “.gov” URLs, HTTPS, and padlock symbols.
    • Don’t use public Wi-Fi. Public Wi-Fi is often targeted by hackers who create spoofed networks, or intercept traffic to steal people’s passwords and personal information. To prevent this, either avoid public Wi-Fi or always use a VPN if you are in a situation in which you must access public Wi-Fi.

    6. Regularly check your bank and credit card statements

    Credit card fraud has become one of the most common cybersecurity threats today. In October 2022, a marketplace on the Dark Web offered to give away the credit card details of nearly 1.2 million people [*].

    Unfortunately, it’s hard to find out whether your credit card details are for sale (or have been sold already). That’s why it’s important to monitor your credit and bank account statements. If you spot fraudulent activity or unauthorized withdrawals, you can act quickly to minimize the damage.

    Here’s what to do: 

    • Keep an eye on your credit card and bank statements. Check for any suspicious or unrecognized charges. If you notice anything, contact your bank or credit card company immediately and see what they can do to help you secure your accounts. 
    • Request a free credit report from You can request a free copy of your credit report once per year (or weekly until the end of 2023). This will show you all credit associated with your identity so that you can check whether accounts have been established in your name, or if there are inquiries on your behalf that you don’t recognize. 
    • Sign up for fraud alerts. A credit monitoring service like Aura actively monitors transactions on your credit cards, bank accounts, and credit report and warns you of suspicious activity in near real-time. Aura’s fraud alerts are up to 4x faster than competitors. 
    Take action: Three-bureau credit monitoring is one of the only ways to ensure you’re alerted of suspicious or fraudulent activity before it’s too late. Try Aura free for 14 days and keep your finances safeguarded against scammers.

    7. Reduce the amount of information available about you online

    The amount of information about you online is known as your “digital footprint.” While it might not seem like much, every time you add personal information to online profiles or post to social media, you’re giving criminals clues that they can use to scam you or break into your online accounts. 

    Your shopping history, browsing habits, search history, social media comments, fitness data, newsletters, and even “private” messages can be used to fuel phishing scams or guess your passwords. 

    By reducing your online footprint and practicing good cyber hygiene, you can minimize the chances that a scammer will target you.

    Here’s how to reduce your digital footprint:

    • Consider sharing less information about yourself. Don’t share personal information online (like your email address, mailing address, phone number, etc.). If you post to social media, make sure you’re not sharing something that could cause you harm.
    • Adjust your privacy settings. The default privacy settings on most services, apps, and websites are designed to capture as much information about you as possible. It’s a good idea to go through and limit what data is collected. Start with your social media profiles — like Facebook, Twitter, LinkedIn, and Instagram.
    • Delete old accounts, apps, and data. Many smartphone apps collect data while you’re using them, but some also collect data in the background. If you aren’t going to use an app or online account anymore, delete it. And in the future, try to use guest accounts as much as possible (or use a secondary email address).

    📚 Related: How To Remove Your Personal Information From the Internet → 

    8. Remove your personal details from data broker lists

    Even if you remove your personal information from online sources, companies may have already collected it and added it to their databases. These “data brokers” (sometimes called “people search sites”) sell your information to anyone, from telemarketers to scammers. 

    The bad news is that there are hundreds of data brokers in the United States alone, making it a complex task to remove your personal information.

    Here’s how to remove your personal data from broker lists:

    • Search data brokers like Whitepages, People Finder, and Spokeo for your information. If they have it, submit a request to remove it. Since there are hundreds of data broker services in the United States alone, this is a lengthy and difficult process.
    • Alternatively, Aura’s comprehensive digital security suite includes access to an automatic data broker removal service. Aura will scan these lists for your information and then send removal requests on your behalf.
    • Google your own name and note if there are any websites hosting your data. If there are, start a request with Google to remove your personal information
    Remove your data from broker lists for free. Start your free 14-day trial of Aura and take advantage of automatic data broker opt-out features.

    9. Keep your devices and software up to date

    Software and device updates often include security patches that guard against the latest hacks, viruses, and malware. Because of this, hackers often target vulnerabilities in out-of-date software and devices. If malware successfully infects your system, it might harvest your data without you even knowing it.

    But even with up-to-date devices, malware might still get in. In this case, powerful antivirus and firewall software are your last lines of defense.

    Here’s what to do:

    • Set up automatic updates. Ensure that all your devices and software are set to automatically check for updates. If this isn’t possible, schedule a time every two weeks to manually check and install any available patches.
    • Install reputable antivirus software. Aura checks for viruses, ransomware, spyware, adware, trojans, and more. If discovered, it will isolate and remove infected files and protect you against further infection. 
    • Only install trustworthy apps and software. In 2020, 1,200 malicious apps were available in the App Store [*] and 100 million Android devices were infected by apps designed to steal your money [*]. Always check user reviews and only download apps from reputable sources.
    Aura antivirus software
    Aura’s antivirus software works across your devices to keep you safe from hackers. Learn more about Aura’s proactive digital security tools

    10. Find out what personal information and passwords are on the Dark Web

    The Dark Web is a hidden part of the internet that’s only accessible by using a special browser. Because of its anonymity, it has become a breeding ground for scammers, hackers, and other malicious entities to buy and sell personal information and malware.

    In 2021, sensitive data from 22 billion accounts were leaked onto the Dark Web, including passwords, SSNs, bank account numbers, and more [*]. 

    And this data is surprisingly cheap. According to the Dark Web Price Index, full credit card details with an account balance of up to $5,000 are for sale for only $120.

    The average price of stolen personal information. Source: Dark Web Price Index

    Here’s how to find out what’s been leaked on the Dark Web:

    • Use Aura’s leaked password scanner to find out if your PII or debit and credit information are available on the Dark Web. Double-check this information against Identity Guard’s scanner and HaveIBeenPwned
    • Sign up for a Dark Web monitoring service like Aura. Dark Web monitoring tools constantly scan the Dark Web for your personal information. If anything suspicious is detected, you’ll be alerted immediately so that you can update your compromised accounts before it’s too late.
    • If your email or PII are for sale, there’s a chance they were acquired via malware. Run your antivirus software to check for and isolate any malicious software.

    💡 Related: The 7 Best McAfee Alternatives in 2023

    Do You Need an Identity Theft Protection Service?

    While you can take many steps to protect your identity, it’s nearly impossible to monitor all of your personal data and protect against all forms of identity theft. That’s why millions of Americans are choosing to sign up for identity theft protections services. 

    An ID theft protection service can take the pressure off you by monitoring your personal information (across Dark Web forums, data brokers, public records, and more) — alerting you to suspicious activity, and helping you to stay safe with 24/7 support and identity theft insurance coverage.

    For example, with Aura, you get:

    • The highest-rated identity monitoring service. Aura’s top-rated identity theft protection monitors your personal information, credit cards, SSN, home title, bank accounts, and more. If anything suspicious is found, you’ll be alerted in near real-time so that you can shut down the scammers. 
    • Three-bureau credit monitoring (as well as bank and investment account monitoring). Aura monitors all of your financial accounts for suspicious activity. This includes all three major credit bureaus, as well as your credit card, banking, and investment accounts. 
    • Anti-tracking software. Aura’s anti-tracking tools prevent websites from tracking your online activity. This means scammers can’t access your digital footprint and target you with phishing attacks or scams.
    • Device protection and Safe Browsing Tools. All Aura plans include powerful antivirus software, a military-grade VPN, and anti-phishing protection (that warns you if you’re entering a potentially dangerous website) to prevent your personal information from being stolen.
    • Identity theft insurance for your family. Every adult member on an Aura plan is covered by a $1,000,000 identity theft insurance policy for eligible losses.
    • 24/7 access to U.S.-based Fraud Resolution Specialists. If you become a victim of identity theft, you’ll have access to a dedicated team of fraud resolution specialists to help walk you through the necessary steps toward recovery

    The Bottom Line: Don’t Let Identity Thieves Ruin Your Life

    Identity thieves can do a lot of damage, quickly. With data breaches, scams, and cyberattacks all on the rise, the only way to prevent your identity from being stolen is to be proactive.

    Do everything in your power to make it harder for criminals to access your sensitive information. And for added peace of mind, consider signing up for Aura’s all-in-one digital security solution to keep your data safe and prevent scammers from impersonating you.

    Keep yourself and your family safe from identity theft. Try Aura free for 14 days.

    Related Articles

    An illustration of a victory stand showing Aura among the best identity theft protection services
    Identity Theft

    The 12 Best Identity Theft Protection Companies in 2023

    In this guide, learn about the benefits of common identity theft protection features and compare 12 identity theft protection companies.

    Read More
    June 6, 2023
    warning signs of identity theft
    Identity Theft

    25 Warning Signs of Identity Theft: How To Tell If You're a Victim

    Are you worried that someone may have stolen your identity? Learn the 25 most common warning signs of identity theft and how to protect yourself today.

    Read More
    June 6, 2023

    Try Aura—14 Days Free

    Start your free trial today**