How To Prevent Identity Theft Online and In Real Life

Is It Possible To Prevent Identity Theft?

With only a few pieces of your personally identifiable information (PII), identity thieves can destroy your credit, reputation, and future. And it’s only getting worse.

According to the Federal Trade Commission (FTC) [*]:

In 2022, over 5.4 million Americans were affected by fraud or identity theft, with losses in the billions.

While no service, app, or tool can completely prevent identity theft, there are steps you can take to secure your identity and protect yourself from fraud, scams, and hacking.

In this guide, we’ll explain how identity theft happens in 2023 – both online and in the real world — and then show you how you can make yourself and your loved ones less vulnerable targets for scammers.

What Is Identity Theft? What Are The Risks?

Identity theft happens when someone uses another person’s PII or financial information to commit fraud, steal money, or gain benefits by pretending to be that person.

Identity theft isn’t a single crime. Instead, it’s part of a wide spectrum of fraudulent crimes that includes financial fraud, account takeovers, criminal identity theft, and benefits fraud. Unfortunately, it’s become easier than ever for identity thieves to steal your identity.

Scammers can easily buy stolen sensitive information leaked from a data breach, trick you with phishing emails and text messages, fake websites, and other online scams, or hack your devices with malware.

If scammers steal your identity, they can:

• Open new credit cards and accounts or take out loans in your name
• Gain access to your online bank account and empty your savings
• Take control of your online accounts and impersonate you
• Apply for government benefits such as unemployment insurance in your name
• Use up your healthcare benefits through medical identity theft
• Hack your devices and blackmail you over sensitive documents, photos, or videos
• Ruin your credit score by not paying back fraudulent loans
• File fraudulent tax returns in your name and steal the refund
• Create a fake ID using your name, address, and personal details
• Post embarrassing comments or photos on your social media accounts  

According to the Identity Theft Resource Center (ITRC), almost a third of all identity theft victims lose more than $10,000 — while nearly half of all identity theft cases go unresolved [*].

📚 Related: How To Protect Your Identity Online in 2023 →

How To Tell If Someone Is Using Your Identity

Identity theft isn’t always easy to spot. But once you learn to recognize the warning signs, they become blatantly apparent.

Here are some of the easiest ways to tell if someone is using your identity:

• Unfamiliar charges, accounts, or loans. Identity thieves are almost always financially motivated. Any unfamiliar accounts, transactions, or changes to your credit score can be a sign that someone is using your identity to take out fraudulent credit.
• You’re locked out of your online accounts. If hackers access your accounts, they will most likely change your passwords to lock you out. If a password you know should work suddenly doesn’t, you’ve most likely been hacked. ‍
• Friends and followers say they received strange messages from you. When scammers hack your accounts, they’ll often use them to target your friends and followers with more scams. Strange messages on social media or via email can be a sign of online identity theft.‍
• Unexpected letters or calls from lenders and debt collectors. Identity thieves have no intention of paying back loans in your name. If fraudulent accounts go to collections, you may start to receive calls or letters about them. ‍
• Emails alerting you to a data breach. If your data has been leaked in a data breach, you are vulnerable to identity theft. Use a free Dark Web scanner to see what accounts or information is most at risk. ‍
• Strange notices from the Internal Revenue Service (IRS) or other government agencies. If identity thieves use your PII to apply for benefits or file fax tax returns, you may be contacted by the impacted agency. ‍
• Fraud alerts from your bank or identity theft protection provider. Your bank and other services have tools to spot warning signs of fraud. If you get alerts or notifications, someone could be trying to use your identity.

How To Prevent Identity Theft: 10 Steps

1. Freeze your credit file
2. Use a secure password manager
3. Enable two-factor authentication (2FA)
4. Learn to recognize a phishing attack
5. Practice safe browsing habits
6. Regularly check your bank, card statements
7. Reduce your online footprint
8. Remove your details from data broker lists
9. Keep your devices and software up to date
10. Check if your data is on the Dark Web

To help prevent identity theft, you need to stop criminals from accessing your personal information, online accounts, and devices.

Here’s what you can do to secure yourself and your family from identity thieves:

1. Freeze your credit file with all three credit bureaus

A credit freeze blocks access to your credit reports, preemptively preventing fraudsters from opening new accounts in your name.

But there’s one caveat: You need to freeze your credit with all three major credit bureaus individually (Experian, Equifax, and TransUnion). If you only freeze your credit with one or two, scammers may still be able to open accounts in your name.

Here’s how to freeze your credit report with the major credit bureaus:

Have your name, birthdate, address history, and Social Security card ready. Then, contact each credit bureau individually – Equifax, Experian, and TransUnion – and request a credit freeze. Keep in mind that this can take up to 24 hours to take effect.

For added security, consider signing up for a credit lock program. This enables you to instantly lock your credit via one click of a button (with a monthly subscription).

Pro tip: Aura lets you lock and unlock your Experian credit report with a single click. Learn more about how Aura helps prevent identity theft →

2. Use a secure password manager

With access to your passwords, malicious actors can gain access to your accounts and wreak havoc on your personal life, financial accounts, credit score, and reputation.

Yet, almost two-thirds of Americans say they use the same password on multiple accounts — which means a single cyberattack could compromise all of your accounts at once [*].

Here’s what to do:

• Check to see which passwords or accounts have been compromised. Use a Dark Web scanner to see if your accounts were compromised in a recent data breach. Any compromised account needs to be updated.
• Update weak or compromised passwords. Strong passwords are at least 10 characters long and use a combination of upper and lowercase letters, symbols, and characters. Avoid easy to guess passwords, such as the name of your pet or your birthday or mother’s maiden name.
• Store your credentials in a secure password manager. A password manager helps store your passwords securely so that you don’t risk losing them or having them stolen by hackers. A manager will also sync your passwords across all of your browsers and mobile devices so that you can easily access them.

📚 Related: How Long Does It Take To Recover From Identity Theft? →

3. Enable two-factor authentication (2FA) on all accounts

Two- or multi-factor authentication (2FA and MFA) provides a second layer of defense for your online accounts against hackers.

With 2FA enabled, your accounts require a secondary security measure before you can log in — for example, a one-time-use code sent to your email, or biometric security such as your fingerprints.

Here’s what to do:

• Enable 2FA on all of your accounts that offer this feature. Start with the most important accounts, including financial institutions, social media, and email. You can use the 2FA directory to find out which accounts support it.
• While most people use SMS to receive their one-time 2FA codes, these can be intercepted by SIM swapping and other hacking methods. Instead, use an authenticator app like Authy or Google Authenticator.
• Keep your backup codes in safe places so that you can access your accounts if something goes wrong.

4. Learn the warning signs of a phishing attack

Phishing attacks happen when scammers impersonate someone you trust (usually a well-known company or government agency) so that they can steal your money, passwords, or identity.

Phishing attacks can occur over email, phone calls (known as “vishing”), SMS (known as “smishing”), social media, and fake websites.

Warning signs of a phishing attack include:

• Spelling and grammatical mistakes. Legitimate companies hire copywriters and editors to maintain professional standards. Mistakes can be a sign that a message is fraudulent.
• Unprofessional-looking email addresses. If the sender claims to be from a particular company, check their address against the address listed on the company’s website. Often, they use a generic public address (like Gmail or Yahoo!).
• Requests for personal information. Scammers often ask for your Social Security number (SSN), Medicare or health insurance information, driver’s license, credit card numbers, or login credentials. Never share personal information via telephone, email, text, or other channel unless you initiate contact and know for sure whom you’re speaking with.
• High-pressure tactics. Threatening language, social engineering, or attempts to create a sense of urgency are clear indicators that you’re dealing with a scammer.

📚 Related: What Happens If You Open a Phishing Email? →

5. Practice safe browsing habits, and use privacy tools like a VPN

A virtual private network (VPN) helps establish a secure, private “tunnel” between your device and the internet. This will obscure your identity, encrypt your location and web traffic, and prevent hackers from spying on your online activity.

Here are some tips to stay safe online:

• Use a VPN when browsing, shopping, banking, or going online in public. Aura includes a premium VPN with military-grade encryption. While using it, your IP address and traffic will be masked completely, preventing hackers from snooping.
• Only access websites starting with HTTPS. These websites display a padlock next to the URL in the address bar, letting you know they’re secure. Websites with only HTTP-level security are more prone to attacks and may be infected with malware.‍
• Don’t use public Wi-Fi. Public Wi-Fi is often targeted by hackers who create spoofed networks, or intercept traffic to steal people’s passwords and personal information. To prevent this, either avoid public Wi-Fi or always use a VPN if you are in a situation in which you must access public Wi-Fi.

📚 Related: Do I Need a VPN? 12 Reasons Why You Should Be Using One →

6. Regularly check your bank and credit card statements

Credit card fraud has become one of the most common cybersecurity threats today. In October 2022, a marketplace on the Dark Web offered to give away the credit card details of nearly 1.2 million people [*].

Unfortunately, it’s hard to find out whether your debit card or credit card details are for sale (or have been sold already). That’s why it’s important to monitor your bank account statements for fraudulent activity or unauthorized withdrawals.

Here’s what to do:

• Keep an eye on your credit card and bank statements. Check for any suspicious or unrecognized charges. If you notice anything, contact your bank or credit card company immediately and see what they can do to help you secure your accounts.
• Request a free credit report from AnnualCreditReport.com. You can request a free copy of your credit report once per year (or weekly until the end of 2023). This will show you all credit associated with your identity so that you can check whether accounts have been established in your name, or if there are inquiries on your behalf that you don’t recognize.
• Sign up for fraud alerts. A credit monitoring service like Aura actively monitors transactions on your credit cards, bank accounts, and credit report and warns you of suspicious activity in near real-time. Aura’s fraud alerts are up to 250x faster than competitors³.

7. Reduce the amount of information available about you online

While it might not seem like much, every time you add personal information to online profiles or post to social media, you’re giving criminals clues that they can use to target you with phishing scams or break into your online accounts.

By reducing your online footprint and practicing good cyber hygiene, you can minimize the chances that a scammer will target you.

Here’s how to reduce your digital footprint:

• Consider sharing less information about yourself. Don’t share personal information online (like your email address, mailing address, phone number, etc.). If you post to social media, make sure you’re not sharing something that could cause you harm.
• Adjust your privacy settings. Take a few moments to check your default privacy settings and limit what data apps and services are collecting about you. Start with your social media profiles — like Facebook, Twitter, LinkedIn, and Instagram.
• Delete old accounts, apps, and data. Many smartphone apps collect data while you’re using them, but some also collect data in the background. If you aren’t going to use an app or online account anymore, delete it. And in the future, try to use guest accounts as much as possible (or use a secondary email address).

📚 Related: How To Remove Your Personal Information From the Internet →

8. Remove your personal details from data broker lists

Even if you remove your personal information from online sources, companies may have already collected it and added it to their databases. These “data brokers” (sometimes called “people search sites”) sell your information to anyone, from telemarketers to scammers.

The bad news is that there are hundreds of data brokers in the United States alone, making it a complex task to remove your personal information.

Here’s how to remove your personal data from broker lists:

• Search the Privacy Rights database for the contact and data removal details for brokers like Whitepages, People Finder, and Spokeo. Since there are hundreds of data broker services in the United States alone, this is a lengthy and difficult process.
• Alternatively, Aura’s comprehensive digital security suite includes access to an automatic data broker removal service. Aura will scan these lists for your information and then send removal requests on your behalf.
• Google your own name and note if there are any websites hosting your data. If there are, start a request with Google to remove your personal information.

9. Keep your devices and software up to date

Software and device updates often include security patches that guard against the latest hacks, viruses, and malware. If malware successfully infects your system, it might harvest your data without you even knowing it.

Even with up-to-date devices, malware might still get in. In this case, powerful antivirus and firewall software are your last lines of defense.

Here’s what to do:

• Set up automatic updates. Ensure that all your devices and software are set to automatically check for updates. If this isn’t possible, schedule a time every two weeks to manually check and install any available patches.
• Install reputable antivirus software. Aura checks for viruses, ransomware, spyware, adware, trojans, and more. If discovered, it will isolate and remove infected files and protect you against further infection.
• Only install trustworthy apps and software. In 2020, 1,200 malicious apps were available in the App Store [*] and 100 million Android devices were infected by apps designed to steal your money [*]. Always check user reviews and only download apps from reputable sources.

Aura’s antivirus software works across your devices to keep you safe from hackers. Learn more about Aura’s proactive digital security tools →

10. Find out what personal information and passwords are on the Dark Web

The Dark Web is a hidden part of the internet that’s only accessible by using a special browser. Because of its anonymity, it has become a breeding ground for scammers, hackers, and other malicious entities to buy and sell personal information and malware.

And this data is surprisingly cheap. According to the Dark Web Price Index, full credit card details with an account balance of up to $5,000 are for sale for only $110 [*].

Here’s how to find out what’s been leaked on the Dark Web:

• Use Aura’s leaked password scanner to see what credentials have been compromised. Aura scans recent data breaches to alert you if your email and passwords were impacted.
• Sign up for a Dark Web monitoring service. Aura constantly scans the Dark Web for your more sensitive information, including your PII, driver’s license or passwords, and bank account numbers. If anything suspicious is detected, you’ll be alerted immediately so that you can update your compromised accounts before it’s too late.
• If your email or PII are for sale, there’s a chance they were acquired via malware. Run your antivirus software to check for and isolate any malicious software.

💡 Related: What To Do After a Data Breach →

What To Do If Your Identity Is Stolen

• Contact your insurance provider. If you have identity theft protection, your first call should be to your provider. For example, Aura’s White Glove Fraud Resolution team is available 24/7 to help walk you through the fraud or identity theft recovery process.
• Freeze your credit. If you haven’t already, contact each bureau and request that they freeze your credit to prevent scammers from taking out loans in your name.
• Check your credit report. Request a free credit report and look for fraudulent accounts or incorrect information. If you see anything suspicious, dispute it.
• File an official identity theft report. The FTC handles cases of identity theft. Head to IdentityTheft.gov to file an official report and get a personalized recovery plan. In some cases, you may also want to file a police report.
• Notify your bank and any impacted company. Ask to speak to the fraud department. Be prepared with proof of the fraud as well as your FTC and police report.
• Secure your online accounts and devices. Regain access if you’ve been locked out and then update your passwords. Make sure you enable 2FA whenever possible.
• Protect yourself from future fraud. Nearly 50% of all identity theft victims are repeat victims. Consider signing up for an identity theft protection service to help prevent identity theft in the future.

Do You Need an Identity Theft Protection Service?

While you can take many steps to protect your identity, it’s nearly impossible to monitor all of your personal data and protect against all forms of identity theft. That’s why millions of Americans are choosing to sign up for identity theft protections services.

An ID theft protection service can take the pressure off you by monitoring your personal information (across Dark Web forums, data brokers, public records, and more) — alerting you to suspicious activity, and helping you to stay safe with 24/7 support and identity theft insurance coverage.

For example, with Aura, you get:

• The highest-rated identity monitoring service. Aura’s top-rated identity theft protection monitors your personal information, credit cards, SSN, home title, bank accounts, and more. If anything suspicious is found, you’ll be alerted in near real-time so that you can shut down the scammers.
• Three-bureau credit monitoring (as well as bank and investment account monitoring). Aura monitors all of your financial accounts for suspicious activity. This includes all three major credit bureaus, as well as your credit card, banking, and investment accounts.
• AI-powered spam and scam protection. Aura’s Call Assistant uses artificial intelligence to block spam and help protect you against phone and text message scams.
• Anti-tracking software. Aura’s anti-tracking tools prevent websites from tracking your online activity. This means scammers can’t access your digital footprint and target you with phishing attacks or scams.
• Device protection and Safe Browsing Tools. All Aura plans include powerful antivirus software, a military-grade VPN, and anti-phishing protection (that warns you if you’re entering a potentially dangerous website) to prevent your personal information from being stolen.
• Identity theft insurance for your family. Every adult member on an Aura plan is covered by a $1,000,000 identity theft insurance policy for eligible losses.
• 24/7 access to U.S.-based Fraud Resolution Specialists. If you become a victim of identity theft, you’ll have access to a dedicated team of fraud resolution specialists to help walk you through the necessary steps toward recovery.

The Bottom Line: Don’t Let Identity Thieves Ruin Your Life

Identity thieves can do a lot of damage, quickly. With data breaches, scams, and cyberattacks all on the rise, the only way to prevent your identity from being stolen is to be proactive.

Do everything in your power to make it harder for criminals to access your sensitive information. And for added peace of mind, consider signing up for Aura’s all-in-one digital security solution to keep your data safe and prevent scammers from impersonating you.

Keep yourself and your family safe from identity theft. Try Aura free for 14 days.