Is It Possible To Prevent Identity Theft?
After Jessica Roy’s wallet was stolen and her debit card was used to charge $50 at a gas station, she thought the worst had passed. But then the letters started arriving. First, it was a few new credit cards and bank accounts in her name. Then, a $14,000 bad check written at Big Lots. Finally, a stolen Tesla.
Years later, even after the original thieves were caught, Jessica continued to face the consequences of having her identity stolen [*].
Identity theft has become the most pervasive — and one of the most damaging — crimes in America. According to the Federal Trade Commission (FTC) [*]:
Over 5.7 million Americans were affected by fraud or identity theft last year, with losses in the billions.
While no one can claim to completely prevent identity theft, there are steps that you can take to secure your identity and protect your finances, benefits, and reputation from scammers.
In this guide, we’ll explain the biggest identity theft risks of 2023, and show you how you can make yourself and your loved ones less vulnerable targets for scammers.
What Are the Greatest Identity Theft Risks in 2023?
Identity theft happens when someone uses another person’s personally identifiable information (PII) to commit fraud, steal money, or gain benefits by pretending to be that person.
Identity theft isn’t a single crime. Instead, it’s part of a wide spectrum of fraudulent crimes that includes financial fraud, account takeovers, criminal identity theft, and benefits fraud.
And it’s getting worse.
According to the Identity Theft Resource Center (ITRC), 50% of identity theft victims are repeat victims.
Worse yet, almost a third of all victims lose more than $10,000 — while nearly half of all identity theft cases go unresolved [*].
Identity theft risks are always evolving. Here are some of the greatest threats to your identity in 2023:
- Data breaches: Hackers regularly breach major companies and leak sensitive information to the Dark Web. At this point, cybersecurity experts say it’s almost guaranteed that your Social Security number (SSN) and other critical information is available on the Dark Web.
- Investment scams: Investment scams involve tricking people into investing in fraudulent platforms or schemes. In the recent “pig butchering scam,” victims are convinced to trade cryptocurrency for “massive returns.” But the platform is fake, and their money disappears.
- Fake websites that steal passwords and login credentials: Scammers are more interested in your account passwords and login credentials than information like your SSN. Fake websites (known as “pharming websites”) are set up to look like the real thing. But when you sign in, you send your account password straight to scammers.
- Fraudulent tax returns: Scammers file a tax return with the Internal Revenue Service (IRS) in your name, collecting your refund and often setting you up for an IRS audit.
- Online purchase scams: Scams in which fraudsters set up fake e-commerce websites or ads were the most common type in 2022 [*]. In these scams, criminals try to sell fake products, usually asking victims to pay by money order, gift card, or wire transfer.
How To Prevent Identity Theft: 10 Steps
- Freeze your credit file
- Use a secure password manager
- Enable two-factor authentication (2FA)
- Learn to recognize a phishing attack
- Practice safe browsing habits
- Regularly check your bank, card statements
- Reduce your online footprint
- Remove your details from data broker lists
- Keep your devices and software up to date
- Check if your data is on the Dark Web
To help prevent identity theft, you need to stop criminals from accessing your personal information, online accounts, and devices. Here’s what you can do to secure yourself and your family from identity thieves.
1. Freeze your credit file with all three credit bureaus
If scammers gain access to your personal data or financial information, they can open new accounts or lines of credit in your name. In 2021 alone, the FTC received over 360,000 complaints of identity thieves opening fraudulent credit card accounts [*].
A credit freeze blocks access to your credit reports, preemptively preventing fraudsters from opening new accounts in your name.
But there’s one caveat: You need to freeze your credit with all three major credit bureaus individually (Experian, Equifax, and TransUnion). If you only freeze your credit with one or two, scammers may still be able to open accounts in your name.
Here’s how to freeze your credit report with the major credit bureaus:
Have your name, birthdate, address history, and Social Security card ready. Then, contact each credit bureau individually – Equifax, Experian, and TransUnion – and request a credit freeze. Keep in mind that this can take up to 24 hours to take effect.
For added security, consider signing up for a credit lock program. This enables you to instantly lock your credit via one click of a button (with a monthly subscription).
2. Use a secure password manager
Your passwords are the first — and sometimes last — line of defense against hackers and scammers. With access to your passwords, malicious actors can gain access to your accounts and wreak havoc on your personal life, financial accounts, credit score, and reputation.
Yet, over half of Americans admit that they haven’t changed their passwords in over a year [*]. Even worse, almost two-thirds say they use the same password on multiple accounts — which means a single cyberattack could compromise all of your accounts at once.
A password manager helps store your passwords securely so that you don’t risk losing them or having them stolen by hackers. A manager also helps you remember all of your passwords rather than writing them down in unsafe places, like on slips of paper.
Here’s what to do:
- Research and choose a reputable password manager. For example, Aura’s top-rated identity theft protection service includes a secure password manager with every plan.
- Use the password manager to create and store new, unique, and strong passwords for all your accounts. Aura’s password manager can even warn you if your passwords are too weak or have been compromised in a recent data breach.
- Add the password manager to your web browser to save logins and sync your passwords across web, browser, and mobile devices. This gives you easy access to all of your passwords when you need them.
3. Enable two-factor authentication (2FA) on all accounts
Passwords alone aren’t enough to keep hackers out of your online accounts. With data breaches, malware, and cyberattacks on the rise, hackers are constantly finding new ways to steal or bypass your passphrases and access your accounts.
Two- or multi-factor authentication (2FA and MFA) provides a second layer of defense against hackers.
With 2FA enabled, your accounts require a secondary security measure before you can log in — for example, a one-time-use code sent to your email, or biometric security such as your fingerprints.
Here’s what to do:
- Enable 2FA on all of your accounts that offer this feature. Start with the most important accounts, including financial institutions, social media, and email. You can use the 2FA directory to find out which accounts support it.
- While most people use SMS to receive their one-time 2FA codes, these can be intercepted by SIM swapping and other hacking methods. Instead, use an authenticator app like Authy or Google Authenticator.
- Keep your backup codes in safe places so that you can access your accounts if something goes wrong.
4. Learn the warning signs of a phishing attack
Phishing attacks happen when scammers impersonate someone you trust (usually a well-known company or government agency) so that they can steal your money, passwords, or identity.
Unfortunately, phishing is becoming far more common — with a record million+ phishing attempts recorded in just the first three months of 2022. [*]
Knowing the signs of a phishing attack is the only reliable way to avoid becoming a victim.
Warning signs of a phishing attack include:
- Spelling and grammatical mistakes. Legitimate companies hire copywriters and editors to maintain professional standards. Mistakes can be a sign that a message is fraudulent.
- Unprofessional-looking email addresses. If the sender claims to be from a particular company, check their address against the address listed on the company’s website. Often, they use a generic public address (like Gmail or Yahoo!).
- Requests for personal information. Scammers often ask for your Social Security number, Medicare or health insurance information, driver’s license, credit card numbers, or login credentials. Never share personal information via telephone, email, text, or other channel unless you initiate contact and know for sure whom you’re speaking with.
- High-pressure tactics. Threatening language, social engineering, or attempts to create a sense of urgency are clear indicators that you’re dealing with a scammer.
📚 Related: What Happens If You Open a Phishing Email? →
5. Practice safe browsing habits, and use privacy tools like a VPN
Cybercriminals are constantly looking for ways to steal your information while you browse online. With safe browsing habits, you can avoid the dangers of unsecured networks, compromised websites, and online traps set by hackers.
A virtual private network (VPN) helps establish a secure, private “tunnel” between your device and the internet. This helps to obscure your identity, encrypt your location and web traffic, and prevent hackers from spying on your online activity.
Here are some tips to stay safe online:
- Use a VPN when browsing, shopping, banking, or going online in public. Aura includes a premium VPN with military-grade encryption. While using it, your IP address and traffic will be masked completely, preventing hackers from snooping.
- Only access websites starting with HTTPS. These websites display a padlock next to the URL in the address bar, letting you know they’re secure. Websites with only HTTP-level security are more prone to attacks and may be infected with malware.
- Don’t use public Wi-Fi. Public Wi-Fi is often targeted by hackers who create spoofed networks, or intercept traffic to steal people’s passwords and personal information. To prevent this, either avoid public Wi-Fi or always use a VPN if you are in a situation in which you must access public Wi-Fi.
6. Regularly check your bank and credit card statements
Credit card fraud has become one of the most common cybersecurity threats today. In October 2022, a marketplace on the Dark Web offered to give away the credit card details of nearly 1.2 million people [*].
Unfortunately, it’s hard to find out whether your credit card details are for sale (or have been sold already). That’s why it’s important to monitor your credit and bank account statements. If you spot fraudulent activity or unauthorized withdrawals, you can act quickly to minimize the damage.
Here’s what to do:
- Keep an eye on your credit card and bank statements. Check for any suspicious or unrecognized charges. If you notice anything, contact your bank or credit card company immediately and see what they can do to help you secure your accounts.
- Request a free credit report from AnnualCreditReport.com. You can request a free copy of your credit report once per year (or weekly until the end of 2023). This will show you all credit associated with your identity so that you can check whether accounts have been established in your name, or if there are inquiries on your behalf that you don’t recognize.
- Sign up for fraud alerts. A credit monitoring service like Aura actively monitors transactions on your credit cards, bank accounts, and credit report and warns you of suspicious activity in near real-time. Aura’s fraud alerts are up to 4x faster than competitors.
7. Reduce the amount of information available about you online
The amount of information about you online is known as your “digital footprint.” While it might not seem like much, every time you add personal information to online profiles or post to social media, you’re giving criminals clues that they can use to scam you or break into your online accounts.
Your shopping history, browsing habits, search history, social media comments, fitness data, newsletters, and even “private” messages can be used to fuel phishing scams or guess your passwords.
Here’s how to reduce your digital footprint:
- Consider sharing less information about yourself. Don’t share personal information online (like your email address, mailing address, phone number, etc.). If you post to social media, make sure you’re not sharing something that could cause you harm.
- Adjust your privacy settings. The default privacy settings on most services, apps, and websites are designed to capture as much information about you as possible. It’s a good idea to go through and limit what data is collected. Start with your social media profiles — like Facebook, Twitter, LinkedIn, and Instagram.
- Delete old accounts, apps, and data. Many smartphone apps collect data while you’re using them, but some also collect data in the background. If you aren’t going to use an app or online account anymore, delete it. And in the future, try to use guest accounts as much as possible (or use a secondary email address).
8. Remove your personal details from data broker lists
Even if you remove your personal information from online sources, companies may have already collected it and added it to their databases. These “data brokers” (sometimes called “people search sites”) sell your information to anyone, from telemarketers to scammers.
The bad news is that there are hundreds of data brokers in the United States alone, making it a complex task to remove your personal information.
Here’s how to remove your personal data from broker lists:
- Search data brokers like Whitepages, People Finder, and Spokeo for your information. If they have it, submit a request to remove it. Since there are hundreds of data broker services in the United States alone, this is a lengthy and difficult process.
- Alternatively, Aura’s comprehensive digital security suite includes access to an automatic data broker removal service. Aura will scan these lists for your information and then send removal requests on your behalf.
- Google your own name and note if there are any websites hosting your data. If there are, start a request with Google to remove your personal information.
9. Keep your devices and software up to date
Software and device updates often include security patches that guard against the latest hacks, viruses, and malware. Because of this, hackers often target vulnerabilities in out-of-date software and devices. If malware successfully infects your system, it might harvest your data without you even knowing it.
But even with up-to-date devices, malware might still get in. In this case, powerful antivirus and firewall software are your last lines of defense.
Here’s what to do:
- Set up automatic updates. Ensure that all your devices and software are set to automatically check for updates. If this isn’t possible, schedule a time every two weeks to manually check and install any available patches.
- Install reputable antivirus software. Aura checks for viruses, ransomware, spyware, adware, trojans, and more. If discovered, it will isolate and remove infected files and protect you against further infection.
- Only install trustworthy apps and software. In 2020, 1,200 malicious apps were available in the App Store [*] and 100 million Android devices were infected by apps designed to steal your money [*]. Always check user reviews and only download apps from reputable sources.
10. Find out what personal information and passwords are on the Dark Web
The Dark Web is a hidden part of the internet that’s only accessible by using a special browser. Because of its anonymity, it has become a breeding ground for scammers, hackers, and other malicious entities to buy and sell personal information and malware.
In 2021, sensitive data from 22 billion accounts were leaked onto the Dark Web, including passwords, SSNs, bank account numbers, and more [*].
And this data is surprisingly cheap. According to the Dark Web Price Index, full credit card details with an account balance of up to $5,000 are for sale for only $120.
Here’s how to find out what’s been leaked on the Dark Web:
- Use Aura’s leaked password scanner to find out if your PII or debit and credit information are available on the Dark Web. Double-check this information against Identity Guard’s scanner and HaveIBeenPwned.
- Sign up for a Dark Web monitoring service like Aura. Dark Web monitoring tools constantly scan the Dark Web for your personal information. If anything suspicious is detected, you’ll be alerted immediately so that you can update your compromised accounts before it’s too late.
- If your email or PII are for sale, there’s a chance they were acquired via malware. Run your antivirus software to check for and isolate any malicious software.
Do You Need an Identity Theft Protection Service?
While you can take many steps to protect your identity, it’s nearly impossible to monitor all of your personal data and protect against all forms of identity theft. That’s why millions of Americans are choosing to sign up for identity theft protections services.
An ID theft protection service can take the pressure off you by monitoring your personal information (across Dark Web forums, data brokers, public records, and more) — alerting you to suspicious activity, and helping you to stay safe with 24/7 support and identity theft insurance coverage.
For example, with Aura, you get:
- The highest-rated identity monitoring service. Aura’s top-rated identity theft protection monitors your personal information, credit cards, SSN, home title, bank accounts, and more. If anything suspicious is found, you’ll be alerted in near real-time so that you can shut down the scammers.
- Three-bureau credit monitoring (as well as bank and investment account monitoring). Aura monitors all of your financial accounts for suspicious activity. This includes all three major credit bureaus, as well as your credit card, banking, and investment accounts.
- Anti-tracking software. Aura’s anti-tracking tools prevent websites from tracking your online activity. This means scammers can’t access your digital footprint and target you with phishing attacks or scams.
- Device protection and Safe Browsing Tools. All Aura plans include powerful antivirus software, a military-grade VPN, and anti-phishing protection (that warns you if you’re entering a potentially dangerous website) to prevent your personal information from being stolen.
- Identity theft insurance for your family. Every adult member on an Aura plan is covered by a $1,000,000 identity theft insurance policy for eligible losses.
- 24/7 access to U.S.-based Fraud Resolution Specialists. If you become a victim of identity theft, you’ll have access to a dedicated team of fraud resolution specialists to help walk you through the necessary steps toward recovery.
The Bottom Line: Don’t Let Identity Thieves Ruin Your Life
Identity thieves can do a lot of damage, quickly. With data breaches, scams, and cyberattacks all on the rise, the only way to prevent your identity from being stolen is to be proactive.
Do everything in your power to make it harder for criminals to access your sensitive information. And for added peace of mind, consider signing up for Aura’s all-in-one digital security solution to keep your data safe and prevent scammers from impersonating you.