How To Prevent Identity Theft Online and In Real Life

Is It Possible To Prevent Identity Theft?

Identity theft happens when someone uses another person’s PII or financial information to commit fraud, steal money, or gain benefits by pretending to be that person.

Identity theft isn’t a single crime. Instead, it’s part of a wide spectrum of fraudulent crimes that includes financial fraud, account takeovers, criminal identity theft, and benefits fraud. Unfortunately, it’s become easier than ever for identity thieves to steal your identity.

According to the Federal Trade Commission (FTC), over 5.4 million Americans were affected by fraud or identity theft, with losses in the billions [*].

While no service, app, or tool can completely prevent identity theft, there are steps you can take to secure your identity and protect yourself from fraud, scams, and hacking.

{{show-toc}}

What Can Someone Do With Your PII?

Scammers can easily buy stolen sensitive information leaked from a data breach, trick you with phishing emails and text messages, fake websites, and other online scams, or hack your devices with malware.

If scammers steal your identity, they can:

• Open new credit cards and accounts or take out loans in your name
• Gain access to your online bank account and empty your savings
• Take control of your online accounts and impersonate you
• Apply for government benefits such as unemployment insurance in your name
• Use up your healthcare benefits through medical identity theft
• Hack your devices and blackmail you over sensitive documents, photos, or videos
• Ruin your credit score by not paying back fraudulent loans
• File fraudulent tax returns in your name and steal the refund
• Create a fake ID using your name, address, and personal details
• Post embarrassing comments or photos on your social media accounts  

According to the Identity Theft Resource Center (ITRC), almost 26% of all identity theft victims claimed losses of more than $100,000 — especially to romance and social media scams [*].

📚 Related: How To Protect Your Identity Online in 2024 →

How To Prevent Identity Theft: 10 Steps

1. Freeze your credit file
2. Use a secure password manager
3. Enable two-factor authentication (2FA)
4. Learn to recognize a phishing attack
5. Practice safe browsing habits
6. Regularly check your bank, card statements
7. Reduce your online footprint
8. Remove your details from data broker lists
9. Keep your devices and software up to date
10. Check if your data is on the Dark Web

To help prevent identity theft, you need to stop criminals from accessing your personal information, online accounts, and devices.

Here’s what you can do to secure yourself and your family from identity thieves:

1. Freeze your credit file

A credit freeze blocks access to your credit reports, preemptively preventing fraudsters from opening new accounts in your name.

But there’s one caveat: You need to freeze your credit with all three major credit bureaus individually (Experian, Equifax, and TransUnion). If you only freeze your credit with one or two, scammers may still be able to open accounts in your name.

Here’s how to freeze your credit report with the major credit bureaus:

• Have your name, birthdate, address history, and Social Security card ready. Then, contact each credit bureau individually – Equifax, Experian, and TransUnion – and request a credit freeze. Keep in mind that this can take up to 24 hours to take effect.
• For added security, consider signing up for a credit lock program. This enables you to instantly lock your credit via one click of a button (with a monthly subscription).

Zoom out: Aura lets you lock and unlock your Experian credit report with a single click. Learn more about how Aura helps prevent identity theft →

2. Use a secure password manager

With access to your passwords, malicious actors can gain access to your accounts and wreak havoc on your personal life, financial accounts, credit score, and reputation.

Yet, almost 59% of Americans say they use the same password on multiple accounts — which means a single cyberattack could compromise all of your accounts at once [*].

Here’s what to do:

• Check to see which passwords or accounts have been compromised. Use a Dark Web scanner to see if your accounts were compromised in a recent data breach. Any compromised account needs to be updated.
• Update weak or compromised passwords. Strong passwords are at least 10 characters long and use a combination of upper and lowercase letters, symbols, and characters. Avoid easy to guess passwords, such as the name of your pet or your birthday or mother’s maiden name.
• Store your credentials in a secure password manager. A password manager helps store your passwords securely so that you don’t risk losing them or having them stolen by hackers. A manager will also sync your passwords across all of your browsers and mobile devices so that you can easily access them.

📚  Related: Are Your Passwords Compromised? How To Find Out →

3. Enable two-factor authentication (2FA)

Two- or multi-factor authentication (2FA and MFA) provides a second layer of defense for your online accounts against hackers.

With 2FA enabled, your accounts require a secondary security measure before you can log in — for example, a one-time-use code sent to your email, or biometric security such as your fingerprints.

Here’s what to do:

• Enable 2FA on all of your accounts that offer this feature. Start with the most important accounts, including financial institutions, social media, and email. You can use the 2FA directory to find out which accounts support it.
• While most people use SMS to receive their one-time 2FA codes, these can be intercepted by SIM swapping and other hacking methods. Instead, use an authenticator app like Authy or Google Authenticator.
• Keep your backup codes in safe places so that you can access your accounts if something goes wrong.

4. Learn to recognize a phishing attack

Phishing attacks happen when scammers impersonate someone you trust (usually a well-known company or government agency) so that they can steal your money, passwords, or identity.

Phishing attacks can occur over email, phone calls (known as “vishing”), SMS (known as “smishing”), social media, and fake websites.

Warning signs of a phishing attack include:

• Spelling and grammatical mistakes. Legitimate companies hire copywriters and editors to maintain professional standards. Mistakes can be a sign that a message is fraudulent.
• Unprofessional-looking email addresses. If the sender claims to be from a particular company, check their address against the address listed on the company’s website. Often, they use a generic public address (like Gmail or Yahoo!).
• Requests for personal information. Scammers often ask for your Social Security number (SSN), Medicare or health insurance information, driver’s license, credit card numbers, or login credentials. Never share personal information via telephone, email, text, or other channel unless you initiate contact and know for sure whom you’re speaking with.
• High-pressure tactics. Threatening language, social engineering, or attempts to create a sense of urgency are clear indicators that you’re dealing with a scammer.

📚 Related: What Happens If You Open a Phishing Email? →‍

5. Practice safe browsing habits

A virtual private network (VPN) helps establish a secure, private “tunnel” between your device and the internet. This will obscure your identity, encrypt your location and web traffic, and prevent hackers from spying on your online activity.

Here are some tips to stay safe online:

• Use a VPN when browsing, shopping, banking, or going online in public. Aura includes a premium VPN with military-grade encryption. While using it, your IP address and traffic will be masked completely, preventing hackers from snooping.
• Only access websites starting with HTTPS. These websites display a padlock next to the URL in the address bar, letting you know they’re secure. Websites with only HTTP-level security are more prone to attacks and may be infected with malware.‍
• Don’t use public Wi-Fi. Public Wi-Fi is often targeted by hackers who create spoofed networks, or intercept traffic to steal people’s passwords and personal information. To prevent this, either avoid public Wi-Fi or always use a VPN if you are in a situation in which you must access public Wi-Fi.

📚 Related: Do I Need a VPN? 12 Reasons Why You Should Be Using One →

6. Regularly check your bank, card statements

Credit card fraud has become one of the most common cybersecurity threats today. Sony-owned Insomniac Games suffered a ransomware attack by Rhysida, as confirmed by the threat actor on December 12, 2023 [*].

Of the 1.3 million files leaked were bank account details and credit card account numbers.

Unfortunately, it’s hard to find out whether your debit card or credit card details are for sale (or have been sold already). That’s why it’s important to monitor your bank account statements for fraudulent activity or unauthorized withdrawals.

Here’s what to do:

• Keep an eye on your credit card and bank statements. Check for any suspicious or unrecognized charges. If you notice anything, contact your bank or credit card company immediately and see what they can do to help you secure your accounts.
• Request a free credit report from AnnualCreditReport.com. You can request a free copy of your credit report once per year (or weekly until the end of 2023). This will show you all credit associated with your identity so that you can check whether accounts have been established in your name, or if there are inquiries on your behalf that you don’t recognize.
• Sign up for fraud alerts. A credit monitoring service like Aura actively monitors transactions on your credit cards, bank accounts, and credit report and warns you of suspicious activity in near real-time. Aura’s fraud alerts are up to 250x faster than competitors³.

📚 Related: What Can Scammers Do With Your Bank Account Number? →

7. Reduce your online footprint

While it might not seem like much, every time you add personal information to online profiles or post to social media, you’re giving criminals clues that they can use to target you with phishing scams or break into your online accounts.

By reducing your online footprint and practicing good cyber hygiene, you can minimize the chances that a scammer will target you.

Here’s how to reduce your digital footprint:

• Consider sharing less information about yourself. Don’t share personal information online (like your email address, mailing address, phone number, etc.). If you post to social media, make sure you’re not sharing something that could cause you harm.
• Adjust your privacy settings. Take a few moments to check your default privacy settings and limit what data apps and services are collecting about you. Start with your social media profiles — like Facebook, Twitter, LinkedIn, and Instagram.
• Delete old accounts, apps, and data. Many smartphone apps collect data while you’re using them, but some also collect data in the background. If you aren’t going to use an app or online account anymore, delete it. In the future, try to use guest accounts as much as possible (or use a secondary email address).

📚 Related: How To Remove Your Personal Information From the Internet →

8. Remove your details from data broker lists

Even if you remove your personal information from online sources, companies may have already collected it and added it to their databases. These “data brokers” (sometimes called “people search sites”) sell your information to anyone, from telemarketers to scammers.

The bad news is that there are hundreds of data brokers in the United States alone, making it a complex task to remove your personal information.

Here’s how to remove your personal data from broker lists:

• Search the Privacy Rights database for the contact and data removal details for brokers like Whitepages, People Finder, and Spokeo. Since there are hundreds of data broker services in the United States alone, this is a lengthy and difficult process.
• Alternatively, Aura’s comprehensive digital security suite includes access to an automatic data broker removal service. Aura will scan these lists for your information and then send removal requests on your behalf.
• Google your own name and note if there are any websites hosting your data. If there are, start a request with Google to remove your personal information.

💡 Related: How Do Hackers Get Passwords (And How To Protect Yours) →

9. Keep your devices and software up to date

Software and device updates often include security patches that guard against the latest hacks, viruses, and malware. If malware successfully infects your system, it might harvest your data without you even knowing it.

Even with up-to-date devices, malware might still get in. In this case, powerful antivirus and firewall software are your last lines of defense.

Here’s what to do:

• Set up automatic updates. Ensure that all your devices and software are set to automatically check for updates. If this isn’t possible, schedule a time every two weeks to manually check and install any available patches.
• Install reputable antivirus software. Aura checks for viruses, ransomware, spyware, adware, trojans, and more. If discovered, it will isolate and remove infected files and protect you against further infection.
• Only install trustworthy apps and software. Despite efforts by app stores to remove counterfeit apps, the process has its flaws. Developers were found to bypass Apple's App Store review by submitting run-of-the-mill content for approval, then switching to fraudulent content after the app was published [*].

Aura’s antivirus software works across your devices to keep you safe from hackers. Learn more about Aura’s proactive digital security tools →

10. Check if your data is on the Dark Web

The Dark Web is a hidden part of the internet that’s only accessible by using a special browser. Because of its anonymity, it has become a breeding ground for scammers, hackers, and other malicious entities to buy and sell personal information and malware.

And this data is surprisingly cheap. According to the Dark Web Price Index, full credit card details with an account balance of up to $5,000 are for sale for only $110 [*].

Here’s how to find out what’s been leaked on the Dark Web:

• Use Aura’s leaked password scanner to see what credentials have been compromised. Aura scans recent data breaches to alert you if your email and passwords were impacted.
• Sign up for a Dark Web monitoring service. Aura constantly scans the Dark Web for your more sensitive information, including your PII, driver’s license or passwords, and bank account numbers. If anything suspicious is detected, you’ll be alerted immediately so that you can update your compromised accounts before it’s too late.
• If your email or PII are for sale, there’s a chance they were acquired via malware. Run your antivirus software to check for and isolate any malicious software.

📚 Related: What To Do After a Data Breach →

Do You Need an Identity Theft Protection Service?

While you can take many steps to protect your identity, it’s nearly impossible to monitor all of your personal data and protect against all forms of identity theft. That’s why millions of Americans are choosing to sign up for identity theft protection.

An ID theft protection service can take the pressure off you by monitoring your personal information (across Dark Web forums, data brokers, public records, and more) — sending you notifications about any suspicious activity.

For example, with Aura, you get:

• The highest-rated identity monitoring service. Aura’s identity theft protection monitors your personal information, credit cards, SSN, home title, bank accounts, and more.
• Three-bureau credit monitoring (as well as bank and investment account monitoring). Aura monitors all of your financial accounts, too. This includes all three major credit bureaus, as well as your credit card, banking, and investment accounts.
• AI-powered spam and scam protection. Aura’s Call Assistant uses artificial intelligence to block spam and help protect you against phone and text message scams.
• Anti-tracking software. Aura’s anti-tracking tools prevent websites from tracking your online activity. This means scammers can’t access your digital footprint and target you with phishing attacks or scams.
• Device protection and Safe Browsing Tools. All Aura plans include powerful antivirus software, a military-grade VPN, and anti-phishing protection (that warns you if you’re entering a potentially dangerous website) to prevent your personal information from being stolen.
• Identity theft insurance for your family. Every adult member on an Aura plan is covered by a $1,000,000 identity theft insurance policy for eligible losses.
• 24/7 access to U.S.-based Fraud Resolution Specialists. If you become a victim of identity theft, you’ll have access to a dedicated team of fraud resolution specialists to help walk you through the necessary steps toward recovery.

Keep yourself and your family safe from identity theft. Try Aura free for 14 days.