What’s the Easiest Way To Protect Your Identity Online?
The internet runs on personal data — with websites, apps, and services all storing sensitive personal information that scammers try to exploit. Hackers can scrape publicly available information, hack your personal accounts, or target massive companies in order to get the data they need to steal your identity.
According to the Identity Theft Resource Center [*]:
2023 is on track to be the worst year ever for data breaches — with an estimated 156 million people having their personal data leaked.
Staying safe online involves more than just updating your privacy settings. In this guide, we’ll explain how hackers steal your personal information, what you can do to protect your identity online, and steps to take if you think you’re the victim of online identity theft.
What Are the Biggest Risks Associated With Your Digital Identity?
Digital identity theft occurs when a hacker steals your sensitive personal information, breaks into your online accounts, or impersonates you online. If hackers gain access to your accounts or personally identifiable information (PII), they can do all sorts of damage to your reputation, finances, and worse.
While it may seem like cybercriminals need high levels of technical skill to hack you online, the truth is that you’re more likely to fall victim to a simple phishing email or infected USB drive.
Here are six of the biggest online risks and vulnerabilities related to your identity:
- Data breaches impacting companies and services that you use. Online services store everything from your contact details to your Social Security number (SSN) and even photos of your driver’s license and other IDs. When someone hacks online services, your personal data can be leaked and used to steal your identity.
- Hacked data and passwords posted on the Dark Web. When cybercriminals gain unauthorized access to a company's database, they may sell or publish this information on the Dark Web — where illicit marketplaces allow criminals to trade stolen data, including passwords, credit card numbers, and phone numbers.
- Sensitive information, photos, and videos stolen from hacked accounts. If someone takes over your social media accounts, they can access your photos and videos. In the wrong hands, this online privacy violation could lead to reputational damage.
- Personal information available on your social media profiles. Fraudsters create synthetic identities by aggregating personal data from multiple real people. You could become a victim of synthetic identity theft if someone takes your birthdate, location, and workplace details from public profiles.
- Contact details scraped and stored by data brokers. Data brokers collect and sell publicly available information, including contact details, addresses, phone numbers, and information on consumer purchasing behavior. While brokers help advertising companies, criminals can buy these data sets and target people with scams.
- E-skimming attacks. Hackers insert malicious code into e-commerce sites to steal payment information from customers. Also known as digital card skimming, this scam is a risk to all online shoppers.
The bottom line: Unless you don't use the internet, your personal information is at risk. Between data breaches, account hacking, and social media, your digital footprint gives scammers everything they need to steal your identity. Try Aura for free to monitor and protect your most sensitive data.
11 Ways To Protect Your Identity Online
- Use strong and unique passwords for each account
- Enable two-factor authentication (2FA) — ideally with an authenticator app
- Learn to spot the warning signs of phishing scams
- Set up fraud and identity monitoring alerts
- Use Safe Browsing tools to warn you of fake websites and dangerous links
- Scrub your personal information from data broker lists
- Update your social media privacy settings, and limit what you share
- Limit what Google shows about you in search results
- Check the permissions of third-party apps and services
- Avoid using public Wi-Fi networks
- Delete old or unused accounts and apps
Protecting your digital identity is more complicated than ever in 2023. Here are 11 steps you can take to boost your cybersecurity and fight back against online identity thieves:
1. Use strong and unique passwords for each account
If criminals gain access to your online accounts — such as your social media, banking, and email accounts — they could steal and sell your sensitive personal and financial information.
During the first quarter of 2023, over six million data records were exposed through data breaches [*]. Securing your accounts with strong passwords is one of the primary ways to prevent scammers from targeting you.
How to protect your identity online with better passwords:
- Use longer passwords (or passphrases). Creating complex, unique login credentials for every account — combining uppercase and lowercase letters, numbers, and symbols — makes it harder for hackers to guess your passwords.
- Store your credentials in a secure password manager. It's hard to remember passwords, especially when you have dozens of online accounts. Creating and storing complex login credentials is easier when you use Aura’s secure password manager.
- Know which accounts are most at risk. Aura’s free Dark Web scanner searches data breaches, Dark Web sites, and hacker forums to see if your passwords were leaked. Use this as a starting point to identify compromised accounts that you need to update.
2. Enable two-factor authentication (2FA) — ideally with an authenticator app
Instead of only relying on a username and password, 2FA requires another step before the user can log in. This second authentication factor reduces the risk of account takeovers.
How to protect your identity online with 2FA:
- Add your cell phone number to your online account. This basic level of 2FA works by sending you a text message with a one-time password (OTP). You can set up SMS-based 2FA on most online accounts, including your social media and e-commerce platforms.
- Consider biometric authentication. The safest methods of 2FA verify a user’s identity by checking unique biological characteristics. If you add a fingerprint scan, facial recognition, or voice speech pattern to your account, it will be much harder for someone to gain access. However, this method is not impenetrable in the age of artificial intelligence (AI) voice cloning scams.
- Download an authenticator app. Apps like Authy or Google Authenticator are trusted 2FA methods because they generate a unique verification code that changes about every 30 seconds. Unless the thief also has your smartphone, bypassing a system linked to an authenticator app is almost impossible.
3. Learn to spot the warning signs of phishing scams
Phishing is a common social engineering attack in which scammers pose as trusted sources — like the IRS or a bank — and send fake emails or text messages to trick their victims into disclosing sensitive information. Phishing is one of the most common tactics used by identity thieves, with millions of fake messages, calls, and texts sent every day.
How to protect your identity online against phishing threats:
- Check the sender's email address. One of the telltale signs of phishing is unsolicited contact from unknown senders. Typically, the sender's email comes from a strange domain or is a copycat of a well-known organization. For example, you might get a bogus email from firstname.lastname@example.org instead of Amazon.com.
- Carefully study the content for typos and unusual language. Many scammers are from non-native English-speaking countries. If you look closely, you may spot spelling mistakes or odd grammar. Also, beware of any urgency created by the sender to try and pressure you into taking action.
- Hover over links with your cursor or mouse. You should always avoid clicking on links or opening attachments when you receive emails or messages from unknown senders. If you hover over a link in an email, you can check the URL to gauge if it looks like a trusted website.
4. Set up fraud and identity monitoring alerts
A fraud alert is a free service from credit bureaus and financial lenders that helps protect consumers from potential theft. If you place alerts on your file, creditors must contact you to confirm your identity before they issue any lines of credit in your name. You’ll also get a notification in near real-time if anyone tries to tamper with your accounts.
How to protect your identity online with fraud alerts:
- Ask your bank to set up a fraud alert for suspicious activity, such as for large purchases, ATM withdrawals, and changes to your contact details.
- Contact one of the three credit bureaus to place a fraud alert. Each bureau — Experian, TransUnion, and Equifax — is duty-bound to contact the other two agencies on your behalf, ensuring that you have fraud alerts in place on all of your major credit files.
- Use identity monitoring services. You can get more peace of mind and protection against financial fraud by signing up for the best identity theft protection services. Aura has the fastest fraud alerts in the industry — 250x times faster than competitors3.
💡 Related: Fraud Alert vs. Credit Freeze: Which One Is Better? →
5. Use Safe Browsing tools to warn you of fake websites and dangerous links
According to Privacy Journal, when scammers target prospective victims with fake websites, 84% of people engage, and 47% lose money [*]. As con artists create more convincing sites and online scams, you must be on guard. Safe Browsing tools can help you avoid falling victim.
How to protect your identity online with Safe Browsing tools:
- Use a virtual private network (VPN). The best way to browse privately is with a VPN because it hides your IP address. This protection is crucial if you are entering sensitive information, such as payment details — especially on public Wi-Fi.
- Install antivirus software. An updated antivirus program protects your devices against malware, spyware, and ransomware threats.
- Use an ad and website blocker. This security feature automatically stops you from entering phishing sites or opening malicious links that could potentially steal your personal and financial information.
6. Scrub your personal information from data broker lists
In 2022, the Federal Trade Commission (FTC) sued Kochava Inc. for selling geolocation data from “hundreds of millions of mobile devices.” The exposed information enabled the tracing of people’s visits to sensitive locations, including reproductive health clinics, places of worship, and domestic violence shelters [*].
If you leave your information in the hands of unscrupulous data brokers, you could be vulnerable to hacking, identity fraud, and reputational damage.
How to protect your identity against leaks from data brokers:
- Manually contact data brokers. You can request that brokers remove your information from their systems. It’s tedious and time-consuming but can help reduce your digital footprint.
- Pay for an automated content removal service. To save time, you can try removal services like DeleteMe. This tool scrubs your data from leading brokers and public directories, including BeenVerified, Spokeo, and White. While effective, these stand-alone services are expensive.
- Consider an all-in-one identity theft solution. Aura saves you time by scanning known data broker databases and lodging automatic requests on your behalf to remove your information from data broker sites.
💡 Related: How To Remove Yourself From Data Broker Sites →
7. Update your social media privacy settings, and limit what you share
Most people don’t realize how much personal information scammers can find on public social media profiles. Even worse, keeping your profiles public means that you could be targeted by romance scams and other common social media scams.
How to protect your identity on social media:
- Review your privacy settings. Here’s a guide on how to update your privacy settings on the most common social networks. It’s best to tighten all of your settings to only include a trusted circle of family and friends.
- Avoid risky connections. Don’t accept a friend request from anybody you don’t know and trust in person. It’s also best to avoid private chats with strangers.
- Be mindful of what you share. You put yourself at risk when you share sensitive information like your address, phone number, or financial details. Keep personal information private online to stop opportunists from targeting you with scams.
8. Limit what Google shows about you in search results
If you can find your PII in Google search results, you can be sure a hacker or identity thief can find it, too. When you take ownership of your personal information online, you can combat fraudsters before it’s too late.
How to ask Google to remove your personal information:
- Log in to your Google account. Navigate to the Help Center > Start removal request.
- Select the reason for the request. When you lodge a removal request with Google, you should provide your contact details, the URL for the offending website, and screenshots of any images.
- Wait for a response. After you submit your report, Google will review it and update you via email.
9. Check the permissions of third-party apps and services
Many third-party apps store your information long after you stop using them. The problem is that this information could be leaked at any point. You can mitigate this risk by reducing app permissions.
How to protect your identity online by removing app permissions:
- Review all app connections (i.e. “Sign in with…”). The best way to approach this is by checking connections through the major platforms: Google, Facebook, Apple, Microsoft, and Slack.
- Remove permissions for old apps and risky connections. If you no longer use the services, removing the integrations is best. Otherwise, you are offering hackers a backdoor to your sensitive accounts.
- Create a separate email account for social media profiles and third-party apps. Aura lets you create and manage “throwaway” email aliases that give you access to services while protecting your main inbox from cyber threats.
10. Avoid using public Wi-Fi networks
56% of people connect to public Wi-Fi networks that don't require a password [*]. While it's convenient to work in a hotel or browse online while sitting in a cafe, hackers can exploit these unsecured networks to intercept your banking information and personal data.
How to protect your identity on public Wi-Fi networks:
- Turn on your VPN. A robust VPN that hides your online activities is crucial in 2023. Aura has military-grade encryption to safeguard your data and devices.
- Store all your passwords in a password manager, and use it to autofill your login data. With a password manager, there's less chance of someone stealing your login details via spyware or shoulder surfing.
- Avoid filling in sensitive information while connected to public networks. If you must use public Wi-Fi, be mindful of what you do. It's best to avoid entering any data that could expose you to fraud, like your credit card details, SSN, or home address.
11. Delete old or unused accounts and apps
Your digital footprint grows over the years with every account and app that you add. But if you don’t practice good cyber hygiene, you could leave a trail of personal information that is visible to scammers.
How to reduce your digital footprint:
- Search for old sites, apps, and tools. You can start with a Google search to find old social media accounts, Tumblr blogs, and websites.
- Delete or limit access to these profiles. Ideally, you should delete the profile if you don’t use it, but limiting access is the next best thing. Facebook lets you automatically set an audience for all past posts, so only trusted connections can see the content.
- Disable or decline cookies. You can significantly reduce your footprint by rejecting cookies on websites. Some web browsers, such as Brave and Safari, even block tracking by default.
Has Your Personal Data Been Leaked Online? Do This!
If you know your accounts or data are under threat, you shouldn’t sit idly by — acting quickly can prevent scammers from taking advantage of you.
Here are nine steps to take if you think your identity is at risk:
Place a credit freeze with all three bureaus
A credit freeze is a temporary block on your credit file, which stops identity thieves from taking out new credit cards or loans in your name. To place a freeze, contact each of the three credit bureaus individually – Experian, Equifax, and TransUnion — by using the details below:
Call all impacted financial institutions immediately
The moment you spot the warning signs of identity theft, call your bank or credit card issuer. Ask them to cancel your cards and place a fraud alert on your account to combat any attempted purchases made with your stolen cards.
Secure your online accounts
After a data breach, you should create new passwords for all of your online accounts. By updating your login credentials for all accounts that may share the compromised password, you can reduce the risk of hackers exploiting multiple accounts with a credential-stuffing attack. Also, secure your accounts with 2FA by using an authenticator app if you haven’t already done so.
Review your financial records for signs of fraud
Effective cyber hygiene starts with a proactive approach to monitoring your accounts. When you regularly inspect your credit reports, bank account statements, and credit card statements, you have a better chance of staying ahead of scammers.
As you examine your accounts, query any unauthorized transactions with your financial institution. You can visit AnnualCreditReport.com to order a free credit report from each of the three bureaus.
Contact your insurance provider (if you have one)
Dealing with identity theft or fraud on your own can be an arduous and expensive task. If you have identity theft insurance, contact your provider. Alternatively, check your home insurance policy and inquire with your employer to see if you have additional coverage.
File an official report with the Federal Trade Commission (FTC)
The FTC investigates fraud in the United States and provides support in order to help victims recover from the impact of the crime. You can file an identity theft report online and get an official affidavit that helps you prove that you are a victim of fraud.
Notify local law enforcement
You can file a police report by bringing all supporting evidence — including your FTC affidavit — to the fraud department at your local police station. While some may prefer to skip this step in cases of digital identity theft, making this report can help authorities apprehend suspects and protect others from falling victim.
Scan your devices for malware
If hackers have your information, they could still be monitoring your devices. Scanning all potentially compromised devices with a reliable antivirus program to detect and isolate threats is critical. Remove any old or unfamiliar programs to ensure that threat actors don't have backdoors to your data.
Contact the fraud department at any impacted companies
When you spot and report suspicious transactions on your statements, don’t stop with the bank — call the vendors. You should explain that you are the victim of fraud and show your FTC report. This step will help you reverse fraudulent charges as well as ensure that the companies don’t pursue you for debt that isn’t yours.
💡 Related: How To Protect Yourself From Identity Theft →
The Bottom Line: Your Personal Information Can Put You at Risk
The more of your personal information that’s available online, the easier it is for cybercriminals to steal your identity. By securing your accounts and removing as much information as possible, you can keep yourself safe from scammers.
Unfortunately, becoming a digital ghost is almost impossible — but you should do what you can to shield yourself from online threats that could damage your identity and finances.
For the highest level of security, consider the #1-rated identity theft protection platform, Aura.
With Aura, you and your entire family can get peace of mind with:
- 24/7 three-bureau credit monitoring with rapid fraud alerts that are up to 250x faster than those of other digital security providers.
- Dark Web monitoring that scans the internet and alerts you if your personal data, like your account numbers or SSN, is available on hacker forums and marketplaces.
- A Virtual Private Network (VPN) that hides your browsing activity and data when you’re using public Wi–Fi in airports, hotels, and co-working spaces.
- Antivirus software to protect your devices against e-skimming and malware, spyware, and ransomware threats.
- $1,000,000 insurance policy for every adult on your Aura plan to cover eligible losses due to identity theft, such as stolen money, credit cards, and home title deeds.
- Dedicated U.S.-based White Glove Fraud Resolution Specialists that provide 24/7 support to help you recover funds and navigate issues with banks, creditors, and government agencies.