Identity Theft Is Out of Control. Don't Be a Victim.
Identity theft is now the fastest growing crime in America. According to the Federal Trade Commission (FTC), 1.5 million Americans had their identity stolen last year alone [*].
Unfortunately, 2022 isn’t looking any better.
The first few months of the year have set new records for cases of fraud, identity theft, and data breaches. Hacks at companies like Microsoft, Cash App, and Okta have compromised the personal data of millions of people [*].
Even the CEO of the Identity Theft Resource Center (ITRC) says “there is no reason to believe the level of data compromises will suddenly decline in 2022.”
Identity thieves are getting more sophisticated with their attacks. But the good news is that there are still some simple measures you can take to protect yourself from identity theft.
What Is Identity Theft?
Identity theft is when bad actors use your personally identifiable information (PII) for personal gain.
For example, an identity thief could buy your Social Security number off the Dark Web for as little as $5 and then take out fraudulent loans in your name.
PII includes things such as your:
- Full name
- Date of birth
- Home address
- Social Security number (SSN)
- Financial information
- Driver’s license number and ID
- Account logins and passwords
With even just a few pieces of your personal data, criminals can commit up to 15 different types of ID theft. But the most common are credit card fraud, loan fraud, and tax or government benefits fraud.
Before we go any further, here’s what you need to know about these awful forms of identity theft:
- Credit card fraud occurs when criminals steal your credit card numbers and rack up debt or even open new cards in your name. Even if they don’t have your physical card, scammers can use your stolen credentials to make fraudulent purchases online. Unfortunately, there's also been a rise in familial fraud where a family member opens a credit card in your name.
- Loan or lease fraud occurs when someone uses your identity to take out auto, business, personal, student, or real estate loans. Scammers have no intention of paying off the fraudulent loans and may even file for bankruptcy in your name.
- Tax and government benefits fraud occurs when a criminal files for taxes or benefits in your name. For example, they might use your SSN to file a falsified tax return and receive a large refund from the IRS. Or, they could use it to apply for government benefits and pocket the money.
The easiest defence against these and other types of identity theft is to become a harder target.
While it’s impossible to guarantee protection against identity theft, there are ways to protect your PII and make your data harder to steal.
Here’s How To Protect Your Identity in 2022
- Learn the most common ways criminals steal your identity
- Watch out for the warning signs of a phishing attack
- Safeguard your ID and wallet
- Avoid public Wi-Fi (unless you have a VPN)
- Secure your online accounts and use two-factor authentication (2FA)
- Monitor your credit report and consider a credit freeze
- Scan the Dark Web to see if your passwords have been leaked
- Reduce your online footprint
- Use antivirus to protect your devices from malware
- Safeguard your mail from scammers
- Keep your whole family safe with identity theft protection
Pro tip: It’s unrealistic for anyone to constantly monitor their online and financial accounts for signs of identity fraud and theft. For the best protection with little-to-no effort on your part, try Aura’s all-in-one digital safety tool.
1. Learn the most common ways criminals steal your identity
To steal your identity, criminals need access to your PII. Unfortunately, there’s a good chance some of it has already been leaked in a recent data breach. But that’s not the only way you can become the victim of identity theft.
To protect yourself, learn where you’re most vulnerable to an identity thief’s attacks. These include:
- Phishing attacks. Also known as an imposter scam, this is when scammers send spam emails and texts or call you on the phone pretending to be from someone you trust. For example, they could claim to be from the IRS and ask you to “confirm” your identity by sending them your SSN. Or, they might try to get you to click on a link that will infect your device with malware.
- Physical theft. Identity thieves can find everything they need to steal your identity on your driver’s license, ID, or even in the mail.
- Shoulder surfing. This “attack” occurs when you use your devices in public. A scammer with lurking eyes watches you enter your online banking password. Or if they're more sophisticated, they could use a man-in-the-middle attack to intercept your Wi-Fi connection and spy on you.
- Social engineering attacks. Similar to phishing, social engineering attacks are any time a criminal uses psychology to pressure you into doing what they want (like giving up your PII). Identity thieves research your life and use your personal information against you.
Simply put, you could be at risk any time you receive an unsolicited message or call, lose a piece of mail, use your devices in public, or browse online.
2. Watch out for the warning signs of a phishing attack
Phishing attacks are the main way scammers trick you into giving up your personal information. These messages and phone calls can look and sound convincing. But any information you provide or links you click can put your identity in danger.
Scammers will often try to “spoof” their contact information to make it look like they’re coming from an official number or email. But if you look closely, you’ll see that they’re different from what's listed on the supposed sender's site.
Phishing messages usually don’t address you by name, may include typos, and often use threats, urgency, or promises to spur action.
They'll also often include links, attachments, or QR codes with convincing reasons why you should click on or scan them.
If you have any suspicions, don’t respond or click on links or attachments in these messages. Instead, contact the company directly using the information listed on their website.
Here are some other red flags of a phishing attack to be aware of:
- A government agency calling for personal information or money. U.S. government employees must follow strict regulations during phone calls. Any threats or demands for money are scams.
- An email or text asking for a multi-factor authentication (MFA) code. Companies send these verification codes via email or text to confirm your identity. Anyone asking for them is a scammer.
- Requests for payment only in gift cards, money orders, or cryptocurrency. Only fraudsters will request gift cards or other untraceable payments. Legitimate businesses will always offer traditional payment options.
Read more: How To Tell If Someone Is Trying To Scam You Online →
3. Safeguard your ID, wallet, or purse
Identity thieves don’t only rely on sophisticated hacking. Criminals can steal your identity with just the ID you carry in your wallet or purse. That’s why the less personal information you carry with you, the better.
A good recommendation is only to carry your driver’s license and one or two necessary credit or debit cards. Leave your passport, Social Security card, birth certificate, and extra credit or debit cards at home.
Even then, it’s important to keep your physical ID safe from scammers.
Try to always keep a list of what’s inside your wallet or purse as well. This way, if your wallet is stolen, you’ll know what accounts to close and how you might be at risk.
For even more security, keep important documents in a locked safe at home in case of burglary. And if you’re going to pay with a credit card, choose a chip or contactless reader, as these are more secure than swiping.
4. Avoid public Wi-Fi (unless you have a VPN)
While free wireless internet at an airport or your local coffee shop is convenient. But it also presents the perfect opportunity for fraudsters to steal your information.
Public Wi-Fi networks are notoriously easy to hack. If an identity thief intercepts your connection, they can steal your usernames and passwords.
If you need to use public Wi-Fi, there are two options for keeping your personal data private.
- Use a cellular hotspot. Tether your phone to your laptop to ensure that hackers can’t scam you over vulnerable Wi-Fi networks.
- Use a virtual private network (VPN). A better option is to use a VPN. This tool encrypts your data and makes it useless for hackers (all they’ll see is a string of numbers and letters). For example, Aura’s VPN uses military-grade encryption to protect all your devices.
5. Secure your online accounts and use two-factor authentication (2FA)
Strong passwords are often your first (and only) defence against identity thieves. But a shocking 22% of U.S. adults use their own names for passwords on online accounts [*].
Instead, secure your online accounts by using:
- Strong passwords that are at least 8 characters long. Use a combination of upper and lowercase letters, numbers, and symbols.
- A secure password manager that keeps track of your login information. Aura's password manager will also alert you when an account has been compromised.
- Two-factor or multi-factor authentication (2FA or MFA). These add an extra layer of protection to your accounts by requiring a special code along with your password. But skip using SMS for your authentication as it can be hacked or bypassed if someone steals your phone. Instead, use an authenticator app like Google or Authy.
- Fingerprint or biometric security on your devices. If you’re signed into accounts on your mobile device or laptop (like your email), hackers can steal your identity by stealing your phone. Biometric security is much harder to hack (although there have been cases of fingerprint identity theft). For the best protection on your devices, combine biometrics with a strong passcode.
Finally, keep an eye out for messages about your passwords — especially failed login attempts or password changes. And if you can connect your phone with a remote security feature like Apple’s Find My app or Android’s Find My Device, set it up now.
6. Monitor your credit report and consider a credit freeze
The warning signs of financial fraud from identity theft start small. Scammers regularly “test” accounts and credit card numbers with small charges. But the end results can be disastrous if you don’t catch these early on.
Identity theft can cost you thousands of dollars and hours of your life as you try to repair your credit.
Paying close attention to bank and credit card statements is a good way to spot financial fraud early. Look for unusual charges on your account statements, like those from unfamiliar vendors.
If you believe you’re a victim of identity theft, contact the company, card issuer, or financial institution and explain the situation. They should be able to cancel the charges, close compromised accounts, and get you new account numbers.
By law, you’re also allowed a free copy of your credit report every year from each of three major credit bureaus: TransUnion, Experian, or Equifax.
You can get your free credit report at AnnualCreditReport.com. Look for suspicious activity, such as new credit and accounts you don't recognize or incorrect information (like your birth date).
There are also two tools you can use on your credit report to protect yourself from identity theft:
- A fraud alert requires lenders to verify your identity before issuing credit. An initial freeze with the three credit reporting agencies lasts for one year and you can extend it for an additional seven years.
- A credit freeze (or security freeze) completely prevents your credit files and reports from being shared. You should only request a freeze if you have strong suspicions that you’ve been the victim of identity theft.
(And note that a credit score is not the same as a report. Only a credit report contains a detailed list of your credit accounts and history.)
Pro tip: Sign up for a credit monitoring service that will automatically find and alert you of suspicious or fraudulent activity and help you prevent credit card fraud.
7. Scan the Dark Web to see if your passwords have been leaked
Unfortunately, you can’t protect the personal information you share with a third party. Once a government agency, shopping site, or social network has your data, it’s their responsibility to keep it safe.
But they aren’t always able to keep that promise.
For example, a hacker gained direct access to over 53 million T-Mobile customer records in August 2021. The asking price on the dark web for a subset of that personal information was roughly $270,000.
There were more data breaches reported in the U.S. in 2021 than in any other reported year [*]. And yet, only 3% of consumers froze their credit on being notified of a breach.
So, what can you do to protect your identity from data breaches?
First, don’t ignore notifications about breaches. If you get an email that your information was leaked, research it to ensure it’s a real breach. (A false breach notification may be a phishing email.)
For any affected accounts, change the password immediately — even if you were already using a secure password. And if you haven’t set up multi-factor authentication, it’s a good idea to add it now.
Even if you think your accounts are safe, old or forgotten passwords, log-ins, and PII could be at risk. Use Aura’s Identity Guard Dark Web scanner to see which of your personal data hackers and criminals have access to.
8. Reduce your online footprint
Everything you do online — from your Google searches to social media posts to shopping history — makes up your online footprint. Identity thieves use this information to design phishing emails, guess your passwords, and scam your friends.
While you can’t erase your online footprint, it’s a good idea to limit the information that scammers have access to. Here are a few tips
- Don’t overshare on social media. Think twice before you post. Many of us accidentally reveal sensitive information, location data, and even PII in social media posts.
- Adjust your privacy settings. Limit who can see your accounts to close friends and family. This way, you can be a bit more free with what you post.
- Delete old and unused accounts. Identity thieves use old accounts to run scams or steal passwords. If you stop using an online service, disable your account and ask them to delete your data.
- Create a Google Alert for your name. This will inform you anytime your name appears on a website. While it adds to your online footprint, it reveals auto-generated content that you should take down.
9. Use antivirus to protect your devices from malware
Malware is malicious software that hackers use to spy on you, steal your sensitive information, or even encrypt your devices until you pay a ransom.
One especially insidious type of cyber attack is called a keylogger. Once installed, these record everything you type — including passwords, logins, and emails — and send them remotely to a hacker.
Many phishing messages include links or attachments that secretly download malware.
With how much personal information is on your devices, it's essential you keep them safe from hackers. Don't click on any strange attachments or links in messages, no matter how enticing they are.
Antivirus software can keep your devices secure and warn you of potential phishing attacks.
But what if you accidentally opened a spam email or clicked on a dangerous link?
First, look for the obvious signs of a virus. This includes performance delays, unfamiliar browser plugins, and persistent pop ups.
If you see signs of malware, immediately disconnect from the internet. It's much harder for hackers to steal your information without an internet connection.
Then, secure your device before you get professional help. For example, on a Mac, you should:
- Steer clear of logging into any account.
- Delete any temporary files from your Cache folder.
- Check Activity Monitor for any malicious apps running in the background.
- Run a malware scanner separate from the antivirus software already on your device.
- Clear your browser cache after removing dubious extensions.
- Finally, consult Apple Support to wipe or reinstall your OS.
10. Safeguard your mail from scammers
As unsophisticated as dumpster diving or mail theft sound, they’re still lucrative sources of sensitive information for identity thieves.
If you don’t already own a shredder, invest in one and shred anything with personal data before throwing it away. That includes:
- Bank statements.
- Letters or offers from your credit card company.
- Health insurance claim.
- Personal or student loan statements.
- Anything with your phone number or other contact information.
Collect your mail daily to give thieves less time to steal your documents. If you’re traveling, set up a temporary mail hold with the post office until you return.
Check for unfamiliar mail, like debt collection notices from lenders you don’t recognize or notifications of new accounts you didn’t set up. All these red flags point to identity theft in the works.
Finally, pay attention if your mail stops arriving. A thief may have used a change-of-address scam to redirect your address to their own.
11. Keep your whole family safe with identity theft protection
Protecting your identity can feel like a full-time job. But you don’t have to do it on your own.
Aura’s identity protection and credit monitoring services proactively protect your accounts from thieves and criminals.
With Aura, you get:
- Credit monitoring with fraud alerts. We’ll monitor your bank and credit accounts in near-real time and alert you of fraud and suspicious activity.
- Identity theft and online account protection. Aura monitors your online accounts, SSN, and other sensitive information that identity thieves try to steal.
- Device and network security. Aura's VPN and antivirus software protects your devices from hackers, malware, and phishing sites.
- Protection for your whole family. Aura’s family plans include coverage for up to 5 adults and children.
- A 24/7 White Glove Fraud Resolution team. If your identity is stolen or you’re the victim of fraud, our team will walk you through the next steps.
- A $1,000,000 insurance policy. You’re covered for eligible losses due to identity theft.
Are You the Victim of Identity Theft? Here’s What To Do
There’s nothing worse than realizing someone stole your identity. But as soon as you see the warning signs, you need to act quickly.
File an official identity theft report with the Federal Trade Commission (FTC) at IdentityTheft.gov. They’ll provide you with a comprehensive recovery plan and the documentation needed to file a police report with local law enforcement.
Then, protect your credit and financial accounts by following the fraud victim’s checklist.
You should also get in touch with any organizations you think may have also been affected by the theft — e-commerce companies or banks.
Finally, reset any exposed passwords and delete inactive, vulnerable online accounts.
Remember, identity theft protection services make it easier to be proactive about digital security. Rather than reacting to data breaches or, even worse, identity theft, you know that someone else is watching your back.