How To Protect Yourself From Identity Theft (2023 Update)

Share this:

Hari Ravichandran

CEO and Founder of Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Are Identity Thieves Targeting You?

    When Jennifer Yohe received a security alert from PayPal about a fraudulent purchase, she didn’t waste any time calling the number listed in the email. After downloading an app that the representative said would help catch the thief, Jennifer realized something wasn’t right [*].

    But by then, it was too late — scammers had hacked her phone, stolen her identity, and started emptying her bank account.

    Tragically, identity theft victims like Jennifer face terrible odds when it comes to fraud resolution and recovery. According to a recent study commissioned by FICO [*]:

    “40% of Americans either know, or believe their stolen identity was used to open a financial account. Based on the U.S. population, that could equate to 32.8 million people."

    While there’s no way to prevent identity theft 100%, there are ways to make yourself a less-desirable target for identity thieves and scammers. 

    In this guide, we’ll explain what you can do to protect yourself from identity theft, whether or not it’s worth it to pay for identity theft protection, and what to do if you’ve been a victim.

    How Does Identity Theft Happen? What Are the Warning Signs?

    Identity theft happens when someone gains access to and fraudulently uses your personally identifiable information (PII). This could include your name, address, Social Security number (SSN), account passwords, or financial information. 

    Once they have your PII, fraudsters can use it for numerous crimes — from applying for government benefits to taking out loans or even falsely filing taxes under your name.

    Unfortunately, many of the warning signs of identity theft are hard to detect. Scammers often hide their tracks by changing your contact information with lenders or government agencies. 

    If you notice any of these warning signs, you should assume your identity has been compromised: 

    • Unfamiliar charges on your credit card or bank account statement
    • Calls, emails, or letters from debt collectors or your credit card company about new accounts you didn’t open
    • Failed login attempts on your online accounts 
    • A sudden drop in your credit score or unfamiliar hard inquiries on your credit report
    • Notices from the Internal Revenue Service (IRS) about taxes you didn’t file
    • Alerts about data breaches, or notifications that your information is on the Dark Web
    • Signs that someone is using your SSN without your knowledge
    Take action: If you think your identity has been compromised, scammers could empty your bank account or take out loans in your name. Try Aura free for 14 days and get access to #1-rated identity theft protection, 24/7 Fraud Resolution Specialists, $1 million in identity theft insurance, and more.

    How To Protect Yourself From Identity Theft

    1. Freeze your credit with all three bureaus
    2. Review your credit card, bank statements
    3. Secure your online accounts
    4. Install antivirus software on all of your devices
    5. Learn to spot a phishing attack
    6. Check URLs or use Safe Browsing tools
    7. Don’t use public Wi-Fi (without a VPN)
    8. Reduce your online footprint
    9. Remove your data from “People Finder” websites
    10. Be cautious in public with sensitive information 
    11. Safeguard your mailbox
    12. Use biometric security on your devices
    13. Scan the Dark Web for your information
    14. Use email aliases for new accounts
    15. Use a digital wallet for purchases

    Identity theft protection is about putting all defense mechanisms in place before a criminal gets to you. The first step to building strong cyber hygiene habits is learning where a scammer might strike and which behaviors leave you vulnerable.

    1. Freeze your credit with all three bureaus

    Identity thieves are usually financially motivated. They take out loans or open new credit accounts in your name to steal as much money as possible. 

    A proactive credit freeze prevents anyone from opening a line of credit in your name. It’s a free service and well worth the peace of mind that it provides. Plus, you can lift (or “thaw”) the freeze anytime. 

    How to freeze your credit:

    To freeze your credit, you’ll need to contact each of the three major credit bureaus individually (Experian, TransUnion, and Equifax). Once you provide proof of identity, they’ll give you a PIN that you can use to freeze and thaw your account.

    Experian Security Freeze — P.O. Box 9554, Allen, TX 75013
    Equifax Information Services LLC — P.O. Box 105788, Atlanta, GA 30348-5788
    TransUnion LLC – P.O. Box 2000, Chester, PA 19016

    2. Review your credit card and bank statements as soon as possible

    According to the Identity Theft Resource Center’s (ITRC) 2022 report, over half of reported identity theft cases remain unresolved — a 37% increase compared to 2021 data [*]. The sooner you spot suspicious activity, the better chance you have of fully recovering. 

    If a criminal targets your financial accounts, you’ll see the evidence in your credit report and your credit card statements. Ignoring monthly financial statements can let suspicious activity go unnoticed.

    How to review your financial statements:

    • Check your credit report regularly. You’re entitled to three free credit reports per year — one from each of the three major credit bureaus. Official resources like make the process even easier.
    • Carefully inspect the charges on your bank statement each month. Make sure you recognize each one. 
    • Consider signing up for a credit monitoring service that continuously reviews your credit report and alerts you to suspicious activity. 
    Aura fraud alerts
    Aura monitors your credit across all three credit bureaus and alerts you to any signs of fraud. Try Aura free for 14 days

    3. Secure your online accounts with strong passwords and two-factor authentication (2FA)

    If criminals get access to even one of your online accounts, it could open the door to your entire digital life. That’s why strong passwords and two-factor authentication (2FA) are so important when it comes to protecting yourself from identity theft.

    Statistics on American's attitude towards password safety
    Google surveyed a sample of 3,419 adults (aged 18+) living in the U.S. to understand their beliefs and behaviors around passwords and online security. Source: Google

    How to secure your online accounts:

    • Download a password manager to safely store all of your passwords. Aura’s identity theft protection plan includes a password manager in its suite of security tools.
    • Create complex, unique passwords for each account. Many password manager platforms provide automatically-generated passwords that are more difficult for hackers to crack.
    • Go into the settings menu on each of your online accounts and set up two-factor authentication wherever possible.

    4. Install antivirus software on all of your devices

    Personal computers and mobile devices are attractive targets for criminals because they contain so much personal data. In some of today’s most devastating scams, hackers gain control of a victim’s computer or phone and install invasive malware, spyware, or ransomware designed to steal sensitive information.

    Invest in reliable antivirus software that will continually scan your device for potential security threats and block malware and viruses.

    5. Learn to spot the warning signs of a phishing attack or online scammer

    Social engineering scams like phishing are at an all-time high. Identity thieves use scam messages to trick you into giving them the information they want.

    To the untrained eye, a phishing scam is difficult to detect. And it’s by far the most prevalent type of scam on the internet [*].

    Scammers often disguise phishing emails as fraud alerts, delivery notifications, or other common emails. Source: Aura team

    The more you educate yourself about what phishing messages look like, the safer you’ll be. 

    How to spot the warning signs of an online scammer:

    • Be extremely cautious about unsolicited emails and urgent messages that contain links — even if they appear to come from government agencies, well-known businesses, or your financial institution. 
    • Research how to avoid phishing scams. Learn how they play out, and how to recognize red flags and scammer strategies.  

    💡 Related: How To Tell If an Email Is From a Scammer

    6. Check URLs or use Safe Browsing tools to warn you of fake websites

    Internet criminals create fake websites that are skillfully disguised as the official websites of companies like Amazon, Bank of America, USPS, PayPal, and the DMV. Scammers commonly lure targets with links in phishing emails or text messages.

    These copycat web pages look indistinguishable from the authentic ones. Many even feature a padlock symbol (signifying SSL encryption) next to the URL. This makes people feel comfortable entering their login credentials or account numbers. 

    How to use Safe Browsing tools:

    • Free resources like Google Transparency Report and URLVoid offer searchable databases that check URLs for harmful content and known scam websites. Before entering information on a web page, simply copy and paste the URL into the database’s search engine.
    • Aura’s digital security features include a website checker to alert you before a dangerous website is able to load.
    Aura Safe Browsing tools blocking phishing websites
    Aura can warn you if you’re entering a phishing or potentially dangerous website. Try Aura free for 14 days

    7. Don’t use public Wi-Fi (without a VPN)

    Everyone loves free Wi-Fi, but few realize that it's risky. Malicious hackers use public Wi-Fi networks to access private accounts and documents, discover personal data, and send phishing emails to any device that’s connected to the network. 

    You might connect to what looks like the official Wi-Fi hotspot of your hotel or local cafe. But in reality, it could be a hacker’s hotspot that they’re using as bait to access your data.

    How to protect your Wi-Fi connection in public:

    • Always use a Virtual Private Network (VPN) in public. VPN services encrypt the connection between your device and public Wi-Fi networks. This allows you to browse privately and securely. 

    8. Reduce the amount of information available about you online

    Social media websites are lucrative resources for fraudsters. Now more than ever, criminals are using online profiles as jumping-off points to commit ID theft. 

    According to astounding new data from the ITRC’s Consumer Impact Report [*]: 

    “Social media account takeover increased by 1,000% from 2021-2022.” 

    An identity thief can use details that you post about yourself to impersonate you online and take over your personal and financial accounts. 

    How to reduce the amount of information about you online:

    • Limit the amount of personal information that you share online, including on social media and online marketplace websites. Don’t include your phone number, birth date, live location, hometown, or home address. 
    • Never post sensitive photos of documents. This includes your driver’s license, passport, paycheck, Social Security card, or any other document that you wouldn’t give to a stranger.
    • For even more protection, follow our guide on how to remove your personal information from the internet.

    9. Remove your contact details from “People Finder” websites

    Data brokers use public records and social media websites to create detailed profiles about anyone who has an online presence. They offer full access to these profiles for a fee to marketers and scammers alike. 

    How to remove your data from People Finder websites:

    Manually removing your personal history, contact details, and demographic information from websites like Whitepages is a legitimate (albeit painstaking) option. Unfortunately, the results are temporary at best. 

    Some people opt to pay an annual fee for automatic removal of their data from select sites.

    • How to manually remove your personal information from data brokers: Use online resources like to locate People Finder sites and submit data removal requests.
    • How to automatically remove your personal information from data brokers: Aura can automatically scan data broker lists for your personal information and request its removal on your behalf. If the services add your information again, Aura will keep sending them takedown requests until it’s gone for good. 
    Aura data broker opt out feature
    Aura’s data broker opt-out feature can protect you from scammers and reduce the amount of spam you receive. Try Aura free for 14 days

    10. Be cautious in public with sensitive documents and information 

    Digital security is a huge part of identity theft prevention, but it’s not the whole picture. 

    Stealing wallets or using card skimmers to collect swiped credit and debit cards may be old strategies, but they’re alive and well. Even some good, old-fashioned “shoulder surfing” in the right location provides a great opportunity for criminals to strike.

    How to be cautious with non-digital forms of sensitive information:

    • Don’t bring sensitive documents with you to public places unless it’s absolutely necessary.
    • Avoid relaying personal information verbally in public whenever possible. If you’re communicating over the phone, go to a location where you won’t be overheard.

    11. Safeguard your mailbox, and be cautious when sending checks

    Identity thieves still benefit from raiding mailboxes.

    Recently, law enforcement officials have warned about a surge in mail theft. Criminals all over the United States are stealing mail to look for checks and then alter them, deposit them into their own accounts, and withdraw the cash before the doctored checks are flagged [*]. 

    USPS Informed Delivery service
    Collect your mail daily to give thieves less time to steal your documents. If you’re traveling, set up a temporary mail hold with the post office until you return.

    Whether mail thieves are looking for a quick buck or a way into your personal accounts, your mailbox can be their ticket to success.

    How to protect your sensitive documents at home:

    • Shred all sensitive documents before throwing them away. This includes health insurance forms, tax returns, student loan documents, and more. 
    • Check your mail regularly and secure your mailbox at home. Consider applying for a P.O. box at your local post office for added security.
    • Avoid USPS collection boxes. Instead, deposit sensitive mail directly by going to the post office.

    12. Use biometric security on your mobile devices

    Your smartphone and computers are already signed in to multiple personal accounts. If scammers steal your phone and crack your password, they could take over your personal and financial accounts immediately. 

    Biometric security features, such as fingerprints or facial recognition, can counteract these types of threats. Once activated, this technology makes it much harder for hackers to break in to your device.

    How to use biometric security on your devices:

    • Set up facial recognition or fingerprint ID (known as “Touch ID” on Apple devices). If possible, combine biometric fingerprint or facial recognition tools with a strong passcode or password.
    • Find out whether your laptop or desktop computer accommodates biometric security measures.

    13. Scan the Dark Web for your personal information (especially after data breaches)

    Large-scale data breaches remain a serious concern in 2023. Security Magazine reports that over 4,100 data breaches occurred in 2022 alone [*]. 

    If your sensitive information gets compromised in a data breach, there’s a good chance it will end up in the possession of criminals buying and selling stolen data on the Dark Web

    Discovering that your data is leaked on the Dark Web is unsettling because you can’t remove it. But you should increase digital security precautions once you know that your information has been exposed.

    How to scan the Dark Web for your personal information:

    Aura free Dark Web scanner

    14. Use email aliases when signing up for new accounts

    Scammers can use your email address to target you with phishing attacks — or use leaked passwords to break into your online accounts. 

    An email alias is a “throwaway” account that you can use when signing up for new services. Any message that’s sent to your alias will still end up in your inbox — but scammers won’t know your real email address in the case of a data breach.

    Here’s how to use email aliases:

    • Use a “+” in your Gmail address. Gmail users can create email aliases by adding a “+” and other information to their email address. For example: will still send emails to, but can protect your main inbox. 
    • Use Aura’s email alias feature. Aura offers automatic and random email aliases whenever you sign up for a new service online. Aura manages all of your aliases for you and gives you full control over which ones are forwarded to your main inbox.

    Aura email aliases
    Keep your inbox safe from scammers using Aura's email aliases.

    15. Use a digital wallet for purchases

    Safeguarding your credit card numbers is an essential part of identity theft protection. But any time you use, enter, or store your credit card information, it puts your data at risk. Digital wallets use technology called “tokenization” to pay for goods and services without providing your actual credit card numbers to companies. 

    This means that in the case of a data breach, scammers won’t have access to your credit card numbers. 

    Here’s how to use a digital wallet:

    • Add your credit cards to a digital wallet on your smartphone — for example, Apple Pay, Google Pay, or Samsung Pay. 
    • When you pay for services in person or online, use your digital wallet instead of your actual card. This ensures that your card information is protected from scammers.
    • Digital wallets also protect your card information with the same security measures provided by your phone — such as biometric security. 

    Is Identity Theft Protection Worth It?

    Following the steps in this guide can help make you less of a target for identity thieves. However, even the most stringent precautions can’t guarantee that you won’t have your identity stolen. Plus, if you do become a victim of identity theft, you’ll be left to deal with the consequences on your own. 

    That’s why millions of Americans are choosing to sign up for an identity theft protection service. 

    Tools like the ones included in every Aura plan do the work for you. Aura monitors all of your sensitive information and financial accounts for signs of fraud and proactively protects you and your family against online threats. 

    Here’s what you get with Aura: 

    • Award-winning identity theft protection. Aura continuously monitors your personal information for signs of fraud. If someone tries to use your SSN, name, or other PII to open accounts or conduct other fraudulent activity, you’ll receive an alert in near real-time. 
    • Three-bureau credit monitoring with instant credit lock. A 2022 mystery shopper consumer study by ath Power Consulting found that Aura discovered more instances of potential fraud (such as when new credit accounts are opened in your name) and sent fraud alerts up to 250x faster than competing services.
    • Digital security tools (password manager, antivirus, VPN, and more). Aura proactively protects your devices and data from hackers with a full suite of digital security tools. 
    • Family protection for your kids and elderly family members. If you have children or elderly family members, Aura’s family plans can keep them safe from online threats.  
    • 24/7 access to U.S.-based Fraud Resolution Specialists. When you need help, a dedicated Aura teammate is only a phone call, email, or chat message away.  
    • Up to $5,000,000 in identity theft insurance coverage. If the worst should happen, every adult member on an Aura plan is covered for up to $1 million in eligible losses due to identity theft (up to $5 million total for family plans). 

    Ultimately, deciding whether identity protection is worth it is a matter of risk assessment. Are you willing to tackle the threats on your own, or would you benefit more from automated monitoring and expert assistance?

    Try Aura for yourself — for free. Sign up for a free 14-day trial of Aura and see if it’s right for you. No strings attached.

    What To Do If You’re the Victim of Identity Theft

    If any of your personal information gets compromised, these emergency steps can help you regain control of the situation sooner rather than later. 

    • Contact the three major credit reporting agencies (Experian, TransUnion, and Equifax). Request a security freeze so that lenders won’t issue credit in your name.
    • Request a free copy of your credit report and review your credit files carefully for signs of identity fraud. 
    • Report the incident to the Federal Trade Commission (FTC). File an official report online at An FTC report acts as your official proof of innocence and will be required in order to dispute fraudulent charges and close accounts.
    • File a police report at your local law enforcement agency. If you know the identity thief or have information that could lead to an arrest, you should bring this information to your local law enforcement. A police report may also be necessary to prove the incident and claim the benefits to which you’re entitled.
    • Contact your bank and credit card issuer and notify them of the fraud. Dispute any fraudulent charges that appear on your financial statements.
    • Consider signing up for identity theft protection. New data from the ITRC reveals that 50% of identity theft victims endure repeat attacks. This means that if you’re targeted once, you’re at risk of another incident [*]. For added protection, consider an identity theft protection service like Aura. 

    💡 Related: What To Do If Your Identity Is Stolen (2023 Update)

    The Bottom Line: Keep Your Identity Safe and Secure

    A fraudster can compromise your identity at any time. And recent surges in online scam attacks highlight the need for a serious approach to personal cybersecurity. 

    Looking for an all-in-one solution to shield you and your family from invisible threats? Aura’s top-rated identity protection services can help you achieve your personal security goals for 2023.

    Secure your digital life against scammers. Try Aura free for 14 days.

    Related Articles

    how to know if your identity has been stolen
    Identity Theft

    Here's How To Know If Your Identity Has Been Stolen

    Nearly 50% of Americans have experienced identity theft. Here's how to find out if someone has stolen your identity.

    Read More
    December 12, 2022
    Is identity theft protection worth it - illustration
    Identity Theft

    Is Identity Theft Protection Really Worth It In 2023?

    Is it identity theft protection worth the money? If you’re on the fence about it, here’s everything you should know before making a decision.

    Read More
    January 16, 2023

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers