What Can Someone Do With Your Personal Information Online?
Carly Andreatos was days away from closing on her first home when she lost her life savings [*]. The 25-year-old had received an email from her attorney’s paralegal with instructions on how to wire her down payment, and Carly quickly complied.
But the attorney’s office had never sent the email. Instead, it was a sophisticated phishing scam. And within minutes, Carly’s down payment and her homeownership dream had been stolen from her.
How did scammers know she was buying a home — and the name of the legal team she was working with?
The truth is that the internet is full of information about you. Scammers can scrape together a scarily accurate picture of who you are just from social media posts, photos, and publicly available information collected and sold by data brokers.
This data fuels their scams, allowing them to pose as people or organizations that you trust in order to get you to send money, passwords, and more personal information. According to the Federal Trade Commission (FTC), Americans lost $2.3 billion to imposter scams in 2021 alone [*].
Whether you want to reduce your chances of getting scammed or simply protect your privacy, it pays to secure your digital life. In this guide, we’ll explain what data scammers can gather about you online — and how to remove your personal information from the internet.
What Personal Information Can People Find About You Online?
When it comes to online privacy and sharing information, most people automatically think of social media. And while platforms like Facebook, LinkedIn, and Twitter can expose your personal information, they’re not the only platforms that help scammers or bad actors learn about you.
Nearly every site, app, or tool you use collects data about you (that can be leaked in a data breach). There have been almost 500 publicly reported data breaches this year alone, affecting millions of victims [*].
Additionally, ad-tracking software creates personas based on your online presence, lifestyle, and shopping habits. Data brokers — sometimes called “people search sites” — collect publicly available information about you to sell to marketers or even scammers.
Scam artists know how to exploit these data sources to find sensitive information, including your:
- Personally identifiable information (PII). This includes your full name, address, date of birth, and Social Security number (SSN). PII can also include health information and photos of you and your family.
- Location data. Pictures, check-ins, and reviews can tell a comprehensive story about where you’ve been and what your interests are.
- Shopping preferences. Your interactions with advertisements and e-commerce stores like Amazon are often tracked and recorded. This data can tell a great deal about your lifestyle and how much money you spend online.
- Lifestyle and political affiliations. Subscriptions to content creators and publications can say much about your values. Participation in political groups or discussions can also provide key information that could make you a potential target for doxxing.
- Legal and financial records. Many legal and financial records are public. If you run a small business or other organization, some of its public data will also reflect upon you.
- Search history. Search engines like Google use search history data to power their advertising algorithms. There’s no limit to how much your search history might say about you.
- Professional information. This includes membership in professional associations or participation in industry conferences. It may even include your employment status and work history.
- Religious beliefs. Most religious organizations actively publicize their activities. Participating in religious activities says a lot about your values and belief system, and may also indicate a deep connection to associated cultures and places.
In many cases, people freely share this kind of information about themselves — and there’s nothing illegal about a stranger obtaining this data. However, with enough of your information, scammers can steal your identity and gain access to private data and accounts, such as your bank accounts, credit card numbers, or government ID.
How To Remove Your Personal Information From the Internet
Removing your personal information from the internet is an ongoing battle. The more you go looking for your data online, the more you’ll find. Follow these steps to slowly reduce your online footprint and lower your risk of being scammed online.
1. Remove your personal information from Google search results
A simple Google search of your name can reveal more about you than you’d think — even a copy of your handwritten signature. If you find your PII in Google search results, you can request that the search engine remove them.
This won’t remove the information from the websites on which the information is posted. But it will prevent it from showing up in search results for your name.
Here’s what to do:
- Google your own name and take note of any website that is hosting your personal details. This includes your government-issued ID, bank account numbers, login credentials, and contact information.
- Start a request to remove your personal information from Google. You’ll be asked for details about the removal, including if you’ve already contacted the website owner to have it removed.
- After you submit a request, Google will review your request and either reach out for more information or send you an email explaining if the request was approved or denied.
2. Reach out to websites and request the removal of your information
Removing your personal information from Google won’t strip it from the internet. To stop anyone from finding your personal information or images, you need to request that it’s removed from the site that’s hosting it. Otherwise, the information will still be accessible via other search engines, shared on social media, etc.
Here’s what to do:
- Go through the list of sites that are hosting your personal information and look for the contact information for the site’s webmaster. This is usually found on a “contact us” page linked from the homepage.
- If you can’t find the site owner’s contact information, use a Whois search to uncover their contact details. Enter the site’s URL and look for their contact information under “Admin email” or “Registrant email.”
- Reach out with your request to remove your personal information, and document the process (such as with screenshots of the information, along with your email).
💡 Related: Deep Web vs. Dark Web — What You Need To Know →
3. Remove identifying imagery from Google Maps
Google Maps contains street-view data for almost every location in the United States. Those street-view images may include personally identifiable data about your home, your vehicle’s license plates, and much more.
Here’s what to do:
- Search for your home address to find the image you’d like to remove on Google Maps and click on “Report a Problem.” This could include your home, vehicle, or other property that you don’t want people to find online.
- Fill in the request by selecting which part of the image you’d like to be blurred as well as a description (such as your vehicle’s make and color). Explain that your request is for personal safety and privacy concerns.
- After you submit the request, Google will investigate and reach out if it needs more information.
Note: This process may take longer if Google does not own the Google Maps photo in question. You can still report user-submitted photos, but you’ll have to wait for Google to ask the photo’s owner to blur it. If the owner doesn’t comply, Google may take the photo down on its own.
4. Delete your search history and turn off location services
Google uses your search history to provide a more “personalized” experience. But this information — including voice and audio recordings — can potentially be shared with other services unless you turn off Web & App Activity tracking.
Here’s what to do:
- Log in to your Google account and go to the MyActivity page. Select “Saving Activity” and turn it off.
- Use the More Activity page to turn off your “Location History” and “YouTube History.”
5. Check if your passwords have been leaked
Your passwords and login credentials are among the most sensitive information that someone could find out about you online. Unfortunately, billions of passwords are stolen each year and leaked online (or on the Dark Web) during data breaches.
In the past year alone, Uber, Samsung, DoorDash, Twitter, Verizon, and more were hit with data breaches [*].
Here’s what to do:
- Use Aura’s free leaked password scanner to search for passwords associated with your email that have been exposed in data breaches. Aura scans the Dark Web (and known sites and forums used by scammers) for your personal information.
- Double-check for sites hosting your passwords by using other scanners, such as Identity Guard’s Dark Web scanner and HaveIBeenPwned.com (to search your phone number).
- Update any account that has been compromised, and adopt strong digital security practices — such as using unique passwords, storing them in a secure password manager, and enabling two-factor authentication (2FA) via an authenticator app.
6. Archive or delete old content and hide social media posts
If you’ve been on the internet for years, there’s a good chance your digital footprint includes old blog posts, personal websites, and other content that you’ve forgotten about (such as an old Tumblr page, email account, or social media profile you don’t use).
Not only can this content expose your personal information, but it provides prime targets for hackers who can take over your old accounts and use them to scam your friends and family.
Here’s what to do:
- Search for old sites, apps, and tools you used to use. These may come up in a Google search of your name or old online handles that you previously used.
- Decide whether you want to delete, archive, or limit access to these sites and content. For example, Facebook lets you automatically set an audience for all past posts — meaning you can limit them to just family or certain people.
- Delete any old sites, profiles, or email accounts that you no longer use. Once you delete the content, it may still appear in search results. You can request that Google remove outdated content using this tool.
Pro tip: If you want to completely remove your information from the internet, you need to delete social media profiles and online accounts that you don’t use. This is the only way to ensure that they can’t be found online or accessed by hackers.
7. Opt out of public data broker sites and services
Data brokers like Whitepages, Spokeo, or People Finder search the internet for your private information and create personas that they sell to marketers (or anyone else).
Unfortunately, there are hundreds of data broker services in the United States alone — and trying to remove your data from all of them can be an extremely lengthy and complicated process.
Here’s what to do:
- Use Privacy Right’s data broker list to identify all data brokers in your state or those that offer an opt-out process.
- Go to each broker’s website and search for your information. If you find anything, follow their opt-out process to request the removal of your information.
- Continue to monitor these sites for your personal information. Just because you requested a removal, this doesn’t mean they won’t add you to their lists in the future.
Alternatively, Aura’s digital security suite includes an automatic data broker removal service. Aura scans data broker lists for your personal information and sends removal requests on your behalf to ensure that your information isn’t being shared with marketers and scammers.
8. Delete accounts and apps you rarely use (such as e-commerce sites)
Most online stores ask you to set up an account that includes your contact and payment information. While this can make it more convenient when you check out, it also puts your private information at risk of being leaked or shared with third-parties with which you don’t want it to be shared.
Here’s what to do:
- Unfortunately, there’s no automated way to log in to every online account you have and delete your data. Instead, you’ll have to do this manually, taking care to choose the accounts that you wish to keep open.
- Audit the apps on your phone. For those that you don’t use, log in and look for a way to delete your account (don’t just delete the app, as this doesn’t remove your account information).
- As much as possible, use guest accounts to check out when making purchases from online shops. This can make the checkout process slightly longer, but it offers better data protection.
9. Create a secondary email address for new services
Your email inbox is one of the most sensitive digital properties that you have. Anyone who gains access to your email can find your most personal information or change your login credentials for almost any service.
Here’s what to do:
- Consider creating a second email address to use exclusively for signing up for new services, newsletters, and accounts. That way, your primary email address isn’t exposed to security risks from new accounts.
- Aura can do this for you, giving you an easy way to create and manage secondary email addresses. Aura automatically forwards emails to your primary email address — but your main inbox and email address will stay safe.
10. Use anti-tracking tools to prevent data collection online
Websites commonly track and share user data for advertising purposes. Threat actors can use the same functionality to collect data, run scams, and steal identities.
You can’t always tell the difference between legitimate website tracking tools and malicious ones. The safest thing you can do is prevent all websites from collecting and tracking your data.
Here’s what to do:
- You can do this manually by refusing to share data with websites, but it doesn’t always work. While most websites will honor your request, malicious ones will not.
- The safest way to prevent websites from collecting your data is to use professional anti-tracking software. All Aura memberships come with anti-tracking functionality as well as a military-grade virtual private network (VPN) to protect your data from hackers.
11. Request that public records be made private or removed
Court records, property titles, and litigation archives are generally public record. Your local courthouse makes this data available for consultants, non-profits, and private companies. Some organizations use this data for legitimate purposes, but many do not.
Here’s what to do:
- The process for sealing court records differs from state to state. In general, the court will require you to make a formal request. This may include explaining why your safety or security concerns outweigh the public interest.
- Ultimately, a judge will decide if your records are eligible to be sealed or removed. There is no guarantee you will succeed, but it’s worth making the attempt.
12. Consider signing up for identity theft protection and monitoring
Removing your personal information from the internet reduces the risk of identity theft. But it doesn’t guarantee that your data is secure. Identity thieves and scammers will do whatever it takes to find or steal your information.
Aura monitors your sensitive personal and financial details for suspicious changes or signs of fraud. For example, you’ll be notified in near real-time if someone opens a new account in your name, uses your SSN, or if your passwords are leaked in a data breach.
And if the worst should happen, Aura has you covered with a team of 24/7 U.S.-based fraud resolution specialists along with a $1,000,000 insurance policy that protects you against eligible losses due to identity theft.
How to Increase Your Online Privacy
Removing your data from the internet is only the first step. To remain secure, adopt online cybersecurity habits that improve your privacy. Consider the following good cyber hygiene habits:
- Control what you share on social media. Limit the amount of sensitive information (like location data) that you share with the public on your social media profile.
- Think twice about installing new apps. Subscribing to new services always comes with a privacy trade-off. Make sure the new app or service is worth it before you share any personal data.
- Don’t link accounts unless absolutely necessary. Signing into apps with your Facebook or Google account is convenient — but not secure. If cybercriminals break into one account, they’ll have access to all of them.
- Limit who can search for you. Most social media platforms let people choose not to show their data to public users. This makes it harder for strangers to look up information about you.
- Avoid public Wi-Fi. It’s surprisingly easy to intercept data traveling on public Wi-Fi. This data can include sensitive information about you, your device, and the websites you visit.
- Consider using a Virtual Private Network (VPN). If you do need to use public Wi-Fi, a VPN can encrypt your traffic so that cybercriminals can’t intercept it. VPNs also prevent advertisers from capturing and recording data as you interact with websites.
- Don’t share sensitive data on unsecured channels. Most email and messaging apps make few promises about the privacy of the information that users share. Even privacy-oriented apps like WhatsApp and Telegram have their weaknesses.
- Don’t be fooled by “Incognito Mode.” Google Chrome’s private browsing option doesn’t protect your online accounts or privacy settings any more than the regular browser does. It only prevents other people – like family members – from seeing your internet history on your device.
The Bottom Line: Stay Private. Stay Safe.
Advertising corporations, identity thieves, and many others seek access to your private data. You can’t always tell who these people are or what intentions they have. Limiting the amount of information you share with the public is key to keeping your data — and the data of your loved ones — safe.
Aura can help you remove your information from data brokers’ lists and warn you when identity thieves open accounts in your name. Try our free 14-day trial and discover the difference that online security can make to your peace of mind.