How To Prevent Identity Theft Online (and Secure Your Data)

Why Do Identity Thieves Target Your Online Accounts? 

Hackers and scammers target online accounts to gain access to your sensitive personal information and banking details, or even to impersonate you and scam your friends and family. 

With access to your email account, scammers could search for bills and documents that contain your financial account information or Social Security number (SSN), run phishing scams against your contacts, or request password resets for your other sensitive accounts.  

With our ever-growing digital footprints, online identity theft has become a persistent and serious threat — but there are steps you can take to prevent it.

{{show-toc}} 

How To Help Prevent Identity Theft Online in 11 Steps

Data breaches, hacks, and security issues have made digital identity protection more important than ever. Unfortunately, it’s nearly impossible to monitor every account, app, and service for signs of hacking and fraud. 

Therefore, the best way to prevent identity theft online is to take a proactive approach toward protecting your data and accounts.

1. Limit the amount of information you share with services and sites

Your personal data and sensitive information can be easily found across many sites — from social media profiles to e-commerce stores. The less information you make available, the less likely it is that you will become a victim of identity theft. 

• Practice good cyber hygiene when signing up for newsletters, apps, and discount codes. Don’t share your primary email address, mailing address, phone number, or financial information (including account numbers and credit card numbers) unless it’s absolutely necessary.
• Use email aliases or secondary accounts. Scammers can use your primary email address to piece together leaked information about you and create more robust profiles of your online identity. Use a secondary email address for less important accounts. (Aura provides email aliases that automatically forward legitimate emails to your main account.)
• Enter made-up information on non-essential accounts. Using fake information for online accounts can “poison” the data that hackers collect, making you a smaller target. This can be as easy as using a made-up phone number or different date of birth. 

{{hacker-view-widget}}

2. Secure your accounts with strong passwords

Passwords are the first line of defense for your online accounts. You can reduce the chance of account takeover fraud by creating strong login credentials that are:

• Unique: Each password should only be used for one account.
• Long: Use at least 10–13 characters to protect against brute force attacks.
• Complex: Combine uppercase and lowercase letters, numbers, and symbols. 

3. Enable two-factor authentication by using an authenticator app

Two-factor authentication (2FA) — or two-step verification — is a security feature that requires users to provide two distinct forms of identification in order to access accounts, resources, and data. 

There are many different 2FA options, including one-time passwords (OTP), SMS codes, and answering security questions. However, some methods are vulnerable to compromise. Forbes recently revealed how hackers can even use AI to bypass facial recognition systems [*]. 

For the safest method, you should use an authenticator app, such as Google Authenticator or Authy.

📚 Related: Does Two-Factor Authentication Prevent Hacking? →

4. Make sure your devices and apps are up to date

Old online accounts, browser plug-ins, and outdated devices can all contain security vulnerabilities that online scammers use to steal sensitive information. While it can be annoying, deleting your old accounts and removing your personal data can help you stay safe in the event that you’re targeted by hackers. 

• Delete old accounts and apps. If you can't completely delete your old accounts, log in and remove or change any personal information. 
• Audit the apps on your smartphone. Unused apps on your mobile devices impact performance and may put your identity at risk if the software isn’t regularly updated. If you don’t use it, remove it.
• Update your software. You can enable automatic updates on all software and devices, including apps, browser extensions, and desktop programs. By keeping up with the latest security updates, your devices will be less vulnerable to emerging online threats.

5. Don’t click on suspicious links in emails, texts, or DMs

Hackers use fake phone calls and messages across email, social media, and messaging apps like Telegram and WhatsApp to target you with phishing attacks. These scams often create a sense of pressure to share sensitive information, click on links, or send money for supposed fees and fines. 

To prevent identity theft online, never click on any links in an email or text message that you receive from unknown senders. Instead, contact the person or company directly by using the details noted on their official website. 

If you do click on a link and it takes you to a website, double-check the URL before entering information — such as your birthdate, credit or debit card information, and passwords.

6. Remove your information from data broker lists, websites, and search results

Data brokers and people search sites like Whitepages, Spokeo, and Radaris scrape public records and online sources for your private information — and then sell it to anyone from telemarketers and government agencies to scammers. 

You can remove your personal information from data broker lists, as well as the sources they scrape, by following these steps: 

• Submit a personal content removal request to Google. You have the right to remove any personal information that threatens your privacy and was published online without your consent. Here is the full guidance from Google.
• Manually opt out from data brokers. You can check the Privacy Rights database of U.S. data brokers for details on how to opt out. Unfortunately, there are hundreds of brokers in the United States alone — and many will simply re-add your information, which turns this approach into an ongoing monitoring task.
• Use an automatic data broker opt-out service. You can save time by using an automated data broker removal service. Aura scans data broker databases and sends removal requests on your behalf. 

7. Use digital security tools to protect your devices and data

Online identity thieves use sophisticated technology and clever social engineering scams to obtain your data. You can combat these threats by using digital security tools when you go online, including:

• Antivirus software. This helps keep you safe with regular scans for malware and viruses — including ransomware, spyware, adware, trojans, and more. 
• Virtual private network (VPN). A VPN will mask your identity, IP address, and traffic. This security layer prevents hackers from intercepting your data when you’re browsing, shopping, and banking online — especially on public Wi-Fi networks.
• A password manager. These applications help you to create, store, and access complex passwords — and can also send alerts about data breaches or duplicate passwords that put your accounts at risk.

8. Use the “guest checkout” option when shopping online

If you save your credit card information on an online site that gets targeted by a data breach, your payment information can be leaked. 

To stay safe, use the guest checkout option. While this method isn’t as convenient, you can make an online purchase without needing to create an account. In doing so, you share less information, which gives hackers and identity thieves less opportunity to exploit you.

9. Tighten your social media privacy settings

Social media can be a hotbed for identity theft — with fraudsters targeting you with scams and fake ads, trying to take over your account, or using your public profile against you. In almost all cases, it’s best to keep your accounts private and ensure that only trusted connections can view your profile. 

• Review the social network’s data collection policy. You can limit the data that apps and services — like Facebook, Twitter, LinkedIn, and Instagram — can collect about you. 
• Clean up your friends list. Hackers often take over old social media accounts to run imposter scams. Make sure all of your connections are people you know and trust in real life. 
• Disable location-sharing. If you share your location in photos, hackers can use that information about you to launch convincing scams. Turn off all location services and avoid geotagged photos to reduce security risks. 

10. Put a security PIN on your smartphone SIM

Imposters can hijack phones and then gain access to any linked accounts — including your bank account. In one example, a Bank of America customer lost $38,000 after a hacker compromised his phone in a SIM-swap scam [*].

Popular mobile carriers like T-Mobile, Verizon, and AT&T help customers secure their devices with a PIN number or passcode. If possible, use a longer alphanumeric passcode that’s harder to crack than the standard four-digit PIN. 

Here are detailed instructions to set a SIM code:

• iOS (iPhone or iPad)
• Samsung
• Most other Android phones

📚 Related: How To Prevent SIM Swapping and Port-out Scams →

11. Proactively register for sensitive online accounts with the IRS, SSA, and others

In June 2024, The New York Times reported how tax identity theft has overwhelmed the Internal Revenue Service (IRS), resulting in a backlog of 500,000 unresolved fraud cases [*]. Your tax return and Social Security number (SSN) are prized assets to fraudsters. If you don’t protect this data, you could face years of hardship fighting for justice and trying to recover your money.

Here’s how to prevent identity theft on your IRS and SSN accounts:

• Request an Identity Protection PIN. The IRS can assign you a secret, six-digit number for you to verify your identity when filing your taxes. You can request an IP PIN on the IRS.gov website.
• Claim your “My Social Security” account. You can use this profile to apply for benefits and get notified if anyone tries to claim a new Social Security card in your name. You can create an account on the My Social Security website.
• Lock your SSN. The Department of Homeland Security (DHS) allows citizens to freeze their SSNs by using “myE-Verify” accounts. This measure protects you from employment-related fraud. You can create an account on the myE-Verify site. 

📚 Related: Can You Change Your Social Security Number? →

Do You Think Your Online Identity Could Be at Risk? Do This!

Unfortunately, even if you do everything right, all it takes is one slip (or a data breach) to put you at risk. If you think you’re in danger of online identity theft, you should do the following: 

• Freeze your credit with all major credit bureaus. This step will prevent scammers from being able to use your stolen information to access your credit file, take out loans, open new accounts, or order new credit cards in your name. You can request a freeze with most major bureaus online: Experian, Equifax, TransUnion, LexisNexis, and ChexSystems.
• Review your credit reports for fraud. Every American is entitled to free credit reports from the three major bureaus by visiting AnnualCreditReport.com. You’ll also get a free credit report when requesting a credit freeze. 
• Monitor bank statements for suspicious activity. Warning signs can include changes to your contact details, as well as strange withdrawals and transfers — even small ones. If you see any strange activity, contact your bank or credit card company immediately and ask them to close your account.
• File an identity theft report with the Federal Trade Commission (FTC). This report, which acts as your official proof that you’re the victim of ID theft, is necessary when contacting impacted companies or financial institutions. You can file a report online at IdentityTheft.gov.
• Scan your devices for malware, and update your account security. Run antivirus software on your devices, and delete any suspicious or unfamiliar apps. If accounts have been compromised, update your passwords and add 2FA. 

The Best Way To Prevent Identity Theft Online Is With Aura

As we spend more time on the internet, the risk of online identity theft is only going to get greater. With a proactive attitude, you can make yourself a much less vulnerable target. But for comprehensive protection and peace of mind, you should consider a reputable identity theft protection service. 

Aura’s award-winning platform includes Dark Web monitoring, three-bureau credit monitoring with the industry’s fastest fraud alerts³, and a full suite of digital security tools to protect your identity. You’ll also have access to 24/7 U.S.-based support and up to $1 million in identity theft insurance to cover eligible losses and expenses incurred if you become the victim of identity theft.