How To Protect Your Identity Online

Can You Keep Your Personal Info Safe Online?

In the past year alone, massive data breaches at NPD, AT&T, Ticketmaster, and more have leaked billions of personal records online. Even if you somehow weren’t impacted by these specific breaches, there’s still a very strong chance that your personal information has been leaked online — and you’re at risk of online identity theft.

Hackers and identity thieves use leaked data to hack online accounts, target victims with sophisticated phishing and cyberattacks, or even impersonate their victims online.

But what can you do if your data is mostly likely already out there?

While the best thing you can do is to not share your personal information online, there are still protective measures you can take to secure your accounts and prevent online identity theft.

How To Protect Your Identity Online

While it may seem like online identity thieves need high levels of technical skill to hack you online, the truth is that you’re more likely to fall victim to a simple phishing email or infected USB drive.

The good news is that with a few changes to your online habits and updating some of your online security measures, you can protect yourself against most scams and fraud.

1. Use strong and unique passwords for each account

If criminals gain access to your online accounts — such as your social media, banking, and email accounts — they could steal and sell your sensitive personal and financial information.

While it’s important to have strong passwords that are hard to guess, it’s even more important to make sure each account has a unique password. This way, if one account is compromised in a breach, the rest remain secure.

• Follow best practices for strong passwords. Create complex and unique logins using a combination of uppercase and lowercase letters, numbers, and symbols.
• Use a password manager. These tools allow you to quickly create, save, and access complex passwords. Some tools will even warn you if your passwords are too weak or have been leaked in a breach.

2. Enable two-factor authentication (2FA) — ideally with an authenticator app

Two-factor authentication is an additional security measure that requires a secondary passcode or other “proof” that you’re the one logging into your account. This way, even if a password is leaked, hackers most likely won’t be able to access your account.

• For basic 2FA security: Add your cell phone number to your online account. This basic level of 2FA works by sending you a text message with a one-time password (OTP). You can set up SMS-based 2FA on most online accounts, including your social media and e-commerce platforms.
• For the best security: Use an authenticator app. Apps like Authy or Google Authenticator generate a unique verification code that changes about every 30 seconds. Unless the thief also has your smartphone, bypassing a system linked to an authenticator app is almost impossible.

📚 Related: Does Two-Factor Authentication Prevent Hacking? →

3. Beware of common phishing scams

Phishing is a social engineering attack in which scammers pose as trusted sources — like the IRS, a bank, or even your friend — and send fake messages that create a sense of urgency to trick their victims into disclosing sensitive information.

Phishing is one of the most common tactics used by identity thieves, with millions of fake messages, calls, and texts sent every day.

• Don’t trust unknown senders. One of the telltale signs of phishing is unsolicited contact from unknown senders. Before responding, ensure you know who sent the message. Be especially careful of lookalike email addresses, such as “info@amazon.xyz” instead of “info@Amazon.com”.
• Never click on links. Phishing attacks often include malicious links that either trigger a malware download or send you to a fake website. Safe Browsing tools can warn you of these links and prevent you from entering sensitive information on malicious sites.

📚 Learn more about how to spot the common warning signs of a phishing scam →

4. Set up fraud and identity monitoring alerts

Most sensitive online services include some level of cybersecurity features. For example, your online bank can send fraud alerts for suspicious transactions, or social media accounts can warn you if someone’s tried to log in from an unknown device.

Here are some free online identity alerts you can start using today:

• Suspicious financial transactions. Contact your online bank and ask them to set up alerts for suspicious activity, such as large purchases, withdrawals, and changes to your contact details.
• Unknown account logins. Email and social media accounts often let you set up alerts for unknown logins or attempts.
• Credit fraud alerts. For victims of identity theft, you can place a fraud alert with all three credit bureaus (Experian, Equifax, and TransUnion), to warn you if someone is trying to take out credit in your name.
• Data breaches and Dark Web alerts. Identity theft protection and online security software like Aura can monitor your most sensitive information and warn you if its been leaked or hacked.

{{hacker-view-widget}}

5. Use Safe Browsing tools to warn you of fake websites

Scammers create fake websites to trick you into entering sensitive personal information, such as your credit card numbers, Social Security number (SSN), or passwords. These sites are getting harder to accurately spot — but there are online privacy and safety tools that can help:

• Virtual private networks (VPN). A VPN hides your IP address and browsing history when you’re online. This protection is crucial if you are entering sensitive information over public Wi-Fi.
• Antivirus software. An updated antivirus program protects your devices against malware, spyware, and ransomware threats.‍
• Ad and website blockers. This security feature automatically stops you from entering phishing sites or opening malicious links that could potentially steal your personal and financial information.

6. Scrub your personal information from data broker lists

Data brokers collect personal data from websites, public records, and more — and then sell them to telemarketers, government agencies, and even scammers. While you can manually contact data brokers and request that they remove your personal data, there are hundreds of them in the U.S. alone, including BeenVerified, Spokeo, and Whitepages.

Aura includes an automatic data broker opt-out feature that scans brokers’ databases and sends information removal requests on your behalf.

7. Update your social media privacy settings

Most people don’t realize how much personal information scammers can find on public social media profiles. Even worse, keeping your profiles public means that you could be targeted by romance scams and other common social media scams.

Here’s a guide on how to update your privacy settings on the most common social networks. Along with tightening your settings, be mindful of who you connect with and what you share on updates and your profile — especially when it comes to sensitive information like your address or phone number.

📚 Related: How To Protect Your Privacy Online →

8. Limit what Google shows about you in search results

If you can find your personal information online in Google search results, you can be sure a hacker or identity thief can find it, too. Google provides tools that help you block your personal information from showing up in search results.

• Search for your name in Google. Find websites that are hosting your contact details or sensitive information.
• Click on the three dots next to the result and select “Remove result”.
• Provide your reason for requesting the removal and click “Continue”.

📚 Related: How To Delete Your Digital Footprint →

9. Check the permissions of third-party apps and services

Many apps on your mobile devices store information long after you stop using them. The problem is that this information could be leaked at any point. It’s a good idea to limit app permissions and delete your data when you stop using them.

• Review all app connections (i.e. “Sign in with…”). Check which sites are connected to your other accounts, including: Google, Facebook, Apple, Microsoft, and Slack.
• Remove permissions for old apps. If you no longer use the services, remove the integration. Otherwise, you are offering hackers a backdoor to your sensitive accounts.
• Create a separate email account for social media profiles and third-party apps. Aura lets you create and manage “throwaway” email aliases that give you access to services while protecting your main inbox from cyber threats.
• Delete old or unused accounts and apps. Check the app’s privacy policies to see how it handles your data after you delete your account — you may need to send a request to permanently delete your information.

📚 Related: How To Protect Your Personal Information Online →

10. Avoid using public Wi-Fi networks

While it's convenient to work in a hotel or browse online while sitting in a cafe, hackers can exploit these unsecured networks to intercept your banking information and personal data. Try to use your mobile device’s hotspot feature when possible.

If you must use a public Wi-Fi network, make sure you’ve enabled a VPN and try not to enter sensitive information, including passwords and credit card details.

Was Your Personal Data Leaked? Do This!

If you know your accounts or data are under threat, act quickly to prevent scammers from doing too much damage. If you have identity theft insurance, your first call should be to your provider. Otherwise, you can handle fraud yourself by following these steps:

1. Place a credit freeze with all three bureaus. This will prevent identity thieves from using your stolen information to take out loans or open credit accounts in your name. To place a freeze, you’ll need to contact each of the major bureaus individually: Experian, Equifax, and TransUnion.
2. Secure your online accounts. If one account is compromised, others may follow. Update passwords and enable 2FA to stay safe.
3. Contact impacted financial institutions and companies. If scammers have access your bank account, contact your financial institution or lender immediately to report the crime and close your compromised account. The same goes for any company where your stolen information was used.
4. File a report with the Federal Trade Commission (FTC). An official FTC affidavit is required to prove you’re the victim of online identity theft. You can fill in your report online at IdentityTheft.gov. You may also need to file a police report if you think you have information that could lead to an arrest.
5. Review financial records for fraud. Keep an eye on your credit reports, bank account statements, and credit card statements for suspicious activity. You can get free credit reports from all three major bureaus online at AnnualCreditReport.com.

📚 Related: How To Protect Yourself From Identity Theft →

The Bottom Line: Your Personal Information Can Put You at Risk

The more of your personal information that’s available online, the easier it is for cybercriminals to steal your identity. But by securing your online accounts and removing as much information as possible, you can keep yourself safe from scammers.

Unfortunately, becoming a digital ghost is almost impossible — but you should do what you can to shield yourself from online threats that could damage your identity and finances.

For the highest level of security, consider Aura’s award-winning online safety and identity theft protection platform. With Aura, you get identity and credit monitoring with the industry’s fastest fraud alerts, Dark Web monitoring and data breach alerts for your personal data, advanced digital security tools, 24/7 U.S.-based support, and up to $5 million in identity theft insurance.