How To Protect Yourself From Identity Theft

What Is the Best Thing You Can Do To Protect Your Identity?

Identity thieves can typically steal your personal information in two ways — either you get targeted by a scam and accidentally disclose your sensitive data, or a company leaks it in a data breach. 

That’s why these are the best steps that you can take to protect your identity:

1. Question anyone who wants your personal information
2. Limit what you share with companies and services

However, despite your best efforts, it’s still possible that your identity gets stolen. Last year, identity theft accounted for nearly 20% of all fraud reports, making it one of the fastest-growing crimes in America [*].

Beyond limiting who has access to your personal and financial information, it’s important to understand the signs of identity theft — and monitor where and how scammers might be using your data once it’s already been leaked. 

{{show-toc}}

How To Protect Yourself From Identity Theft

1. Reduce the amount of information available about you online

Identity thieves can use publicly available information to impersonate you, target you with sophisticated scams, or find clues to your passwords and the answers to your security questions. 

Even if you’re careful with where you post information, scammers can still locate critical personal details on social media profiles, via data brokers and people finder websites like TruthFinder and BeenVerified, or even in public records. 

Follow these tips to reduce your digital footprint: 

• Remove your contact information from Google search results and third-party websites where it’s being hosted.
• Don’t include your phone number, birth date, location data, hometown, or home address in your social media profile or posts.
• Never post photos of sensitive documents. This includes your driver’s license, passport, paycheck, Social Security number (SSN), Social Security card, or any other document that displays any of your personal or identifying data.
• Remove your data from broker sites. Manual removal is a legitimate (albeit painstaking) option. Digital security platforms like Aura speed up the process by automatically scanning data broker lists for your personal information and requesting removal on your behalf.

📚 Related: How To Remove Your Personal Information From the Internet →

2. Learn to spot the warning signs of a phishing attack or online scammer

Phishing scams are by far the most prevalent type of scam on the internet. Fraudsters send fake emails, text messages, social media direct messages (DMs), and even make phone calls to try to extract personal details, steal passwords, or get you to send them money. 

According to the Anti-Phishing Working Group (APWG), 2023 was the worst year for phishing on record [*].

The best way to avoid being scammed by a phishing attack is to recognize the warning signs:

• Urgency. Online scammers tend to send unsolicited emails and urgent messages that appear to come from government agencies, well-known businesses, or financial institutions.
• Poor spelling, formatting, and design. Scam emails, texts, and DMs often contain spelling and grammatical errors. Oddly placed logos and incorrect branding are also red flags. However, all of these warning signs are getting harder to spot as scammers start using artificial intelligence (AI) to enhance their scams.‍
• Suspicious links. Phishers often include links that prompt you to log in to your online accounts — but the URL leads to a fake website. Free resources like Google Transparency Report and URLVoid offer searchable databases that check URLs for harmful content and known scam websites.

3. Scan the Dark Web for your personal information (especially after data breaches)

So far, 2024 breaches have leaked more than one billion records to the Dark Web, including major breaches from UnitedHealth, Ticketmaster, and AT&T [*].

Unfortunately, once your details end up on the Dark Web, they’re nearly impossible to remove. For this reason, it’s imperative that you protect yourself and your family by keeping tabs on what information has been leaked (using either a free Dark Web scanner or a more advanced Dark Web monitoring service) and updating sensitive passwords. 

📚 Related: Is Aura Worth It? Here's How To Know →

4. Freeze your credit

Identity thieves are usually financially motivated and may attempt to take out loans, open new accounts, or apply for credit cards in your name.

A proactive credit freeze is better than a fraud alert as it prevents anyone from accessing your credit file and credit history. It’s a free service that can prevent financial fraud with very few downsides —  and you can lift (or “thaw”) the freeze anytime when you need to apply for credit, such as for an auto or home loan.

To freeze your credit, contact each of the three major credit bureaus individually (Experian, TransUnion, and Equifax). Once you provide proof of identity, each bureau will give you a PIN that you can use to freeze and thaw your account.

Pro tip: Consider freezing your credit with other smaller credit reporting agencies as well, including:

• ChexSystems. A ChexSystems freeze can help stop scammers from opening new bank accounts or obtaining debit cards in your name. 
• LexisNexis. Lenders use LexisNexis to assess your eligibility for loans or other credit services. You can request a freeze online or on the phone by calling 1-800-456-1244.
• Subprime credit reporting agencies, such as Teletrack, Factor Trust, and DataX.

5. Review your credit and bank statements regularly

If a criminal has your bank account number or targets your financial accounts, you’ll see the evidence in your credit report and your credit card statements. This could include a sudden drop in your credit score, strange withdrawals or transfers, or unfamiliar accounts and hard inquiries. 

You should keep an eye on your financial accounts and also proactively safeguard them against fraudsters. 

• Carefully inspect the charges on your credit card and bank statements each month. If you see strange withdrawals or signs of credit card fraud, call the number on the back of your bank card and ask to speak with the fraud department.
• Request a free copy of your credit report from all three bureaus at AnnualCreditReport.com. Verify that your personal information, payment history, public records, and list of open credit accounts are all correct. If you find an error, send a dispute letter to each credit bureau to have the error removed from your reports.
• Sign up for a credit monitoring service. These tools regularly review your credit reports and alert you to suspicious activity. For example, Aura scans your credit reports at all three bureaus and can alert you to suspicious activity faster than any other service³.
• Enable transaction alerts on your accounts. If you’re a Chase customer, for example, you can sign up for text or email alerts about transactions, balance transfers, payments, and when you’ve hit your credit limit [*].
• Create a verbal password or PIN for your accounts. Scammers can’t access your account information without them.

{{show-cta}}

6. Add multi-layered security to your devices and online accounts

Strong passwords, two-factor authentication (2FA), and smart security settings on your phone and laptop can help proactively protect you against online identity theft — even if hackers steal your phone or find your passwords leaked after a data breach.

To add more layers of protection to your online accounts:

• Set up two-factor or multi-factor authentication (MFA) wherever possible. Go to the settings menu on each of your online accounts and follow the instructions. While most services offer to send 2FA codes via SMS text messages, it’s much more secure to use an authenticator app like Duo Mobile or Google Authenticator.
• Create complex and unique passwords for each account. Many password managers automatically generate passwords for you that contain strong combinations of uppercase and lowercase letters, numbers, and symbols. 
• Download a password manager to safely store all of your passwords. Aura’s identity theft protection plan includes a secure password manager that can store all of your credentials and even warn you if a password has been leaked or is too weak.

7. Safeguard your mailbox

Mail fraud is a common inroad to identity theft. In July, five people were arrested in Palm Beach for stealing thousands of checks from public mailboxes [*]. From there, they “washed” the checks — changing the amounts and payees — and then cashed them before the banks caught on.

Whether mail thieves are looking for a quick buck or a way into your personal accounts, your mailbox can be their ticket to success. 

• Shred sensitive documents before throwing them out. This includes bank and credit card statements, health insurance forms, tax returns from the IRS, and student loan documents.
• Check your mail regularly, and secure your mailbox at home. Consider applying for a P.O. box at your local post office for added security.
• Don’t drop off your mail in U.S. Postal Service (USPS) collection boxes. Instead, deposit sensitive mail directly at the post office.
• Register for USPS Informed Delivery. With a free Informed Delivery account, you can preview your incoming mail so that you’ll know if anything is missing. You can also track your packages and reschedule deliveries if you’re out of town.

Pro tip: Opt out of prescreened credit card offers. These offers include your name, address, and other personally identifiable information (PII) that scammers can use to apply for credit in your name. To stop receiving offers through the mail, go through the opt-out process at www.optoutprescreen.com or call 1-888-5-OPT-OUT (1-888-567-8688).

8. Be cautious in public places with your sensitive documents and information 

Scammers can start the identity theft process by swiping your wallet, rifling through your trash, stealing your credit card number with a card skimmer, or even shoulder surfing as you type in your password.

Make sure you’re also implementing physical security measures, such as:

• Don’t carry around sensitive documents. For example, your Social Security card should be kept in a safety deposit box or somewhere safely hidden in your home — not in your wallet.
• Always inspect card readers and ATMs before using them. Avoid readers that look cracked or have loose, uneven keys.
• Use a privacy screen when you’re working on your laptop in a public place. If you’re communicating over the phone, go to a location where you won’t be overheard.
• Shorten your phone’s auto-lock timer, and enable your “Find My” app. A stolen phone can unlock your identity. Make sure your phone locks quickly when you’re not using it, and enable the Find My device feature to remotely find, lock, or wipe a lost phone.

9. Don’t use public Wi-Fi (without a VPN)

Malicious hackers can break into public Wi-Fi networks and spy on you as you enter sensitive information and passwords — or even infect your device with malware.

If you absolutely must use public Wi-Fi, make sure you:

• Use a Virtual Private Network (VPN). VPN services encrypt the connection between your device and public Wi-Fi networks, allowing you to browse privately and securely.
• Invest in reliable antivirus software. Without it, fraudsters can install invasive malware, spyware, or ransomware.‍
• Secure your cell phone. Scammers can trick your provider into transferring your number to their mobile device — a process called SIM swapping. Contact your carrier and ask what protections are offered for your SIM card.

What To Do If You Think Your Identity Has Been Stolen

As of April 2024, the IRS has over 500,000 open identity theft cases — many of which were reported years ago [*]. The sooner you spot suspicious activity on your accounts, the better chance you have of fully and quickly recovering.

As soon as you see the warning signs of identity theft, you should:

• Contact your bank and credit card company. Report and dispute any fraudulent charges that appear on your bank account statements within two days. This will cap your liability at a maximum of $50 [*]. To stop further fraud, ask your bank to cancel your cards and send you new ones.
• Report the incident to the Federal Trade Commission (FTC). An FTC report is often required to dispute fraudulent charges. You can file an official report online at IdentityTheft.gov. After you submit, you’ll receive a personalized identity recovery plan and an official Identity Theft Affidavit to share with affected vendors.
• File a police report at your local law enforcement agency. If you know the identity thief or have information that could lead to an arrest, bring this information to your local law enforcement. A police report may also be necessary to prove that you’re the victim of identity theft and allow you to claim refunds or insurance money.
• Get an IRS Identity Protection (IP) PIN. Without this six-digit number, scammers cannot file a tax return with your name and Social Security Number. Create an IRS account to request an IP PIN. Every year, you’ll receive a new IP PIN.

Following the steps in this guide can help make you a less vulnerable target for identity thieves. But even the most stringent precautions can’t guarantee that you won’t have your identity stolen.

Aura’s all-in-one solution is one of the best ways to protect your identity and prevent identity theft, hacking, and financial fraud. 

With Aura, you get 24/7 account and identity monitoring including Dark Web scans, digital security for all of your devices, one-click Experian CreditLock, 24/7 U.S.-based support, and up to $1 million in identity theft insurance for every adult on your Aura plan. 

Secure your digital life against scammers. Try Aura free for 14 days.