- The Basics
- 1. Use Two-Factor Authentication
- 2. Guard Your Personal Information
- 3. Think Twice Before You Post on Social Media
- 4. Be Critical of What You Download
- 5. Encrypt Your Data
- 6. Use a Password Manager
- 7. Connect With a VPN
- 8. Keep Software Current
- 9. Wipe Your Device Before Giving It Away
- 10. Backup Your Data
- 11. Use an Antivirus
- 12. Check for Data Breaches
- 13. Shred Documents
- 14. Avoid Insecure Public WiFi
- 15. Review Your Credit Card Statements & Credit Reports
- Final Thoughts
Identity theft is a rather unpleasant modern crime. Not content with simply emptying your wallet, the cyber thief is after your whole digital being and may even use it to carry out additional crimes in your name. As you’ll see in this article, we’ll show you how to prevent identity theft by staying one step ahead of those who want to steal everything you have.
- Social media sites make their money by collecting as much of your data as they can. Data from your social media accounts can be exposed in a data breach.
- Using a VPN will limit the amount of data hackers can collect on you.
- Both physical and digital data can be used for identity theft.
- A compromised email address can be used to hack into every account tied to that address.
With criminals inventing new tricks every day, it’s hard to know how to stay safe. We’ve compiled a few tips to help prevent identity theft online, which, hopefully, will give you a little peace of mind. The ground here is ever shifting, however, so be alert for new ways to keep yourself safe.
10/21/2021 Facts checked
Added extra tips, FAQs, screenshots, meta description, secondary description and key takeaways.
Having the right mindset is the most important thing you need to prevent identity theft. Be cautious about what data you give out to online services, and be even more cautious about what you post online publicly. After that, you can use a variety of tools to keep your online data private, such as VPNs, antivirus software and password managers.
It’s impossible to know if your identity has been stolen until something goes awry, but in the case of credit card theft, it’s possible to freeze your bank account and instate a credit freeze in case you or your credit monitoring service notices fraudulent activity. However, it’s better to stop identity theft before it starts by protecting your data first.
How to Prevent Identity Theft: The Basics
Identity theft can take many forms, but one of the most common involves credit card fraud. This is done by stealing the details on your credit card or setting up a new credit card with your name on it. The first you’ll ever hear of the matter is a call from collections.
The damage can be more than financial. If the identity thief carried out any criminal activity in your name, it’s difficult for law enforcement to determine what’s what. Sorting out a miscarriage of justice like this can be a long and difficult process, so it’s much better if you take steps to avoid the problem in the first place.
However, there are many other ways for criminals to commit identity fraud, especially with so much personal information online. So stick with us as we show you how.
1. Use Two-Factor Authentication
Many people store a lot of personal data in one place, so hackers breaking into one online service can use the information they find to break into others. For example, if you have a main email account, a hacker can use it to gain entry into other services you use by requesting new passwords. The reset emails will be sent to your main account which the hacker can then respond to.
However, a hacker with access to your password still won’t be able to get into your most important accounts if you have two-factor authentication (2FA) enabled. Two-factor authentication adds an extra step of verification after you enter your password, which usually involves approving a push notification on your smartphone or verifying through email.
Email-based 2FA won’t help if you use the same password for all of your accounts, because the hacker will have access to the verification emails. It’s more secure to use a device-based solution such as using a 2FA app; If the hacker doesn’t physically have your phone, then the hacker can’t get into your account.
Multi-factor authentication (MFA) offers even more security by using three or more steps, but these extra-secure implementations are mainly used in business settings. If that’s the level of security you need, then we suggest reading our full article on 2FA and MFA for more detailed information.
Safeguards like 2FA are especially important when you’re using services that have access to highly sensitive records, such as your social security number, bank account information or medical records.
2. Guard Your Personal Information
Your personal information — from your bank account numbers or your social security number — can be hugely valuable to hackers, so don’t hand them out to people you don’t know. Be wary of contacts messaging you via an unusual method. Someone that has accessed a friend’s address book might contact you in their name to gather more details about you or them.
Many sites try to gather as much information as they can about you. That’s the business model for social media. The trouble with this is that if someone accesses that info, impersonating you becomes a lot easier. These days it is getting more common for sites to connect the dots and amalgamate what different companies know about you.
You can mitigate this by giving out as little info as possible. Avoid giving away any optional info and sign up for services using a throwaway email address. If a site asks you things that you don’t want to divulge, vote with your mouse and sign up somewhere else.
3. Think Twice Before You Post on Social Media
Be careful what you share on social media, especially publicly. Criminals are nothing if not persistent and will happily trawl through your posts looking for anything that can be used to steal your credentials and break into your accounts. For more on keeping your info private, please take a look at our online privacy guide.
4. Be Critical of What You Download
You should be extra careful when downloading smartphone apps, especially with less familiar applications. You will usually be told what information a new app wants to access. It is tempting to just click through these screens, but don’t be too quick to grant an app permissions you aren’t comfortable with. There are always alternatives.
Keep an eye on what you install on your PC too. Many software installers try to sneak an extra app onto your computer, but will notify you of this first. Feel free to decline. Usually, these pieces of malware come from common-use applications, such as PDF converters, that you may only need a single time.
5. Encrypt Your Data
Encryption is your single biggest defense against online crime. When using a VPN, cloud storage or online backup provider, make sure the encryption model is up to date. We recommend AES-256, as it’s the most difficult to crack.
Encrypting your data is especially helpful if someone steals your device. If someone gains access to your device, they can’t do as much damage if your data isn’t readable. You can encrypt what you have stored locally, as well as online. For more on this, please see our article on how to encrypt your data for cloud storage.
If you’re worried about prying eyes there, then make sure to read about the best zero-knowledge cloud services.
6. Use a Password Manager
Choosing a password seems tougher than ever, with sites asking you to put numbers, symbols and capital letters all over the place. It can be tempting to pick just one password and stick with it, but should someone discover it, they can take over your whole online life and cause you no end of problems.
A password manager can help you out here, generating long, unique passwords for the services you use and entering them into sites for you. If you’re frustrated with trying to remember dozens of long, complicated passwords, check out our guide on the best password managers for more tips.
You can also check out our guide on how to set up a strong password to make all of your passwords hacker-proof.
7. Connect With a VPN
A VPN is a service that routes your internet traffic through a single encrypted connection, giving you an extra degree of control over what content you can access and who can see it. Take a look at our What Is a VPN? article for more.
Using a VPN gives you an extra layer of security. Since your IP address changes, it can make life more difficult for those who use your IP address to figure out which online accounts are used by the same person. Many VPNs come with malware-blocking software, which also helps keep you safe.
With no location, browsing history or IP address, hackers have a difficult time finding a shred of information to go on. If you’re using a VPN, a hacker might target you, but will likely fall away with no starting point.
If you’re thinking of getting one, take a look at our list of the best VPNs to find the right option for you.
8. Keep Software Current
Software flaws are discovered constantly, and these security holes can let identity thieves break into your computer. Update your OS and software regularly, and make sure you download the latest patches. Doing this can be troublesome, but not as bad as finding you’ve purchased a Ferrari and never had the chance to drive it.
You should check your privacy settings on your OS and devices. For tips on how to do this on Windows, read our Windows 10 privacy settings article. Email settings can also be tuned to protect your personal or financial information. Image links in emails can leak your IP address and other details to hackers, so disabling automatic image display in your email client is a good idea.
9. Wipe Your Device Before Giving It Away
Good security practices apply even when you’re getting rid of old devices. Before you throw or give away your old computer, smartphone or tablet, make sure to thoroughly wipe all data from the hard drive first. Used devices often carry the lingering data of their previous owners by the time it winds up in someone else’s hands.
Simply deleting all of your files won’t be enough. You’ll need to use your device’s built-in data wiping features to fully eliminate your data, like a good old factory reset. That should be enough for a personal device, but if you have particularly sensitive information stored on it, consider using third-party tools for the most in-depth wipe possible.
10. Backup Your Data
Remember to backup your most valued data first before it’s gone forever. Nothing you erase from your hard drive can ever be restored, especially if a hacker wipes your device for you. You can either purchase a physical external hard drive or use a cloud backup service.
For more info, read about our favorite encrypted cloud storage services and our favorite external hard drives.
11. Use an Antivirus
A successful malware attack usually marks the first step toward a cybercriminal getting away with identity theft, so it’s best to avoid a malware compromise in the first place. You should be able to avoid all but the most extreme forms of malware by installing a robust antivirus program.
Identity theft protection usually only comes with paid software, such as Kaspersky Antivirus. Free antivirus software usually isn’t enough on its own to protect your data from being stolen by the many threats that exist online.
You can read more about the best antivirus programs out there in our comprehensive guide to the best antivirus software.
12. Check for Data Breaches
If you use the internet at all, chances are you have multiple accounts across many different services. Every new account you create adds another opening for attack if it’s not secured properly, and the number of accounts any one person owns adds up quickly.
Companies regularly suffer data breaches for one reason or another, and that puts your personal data at risk of being collected, sold and abused on the dark web. Even if you’ve taken every step to fortify your security, some companies aren’t always so careful about protecting your personally identifiable information.
If a company falls victim to a data breach, you can check the website haveibeenpwned.com to find out if your credentials have been exposed in a documented data breach. Simply search for your email to find out if you’ve been “pwned.”
Financial information like banking credentials are popular items on the dark web, so sign up to receive notifications, so you can invalidate those stolen passwords immediately.
13. Shred Documents
The possibility of identity theft isn’t restricted to the virtual world, even in modern times. Any physical documents containing your personal and financial information are just as good to an identity thief as virtual data.
The next time you’re going through a pile of papers on your desk, be careful about what you throw out. Taking the time to shred your documents before disposal will burn yet another bridge a criminal could use to steal your identity. Believe it or not, digging through the trash for valuable personal records has led to successful incidents of identity theft.
It’s also important to take note of where you store the papers you don’t plan to get rid of. A lot of identity theft happens through methods as old-fashioned as simply stealing letters from the victim’s mailbox, both incoming and outgoing mail.
14. Avoid Insecure Public WiFi
If you regularly use public WiFi networks, such as those at coffee shops and airports, then you’re putting yourself within reach of identity thieves. Public WiFi networks are rarely — if ever — configured with robust privacy protections, and that makes them popular places for cybercriminals to launch their attacks.
Passwords to public WiFi networks are available to anyone who asks for them, including hackers. Hackers commonly use tools like Wireshark to monitor the online activities of everyone on public networks, and from there they can launch man-in-the-middle attacks, distribute malware and even set up malicious WiFi hotspots.
The best way to protect yourself on a public Wi-Fi network is to use a VPN, like ExpressVPN. With your IP address obfuscated and your traffic encrypted, hackers will have to try much harder to get their hands on your personal info.
15. Review Your Credit Card Statements & Credit Reports
Out of all forms of identity theft, credit card fraud is the most common. It isn’t always clear right away when someone gains unauthorized access to your credit card account, but you can regularly review your bank statements from the credit card company for suspicious activity. If you see anything unusual, you can place a freeze on your account and notify your creditor.
An automated solution would be to enroll in a credit monitoring service or an identity theft protection service. These services will notify you via email or text if they detect suspicious credit card activity in your bank statements so you can respond immediately before someone makes fraudulent charges in your name.
It’s also a good idea to regularly look at your credit report. A successful identity thief could potentially drive down your credit score and affect your ability to get a loan for a house or a car, in addition to the other chaos identity theft causes. The three major credit bureaus in the United States are Equifax, Experian and TransUnion, all of which offer identity theft protection services.
If you live outside of the US, there are other credit bureaus with similar services, including various European branches of the above credit bureaus.
Final Thoughts to Help Prevent Identity Theft
With that, we hope you rest a bit easier in keeping yourself safe online. Remember, none of these tips are foolproof and you can’t be too careful online or off. Fraudsters are always coming up with new ways to commit identity theft, but stay vigilant and you should be alright.
Which tools and tips have helped you the most in strengthening your online privacy? Are there any other necessary precautions to take to avoid identity theft not mentioned in this article? Let us know in the comments section below, and as always, thanks for reading.