In 2021, the FBI received almost 850,000 complaints of cybercrime, which collectively caused $6.9 billion in losses. Cybercrime takes many forms, including online identity theft, which accounted for 51,629 of the complaints the FBI received last year.
Unfortunately, online identity theft is common because victims can find their identity at risk in many ways, whether their information is compromised because they share it as a result of a romance scam or because a hacker steals their data using a spoofed website. No matter how it happens, identity thieves can cause a lot of stress and aggravation — as well as financial loss in some circumstances.
The good news is, you can maximize your ability to keep your data safe by following these 10 key tips for how to prevent identity theft online.
What is identity theft?
How can personal information be stolen online?
How to protect your data and identity online
With so many threats out there, it's crucial to learn how to protect your data and identity online. Taking these 10 steps could help.
1. Use antivirus and anti-malware software
Antivirus or anti-malware software are designed to identify and prevent malicious software from being installed or from causing harm if installed accidentally.
With most antivirus protection tools, the software can be configured to manually scan for viruses or malicious software and you can also initiate manual scans. It’s also worth installing antivirus software on your cell phone, since there are malicious apps out there that could try to steal your sensitive information.
If antivirus software detects problems, it asks if you want to clean the file to remove the malicious software. The best antivirus programs continually update to make sure they can always identify the latest malware definitions.
2. Create strong passwords
Having a strong password can protect your personal data, like your credit card info or Social Security number, from hackers and scammers. You need strong passwords because usernames and login credentials are used for so many sensitive accounts ranging from your email or social media accounts to your bank account or Social Security account.
A weak password, such as your birthday, your mother’s maiden name, or a pet's name, can be very easy for hackers to guess — especially if you make this information available on social media. You don't want someone to be able to hack into your bank account or other sensitive websites just because you made your password a simple word that anyone could find out.
Creating strong passwords means:
- Using different passwords for each website.
- Using long passwords.
- Using a mix of different characters, letters, and numbers.
- Avoiding using common passwords such as a birthday or pet's name.
Random strings of characters can be best but can be hard to remember. Using a password manager program can make this easier.
3. Set up an internet firewall
Firewalls refer to hardware or software tools designed to protect your computer.
When you have a firewall installed, all the data coming into your computer is reviewed by the software to determine if it should be forwarded on or blocked. Both hardware and software firewalls provide added protection by stopping attacks on your computer that come in from the Internet.
Secure your Wi-Fi
Hackers can breach your Wi-Fi network if you don't have a strong password. Be sure to choose a long password that's difficult to guess and to change it every few months. And consider using a WPA2 password for added security.
4. Learn how to spot phishing and online scams
Phishing scams are used to try to steal your personal information such as passwords or account details. Often, these scams are initiated via email or text.
You may receive a message that claims there is suspicious activity on your accounts or that includes a fake invoice or offers coupons. The goal is to get you to click on a link that installs malware and/or to provide your financial details via email or a spoofed website.
You can spot phishing scams because they often:
- Pretend to be from companies you know and trust.
- Include threats, such as a claim your account is on hold or your credentials have been compromised.
- Include a generic greeting.
- Ask you to click on a link to provide personal information or payment details.
To avoid falling victim, don't click on links in emails. If you get an email that looks to be from your bank, for example, instead of clicking the link navigate directly to your bank's website in a separate browser window.
5. Don’t share personal information online
You should always avoid sharing personally identifiable information online, including via social media. Scammers can take information from your online profiles and use it to guess your passwords, gain access to your account, or otherwise commit ID theft.
One recent example that Health and Human Services warned about was the posting of COVID-19 vaccine cards. The information contained on these cards, including your full name, date of birth, and other medical details, can make you vulnerable to having your identity stolen.
6. Only use secure websites when shopping online
Online shopping scams are common and occur when scammers pretend to be legitimate online sellers, either on fake websites designed to look like storefronts or on genuine retailer sites.
To avoid falling victim to this type of scam, make sure to:
- Research the retailer to find out if they are a domestic or foreign entity and to learn where purchased items will come from and when they will arrive.
- Review the store's refund or return policy.
- Look for details about dispute-handling processes in case something goes wrong.
- Submit payments only to sites using secure payment services. These are denoted by a website address starting with https rather than just http.
- Avoid making upfront payments via money order, wire transfer, pre-loaded gift card, or cryptocurrency.
You may also want to research whether the website has ever been the victim of a data breach as even legitimate retailers can put your identifying information at risk if they don't have strong security measures in place.
7. Monitor credit scores
It's a good idea to review your credit report and score regularly.
You can access your free credit report from the three major credit bureaus, Experian, Equifax, and Transunion, from AnnualCreditReport.com. In response to the pandemic, it’s currently possible to obtain a copy of your report up to once per week.
When you've pulled your report, look for new accounts you don't recognize, address changes, unfamiliar names on your credit report, or an unexplained drop in your credit score. Any of these signs could be an indicator that your personal information has been compromised. If you notice anything out of the ordinary and think you might be a victim of identity theft, you can contact the credit bureaus to issue a credit freeze or fraud alert.
It’s also a good idea to regularly check your bank statements as well to catch any fraudulent purchases your debit card or credit card company might have missed. In the case you spot a charge you didn’t authorize or an ATM withdrawal you didn’t make, it’s worth calling your financial institution and working with a representative to get the issue resolved.
8. Keep your computer, mobile device, and web browser updated
Updating your computer software, cell phone, and web browser is a good way to keep your system and information secure. Vendors of these programs release patches for their software when new vulnerabilities are detected.
The good news is, you can enable automatic updates for most software and browsers to make sure you are always using the latest versions with the most up-to-date protections.
9. Use a VPN
A virtual private network should ideally be used whenever you're on public Wi-Fi. A VPN encrypts or encodes data, including account numbers and other sensitive information, you transmit on your computer to prevent it from falling into the wrong hands.
10. Install identity theft protection software
Identity theft protection software can monitor your credit file, your financial information, and internet websites to detect the misuse of your data. There are many different software programs out there, including Aura, Norton LifeLock, Identity Guard, and ReliaShield that offer credit monitoring and identity theft protection services.
What is identity theft?
Identity theft occurs when a criminal steals your personal information and fraudulently uses any aspect of your identity. Some common ways criminals misuse your personal information include:
- Applying for a new credit card in your name.
- Filing a tax return to claim a refund.
- Obtaining medical services.
As USA.gov explains, any time your personal details are used to commit fraud, this is identity theft and it can "cost you time and money to restore your good name."
How can personal information be stolen online?
There are many different ways personal information can be stolen online including:
- Romance scams: Criminals use fake identities to pretend to be in a romantic relationship with you in order to obtain personal information like your credit card numbers.
- Phishing: This involves unsolicited emails or texts pretending to be from a legitimate company in order to obtain login credentials or other personal details.
- Data breaches: This occurs when confidential information is improperly leaked or accessed from a secured location by an unauthorized person.
- Account takeovers: This occurs when a hacker is able to improperly gain access to an online account.
- Lottery scams: Victims are told they have won a lottery or sweepstakes and must provide personal information
- Malware: Criminals will put software or code onto a computer in order to damage or disable the computer system or unlawfully access information entered on the computer.
- Nonpayment/non-delivery: Online websites purporting to sell goods or services will collect payment information and not send items.
- Spoofing: Websites are designed deliberately to mislead and to appear to be from a legitimate source, when really they exist only to improperly obtain personal details.
- Social media: Social media or social networking sites can also be used to obtain personal details.
What are the first signs of identity theft?
Some warning signs of identity theft include receiving bills for products that you did not purchase, calls from debt collectors for accounts you didn't open, unfamiliar accounts on your credit report, address changes on your online accounts, and loan denials.
What can someone do with my full name and email?
Thieves can use your full name and email to make a phishing attempt that's designed to help them obtain other personal information. If an email with your full name is delivered to your address, you may be more likely to think it is legitimate.
Scammers can also use this information to impersonate you with friends and family, to try to hack other accounts, to get around two-factor authentication requirements, and to harvest other information about you that can be used to commit identity theft.
These tips provide insight into how to prevent identity theft online. Unfortunately, though, no matter how careful you are and how much you know about how to protect your data and identity online, things can go wrong.
If your identity is stolen, you'll want to be sure to report it right away to the appropriate authorities and your creditors. The sooner you act, the more damage you can prevent when your information is being misused by scammers.