10 Tips for Protecting Your Identity on the Internet

Cybercrime could cost you, but there are ways to fight online identity theft.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

Unfortunately, online identity theft is common because victims can find their identity at risk in many ways. Their information could be compromised because they shared it as a result of a romance scam or because a hacker stole their data using a spoofed website. No matter how it happens, identity thieves can cause a lot of stress and aggravation — as well as financial loss in some circumstances.

The good news is you can maximize your ability to keep your data safe by following these 10 key tips for how to prevent identity theft online, like using the best antivirus software, setting up an internet firewall, learning how to spot phishing scams, and more.

In this article
How to protect your data and identity online
What is identity theft?
How can personal information be stolen online?
Bottom line

How to protect your data and identity online

With so many threats out there, it's crucial to learn how to protect your data and identity online. Taking these 10 steps could help.

1. Use antivirus and anti-malware software

Antivirus or anti-malware software is designed to identify and prevent malicious software from being installed or from causing harm if installed accidentally.

With most antivirus protection tools, the software can be configured to manually scan for viruses or malicious software, and you can also initiate manual scans. It’s also worth installing antivirus software on your cell phone since there are malicious apps out there that could try to steal your sensitive information.

If antivirus software detects problems, it asks if you want to clean the file to remove the malicious software. The best antivirus programs continually update to make sure they can always identify the latest malware definitions. Here are some antivirus recommendations if you don't know where to start: 

  • Norton: Norton is a popular name in antivirus, thanks to its top-notch malware detection rates and real-time protection. Norton's security suite also comes with identity theft protection, so you can proactively protect yourself from identity theft. 

    Get Norton 360 | Read Our Norton 360 Review

  • McAfee: If you want an antivirus with lots of bonus features, like a firewall, VPN, and privacy controls, then we recommend McAfee. It comes with a free version and several pricing tiers, so you can fine-tune your antivirus selection for your needs.

    Get McAfee | Read Our McAfee Review

  • TotalAV: Whether you're using antivirus for the first time or are just looking to make a switch, TotalAV is a top-tier choice. It offers an intuitive user experience and plenty of features, like real-time protection, anti-phishing protection, and malware scanning.

    Get TotalAV | Read Our TotalAV Review

Enjoy Norton’s 100% Virus Protection Promise
Editorial Rating
Learn More
On Norton 360 Antivirus's website
Antivirus Software
Norton 360 Antivirus
Save up to 58% your first year
  • 4 plans available, all including antivirus, malware, ransomware, and hacking protection, Cloud backup, and a secure password manager
  • Option to add VPN connection, dark web monitoring, privacy monitoring, and more
  • Compatible with Windows, Mac, Android, and iOS on up to 10 devices depending on plan

2. Create strong passwords

Having a strong password can protect your personal data, like your credit card info or Social Security number, from hackers and scammers. You need strong passwords because usernames and login credentials are used for so many sensitive accounts ranging from your email or social media accounts to your bank account or Social Security account.

A weak password, such as your birthday, your mother’s maiden name, or a pet's name, can be very easy for hackers to guess — especially if you make this information available on social media. You don't want someone to be able to hack into your bank account or other sensitive websites just because you made your password a simple word that anyone could find out.

Creating strong passwords means:

  • Using different passwords for each website.
  • Using long passwords.
  • Using a mix of different characters, letters, and numbers.
  • Avoiding common passwords such as a birthday or pet's name.

Random strings of characters can be best but can be hard to remember. Using a password manager program can make this easier. You can use one like NordPass to organize passwords, as well as notes, credit cards, and personal information all in your vault. It also offers a free version and paid plans, so you can choose depending on your budget.

Editorial Rating
Learn More
On NordPass's website
Password Manager
60% off + 3 months free
  • Strong encryption and security
  • User-friendly interface

3. Set up an internet firewall

Firewalls refer to hardware or software tools designed to protect your computer.

When you have a firewall installed, all the data coming into your computer is reviewed by the software to determine if it should be forwarded on or blocked. Both hardware and software firewalls provide added protection by stopping attacks on your computer that come in from the Internet.

Secure your Wi-Fi 

Hackers can breach your Wi-Fi network if you don't have a strong password. Be sure to choose a long password that's difficult to guess and to change it every few months. And consider using a WPA2 password for added security.

4. Learn how to spot phishing and online scams

Phishing scams are used to try to steal your personal information, such as passwords or account details. Often, these scams are initiated via email or text.

You may receive a message that claims there is suspicious activity on your accounts or that includes a fake invoice or offers coupons. The goal is to get you to click on a link that installs malware and/or to provide your financial details via email or a spoofed website.

You can spot phishing scams because they often:

  • Pretend to be from companies you know and trust.
  • Include threats, such as a claim your account is on hold, or your credentials have been compromised.
  • Include a generic greeting.
  • Ask you to click on a link to provide personal information or payment details.

To avoid falling victim, don't click on links in emails. If you get an email that looks to be from your bank, for example, instead of clicking the link navigate directly to your bank's website in a separate browser window.

How to report a scam 

Scams can be reported to the police, your local government, and the federal government. USA.gov and IdentityTheft.gov have instructions for reporting scams to different agencies, including the IRS and other federal agencies like the Federal Trade Commission (FTC).

5. Don’t share personal information online

You should always avoid sharing personally identifiable information online, including via social media. Scammers can take information from your online profiles and use it to guess your passwords, gain access to your account, or otherwise commit ID theft.

One recent example that Health and Human Services warned about was the posting of COVID-19 vaccine cards. The information contained on these cards, including your full name, date of birth, and other medical details, can make you vulnerable to having your identity stolen.

6. Only use secure websites when shopping online

Online shopping scams are common and occur when scammers pretend to be legitimate online sellers, either on fake websites designed to look like storefronts or on genuine retailer sites.

To avoid falling victim to this type of scam, make sure to:

  • Research the retailer to find out if they are a domestic or foreign entity and to learn where purchased items will come from and when they will arrive.
  • Review the store's refund or return policy.
  • Look for details about dispute-handling processes in case something goes wrong.
  • Submit payments only to sites using secure payment services. These are denoted by a website address starting with https rather than just http.
  • Avoid making upfront payments via money order, wire transfer, pre-loaded gift card, or cryptocurrency.

You may also want to research whether the website has ever been the victim of a data breach, as even legitimate retailers can put your identifying information at risk if they don't have strong security measures in place.

7. Monitor credit scores

It's a good idea to review your credit report and score regularly.

You can access your free credit report from the three major credit bureaus, Experian, Equifax, and Transunion, from AnnualCreditReport.com. In response to the pandemic, it’s currently possible to obtain a copy of your report up to once per week.

When you've pulled your report, look for new accounts you don't recognize, address changes, unfamiliar names on your credit report, or an unexplained drop in your credit score. Any of these signs could be an indicator that your personal information has been compromised. If you notice anything out of the ordinary and think you might be a victim of identity theft, you can contact the credit bureaus to issue a credit freeze or fraud alert.

It’s also a good idea to regularly check your bank statements as well to catch any fraudulent purchases your debit card or credit card company might have missed. In the case you spot a charge you didn’t authorize or an ATM withdrawal you didn’t make, it’s worth calling your financial institution and working with a representative to get the issue resolved.

8. Keep your computer, mobile device, and web browser updated

Updating your computer software, cell phone, and web browser is a good way to keep your system and information secure. Vendors of these programs release patches for their software when new vulnerabilities are detected.

The good news is that you can enable automatic updates for most software and browsers to make sure you are always using the latest versions with the most up-to-date protections.

9. Use a VPN

A virtual private network should ideally be used whenever you're on public Wi-Fi. A VPN encrypts or encodes data, including account numbers and other sensitive information, you transmit on your computer to prevent it from falling into the wrong hands. Here are some of the best VPNs you can use to protect your identity online:

Starting price Starts at $3.39/mo (billed every two years) Starts at $2.19/mo (billed every two years) Starts at $2.03/mo (billed every two years)
Number of devices 10 Unlimited 7
Server count 6,300+ in 111 countries 3,200+ in 100 countries 11,700+ in 100 countries
Streaming support
Torrenting support
Learn more See NordVPN Pricing See Surfshark Pricing See CyberGhost Pricing

10. Install identity theft protection software

Identity theft protection software can monitor your credit file, your financial information, and internet websites to detect the misuse of your data. There are many different software programs out there, including Aura, LifeLock, and Identity Guard, that offer credit monitoring and identity theft protection services.

What is identity theft?

Identity theft occurs when a criminal steals your personal information and fraudulently uses any aspect of your identity. Some common ways criminals misuse your personal information include:

  • Applying for a new credit card in your name.
  • Filing a tax return to claim a refund.
  • Obtaining medical services.

As USA.gov explains, any time your personal details are used to commit fraud, this is identity theft and it can "cost you time and money to restore your good name."

How can personal information be stolen online?

There are many different ways personal information can be stolen online, including:

  • Romance scams: Criminals use fake identities to pretend to be in a romantic relationship with you in order to obtain personal information like your credit card numbers.
  • Phishing: This involves unsolicited emails or texts pretending to be from a legitimate company in order to obtain login credentials or other personal details.
  • Data breaches: This occurs when confidential information is improperly leaked or accessed from a secured location by an unauthorized person.
  • Account takeovers: This occurs when a hacker is able to improperly gain access to an online account.
  • Lottery scams: Victims are told they have won a lottery or sweepstakes and must provide personal information
  • Malware: Criminals will put software or code onto a computer in order to damage or disable the computer system or unlawfully access information entered on the computer.
  • Nonpayment/non-delivery: Online websites purporting to sell goods or services will collect payment information and not send items.
  • Spoofing: Websites are designed deliberately to mislead and to appear to be from a legitimate source when really they exist only to improperly obtain personal details.
  • Social media: Social media or social networking sites can also be used to obtain personal details.



What are the first signs of identity theft?

Some warning signs of identity theft include receiving bills for products that you did not purchase, calls from debt collectors for accounts you didn't open, unfamiliar accounts on your credit report, address changes on your online accounts, and loan denials.


What can someone do with my full name and email?

Thieves can use your full name and email to make a phishing attempt that's designed to help them obtain other personal information. If an email with your full name is delivered to your address, you may be more likely to think it is legitimate.

Scammers can also use this information to impersonate you with friends and family, to try to hack other accounts, to get around two-factor authentication requirements, and to harvest other information about you that can be used to commit identity theft.

Bottom line

These tips provide insight into how to prevent identity theft online. Unfortunately, though, no matter how careful you are and how much you know about how to protect your data and identity online, things can go wrong.

If your identity is stolen, you'll want to be sure to report it right away to the appropriate authorities and your creditors. The sooner you act, the more damage you can prevent when your information is being misused by scammers. We recommend using the best identity theft protection so you have access to remediation specialists and identity theft insurance should any issues arise. 

Editorial Rating
Learn More
On Aura Identity Theft's website
Identity Protection
Aura Identity Theft
Up to 68% off Family Annual Plans
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security

Author Details
Christy Rakoczy, an experienced identity theft expert with over a decade of experience, specializes in cybersecurity issues and laws related to identity fraud. With a J.D. from UCLA’s School of Law and a background in teaching college courses on legal issues surrounding internet privacy, she offers valuable insights across a range of cybersecurity topics.