How to Protect Your Identity Online

Callum Tennent
By Callum TennentUpdated

Identity theft is a huge problem for everyone, both online and offline. And children are 51 times more likely to be targeted than adults. The statistics paint a worrying picture, but there are plenty of ways to fight back. Use our simple step-by-step tips to recover from identity theft, and use the checklist to make sure you don’t overlook anything.

An illustrated representation of identity theft

Identity theft can happen to anyone at any time. Hackers and fraudsters target kids, adults, the living, and the deceased. The consequences can wreak havoc.

We’re not just talking about someone using your credit card online. A fraudster can open new accounts in your name, rent a place to live, or even get a job as you. Children are particularly vulnerable to identity fraud because they’d never know what was going on.

Have you been hacked? Is your mail being opened?
Do you see weird transactions on your bank account statements?

Nobody is safe from this kind of hacking. Recognize the risk, and act on it.


7 Scary Stats About Identity Theft

Identity theft may happen to you, even if you’re careful. Here are some alarming statistics to prove just how big a threat it is:

  1. 13.1 million US consumers were victims of identity theft in 2016, according to Javelin Strategy & Research
  2. The same study found that $15 billion was stolen by fraudsters
  3. The Bureau of Justice says 7% of Americans over 16 have been victims
  4. …and 14% suffered some kind of financial loss
  5. Women are targeted more often than men
  6. And children are 51 times more likely to have their identity stolen than adults
  7. 29% of people affected spent more than 6 months trying to sort out the mess.

Checklist: Have You Been Hacked?

If your identity is stolen, there will be a period of time when you aren’t aware it’s even happened.

The longer it takes for you to wise up, the longer the fraud goes on.

That’s why early detection is key.

If you recognize two or more items on this list, you should be concerned. Have you noticed:

  • Strange transactions on your bank account statement?
  • Mail that doesn’t arrive, or looks like it has been opened when it arrives?
  • Emails from friends alerting you to spam emails sent from your account?
  • Posts on your Facebook or Twitter that you didn’t create yourself?
  • Alerts on your credit report relating to new accounts in your name?
  • Missing emails, or password resets you didn’t ask for?
  • Passwords that don’t work, even though you’re sure you typed them correctly?
  • A refusal of credit for an account you should reasonably have expected to be approved for?
  • Fake social media profiles set up in your name?
  • Media reports about a service provider that you use?
  • Photos of yourself or your family posted online?

Remember: any of these things could happen to your kids, particularly if their have phones or tablets. So it’s important to monitor their bank accounts and social networks, if they are allowed to use them.

Either way, don’t panic. Identity theft isn’t anyone’s fault. Sometimes, it’s down to a hack that you couldn’t have prevented, or a simple ‘brute force’ attack where someone just tries random details until they break in. Dealing with it quickly is the key to damage limitation.

Step-By-Step Recovery Guide

If you’ve had your identity stolen, you face an uphill battle to sort it out. But you will regain control.

Work through these steps in order. At every step, take printouts of any suspicious data or account activity, and keep every single piece of paper that comes through your door relating to your financial situation.

1. Change Your Passwords

Hackers want access to your email account because that lets them impersonate you. It also allows them to reset passwords for lots of other services that you use.

It’s time to freeze them out.

  1. Head straight to your email provider and change your password.
  2. Do a quick Google search to find it whether your provider offers two factor authentication. If they do, turn it on immediately.

Two factor authentication uses your regular password and codes sent by text to your smartphone. To log in, you need both. It’s very secure, because there’s a near-zero chance that a hacker would have your phone and your password in their control.

2. Freeze Online Banking

Online banking is the next priority. And by ‘online banking’, we mean any financial account: bank, credit card, savings, loans, investments – even bitcoin wallets.

  • Log on to each account. Check the recent transactions. Fraudsters usually start by charging tiny amounts that you are easy to miss.
  • Even if you see nothing wrong, it’s a good idea to freeze accounts and change passwords.
  • If you can’t log in to your bank at all, immediately call the provider and get your account disabled and card blocked.
  • To safeguard cryptocurrency, create a new wallet and move your funds – just in case. A paper wallet is arguably the most secure option, at least until you figure out what to do next.

3. File a Fraud Alert

Most of us are wary about messing around with our credit files. But credit reference agencies have specific tools to guard against identity fraud. Now is the time to use them.

Call each credit reference agency in your country and ask them to put a fraud alert on your file. This will prevent the thieves opening any more accounts.

The credit reference agency should then contact your lenders and work with them to erase the fraud from your file. Your bank may then contact the police, but you can do this yourself if you prefer. (Here’s a handy link for US readers on involving the police, and here’s the UK government’s official guidance.)

4. Figure Out How You Were Hacked

Now you’ve put basic security in place, it’s time to backtrack and figure out how you were hacked.

This is important, because you need to know whether more accounts or devices are compromised so that you deal with those as well.

Here’s a few possibilities, along with some simple steps you can take right away:

Problem Solution
Your passwords are really easy to guess. Start using better passwords, or use a password manager. We’ll look at some good strategies in section 5, below.
I clicked a link in a text message or email out of curiosity. You’ve probably filled in a form that has transmitted data to hackers. Retrace your steps to figure out what you did (but don’t click the link again).
I used a public WiFi network without a password. There may have been a malicious user on the network watching your activity. Try to remember which sites you accessed, and change all of those passwords as soon as you can.
I installed a new application on my computer or phone. You may have accidentally installed a virus or malware. Find free anti-virus and anti-malware software from a reputable website. Deep scan your computer to detect and remove the threat.
I used a network that I hadn’t used before. You may have caught a virus from the network, or been snooped on as you browsed. Run anti-virus and malware scans, and change passwords on the sites you visited.
I used a public computer (for example, in a hotel, business centre, or cyber cafe). Visit every site that you visited and change all of the passwords. If you think you left yourself logged in, look for a setting on each website that lets you log out sessions in all other locations.
I might have been watched using my phone or computer. Someone may have looked over your shoulder. Try to remember what you were doing at the time so you can secure your accounts.
I left a device unattended in a public place. A malicious user might have quickly installed malware while you were not looking. Run anti-malware and anti-virus scans immediately.

5. Improve Your Password Habits

Even the most secure IT systems are only as strong as their password.

But humans find secure passwords very difficult to remember.

There are various ways to train yourself into better password habits:

  • Come up with your own system of building passwords using a memorable phrase plus a few letters from the domain name of the site you’re logging into. For example, myphraseTOP10. You should aim for something more secure than this example, though.
  • Use a password manager like LastPass, Dashlane, or 1Password. The Safari browser has a password generator built in.
  • Don’t use real words in passwords.
  • Don’t use ridiculously simple passwords like 123456, or qwerty. These are the first ones hackers will try.
  • If you really must write your passwords down, store them in a safe. It sounds like overkill, but the alternative – storing them online or on your computer – is a Very Bad Idea.

Checklist: Boost Your Security Now

Improving your online security is simple and affordable. Most of these tips won’t cost you a dime. But they will greatly reduce the chance of you being hacked.

Sure: increased security does mean a little inconvenience. But a few extra seconds here and there is surely a price worth paying for peace of mind.

The tips in this section can be used regardless of whether you’ve been hacked already:

  • Sign up for You’ve Been Pwned. This website will email you if your email address appears in leaked account data from hackers so you can immediately change your password before anything bad happens. Registration is free and fast.
  • Order your credit reports every 3 months. You can pay for a paid online monitoring service if you prefer, but the basic report is all you need to check that everything’s as it should be. Set a calendar reminder now.
  • Use a VPN. Any time you use a network that you don’t trust completely, you should connect through a VPN to encrypt your activity and keep your personal data safe. Even better, use a VPN all the time. There are lots of other benefits to using a VPN, which we’ve written about extensively on this website. For complete protection, choose one you can use on your computer, phone, and tablet at the same time.
  • Install anti-virus software on every device you own. If it flags up a suspicious file, act immediately. Don’t ignore alerts. And keep definition files updated automatically.
  • Use encrypted messaging apps. WhatsApp offers end-to-end encryption, which means that nobody can read your messages except the intended recipient. There are other highly secure alternatives like Signal and Telegram. Even Facebook Messenger is encrypted now.
  • Don’t send personal data via email. That includes photos of your driver’s license, passport, or social security details.
  • Stop oversharing on social media. Is it a good idea to tell everyone in the world where you live, what your license plate is, or when you’re not at home? Share holiday photos when you return, and turn off location tagging.
  • Open a ‘spare’ basic bank account for online use. Only deposit the money you need to make purchases online. You could also use a virtual debit card from Entropay, or your own bank, if they offer one.
  • Use two factor authentication everywhere. Full stop. It’s simple, it’s free, and it’s effective. Authy is a great solution this as – unlike Google Authenticator – it works across multiple devices and allows you to create and store backups in the cloud.

The Bottom Line

Everyone is at risk from identity theft, and the internet gives hackers a free pass. Being hacked is a traumatic and disturbing experience, but with our tips, you can recover quickly and mop up the mess. Whether you’ve been hacked or not, prevention is always the best tactic, and even small changes to your habits can make you safer.