Protecting yourself from identity theft online

Protecting yourself from identity theft online

What is identity theft?

When a thief gathers information about you and uses it to impersonate or defraud you, it’s called identity theft.

Even a small amount of data—your Social Security number, password, address, mother’s maiden name, account number or PIN—is enough for a thief to make credit card purchases, open bank accounts, take out loans, or commit crimes in your name.

How can someone steal your identity online?

Phishing scams - Identity thieves attempt to trick you by sending a phony email or instant message (IM) that appears to come from a reputable organization (like your bank or favorite charity). The message tries to alarm you by suggesting that your account was compromised or will be closed unless you respond. The phony message typically contains a link to a webpage or a request to call a toll-free number. There, you’re tricked into revealing financial or other sensitive information on a realistic (but fake) webpage or to a “representative.”

Malicious software - Opening email attachments or clicking in a pop-up window may secretly plant harmful software on your computer that can let a thief collect your passwords or account numbers.

Data breaches - Identity thieves may break into insurance, hospital, government, and other databases to steal the personal information of thousands.

Oversharing - Social media is an ever-present part of many of our lives and it makes it easy to share photos, videos, posts, and other personal information. Unfortunately it makes it TOO easy to share, and thieves can sometimes find that information and use it to help steal your identity.

Four simple ways to help protect your identity online

It can take years to discover you’re a victim of identity theft, and even longer to clear your name and credit rating, so prevention is key.

1. Be defensive with sensitive information

Don’t put sensitive information in email, social media, or text messages. These methods may not be secure.

Look for signs that a webpage is secure and legitimate. Before you enter sensitive data, check to ensure the web address starts with https (“s” stands for secure) and shows a closed padlock. (The lock might also be in the lower right corner of the window.)

Make sure that you’re at the correct site—for example, at your bank’s website, not a fake. Look closely at the Save banking, shopping, and other financial transactions for your home computer. The security of a public computer, or your own computer over a public wireless connection, may be unreliable. Be cautious about clicking links in a message or pop-up window. If you’re unsure if a message is genuine—even if you know the sender—contact him or her using a different device or account.

Be careful about what you post on social media. You may be inadvertently sharing more information than you wanted to, or sharing it to a larger audience than you expected.

2. Create strong passwords and keep them secret

Strong passwords are long (phrases or sentences) that mix capital and lowercase letters, numbers, and symbols. Ideally your passwords should be at least 14 characters long.

Don’t use the same password everywhere. If it’s stolen, all the information the password protects, in all the accounts it's used on, is at risk.

Don’t share your passwords.

Writing them down is ok, as long as it's on a well-protected piece of paper away from your computer.

You'll find some tips on creating and using secure passwords here: Create and use strong passwords.

3. Protect your accounts and your credit

Stay on top of existing account balances by checking account activity regularly.

Report discrepancies quickly. The law protects you from having to pay for fraudulent transactions on your account, but only if you report them promptly.

Couple using a laptop while working on their home finances

Unless you are actively seeking a loan or other credit, contact the three bureaus to freeze your credit, which restricts access to your reports. For more information see Placing a credit freeze.

Tip: Got a child under the age of 16? Consider freezing their credit too. Children are attractive targets for identity thieves because people don't usually check the credit reports for their kids.

Protect your credit with help from the major U.S. credit bureaus. Every year, get your free credit report (and that of any family member over age 14) from each credit bureau, and review them carefully. Order through or call toll-free (877) 322-8228.

4. Boost your computer’s security

Reduce your risk of identity theft by keeping all software (including your web browser) current with automatic updating.

Install legitimate antivirus and antispyware software. Windows 10 comes with Microsoft Defender Antivirus already installed and turned on.

Never turn off your firewall.

Protect your wireless router with a password and use flash drives cautiously.

What you can do if someone steals your identity

Act immediately to correct your records. Document your efforts as you go: make copies of all email and letters and keep detailed notes of phone calls.

File a police report and get a copy to show your bank and other financial institutions that you are a crime victim, not a credit abuser.

Put a fraud alert on your credit reports with one of the major U.S. credit bureaus so that no financial institution grants new credit without your approval.

Close accounts accessed or opened fraudulently. Speak with the fraud department of each of those companies and follow up with a letter. When you open new accounts, use new passwords and PINs.

Report the theft to the U.S. Federal Trade Commission (FTC) at or call toll-free (877) 438-4338.

Report suspicious or fraudulent incidents to the service provider. For example, in Microsoft services or software, look for the Report Abuse link, or contact us at