(844) 845-4219
thief reaching through a computer to steal information (illustrated).

Online Identity Theft Protection » Identity Theft Protection » Online Identity Theft Protection



So many details of your life live online. Unfortunately, this means that identity thieves can easily access your personal information. The evermore interconnected internet is a threat to your personal data, your money, and your credit score. Don’t let that scare you into avoiding the web altogether. Arm yourself with knowledge of the tactics identity thieves use to ensure that you are protected from online identity theft.

The first step of protecting your online identity is learning what identity theft really means. When someone steals your information for their own personal gain, that is identity theft. They could make credit card purchases, file medical insurance claims, open bank accounts and more, all under your name. This can severely hurt your credit score, damage your reputation, and/or drain your bank account.

How Identity Theft Happens Online

When almost three-quarters of consumers worry about online identity theft, it’s obviously a prevalent issue. Yet, how much do you really know about how identity theft happens online? People don’t want to be “hacked,” but don’t always understand how they could get hacked in the first place. The best way to explain is through examples of identity theft online.


One common form of online identity theft is spoofing. Spoofing happens when a thief creates a fake website or email address to trick you into either clicking a link that will install malware onto your computer or freely giving away personal details. These spoofed email addresses will send you phishing emails that look like they are important or from someone you know, but really contain links that will install malware to collect your information. Another trick identity thieves use is pharming. This happens when thieves hack your browser. You type in a legitimate website address, but it leads you to a spoofed website.


Malware stands for “malicious software,” and is downloaded onto your computer through spoofed websites or clicked links in scam emails. It gathers your personal information and sends it to an identity thief. Malware also includes spyware, which can literally spy on all of the activity you engage in on your computer. Other ways your identity can be stolen online include unsecured websites and unsecured internet connections. Websites that start with “http” and not “https” are not as safe. Similarly, public internet connections are not as safe as their password-protected counterparts.

Data Breaches

Your personal information can also be stolen if there is a data breach at a company you have done business with in the past. For example, a data breach at Target caused over 43 million customers to have their information stolen. This may seem out of your control, but another cause of identity theft online definitely isn’t: weak passwords. It’s tempting, but try not to use the same password for everything or choose something too simple. Clever identity thieves will see right through you.

Warning: Kids and seniors are more at risk!

Identity theft can also happen when kids and seniors are left to surf the web without any guidelines. These groups are the most vulnerable to identity theft because of their lack of knowledge of internet scams. If a new window pops up and tells a child they have just won $100,000, there’s a good chance a child will believe it and click the button to “claim their prize,” which turns out to be some nasty malware. A senior may click a link from an email that says it’s from their child, but it’s really a phishing email hoping to bait its next spyware victim.

Preventing Online Identity Theft

With so many tools to choose from, thieves have quite the advantage when trying to steal your information online. However, there are some measures you can take to avoid online identity theft:

  • Choose strong passwords for online accounts. Sure, you remember simple passwords more easily. But it isn’t worth the cost of identity theft.
  • Update your passwords every few months. They are harder to hack if they’re always changing.
  • Use firewalls and antivirus software. Also, don’t put off updating it!
  • Stay skeptical about your emails. If something doesn’t feel right about an email, the address may be spoofed.
  • Don’t click on suspicious links. Phishers use them to scam you.
  • Make sure the websites you use – especially the ones that ask for personal information – start with “https,” not “http.”
  • Be cautious about public computers. You have no idea what kind of spyware or malware could be installed.
  • Review your bank and credit card statements to ensure there aren’t any fraudulent withdrawals or charges.
  • If you are downloading software online, check the security of the website. A scammer could have attached malware to the download.
  • Don’t fall for popups claiming that you’ve won something or you can enter a contest. They are almost always fake.
  • Check your online accounts to see if any personal information has been altered without your knowledge.
  • Delete emails marked as spam immediately.
  • Freeze your accounts if a bank or company you work with has experienced a data breach.
  • Stay informed. Even if you follow all of these tips, identity thieves’ methods are constantly evolving.

Next time you’re sipping a latte in a coffee shop with free internet access or kicking back in a hotel that offers free Wi-Fi, you may want to hold off on connecting to “guest access” or the name of the business that comes up when looking for available internet access.

Sure, it’s easier to just click on the seemingly obvious connection choice so you can get to work or just browse online. However, whenever you access free public Wi-Fi, you’re heading into risky territory, potentially opening a gateway for hackers and identity thieves to access your passwords and other sensitive, personal information.

1. Unwittingly connect to a rogue hotspot

Criminals often set up “rogue” hotspots that you can mistake for the actual free Wi-Fi connection in a public place, according to NortonLifeLock. These hotspots may have names that are similar to the business offering public Wi-Fi. That way, the criminals can lure you into connecting to their network. Once you unwittingly connect, however, the host hacker can intercept your data and even inject malware into your connected device.

No matter how legitimate the public Wi-Fi connection looks, make sure you verify the name of the business’s guest Wi-Fi with an employee before connecting.

2. Access personal accounts

When you access public Wi-Fi, where data over that open connection is often unencrypted and unsecured, you leave yourself open to “man-in-the-middle” attacks, according to NortonLifelock. With a man-in-the-middle attack, the cybercriminal exploits security flaws to intercept data, such as your browsing activities, passwords, financial data, and purchase transactions.

If you do sign on to unsecured public Wi-Fi, Norton advises keeping software patched and up-to-date on all your devices, including your smartphone. That way, you can avoid potential virus or malware infections. Even so, never sign in to a bank, credit card, or other financial accounts while using unsecured public Wi-Fi.

Consider using a virtual private network (VPN) in a public place. A VPN service creates a private network from a public internet connection, encrypting all the data you send and receive, even while using a public Wi-Fi connection.

3. Shop online

Never shop or make other financial transactions online, warns cybersecurity provider McAfee. So, if using public Wi-Fi, hold off on banking, shopping or any activity that requires a password, credit card account information or your Social Security number. Instead, wait until you get home or to another secured Wi-Fi connection.

Find out: 7 Ways to Protect Your Identity While Shopping on Your Phone

4. Leave your device unattended

Thinking about leaving your laptop at the table while you go to the coffee shop counter for another muffin? Even if you’re working on a secure Wi-Fi connection, always take your computer or other device with you to protect yourself from “eavesdroppers” who might peek at account numbers or other information they could use to steal your identity or make unauthorized transactions under your name.

5. Leave Bluetooth on in public places

According to NortonLifeLock, leaving Bluetooth on with your devices in a public place can pose a “huge risk” to your cybersecurity. That’s because a hacker could gain access to your devices using open Bluetooth signals that allow various devices to communicate with each other.

To protect your devices, Norton recommends turning off the Bluetooth function on your phone and other devices when you leave home, the office or another place with a secured connection.

Common Password Mistakes

In today’s digital age, where online security plays a crucial role in our everyday lives, the importance of having strong and secure passwords cannot be overstated. However, many individuals unknowingly make common password mistakes that compromise the security of their online accounts.

Passwords to your online accounts are the “keys to your digital castle,” according to the National Cybersecurity Alliance, so doing everything you can to keep your passwords safe should always be top of mind.

October is National Cybersecurity Awareness Month and a great time to check all the online security measures you have in place, starting with online passwords.

In an interconnected world where our personal and financial information is stored online, creating strong passwords is paramount. A strong password acts as a robust barrier against hackers and unauthorized access. It is crucial to understand the common mistakes people make when setting passwords to avoid falling victim to security breaches.

Mistake #1: Using Weak and Predictable Passwords

One of the most common mistakes individuals make is using weak and predictable passwords. Passwords such as “123456,” “password,” or “qwerty” are extremely vulnerable to brute-force attacks. It is essential to create complex passwords that include a combination of uppercase and lowercase letters, numbers, and special characters.

Creating short and easy passwords

If you think that “Bob12345” is a unique password, you need to beef up your password creation strategy. According to the NCA, every password you create should meet these three strong-password requirements:

  • Long: Short passwords make it easier for hackers to figure out your password, so make all passwords at least 12 characters long.
  • Unique: It’s tempting to use the same, easy-to-remember password for all online accounts so you never have to look up passwords. But if a criminal gets their hands on that one password, they may be able to access all your accounts that use the common password.
  • “Unique” doesn’t mean changing only a number or symbol here and there with the same couple of words you use for every online account. “To really trip up hackers, none of your passwords should look alike,” says the NCA.
  • Complex: In addition to at least 12 characters, a strong password should contain both upper- and lower-case letters in addition to numbers and special characters (“$,” “?” or “!,” etc.) and even spaces if the app or website allows.

Using actual words

If you’re using your name, your dog’s name or another real word as a big chunk of your password, you’re an easy target for dedicated hackers, who can easily crack your password once they’ve got half of it figured out.

“Hackers use malicious programs that can process every word found in a dictionary to crack passwords,” according to security software provider Norton. “Stay away from using proper nouns and other standalone dictionary words that could lead to an unsecured password.”

Mistake #2: Reusing Passwords across Multiple Accounts

Reusing passwords across multiple accounts is another grave mistake. If one account gets compromised, all the other accounts with the same password become vulnerable. To prevent this, it is advisable to use a unique password for each online account.

Mistake #3: Neglecting Two-Factor Authentication

Neglecting the implementation of two-factor authentication is a common oversight. Two-factor authentication adds an extra layer of security by requiring users to provide additional verification, such as a unique code sent to their mobile device, along with their password. It is highly recommended to enable this feature whenever possible.

Mistake #4: Storing Passwords Insecurely

Storing passwords in insecure locations, such as plain text files or easily accessible documents, is a significant security risk. To maintain the confidentiality of your passwords, consider using a reputable password manager that encrypts and securely stores your login credentials.

Mistake #5: Sharing Passwords with Others

Sharing passwords with others, even with trusted individuals, compromises the security of your accounts. It is essential to keep your passwords confidential and avoid sharing them. If necessary, use secure methods like password sharing services that allow temporary access without revealing the actual password.

Mistake #6: Ignoring Password Update Notifications

Ignoring password update notifications can lead to vulnerabilities. When websites or services prompt you to update your password, it is crucial to take it seriously. These updates often address security concerns and strengthen your account’s defenses.

Mistake #7: Relying Solely on Password Managers

While password managers can be convenient, relying solely on them without actively engaging in secure password practices can be a mistake. Remember to create unique and robust master passwords for your password manager and periodically review your stored passwords for any weaknesses.

How does a password manager work?

It only takes a few minutes to download a secure password manager to your computer or another device. Once it’s installed, you provide one master password to access the password manager. Then you can add all of your passwords at once or when the password manager prompts you to add a password that you’ve just used to log into an online account.

Once you’ve stored your passwords, the password manager automatically uses them to log into your accounts. There’s no need to keep a hard or electronic copy of your online passwords, since they’re now stored in the password manager “vault.”

From that point on, the only password you need to remember or write down (and put in a secure location) is the master password to your password manager.

Three ways a password manager protects your online security

1. Encryption

The best password managers encrypt all passwords with an indecipherable code, making them “virtually impossible to decode” by a hacker, says the NCA. The only password that can access the password manager and all of your passwords is the master password, which only you know.

2. Multi-factor authentication

Adding multi-factor authentication provides another layer of security to your password manager.

“Because your password vault on a password manager is so valuable, the best password managers require multi-factor authentication for you to log in,” says the NCA. So, if anyone trying to log into your accounts must provide multiple forms of identity verification, which may include:

  • Fingerprint scan
  • Facial ID
  • Inputting a code sent to your smartphone
3. Your master password isn’t stored

The password manager doesn’t store the keys needed to decrypt the master password that “unlocks” the password vault, according to the NCA. So, your master password is never kept on the system’s servers. You’re the only one with the password, so make sure you set up multi-factor authentication to protect the master password.

How to choose a password manager

Do an online search to bring up many different free or low-cost password managers, including:

  • Keeper
  • Bitwarden
  • 1Password
  • NordPass
  • LastPass
  • Dashlane

Before choosing a password manager, the NCA recommends comparing apps to find the best password manager for you. For more information, check out the following guides:

  • Consumer Reports
  • PC Mag
  • CNET

Mistake #8: Not Regularly Changing Passwords

Failing to regularly change passwords is another common mistake. Regular password changes minimize the risk of prolonged unauthorized access. Aim to update your passwords every few months or sooner, especially for critical accounts.

Mistake #9: Falling for Phishing Attempts

Phishing attempts continue to pose a significant threat. Falling for phishing emails or fake login pages can result in the exposure of your passwords. Always double-check the authenticity of emails and websites before entering your login credentials.

Mistake #10: Failing to Keep Passwords Private

Keeping passwords private is essential for maintaining security. Avoid writing passwords on sticky notes or sharing them through unencrypted communication channels. Memorize your passwords whenever possible, or rely on secure password managers.

Safeguarding our online presence starts with avoiding common password mistakes. By using strong and unique passwords, enabling two-factor authentication, and staying vigilant against phishing attempts, we can significantly enhance the security of our online accounts. Remember to regularly update passwords, keep them private, and prioritize security in every aspect of your online interactions.

How to Check if You’re the Victim of Online Identity Theft

It’s difficult enough to defend yourself against identity theft, but how do you know when your identity has been stolen? Sometimes, it’s difficult to notice. 16% of people surveyed in Identity Theft Research Center’s 2017 Aftermath study didn’t find out their identity had been stolen for three years. The good news is that the majority find out within only three months, but it remains imperative for you to stay on the lookout for online identity theft.

A simple way to tell if you are a victim of identity theft is whether or not the IRS notifies you. If that doesn’t happen, but you find unauthorized accounts under your name, you are likely a victim. Other signs of identity theft include unfamiliar withdrawals from your bank accounts, credit card charges you don’t remember making, insurance claims you never filed, or mail about a debt you never owed.

How to Report Identity Theft Online

Once you figure out that someone stole your identity online, you need to report it. The first thing you need to do is go to, which is run by the Federal Trade Commission. When you submit your story on their site, they will send you a plan that will guide you through the process of reclaiming your identity. This will make the tasks ahead much easier to deal with.

One of these steps will be calling the companies where the identity theft occurred. For example, if you see unauthorized withdrawals from your bank accounts, call your bank and notify them. Do this for every company affected by the theft. Then you can put a fraud alert on your credit report and request a copy. It’s also important to file a report with your local police department.

The last step? Take care of yourself. The Aftermath study also showed that 53% of those surveyed “felt a sense of powerlessness or helplessness” following their incident of identity theft. 7% even reported feeling suicidal. Though online identity theft is obviously a stressful situation to deal with, you will get through it.

FAQs (Frequently Asked Questions)

How long should my password be?

It is recommended to have passwords that are at least eight characters long, but longer passwords are more secure.

Can I use the same password for multiple accounts if it’s strong?

It is best to use a unique password for each account, regardless of its strength, to minimize the risk of multiple accounts being compromised.

What should I do if I suspect my password has been compromised?

If you suspect your password has been compromised, immediately change it and enable any available security features, such as two-factor authentication.

Are password managers safe to use?

Password managers can be secure if you choose a reputable one and use strong master passwords. Research and select a trusted password manager to enhance your password security.

How often should I update my passwords?

It is recommended to update passwords every few months or sooner, especially for critical accounts that contain sensitive information.


Understanding and avoiding common password mistakes is crucial for maintaining the security of our online accounts. We can protect ourselves from potential security breaches by implementing best practices such as using strong and unique passwords, enabling two-factor authentication, and staying vigilant against phishing attempts. Remember, your online security is in your hands, so take the necessary steps to safeguard your digital presence.

Connect with a certified credit counselor to review your options if you think you have become a victim of identity theft.

Get StartedCall To Action Link

How Much Could You Save?

Just tell us how much you owe, in total, and we’ll estimate your new consolidated monthly payment.