ProtonBlog(new window)
How do scammers get your personal info?

How do scammers get your personal information?

Share this page

Fraudsters have many ways to steal your identity and money, but there are simple steps you can take to protect yourself.

Given how much valuable personal data we store online, scammers have a strong incentive to try to steal it. With just a few personal details, they can steal your identity, clean out your bank account, run up credit card bills, or commit crimes in your name.

In 2022, the Federal Trade Commission (FTC) received over 1.1 million reports of identity theft(new window) in the US. And for those affected, the impact can be devastating.

Over 30% of identity theft victims last year said they lost more than $10,000, according to the Identity Theft Resource Center(new window). Most also reported suffering negative feelings and emotions or even physical problems as a result.

But there are ways to protect yourself. We explain how scammers can steal your identity and what you can do to stop them.

How fraudsters steal your identity
How to spot phishing and social engineering
What to do if you suspect phishing
10 ways to prevent identity theft
1. Don’t respond to spam!
2. Get secure email
3. Hide your email with aliases
4. Use strong passwords and 2FA
5. Install good anti-virus software
6. Keep your devices updated
7. Back up your data
8. Use a trustworthy VPN
9. Don’t overshare personal data
10. Protect your physical documents
Stay secure with Proton

How fraudsters steal your identity

Fraudsters steal personally identifiable information(new window), like your name and address, credit card or bank account numbers, or Social Security numbers. They can then buy things with your credit card, access your bank account, steal your tax refund, and more, while you pick up the tab. Or they may use your identity to commit other crimes, pretending to be you.

Here’s how thieves can get your personal details to steal your identity:

Phishing and social engineering

Phishing(new window) is an online scam in which attackers send you fake emails or text messages to trick you into revealing sensitive information or downloading malware on your device. Or they may call you asking for personal details or use other social engineering(new window) tricks to defraud you. See how to spot phishing below.

Hacking and data breaches

Malicious hackers can target organizations that store large amounts of personal data, like banks, email providers, or online retailers. Once your personal details are leaked in a data breach(new window), they can be sold on the dark web.


Malware(new window), such as spyware or Trojans, can be downloaded onto your device by phishing emails, software installations, or other means. Fraudsters may use it to steal personal details like login credentials or even take control of your device.

Social media

Scammers can learn a lot about you just from what you post online, so be careful what you share. They can also set up fake social media profiles and ask to connect to gain access to your private posts.


Criminals can install skimming devices on ATMs, fuel pumps, or other payment terminals to capture your credit card details. When you insert and use your card, they steal your card number and PIN.

Your trash

If you discard or recycle sensitive documents like bank statements or utility bills without shredding them, beware. Fraudsters can raid your trash to salvage your personal data.

Physical document theft

Thieves can also steal personal data from documents you leave lying around, so keep your documents secure. Similarly, they can target your mailbox outside your home, so keep it locked.

Government records

If you live in the US, personal data like criminal records, property owner information, and other public records are freely available. Anyone can legally gather this information on you and sell it to others, including scammers. 

From you

You may give away reams of personal data if you participate in surveys and competitions or fill out product warranty cards on paper or online. All this data can be sold to others legally or as part of a scam.

How to spot phishing and social engineering

Phishing(new window) is one of the most common ways fraudsters attack online. In 2022, the FBI received around 800,000 complaints of internet crime in the US, and over 300,000 were related to phishing(new window).

That’s why it’s essential to learn how to spot phishing attempts. Typically, phishing messages contain urgent requests, threats, or promises of prizes, asking you to take immediate action. 

Scammers may:

  • Say they’ve noticed “suspicious” login attempts on one of your online accounts and ask you to “confirm” your login details
  • Claim you need to “verify” your personal or financial details, like your credit card number, or your account will be closed
  • Say you’ve been selected for a “special offer, a “lottery win”, or you’re due an unexpected “tax refund” and then request your bank account details to “pay” you
  • Send you a connection request on a social media network or dating site, but you don’t know the person and aren’t registered with that site

Besides this dubious content, phishing emails may contain other fraudulent signs, such as fake sender addresses, generic greetings, or suspicious links or attachments. Learn how to spot a phishing email(new window).

What to do if you suspect phishing

While the content and format of many phishing emails give them away as “phishy”, some appear to be from genuine senders, so beware!

We recommend taking the following steps when you receive any email with a button, link, attachment, or request for personal details, especially if it appears urgent:

Three steps to check for phishing, a major way scammers get your information online

If you’re unsure about a message that appears to be from your bank, for example, contact the bank directly or log in to your account to check. Only don’t use the contact details or login links in the message.

10 ways to protect yourself against identity theft

Being aware of phishing is just one way to protect yourself. Here’s how to ensure you don’t become an identity theft statistic:

1. Don’t respond to spam!

Don’t open or respond to spam or suspicious (phishy!) emails. Above all, don’t click on links or attachments or reply to requests for personal details. Delete.

2. Get secure email

Get end-to-end encrypted email, like Proton Mail, with smart spam filtering and PhishGuard advanced phishing protection. PhishGuard sorts and flags suspicious emails in your inbox, alerting you to phishing attempts.

Proton Mail email with banner warning that the message looks like a phishing email

3. Hide your email with aliases

Use email aliases to keep your personal email address private. A good email aliasing service, like SimpleLogin by Proton(new window), allows you to create a unique email address for different services. That way, you can easily trace the source of spam or phishing emails and revoke the alias if it’s being abused.

4. Use strong passwords and 2FA

Create strong passwords(new window) and get a good, open-source password manager, like Proton Pass, to secure your accounts. And switch on two-factor authentication (2FA)(new window) wherever you can. With 2FA, if your login credentials are ever leaked, fraudsters won’t be able to access your accounts.

5. Install good anti-virus software

Install reputable antivirus software, which can scan your computer or phone for malware used to steal your data. Antivirus software can also give you real-time protection, monitoring emails, attachments, and web content to flag potential phishing emails or software vulnerabilities.

6. Keep your devices updated

Make sure your computer and phone operating systems and other apps are updated to the latest versions with security patches. This will protect you against malware that exploits software vulnerabilities. 

7. Back up your data

Make regular backups of your data, including offline backups using an encrypted external drive(new window). While this won’t prevent identity theft, it will help you restore your data from a clean backup if your device is ever infected with ransomware or spyware(new window).

8. Use a trustworthy VPN

Get a trusted virtual private network (VPN)(new window) like Proton VPN(new window). A VPN encrypts your internet traffic, protecting any sensitive information you share over insecure networks like public WiFi. VPNs also hide your IP address and location, making it more difficult for cybercriminals to trace you online.

9. Don’t overshare personal data

Be careful what you post on social media. Don’t reveal sensitive details such as your date of birth and home address. And avoid revealing reams of personal data in surveys, competitions, product warranty cards, or other forms.

10. Protect your physical documents

If your mailbox is outside your home, lock it. That will prevent criminals from stealing your mail containing sensitive information.

Stay secure with Proton

Identity thieves have many ways to steal your personal data, but the steps above should keep them at bay.

But no matter how careful we are, we all make mistakes. Even seasoned IT professionals can fall for a phishing email or find their data exposed in a data breach.

At Proton, our mission is to give everyone privacy and security online. We’ve designed Proton Mail to give you the best chance against phishing and identity theft, including: 

All Proton plans include end-to-end encrypted Proton Mail, Proton Calendar, Proton Drive, and Proton VPN(new window) to secure your internet connection wherever you are. So get Proton Mail free, and stay secure!

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Harry Bone(new window)

A long-standing privacy advocate, Harry worked as a translator and writer in a range of industries, including a stint in Moscow monitoring the Russian media for the BBC. He joined Proton to promote privacy, security, and freedom for everyone online.

Related articles

Your passwords are some of your most sensitive personal information. They’re the keys that allow you to access your online accounts, be it your cloud storage, email inbox, or banking accounts. Proton Pass helps millions of people safeguard their pass
In recent months, we’ve brought a lot of big additions to the Proton ecosystem, such as Proton VPN for Business, Proton Sentinel, Password Sharing in Proton Pass, and Proton Drive photo backups in beta. By comparison, we haven’t said a lot about Prot
Most email addresses use the default domain provided by their email service. For Proton Mail accounts, it’s For Gmail, it’s These are usually free and work just fine for most people. But there are situations where it makes sens
Proton Drive MacOS launch
Cloud storage is a critical piece of our mission to build an internet that protects your privacy and secures your data. It’s where you keep your most sensitive files, from personal photos to identity documents. Unfortunately, the leading cloud storag
How to password protect a folder
Putting a password on your folders is a great way to protect sensitive files while they’re on your system. It’s pretty easy to do regardless of your operating system, and this article will take you through each step. Note though, that password prote
What is encryption?
Encryption is a way to hide information so private data is kept that way. Without encryption, anybody could access your communications. In this article, we go over how it works and some of the different types of encryption there are. The short expla