How do scammers get your personal info?

How do scammers get your personal information?

Fraudsters have many ways to steal your identity and money, but there are simple steps you can take to protect yourself.

Given how much valuable personal data we store online, scammers have a strong incentive to try to steal it. With just a few personal details, they can steal your identity, clean out your bank account, run up credit card bills, or commit crimes in your name.

In 2022, the Federal Trade Commission (FTC) received over 1.1 million reports of identity theft(new window) in the US. And for those affected, the impact can be devastating.

Over 30% of identity theft victims last year said they lost more than $10,000, according to the Identity Theft Resource Center(new window). Most also reported suffering negative feelings and emotions or even physical problems as a result.

But there are ways to protect yourself. We explain how scammers can steal your identity and what you can do to stop them.

How fraudsters steal your identity
How to spot phishing and social engineering
What to do if you suspect phishing
10 ways to prevent identity theft
1. Don’t respond to spam!
2. Get secure email
3. Hide your email with aliases
4. Use strong passwords and 2FA
5. Install good anti-virus software
6. Keep your devices updated
7. Back up your data
8. Use a trustworthy VPN
9. Don’t overshare personal data
10. Protect your physical documents
Stay secure with Proton

How fraudsters steal your identity

Fraudsters steal personally identifiable information, like your name and address, credit card or bank account numbers, or Social Security numbers. They can then buy things with your credit card, access your bank account, steal your tax refund, and more, while you pick up the tab. Or they may use your identity to commit other crimes, pretending to be you.

Here’s how thieves can get your personal details to steal your identity:

Phishing and social engineering

Phishing is an online scam in which attackers send you fake emails or text messages to trick you into revealing sensitive information or downloading malware on your device. Or they may call you asking for personal details or use other social engineering(new window) tricks to defraud you. See how to spot phishing below.

Hacking and data breaches

Malicious hackers can target organizations that store large amounts of personal data, like banks, email providers, or online retailers. Once your personal details are leaked in a data breach, they can be sold on the dark web.


Malware(new window), such as spyware or Trojans, can be downloaded onto your device by phishing emails, software installations, or other means. Fraudsters may use it to steal personal details like login credentials or even take control of your device.

Social media

Scammers can learn a lot about you just from what you post online, so be careful what you share. They can also set up fake social media profiles and ask to connect to gain access to your private posts.


Criminals can install skimming devices on ATMs, fuel pumps, or other payment terminals to capture your credit card details. When you insert and use your card, they steal your card number and PIN.

Your trash

If you discard or recycle sensitive documents like bank statements or utility bills without shredding them, beware. Fraudsters can raid your trash to salvage your personal data.

Physical document theft

Thieves can also steal personal data from documents you leave lying around, so keep your documents secure. Similarly, they can target your mailbox outside your home, so keep it locked.

Government records

If you live in the US, personal data like criminal records, property owner information, and other public records are freely available. Anyone can legally gather this information on you and sell it to others, including scammers. 

From you

You may give away reams of personal data if you participate in surveys and competitions or fill out product warranty cards on paper or online. All this data can be sold to others legally or as part of a scam.

How to spot phishing and social engineering

Phishing is one of the most common ways fraudsters attack online. In 2022, the FBI received around 800,000 complaints of internet crime in the US, and over 300,000 were related to phishing(new window).

That’s why it’s essential to learn how to spot phishing attempts. Typically, phishing messages contain urgent requests, threats, or promises of prizes, asking you to take immediate action. 

Scammers may:

  • Say they’ve noticed “suspicious” login attempts on one of your online accounts and ask you to “confirm” your login details
  • Claim you need to “verify” your personal or financial details, like your credit card number, or your account will be closed
  • Say you’ve been selected for a “special offer, a “lottery win”, or you’re due an unexpected “tax refund” and then request your bank account details to “pay” you
  • Send you a connection request on a social media network or dating site, but you don’t know the person and aren’t registered with that site

Besides this dubious content, phishing emails may contain other fraudulent signs, such as fake sender addresses, generic greetings, or suspicious links or attachments. Learn how to spot a phishing email.

What to do if you suspect phishing

While the content and format of many phishing emails give them away as “phishy”, some appear to be from genuine senders, so beware!

We recommend taking the following steps when you receive any email with a button, link, attachment, or request for personal details, especially if it appears urgent:

Three steps to check for phishing, a major way scammers get your information online

If you’re unsure about a message that appears to be from your bank, for example, contact the bank directly or log in to your account to check. Only don’t use the contact details or login links in the message.

10 ways to protect yourself against identity theft

Being aware of phishing is just one way to protect yourself. Here’s how to ensure you don’t become an identity theft statistic:

1. Don’t respond to spam!

Don’t open or respond to spam or suspicious (phishy!) emails. Above all, don’t click on links or attachments or reply to requests for personal details. Delete.

2. Get secure email

Get end-to-end encrypted email, like Proton Mail, with smart spam filtering and PhishGuard advanced phishing protection. PhishGuard sorts and flags suspicious emails in your inbox, alerting you to phishing attempts.

Proton Mail email with banner warning that the message looks like a phishing email

3. Hide your email with aliases

Use email aliases to keep your personal email address private. A good email aliasing service, like SimpleLogin by Proton(new window), allows you to create a unique email address for different services. That way, you can easily trace the source of spam or phishing emails and revoke the alias if it’s being abused.

4. Use strong passwords and 2FA

Create strong passwords and get a good, open-source password manager, like Proton Pass, to secure your accounts. And switch on two-factor authentication (2FA) wherever you can. With 2FA, if your login credentials are ever leaked, fraudsters won’t be able to access your accounts.

5. Install good anti-virus software

Install reputable antivirus software, which can scan your computer or phone for malware used to steal your data. Antivirus software can also give you real-time protection, monitoring emails, attachments, and web content to flag potential phishing emails or software vulnerabilities.

6. Keep your devices updated

Make sure your computer and phone operating systems and other apps are updated to the latest versions with security patches. This will protect you against malware that exploits software vulnerabilities. 

7. Back up your data

Make regular backups of your data, including offline backups using an encrypted external drive. While this won’t prevent identity theft, it will help you restore your data from a clean backup if your device is ever infected with ransomware or spyware(new window).

8. Use a trustworthy VPN

Get a trusted virtual private network (VPN)(new window) like Proton VPN(new window). A VPN encrypts your internet traffic, protecting any sensitive information you share over insecure networks like public WiFi. VPNs also hide your IP address and location, making it more difficult for cybercriminals to trace you online.

9. Don’t overshare personal data

Be careful what you post on social media. Don’t reveal sensitive details such as your date of birth and home address. And avoid revealing reams of personal data in surveys, competitions, product warranty cards, or other forms.

10. Protect your physical documents

If your mailbox is outside your home, lock it. That will prevent criminals from stealing your mail containing sensitive information.

Stay secure with Proton

Identity thieves have many ways to steal your personal data, but the steps above should keep them at bay.

But no matter how careful we are, we all make mistakes. Even seasoned IT professionals can fall for a phishing email or find their data exposed in a data breach.

At Proton, our mission is to give everyone privacy and security online. We’ve designed Proton Mail to give you the best chance against phishing and identity theft, including: 

All Proton plans include end-to-end encrypted Proton Mail, Proton Calendar, Proton Drive, and Proton VPN(new window) to secure your internet connection wherever you are. So get Proton Mail free, and stay secure!

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

People and companies are generally subject to the laws of the country and city where they are located, and those laws can change when they move to a new place. However, the situation becomes more complicated when considering data, which can be subjec
Your online data is no longer just used for ads but also for training AI. Google uses publicly available information to train its AI models, raising concerns over whether AI is even compatible with data protection laws. People are worried companies
iPhone stores passwords in iCloud Keychain, Apple’s built-in password manager. It’s convenient but has some drawbacks. A major issue is that it doesn’t work well with other platforms, making it hard for Apple users to use their passwords and passkeys
There are many reasons you may need to share passwords, bank details, and other highly sensitive information. But we noticed that many people do this via messaging apps or other methods that put your data at risk. In response to the needs of our com
Large language models (LLMs) trained on public datasets can serve a wide range of purposes, from composing blog posts to programming. However, their true potential lies in contextualization, achieved by either fine-tuning the model or enriching its p
is Google Docs secure
Your online data is incredibly valuable, particularly to companies like Google that use it to make money through ads. This, along with Google’s numerous privacy violations, has led many to question the safety of their information and find alternative