Identity theft(new window) is a major sector of criminal activity. About 24 million people fell victim(new window) in the United States alone in 2021, costing them over $16 billion. Credit card fraud is the most common type, but criminals target all kinds of personal data.
Identity theft protection requires a mix of vigilance, good personal security practices, and using reliable technology. This article goes over some simple ways you can minimize your risk of being exploited.
How does identity theft happen?
Identity theft is when criminals get access to your personal data and then use it to impersonate you, take out loans in your name, open lines of credit, steal government benefits, or other financial crimes.
There are multiple ways someone can steal your identity, from having a lost wallet fall into the wrong hands to a mail thief cracking your mailbox.
The main attack vector is the web, often starting with email, social media, or text message. Typically this is in the form of a phishing attack(new window), in which the hacker pretends to be a person or company you know or trust. They try to trick you into divulging sensitive data, such as login credentials or bank details, either directly or through an impostor website.
Another way your personal details can be exposed and then used for identity theft is through a data breach(new window). For example, when credit bureau Equifax leaked the financial information of 147 million Americans(new window) in 2017, it was a bonanza for identity thieves and other financial criminals.
If a company that stores your data has a breach, there’s a chance some of your details have been spilled into the world. Any of these details can be used to impersonate you and thus steal your identity.
How to report identity theft
If you suspect you’re a victim of identity theft, your next steps vary by country. In most cases, you’ll need to report your suspicions to the police. In the United States, you can also reach out to www.identitytheft.gov(new window), which is run by the Federal Trade Commission. You’ll also want to contact the three credit bureaus — Equifax(new window), Experian(new window), and TransUnion(new window) — to make sure they freeze your credit.
We have a detailed guide on what to do if your Social Security number has been stolen(new window).
How to protect yourself from identity theft
Secure your personal documents
Keep physical documents like your social security card, birth certificate, and passport in a safe or locked drawer. Before throwing away any documents that contain personal information, such as bank statements, medical bills, or tax returns, shred them to prevent dumpster divers from getting their hands on your data.
Expats and digital nomads often store copies of personal documents such as passports, tax returns, and social security cards in cloud storage services like Google Drive(new window) for easy access while abroad. While these tools are convenient, they are not infallible.
Proton Drive keeps your file safe with end-to-end encryption, which means nobody — not even us — can see your data. Our encrypted cloud storage uses 2FA, keeps track of who signs into your account, and includes a high-security program called Proton Sentinel(new window) with certain premium plans to detect and prevent account takeover attacks.
Monitor your accounts and credit
It’s important to check your bank and credit card statements regularly for any unauthorized transactions and report them immediately. You can also request a free credit report(new window) once a year from each of the three major credit bureaus (Equifax, Experian, and TransUnion) to look for any accounts or activities you don’t recognize. Furthermore, a credit monitoring service(new window) can alert you to changes in your credit report, such as new accounts being opened in your name.
Improve your digital security
Avoid using easily guessed passwords and make sure that each of your accounts has unique passwords(new window). Wherever possible, turn on MFA (Multi-Factor Authentication)(new window) on your financial, email, and social media accounts to add an extra layer of security by requiring at least another form of identification beyond just a password. Proton Pass can help by generating strong passwords and managing them for you. It also features a built-in 2FA authenticator.
Your emails may be intercepted by cybercriminals if the email servers are compromised. For example, while Gmail encrypts your emails during transit using TLS, it doesn’t offer end-to-end encryption, so Google can still access the content of your emails. If Gmail’s servers were to be compromised, your emails could be leaked(new window). Proton Mail is an encrypted email service that secures your communications and prevents eavesdropping using end-to-end encryption — not even we can read your email.
Be wary of phishing and scams
You should be cautious of unsolicited requests for your personal information and never share personal information over the phone or via email. If you receive a suspicious request from an institution you do business with, such as your bank or insurance provider, contact them directly using a phone number you trust.
Knowing what scams are out there, like phishing, vishing, or smishing(new window), can help you spot and avoid them. It’s important to educate yourself and your family, especially children and seniors since they are often more vulnerable to these threats.
Secure your devices
Regularly updated antivirus software and a firewall can reduce the risk of getting infected with malware. You should also use passkeys(new window) or biometric locks(new window) on your smartphones and tablets.
Additionally, you should avoid logging into sensitive accounts and make transactions over public WiFi(new window). A VPN like Proton VPN(new window) improves your security and privacy by encrypting your data. It’s best to make it a habit to connect to your VPN before accessing any personal or financial accounts online.
Limit what you share on social media
Adjusting your privacy settings on platforms like Facebook, X, and Instagram allows you to control who sees your information. Remember that it’s risky to trust your friends list completely, as any account can potentially be hacked. Before posting anything, double-check to leave out confidential details that could be used to answer security questions or guess your passwords, such as your mother’s maiden name, your pet’s name, or the street you grew up on.
Monitor the internet for data breaches
Online services and tools can notify you if your information has been part of a data breach. For example, all Proton subscribers can enable Dark Web Monitoring(new window), which tracks multiple data sources for breach detection, including email addresses, physical addresses, government IDs, medical information, credit cards, and bank account numbers.
Take immediate action if your identity is stolen
If you notice any unauthorized accounts or activities on your credit report, you should contact the credit bureaus to let them know and ask them to remove any fraudulent entries from your credit report.
In case of new accounts opened without your consent, reach out to your credits to close those accounts and put a fraud alert(new window) on your credit reports. Freezing your credit(new window) stops creditors from being able to see your credit report at all, so they won’t approve any new credit accounts in your name.
Protect your identity with Proton
Proton is a privacy-first company protected by Swiss privacy laws(new window), ensuring your information is handled with strict confidentiality. All Proton apps are open source(new window) and independently audited.
We use alternative routing(new window) to help you access Proton services in restricted areas or under heavy surveillance. You can also access Proton via the Tor network(new window) to keep your online activity private and protected from potential eavesdroppers or trackers who could misuse your identity information.
Here are more ways in which our apps can help protect you from identity theft:
Proton Drive
Proton Drive is an encrypted cloud storage service that securely stores your documents(new window) and protects them from identity theft. We use OpenPGP end-to-end encryption(new window) to secure your files before upload and High-Performance Elliptic Curve Cryptography (ECC Curve25519) to protect your stored data from all known cryptographic attacks.
Additionally, we use digital signatures(new window) to help you verify the authenticity of your files and folders. Any data tampering can be detected immediately, so you can swiftly act against possible identity theft.
Move your personal and financial documents to a secure cloud storage by subscribing to Proton Drive for free.
Proton Pass
Proton Pass can protect you from identity theft by creating complex passwords(new window) that are difficult for hackers to guess or break. Our service securely manages your passwords in one place, so you don’t have to remember them or risk security by writing them down or reusing them across different websites.
Moreover, Proton Pass supports 2FA(new window), a TOTP (time-based one-time password) authenticator, and Pass Monitor(new window) for monitoring the health of your passwords. You can also use hide-my-email aliases(new window) to sign up for services and websites without revealing your real email address to prevent spam, phishing attempts, and data exposure.
Update your passwords to prevent identity theft by subscribing to Proton Pass for free.
Proton VPN
Proton VPN allows you to safely and privately access the internet by encrypting your web traffic and masking your IP address(new window). For example, if you’re an expat or a digital nomad who frequently uses unsecured public WiFi abroad, you can use our VPN to safely share data online, such as passwords, credit card numbers, and personal information.
We use strong VPN protocols(new window) with advanced encryption algorithms and high-speed connections(new window) with over 4,500 VPN servers(new window) in more than 90 countries to secure your web traffic without slowing you down. Moreover, Proton VPN has a strict no-logs policy(new window), which means we don’t record any IP addresses, online activity, or timestamps.
Protect your online privacy and safely access the internet by subscribing to Proton VPN for free(new window).
Proton Mail
Proton Mail uses end-to-end encryption to ensure your emails are encrypted before they leave your device and can only be decrypted by the intended recipient — nobody can see your data besides you two, not even Proton.
It blocks known phishing attempts, notifies you for suspicious emails, and supports hide-my-email aliases. Additionally, you can secure your emails with passwords and expiration dates, even if the recipients don’t use Proton Mail.
Switch to an encrypted email service to prevent identity theft by subscribing to Proton Mail for free.
