How to prevent identity fraud online

See guide sections

In this guide

Strengthen your passwords

You don’t want to make it easy for a hacker to guess your passwords and gain access to your accounts. You should try to use long passwords which don’t include personal information or real words and use a variety of upper and lower case letters, numbers and symbols. 

You can’t always prevent your passwords from being stolen. Hackers successfully target secure sites every day, gaining access to login details. But you can contain the damage from these breaches by using different passwords across every site and changing them regularly. A password manager like LastPass can help you keep track of many gibberish passwords.

Install antivirus protection

You should secure your computers and devices with the best antivirus and anti-spyware software. These programmes can prevent your computer from being hijacked and surveilled by criminals, which could gather your personal details and passwords, including from your keystrokes.

But be wary of anyone who contacts you saying your computer may be infected with viruses and offering a fix, usually requiring your passwords or remote access to your computer. Criminals often come disguised as legitimate tech help. Only accept tech assistance from legitimate companies you’ve sought out and vetted.

Also, it’s worth noting that your broadband provider should have their own antivirus measures built into their software. If you're not sure what level of protection your current provider offers, take a look at our page on which broadband provider has the best online security. 

If you think switching provider will boost your security, use usave’s comparison tool to see the best broadband deals in your area. Alternatively, check out our guide on home internet security for more tips on how to keep your broadband connection secure.

Be wary of phishing

A common way fraudsters gather our personal information is through phishing. They send scam emails pretending to be from a trusted company, such as your bank, and ask you to provide or verify your personal details. With these details, criminals will be able to access other private information or steal your identity.

To ensure you don’t fall for phishing scams, never divulge personal information in response to an email—or text, letter or phone call—unless you are certain you’re dealing with a legitimate organisation. If you believe the request is legitimate, contact the company yourself, using their publicly listed phone numbers.

Look for secure sites

Furthermore, you shouldn’t click on any links contained in emails from sources you can’t verify. These links may take you to websites riddled with malware or which dupe legitimate sites, including from your bank, and trick you into supplying your personal and financial information.

If you think the contact is legitimate, seek out the organisation’s website yourself, using Google and web addresses listed on legitimate communications. Before you enter any information into a website, including your account name and password, make sure it’s secure. Look for a padlock symbol in the address bar and an address starting with “https://”, the S standing for secure. Some browsers identify secure sites by turning the address bar green.

Don’t overshare on social media

Many of us record our lives on social media. But be aware of what a thief could gather from your profiles, especially if they’re not adequately secured. Have you accidentally divulged the name of your first pet, your mother’s maiden name and other security question answers on public sites? Can someone gather your date of birth or address through a simple Facebook search?

To stay safe on social media, make sure your posts aren’t available to everyone by regularly checking your privacy settings. Don’t accept friend or follower requests from people you don’t know.

Be vigilant

We think little of logging into our online banking on our mobile phones when out and about or entering personal details into a website while sitting in a cafe or airport lounge. But make sure no one is looking over your shoulder as you divulge your address and credit card details. Try to only log into your online banking or buy things online when you’re sure you’re not being watched and are on secure and not public WiFi. 

It's also important to check to see if someone else could be using your WiFi as that can make you more vulnerable to identity theft.

Recognise the signs of identity theft

You should also look out for the signs your identity has been stolen. If you can change your passwords, alert your bank and other relevant organisations, and report the fraud quickly you can mitigate the damage.

Here are some telltale signs your identity has been stolen:

• You no longer receive bills or other expected correspondence. This can mean a criminal has given an address in place of yours
• You receive credit cards you didn't apply for
• You see entries on your debit, credit or store card statements for items you didn’t purchase
• You receive calls from debt collectors about debts you don’t owe
• You’re rejected for credit cards or mortgages you do apply for, suggesting someone has damaged your credit history
• You can no longer log into sites using your normal password, suggesting a criminal may have changed it