Proton
How do scammers get your personal info?

How do scammers get your personal information?

Fraudsters have many ways to steal your identity and money, but there are simple steps you can take to protect yourself.

Given how much valuable personal data we store online, scammers have a strong incentive to try to steal it. With just a few personal details, they can steal your identity, clean out your bank account, run up credit card bills, or commit crimes in your name.

In 2022, the Federal Trade Commission (FTC) received over 1.1 million reports of identity theft(new window) in the US. And for those affected, the impact can be devastating.

Over 30% of identity theft victims last year said they lost more than $10,000, according to the Identity Theft Resource Center(new window). Most also reported suffering negative feelings and emotions or even physical problems as a result.

But there are ways to protect yourself. We explain how scammers can steal your identity and what you can do to stop them.

How fraudsters steal your identity
How to spot phishing and social engineering
What to do if you suspect phishing
10 ways to prevent identity theft
1. Don’t respond to spam!
2. Get secure email
3. Hide your email with aliases
4. Use strong passwords and 2FA
5. Install good anti-virus software
6. Keep your devices updated
7. Back up your data
8. Use a trustworthy VPN
9. Don’t overshare personal data
10. Protect your physical documents
Stay secure with Proton

How fraudsters steal your identity

Fraudsters steal personally identifiable information, like your name and address, credit card or bank account numbers, or Social Security numbers. They can then buy things with your credit card, access your bank account, steal your tax refund, and more, while you pick up the tab. Or they may use your identity to commit other crimes, pretending to be you.

Here’s how thieves can get your personal details to steal your identity:

Phishing and social engineering

Phishing is an online scam in which attackers send you fake emails or text messages to trick you into revealing sensitive information or downloading malware on your device. Or they may call you asking for personal details or use other social engineering(new window) tricks to defraud you. See how to spot phishing below.

Hacking and data breaches

Malicious hackers can target organizations that store large amounts of personal data, like banks, email providers, or online retailers. Once your personal details are leaked in a data breach, they can be sold on the dark web.

Malware 

Malware(new window), such as spyware or Trojans, can be downloaded onto your device by phishing emails, software installations, or other means. Fraudsters may use it to steal personal details like login credentials or even take control of your device.

Social media

Scammers can learn a lot about you just from what you post online, so be careful what you share. They can also set up fake social media profiles and ask to connect to gain access to your private posts.

Skimming

Criminals can install skimming devices on ATMs, fuel pumps, or other payment terminals to capture your credit card details. When you insert and use your card, they steal your card number and PIN.

Your trash

If you discard or recycle sensitive documents like bank statements or utility bills without shredding them, beware. Fraudsters can raid your trash to salvage your personal data.

Physical document theft

Thieves can also steal personal data from documents you leave lying around, so keep your documents secure. Similarly, they can target your mailbox outside your home, so keep it locked.

Government records

If you live in the US, personal data like criminal records, property owner information, and other public records are freely available. Anyone can legally gather this information on you and sell it to others, including scammers. 

From you

You may give away reams of personal data if you participate in surveys and competitions or fill out product warranty cards on paper or online. All this data can be sold to others legally or as part of a scam.

How to spot phishing and social engineering

Phishing is one of the most common ways fraudsters attack online. In 2022, the FBI received around 800,000 complaints of internet crime in the US, and over 300,000 were related to phishing(new window).

That’s why it’s essential to learn how to spot phishing attempts. Typically, phishing messages contain urgent requests, threats, or promises of prizes, asking you to take immediate action. 

Scammers may:

  • Say they’ve noticed “suspicious” login attempts on one of your online accounts and ask you to “confirm” your login details
  • Claim you need to “verify” your personal or financial details, like your credit card number, or your account will be closed
  • Say you’ve been selected for a “special offer, a “lottery win”, or you’re due an unexpected “tax refund” and then request your bank account details to “pay” you
  • Send you a connection request on a social media network or dating site, but you don’t know the person and aren’t registered with that site

Besides this dubious content, phishing emails may contain other fraudulent signs, such as fake sender addresses, generic greetings, or suspicious links or attachments. Learn how to spot a phishing email.

What to do if you suspect phishing

While the content and format of many phishing emails give them away as “phishy”, some appear to be from genuine senders, so beware!

We recommend taking the following steps when you receive any email with a button, link, attachment, or request for personal details, especially if it appears urgent:

Three steps to check for phishing, a major way scammers get your information online

If you’re unsure about a message that appears to be from your bank, for example, contact the bank directly or log in to your account to check. Only don’t use the contact details or login links in the message.

10 ways to protect yourself against identity theft

Being aware of phishing is just one way to protect yourself. Here’s how to ensure you don’t become an identity theft statistic:

1. Don’t respond to spam!

Don’t open or respond to spam or suspicious (phishy!) emails. Above all, don’t click on links or attachments or reply to requests for personal details. Delete.

2. Get secure email

Get end-to-end encrypted email, like Proton Mail, with smart spam filtering and PhishGuard advanced phishing protection. PhishGuard sorts and flags suspicious emails in your inbox, alerting you to phishing attempts.

Proton Mail email with banner warning that the message looks like a phishing email

3. Hide your email with aliases

Use email aliases to keep your personal email address private. A good email aliasing service, like SimpleLogin by Proton(new window), allows you to create a unique email address for different services. That way, you can easily trace the source of spam or phishing emails and revoke the alias if it’s being abused.

4. Use strong passwords and 2FA

Create strong passwords and get a good, open-source password manager, like Proton Pass, to secure your accounts. And switch on two-factor authentication (2FA) wherever you can. With 2FA, if your login credentials are ever leaked, fraudsters won’t be able to access your accounts.

5. Install good anti-virus software

Install reputable antivirus software, which can scan your computer or phone for malware used to steal your data. Antivirus software can also give you real-time protection, monitoring emails, attachments, and web content to flag potential phishing emails or software vulnerabilities.

6. Keep your devices updated

Make sure your computer and phone operating systems and other apps are updated to the latest versions with security patches. This will protect you against malware that exploits software vulnerabilities. 

7. Back up your data

Make regular backups of your data, including offline backups using an encrypted external drive. While this won’t prevent identity theft, it will help you restore your data from a clean backup if your device is ever infected with ransomware or spyware(new window).

8. Use a trustworthy VPN

Get a trusted virtual private network (VPN)(new window) like Proton VPN(new window). A VPN encrypts your internet traffic, protecting any sensitive information you share over insecure networks like public WiFi. VPNs also hide your IP address and location, making it more difficult for cybercriminals to trace you online.

9. Don’t overshare personal data

Be careful what you post on social media. Don’t reveal sensitive details such as your date of birth and home address. And avoid revealing reams of personal data in surveys, competitions, product warranty cards, or other forms.

10. Protect your physical documents

If your mailbox is outside your home, lock it. That will prevent criminals from stealing your mail containing sensitive information.

Stay secure with Proton

Identity thieves have many ways to steal your personal data, but the steps above should keep them at bay.

But no matter how careful we are, we all make mistakes. Even seasoned IT professionals can fall for a phishing email or find their data exposed in a data breach.

At Proton, our mission is to give everyone privacy and security online. We’ve designed Proton Mail to give you the best chance against phishing and identity theft, including: 

All Proton plans include end-to-end encrypted Proton Mail, Proton Calendar, Proton Drive, and Proton VPN(new window) to secure your internet connection wherever you are. So get Proton Mail free, and stay secure!

Related articles

laptop showing Bitcoin price climbing
en
  • Privacy guides
Learn what a Bitcoin wallet does and the strengths and weaknesses of custodial, self-custodial, hardware, and paper wallets.
pixel tracking: here's how to tell which emails track your activity
en
Discover what pixel tracking is and how it works, how to spot emails that track you, and how to block these hidden trackers.
A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
  • Product updates
  • Proton Pass
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.