Start Now

7 Online Habits That Expose You to Identity Theft

Identity theft affects over a million Americans yearly, and your daily habits may be making you an easy target. Here are seven common behaviors that expose your personal info to thieves and how to fix them

J
Jeff Clemishaw
Contributing Writer
5 min read
7 Online Habits That Expose You to Identity Theft

Identity theft is on the rise in the United States. Data from the Federal Trade Commission shows that, since 2023, reports of identity theft have increased from 1 million to 1.2 million annually, and advances in artificial intelligence have made fraud attempts more complex and difficult to discern. This puts consumers at an increased risk of having their personal information stolen.

Certain consumer behaviors make it easier for thieves to gather information, but many forms of identity theft are avoidable. Using industry insights and federal statistics, we've outlined seven habits that could be exposing you to identity theft and what you can do to change them.

Habit #1: Reusing passwords on multiple sites

Everyone knows it’s not good practice to reuse passwords. This is one of the easiest ways for someone to steal your identity. One data breach on an unimportant account could reveal a password that’s used for more sensitive accounts, such as your banking institution.

The University of Toronto outlines best practices for choosing a password. It recommends:

  • Using passphrases instead of passwords. These are at least 14 characters and have a random string of lowercase and uppercase letters, symbols, and numbers.
  • Not using predictable patterns like “123” or “letmein.”
  • Not using personally identifiable information, as this can be guessed using details found online.
  • Using a password manager with multifactor authentication to help you store multiple passwords.

Habit #2: Ignoring software and app updates

As explained by the National Institute of Standards and Technology, nearly all apps and computer programs are connected to the internet. Patching is essential for reducing the risk of data breaches. These updates typically fix a vulnerability that developers have found in the software, so consumers must make the necessary updates to stay protected.

The Cybersecurity and Infrastructure Security Agency offers three tips for staying on top of updates:

  1. Keep an eye out for notifications.
  2. Make updates as soon as possible.
  3. Enable automatic updates for convenience.

Habit #3: Broadcasting your personal information on social media

Our social lives have changed dramatically with the introduction of the internet, and the line between public and private can feel blurry. One of the most common habits that increases your risk of identity theft is sharing too much personal information on social media accounts.

The New York Institute of Technology says that oversharing can result in targeted phishing and social engineering attacks. Too much public information can even make it easier for an attacker to guess your password.

Habit #4: Not verifying HTTPS in a website’s URL

When you enter a password into a website, that information is sent from your computer to the website’s server over your network. It’s important that this information is encrypted so that any person watching data flow on the network cannot read your password. HTTPS is a protocol that websites follow to ensure data is being encrypted.

You should always verify that a website is secure before entering personal information. Look for a URL that starts with HTTPS instead of HTTP and verify that there is a lock symbol in the search bar. As the FBI warns, however, even these methods cannot be fully trusted. Always verify that the site you are navigating to is correct and not a fake copy.

Habit #5: Clicking links and attachments from unknown senders

According to Hoxhunt’s 2025 Threat Landscape report, nearly 50% of social engineering attacks take place over email. It can seem harmless to click random links, but they often bring unsuspecting victims to sites that collect personal information.

Luckily, it’s easy to spot these malicious emails. Look for phrases that convey a sense of urgency, like “Your account will be suspended in 24 hours,” or “immediate action required,” says BitLyft. When in doubt, do not click any links from senders you do not know.

Habit #6: Brushing off data breach notifications

IBM’s 2025 Cost of a Data Breach Report found the average cost of a data breach was $4.4 million globally. But data breaches can be very costly for individuals as well, because of identity theft. The Identity Theft Resource Center found that, in 2025, more than 20% of people reported financial losses of over $100,000.

You’ve probably received letters in the mail or emails stating that your data may have been compromised in a data breach. Instead of brushing these notifications off, pay attention. Keep a close eye on your credit score and bank balances, and remember to change your passwords to sensitive accounts.

Habit #7: Thinking that incognito mode makes you anonymous

Incognito mode does not keep your data private. In fact, Google was forced to legally delete “billions of data records” obtained from incognito-mode users, according to Wired’s report, after a review of federal court documents.

While incognito mode is effective at hiding search history on your local device, plenty of people still have access to the data, including internet search providers, schools, and workplaces. If a malicious actor is within these systems, they can easily steal your personal information.

Fix these seemingly harmless habits to secure your identity

Losing your identity can cause massive financial loss and a range of negative feelings. Self-blame, guilt, and vulnerability are just a few that Equifax describes. It’s important that you take action to protect yourself from this turmoil.

By rethinking your habits, changing your behaviors, and being extra cautious online, you can reduce your risk of identity theft and have peace of mind that your financial well-being is secure.

Share: