How to Keep Your Identity Safe Online

The rise of social media and our increasingly large online footprints have made it easier than ever to share our lives with friends, family and the world. But as a consequence, our personal information is easier to harvest, and the implications more significant.

For example, with the right information, someone can easily sign up for a new credit card in your name, entirely online. Or access dozens of your accounts, altering information, viewing private photos messages and files, using your profiles to scam friends and family, and more.

With that in mind, we run through some helpful tips to keep your identity safe online:

Use strong passwords

Passwords are what stand between your personal information and anyone trying to access your personal information. So you need to ensure they’re strong and hard to crack.

Avoid using birthdates, middle names, addresses, etc. Not only are these fairly obvious, but this is all information that is relatively easy to find online. This also extends to any security questions. If your Facebook page has a touching tribute to your first pet, Rex the dog, then having “What was the name of your first pet” as a security question probably isn’t the best idea.

In fact, choose any security questions wisely. First schools, first concerts, your mother’s maiden name, all this information can be surprisingly easy to find. And much of it we actually give away ourselves!

A good idea for passwords is to take a phrase that is memorable to you (say a line from a song, movie, or book), and then take the first letter from every word. For example, borrowing from The Beatles, “We all live in a yellow submarine” becomes “Waliays”. Change out a few letters for characters eg. W4l!ays and you have a pretty random-looking and difficult to guess (yet easy to remember) password.

Keep your passwords unique by adding the first and last letter of the website to the front and end. So for Facebook, it becomes FW4l!aysk, and for YouTube, YW4l!ayse

Compare broadband providers for free with Canstar!

Keep your email separate

Ideally, you should use separate passwords for all your accounts. But, at the very least, ensure your email and banking passwords are entirely unique from any other passwords you use. Your email is the key to everything. Almost every account you have can be reset easily by hitting “Forgot password” and sending a link to your email address. From there, a hacker can reset the passwords for all your accounts.

Furthermore, your email is a treasure trove of personal information. Think payslips, contracts, bills, private messages and conversations, messages from your bank, the IRD, your driver licence number, etc.

Think before you share

This is somewhat linked to the above point, but we actually give away a lot of our personal data willingly. You may have finally gotten a new passport with a photo that actually looks good for once, and are keen to share a photo of it. But you could be giving away important details to someone looking to steal your identity.

In general, keep publicly viewable information, such as birthdates and addresses to a minimum.

Or, you might give away the information needed to answer security questions that can be used to bypass passwords. Perhaps an old friend has tagged you in a cute class photo that just so happens to include the name of your first school.

Would they really ask for that?

In addition to what you share, think about who you share it with. For example, it might not be strange for NZ Post to ask for your address, but if TikTok wants to know your apartment number, that might raise a few alarm bells. In this case, chances are you’re not on a legitimate app/site, or the email isn’t really from who it says it is.

Most importantly, this relates to financial information, such as your credit card or bank account details. Unless you are purchasing something, there’s no need for a site or company to need your card details.

Before sharing any information online, consider how it could be used by someone looking to steal your identity. And before sharing any information with a site or someone claiming to be from a known website/company eg, your bank, Facebook, etc, consider whether the information they’re asking for makes sense.

What if it’s someone I know?

It’s common for a cybercriminal to hack into a Facebook account to impersonate its owner, messaging friends and family with dodgy links or requests to borrow money, etc. It’s a good idea to check with any acquaintance or family member asking for personal information online to double check the validity of their request before sharing any info.

For this reason, it’s also a good idea to not list too much information online, even if you have your security settings on private. For if any of your friends or family gets hacked, your personal information could be viewed/accessed through their compromised accounts.

Check your privacy settings

It could be a good idea to have your accounts set to private, and share as little information as possible with people who aren’t your friends.

A study by the Pew Research Centre found that even sharing information with friends of friends on Facebook can lead to sharing that info with anywhere between 30,000-150,000+ people! So it’s best to keep information to a minimum, and only available to people on your friends list.

At the same time, don’t go accepting invitations, messages, and friend requests from anyone you don’t know.

Don’t click anything you weren’t expecting.

Strange messages from your bank or credit card company might not be from them at all. If the messages seem unexpected, weirdly timed, or just odd in any way, contact the company separately and clarify if it’s really them. And don’t go clicking any links or embeds to unique sites.

A common practice is to set up fake sites to trick you into entering your private details. For example, a fake email from someone claiming to be your credit card company may contain a link to a login site that looks convincingly like your card provider’s genuine web page, in the hope you’ll enter your credit card details.

It also pays to carefully read suspicious emails. Often fake emails will have grammatical errors or spelling mistakes. Not too long ago, I got an email for an ***URGENT!!*** missed parcel delivery from @*FeDeX˜.

Without opening it, I could already see it wasn’t genuine, just from the email subject and sender alone. Not to mention the fact I hadn’t ordered anything from FedEx in the first place…

Although bear in mind that not all scam emails will be riddled with poor spelling and odd grammar, and some can be worryingly convincing.

Be careful where you shop

Online shopping can be a high-risk affair, as this is one place that will require you to enter credit/debit card numbers and personal information, such as your personal address. As a result, it’s a good idea to only shop from retailers you know and trust. You might find an item for a few dollars cheaper elsewhere, but if it’s from some strange site you’ve never heard of then be wary.

Do some research on the site and look for user reviews, or avoid it altogether.

Additionally, you should only use encrypted HTTPS sites (with the little padlock at the top) when entering any personal details.

Install Security Suites (antivirus software)

Scammers can install viruses and software that track your behaviour without your knowledge. For example, hackers can track your keystrokes, and see all the passwords and credit card details you type in. And that applies to touch screen devices, too, not just those with physical keyboards.

Security suites can help protect your device(s) from any malware or viruses that someone may install without your knowledge.

Click to compare Mobile Monthly Plans

Be wary of public wi-fi

Public wi-fi can be a godsend, but it’s also a popular place for hacking, scamming and phishing. If you use public wi-fi, ensure you are using a trusted network, and be careful about what information you access. For example, you shouldn’t sign into your online banking over public wi-fi.

→Related article: How Safe Is Public Wi-Fi?

Use a VPN

In addition to rerouting your location and letting you watch Netflix shows not available in New Zealand, VPNs encrypt your data. That makes it hard for anyone who might be spying or eavesdropping on your connection to see what you’re up to.

→Related article: What is a VPN and Why Should You Use One?

Enable two-step verification

With two-step verification, in addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone. This adds another level of difficulty for anyone aiming to log in into your accounts. It can also provide a heads-up if someone else is trying to log in using your details, prompting you to change passwords and/or review your accounts and security.

Compare broadband providers for free with Canstar!

About the author of this page

This report was written by Canstar Content Producer, Andrew Broadley. Andrew is an experienced writer with a wide range of industry experience. Starting out, he cut his teeth working as a writer for print and online magazines, and he has worked in both journalism and editorial roles. His content has covered lifestyle and culture, marketing and, more recently, finance for Canstar.