Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

What is identity theft?

When a thief gathers information about you and uses it to impersonate or defraud you, it’s called identity theft.

Even a small amount of data—your Social Security number, password, address, mother’s maiden name, account number or PIN—is enough for a thief to make credit card purchases, open bank accounts, take out loans, or commit crimes in your name.

A cartoon of a criminal peering over the top of a computer.

How can someone steal your identity online?

Phishing scams - Identity thieves attempt to trick you by sending a phony email or instant message (IM) that appears to come from a reputable organization (like your bank or favorite charity). The message tries to alarm you by suggesting that your account was compromised or will be closed unless you respond. The phony message typically contains a link to a webpage or a request to call a toll-free number. There, you’re tricked into revealing financial or other sensitive information on a realistic (but fake) webpage or to a “representative.”

Learn more about phishing

Malicious software - Opening email attachments or clicking in a pop-up window may secretly plant harmful software on your computer that can let a thief collect your passwords or account numbers.

Learn more about malware

Data breaches - Identity thieves may break into insurance, hospital, government, and other databases to steal the personal information of thousands.

Oversharing - Social media is an ever-present part of many of our lives and it makes it easy to share photos, videos, posts, and other personal information. Unfortunately it makes it TOO easy to share, and thieves can sometimes find that information and use it to help steal your identity.

Learn more about oversharing

Four simple ways to help protect your identity online

It can take years to discover you’re a victim of identity theft, and even longer to clear your name and credit rating, so prevention is key.

1. Be defensive with sensitive information

  • Don’t put sensitive information in email, social media, or text messages. These methods may not be secure.

  • Look for signs that a webpage is secure and legitimate. Before you enter sensitive data, check to ensure the web address starts with https (“s” stands for secure) and shows a closed padlock. (The lock might also be in the lower right corner of the window.)

  • Make sure that you’re at the correct site—for example, at your bank’s website, not a fake. Look closely at the Save banking, shopping, and other financial transactions for your home computer. The security of a public computer, or your own computer over a public wireless connection, may be unreliable. Be cautious about clicking links in a message or pop-up window. If you’re unsure if a message is genuine—even if you know the sender—contact him or her using a different device or account.

    Microsoft Defender SmartScreen can help

  • Be careful about what you post on social media. You may be inadvertently sharing more information than you wanted to, or sharing it to a larger audience than you expected.

2. Create strong passwords and keep them secret

  • Strong passwords are long (phrases or sentences) that mix capital and lowercase letters, numbers, and symbols. Ideally your passwords should be at least 14 characters long.

  • Don’t use the same password everywhere. If it’s stolen, all the information the password protects, in all the accounts it's used on, is at risk.

  • Don’t share your passwords.

  • Writing them down is ok, as long as it's on a well-protected piece of paper away from your computer.

You'll find some tips on creating and using secure passwords here: Create and use strong passwords.

3. Protect your accounts and your credit

  • Stay on top of existing account balances by checking account activity regularly.

  • Report discrepancies quickly. The law protects you from having to pay for fraudulent transactions on your account, but only if you report them promptly.

Couple using a laptop while working on their home finances

  • Unless you are actively seeking a loan or other credit, contact the three bureaus to freeze your credit, which restricts access to your reports. For more information see Placing a credit freeze.

    Tip: Got a child under the age of 16? Consider freezing their credit too. Children are attractive targets for identity thieves because people don't usually check the credit reports for their kids.

  • Protect your credit with help from the major U.S. credit bureaus. Every year, get your free credit report (and that of any family member over age 14) from each credit bureau, and review them carefully. Order through or call toll-free (877) 322-8228.

Tip: Microsoft 365 Family and Personal subscribers in the U.S. can turn on identity theft monitoring in Microsoft Defender. For more information see Getting started with identity theft monitoring in Microsoft Defender.

4. Boost your computer’s security

  • Reduce your risk of identity theft by keeping all software (including your web browser) current with automatic updating.

  • Install legitimate antivirus and antispyware software. Windows comes with Microsoft Defender Antivirus already installed and turned on.

  • Never turn off your firewall.

  • Protect your wireless router with a password and use flash drives cautiously.

Microsoft can help: 

What you can do if someone steals your identity

Act immediately to correct your records. Document your efforts as you go: make copies of all email and letters and keep detailed notes of phone calls.

  • File a police report and get a copy to show your bank and other financial institutions that you are a crime victim, not a credit abuser.

  • Put a fraud alert on your credit reports with one of the major U.S. credit bureaus so that no financial institution grants new credit without your approval.

  • Close accounts accessed or opened fraudulently. Speak with the fraud department of each of those companies and follow up with a letter. When you open new accounts, use new passwords and PINs.

  • Report the theft to the U.S. Federal Trade Commission (FTC) at or call toll-free (877) 438-4338.

  • Report suspicious or fraudulent incidents to the service provider. For example, in Microsoft services or software, look for the Report Abuse link, or contact us at Microsoft-Report a technical support scam

See also

The keys to the kingdom - securing your devices and accounts

Protect yourself from online scams and attacks

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?

Thank you for your feedback!