How do I stop scammers from harvesting my personal information online?
Minimise what you share publicly on social media, opt out of data broker sites, use privacy-focused email settings, and treat every unsolicited contact asking for 'verification' information as a potential phishing attempt.
Last reviewed: 10 June 2026
Explanation
Personal information is the raw material for most scams: your full name, date of birth, address, employer, phone number, and family members' names allow scammers to impersonate you, answer security questions, craft targeted phishing messages, and build convincing pretexts. Much of this information is either publicly available through data brokers or shared voluntarily on social media.
Data broker sites aggregate personal information from public records, voter rolls, property records, and previous data breaches, and make it available for a fee or for free. The major ones — Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder, MyLife — have opt-out processes, though they are deliberately laborious. Privacy-focused services like DeleteMe (paid) or Kanary automate the opt-out process across hundreds of sites. Manual opt-out is time-consuming but free.
Social media is a significant source of scammer-usable information. A public profile showing your full name, workplace, birthday, neighbourhood, friends list, and family members gives attackers most of what they need for spear phishing and social engineering. Review your privacy settings across all platforms and set most profile information to 'friends only' or equivalent. Be particularly careful about publicly listing your date of birth and home city together, as these combinations answer security questions on financial accounts.
For email: use a dedicated email address for sensitive financial accounts that is not visible on social media or used for newsletters and sign-ups. Enable privacy features in your email client that block tracking pixels in emails, which confirm your address is active and when you opened the message.
Common red flags
- Your full name, address, and relatives appear in data broker search results
- Social media profile is public and contains birthday, workplace, and location information
- Using the same email address for everything from banking to newsletter subscriptions
- Survey or quiz requesting personal details in exchange for a result
- Any form asking for information beyond what is necessary for the stated service
- Unsolicited email asking you to 'verify' your personal details to continue a service
What to do now
- Search your name on major data broker sites and submit opt-out requests
- Review privacy settings on all social media platforms and restrict sensitive profile fields
- Create a dedicated email address for financial accounts
- Enable tracking pixel blocking in your email app
- Use a privacy-focused browser extension to block cross-site tracking
- Visit /identity-theft-data-scams for a comprehensive guide to data exposure reduction
Frequently asked questions
How long does it take data broker opt-outs to take effect?
Individual opt-outs typically take two to six weeks per site, and data can reappear as sites re-aggregate from new sources. Paid services maintain suppression continuously. Check back every six months to confirm removal has held.
Is it dangerous to share my birthday on social media?
Your birthday alone is low-risk. Combined with your full name, city, and workplace — all commonly public on the same profile — it provides answers to many security questions and enough information for spear-phishing messages that reference plausible personal details. Keeping birthday hidden or showing only the day and month without year is a reasonable precaution.