View Series

Identity Theft and Fraud Can Be Devastating. Here’s How to Avoid It

Prevent criminals from using your personal information for their own gain

10-minute read

Article 2 out of 9 in Trending Scams

Ken Budd,

Updated May 06, 2026

AARP

Reviewed by

Kathy Stokes

En español

Updated May 06, 2026

a hand pulls a blurred identification card out of a smartphone

Animation: AARP; (Source: Getty Images (6))

Key takeaways

Criminals steal personal data through mail theft, breaches, phishing and impostor scams.
Losses and emotional harm are rising, with many victims losing tens of thousands of dollars.
There are several key steps you can take to protect yourself, including using strong, unique passwords on all accounts.

A federal judge called the case “Kafkaesque.” In January 2025, Matthew David Keirans, 59, was sentenced to 12 years in prison on federal charges of aggravated identity theft and making false statements. But this was no ordinary identity theft case: Keirans had so thoroughly assumed the identity of his victim, William Woods, whom he’d met years earlier, that Woods was accused of and charged with taking his identity. Woods had told his bank that an impostor was racking up debt in his name (Keirans had obtained loans totaling about $250,000), so the police called Keirans, who sent fake ID documents that convinced them he was Woods, and the real Woods was arrested for fraud. Later, when Woods insisted that he was the real Woods, a disbelieving judge sent him to a psychiatric hospital

After years of deceit, Keirans finally pled guilty when DNA testing proved his story false.

That’s an extreme example of identity fraud, which can take many forms, including criminals appropriating taxpayers’ identities to steal their refunds. But it always involves the theft of your personal information, such as your Social Security number, home address, birth date, and account numbers (bank, medical insurance, and credit card numbers) to commit fraud.

The Federal Trade Commission (FTC) received more than 1 million reports through its IdentityTheft.gov site last year. And the amount that victims lose is staggering — and growing. The Identity Theft Resource Center (ITRC) notes in its 2025 Consumer Impact Report that “losses totaling between $10,000 and more than $1 million are now common, “helping to create high levels of emotional distress, including thoughts of self-harm."

The actual number of victims and losses is likely far higher because people are often reluctant to report these crimes.

How identities are stolen

Criminals use a variety of methods to obtain your information. Some are low-tech, such as mail theft. A scammer could also steal your information with such simple tactics as handing you a clipboard and asking you to sign a petition that requests your Social Security number. Some are large-scale: Hackers steal information from companies such as banks and retailers with large databases (data breaches are rampant). With impostor scams, you receive a request from what seems like a trusted source — a bank, a government agency, a hiring manager for a job, an IT specialist, a celebrity — to lure you into providing personal information.

Frequently, scammers obtain data when you click a link from an email or text, which takes you to a bogus website. Links in phishing messages can infect your computer with malware that harvests your data.

Artificial Intelligence is making it harder to detect these frauds. Common warning signs of a scam, for example, are texts or emails requesting personal information that include misspellings and grammatical errors, suspicious URLs, or missing or not-right logos. Scammers know this — and they’ve adapted.

“Criminals can use generative AI to create something that looks incredibly realistic and nearly impossible to distinguish from a legitimate bank communication,” says Suzanne Sando, Javelin’s senior analyst in fraud and security and author of the AARP-sponsored report. “We know that criminals are constantly switching their tactics. They’re doing whatever they can to circumvent whatever technology is out there to detect them or anything that consumers have been taught to look for.”

And AI is making scam attempts increasingly sophisticated. “Not only can someone create a fake ID, they can create a fake voice,” says Adam Singer, principal of Credit Report Law Group in New York.

Synthetic identity theft

AI is also fueling a type of fraud known as synthetic identity theft. With this fraud, criminals create fake identities using both real and phony information. Rather than posing as you, criminals use a mishmash of info to create a new identity.

“These random and disconnected pieces of information come alive to create a whole new non-existent person, one that credit reporting agencies and lenders have never heard of,” the ITRC states. For example, a criminal might start with your Social Security number and combine it with a fake birthday and address.

AI is not necessary for synthetic identity theft, but it has simplified the process for criminals.

Join Our Fight Against Fraud

Here’s what you can do to help protect people 50 and older from scams and fraud:

Tell lawmakers to stop criminals from using crypto kiosks to steal from us.
Sign up to become a digital fraud fighter to help raise awareness about the latest scams.
Read more about how we’re fighting for you every day in Congress and across the country.
AARP is your fierce defender on the issues that matter to people 50-plus. Become a member or renew your membership today.

When identity theft leads to identity fraud

Once scammers have stolen your private information, they have many options for cashing in. Criminals can “open a credit card or utility account in your name, or use your information to get a loan, a job, or medical care,” the FTC warns. “They might even file taxes in your name to get your refund.” They can also give your name to police if they’re arrested, the FTC adds.

The tactics are becoming more sophisticated, but you can still take steps to fight back.

Warning signs

Consider it a red alert for identity theft if you:

Receive invoices or bank and credit card statements with withdrawals or purchases you don’t recognize (the same is true for medical bills with equipment or services you didn't receive).
Stop receiving a bill. This could mean that someone changed your billing address.
Find unfamiliar accounts or liabilities on your credit report.· Hear from debt collectors about debts you don’t owe.
Encounter difficulties filing your taxes because the Internal Revenue Service (IRS) says it has already received your return.
Obtain information from the IRS stating that you earned income from an unknown employer.
Learn that your bank or a company you work with has suffered a data breach.
Are rejected for a medical claim because your health plan shows you’ve reached the benefits limit, but you know that's not possible (or you don’t receive coverage because your medical records show a condition that you don’t have).

How to protect yourself

Reduce your paper trail

Set up online access to your bank and credit card accounts. Check them regularly and immediately contact your bank or card provider if you spot suspicious activity.
Sign up for paperless billing and financial statements so sensitive information doesn’t arrive in the mail.
Shred, rather than toss, sensitive documents. Shred bank statements, tax forms, medical bills and other documents containing personal or financial data before you throw them out.
Leave your Social Security card at home in a secure place. Carry documents listing your Social Security number only when necessary.
Don’t leave personal information in your car , even if it’s locked.

Strengthen security

Use different passwords for different accounts. Sixty-five percent of Americans don’t do that, according to a 2024 report from AARP. That means that when one account is compromised, others are also at risk.
Enable multifactor authentication. “It’s more than just having one-time passcodes,” Sando says. “Those are becoming easy for criminals to intercept.” Ask your bank or credit union if they offer third-party authenticators, such as Google Authenticator.
Use security software on your devices. Update it regularly.
Put a fraud alert or freeze on your credit report. A freeze prevents anyone from opening a credit account in your name; an alert requires prospective lenders or creditors to verify your identity. (It’s easy to briefly unfreeze it when necessary — if you are purchasing a new home, for example.)
Avoid using public Wi-Fi networks. Many are poorly secured; hackers can exploit them to intercept sensitive data.
Use a PIN or another type of passcode for unlocking laptops, tablets and smartphones. If a device is lost or stolen, a code will make it harder for thieves to get at what’s on it.
File your tax return as early as possible. Tax ID thieves who’ve obtained your personal information will try to beat you to it.

Activate alerts

Turn on alerts from your bank. Not just fraud alerts but notifications for actions such as a change of address or phone number, a password change, and adding an authorized user. “If you didn’t make those changes, then something is going on,” says Sando.
Enable push notifications for your bank app. That way, when you receive an alert, you know the source. “If someone isn’t comfortable with push notifications, go directly to your bank. If you get a fraud alert, confirm that they sent it,” Sando says.
Never click on links from unsolicited texts or emails. And never answer calls from numbers you don’t recognize.

Protect your privacy

Don’t overshare on social media. This includes information such as your birthday, hometown, family members, and education history. “There’s so much information that people just willingly put out there,” Sando says. “People can easily trace that back to finding out your home address or where you work.”
Don’t put personal info in AI programs such as ChatGPT. “It’s not kept confidential — on the contrary, it’s almost like a public database,” says Singer.

Monitor your data

Check your credit reports monthly. Experian, Equifax and TransUnion are the nation’s three main credit reporting companies, but you can access all of your credit reports through the free site AnnualCreditReport.com . “If you see an account that doesn’t belong to you, or you see other personal identifying information that doesn’t belong to you, like addresses or telephone numbers, dispute that information directly with the credit bureaus,” says Singer.

If you're a victim of identity fraud

Contact the FTC at IdentityTheft.gov IdentityTheft.gov or by calling 877-438-4338. Online identity theft can also be reported to the FBI’s Internet Crime Complaint Center, IC3.gov.
The AARP Fraud Watch Network has a toll-free helpline (877-908-3360), where trained volunteers provide victims and family members with support and guidance on next steps.
The ITRC offers information on ways to prevent ID theft and how victims can recover their identities. AARP also has information on what to do if your identity has been stolen.

%{postComment}%

The key takeaways were created with the assistance of generative AI. An AARP editor reviewed and refined the content for accuracy and clarity.

About the author

Ken Budd has written for National Geographic Traveler, The Atlantic, The Washington Post Magazine and many more. He is the author of a memoir, The Voluntourist.

About the reviewer

Kathy Stokes is the director of fraud prevention programs at the AARP Fraud Network.

Identity Theft and Fraud Can Be Devastating. Here’s How to Avoid It