FRAUD RESOURCE CENTER
En español | Identity theft occurs when someone obtains someone else’s personal information, such as a Social Security number, home address, date of birth or bank account data, and uses it for fraud or other illicit purposes.
It's widespread: The Federal Trade Commission (FTC) fielded more than 1.4 million complaints about identity theft in 2021, accounting for 1 in 4 fraud reports to the consumer-protection agency.
And it comes in many forms: Credit-reporting agency Experian lists 16 distinct types. (Some, such as tax ID theft and Social Security number scams, are discussed in greater detail elsewhere in the Fraud Resource Center.)
Identity thieves swarm the internet and often target older Americans, who tend to be slow to adopt new fraud-prevention technologies and are loath to change their online habits even when they've experienced fraud, according to an October 2020 study produced by digital finance consulting firm Javelin Strategy and Research and sponsored by AARP.
These scammers have a range of tactics to get what they need, from old school (stealing your mail) to high tech (massive hacks of banks, retail chains and other companies that stockpile consumer data). They might pretend to be from utilities, banks or big tech firms to get their hands on identifying information, or send phishing emails with links that infect your device with data-harvesting malware.
Most often, they claim to represent government agencies, soliciting personal or financial data on the pretext of helping you collect benefits or navigate bureaucracy. This tactic exploded during the COVID-19 pandemic as criminals exploited the distribution of trillions of dollars in federal relief funds. Consumers reported more than 800,000 cases of identity theft tied to government benefits or documents to the FTC in 2020 and 2021, compared to fewer than 75,000 in the previous three years combined.
Once they have your private data, scammers may use it to open new credit accounts and make big-ticket purchases you might not discover until the bills come due. They might get medical treatment, file tax returns or take out loans in your name. The costs are counted not just in money but in time spent chasing down phony accounts, repairing damaged credit and re-establishing your identity with government and financial institutions.
As many ways as there are for fraudsters to poach your identity, there are also many simple steps you can take to help keep them at bay.
- Bank and credit card statements list withdrawals or purchases you don’t remember making.
- You get a bill or invoice for financial activity you don’t recognize or medical services you didn’t receive.
- Your credit report lists accounts or liabilities you don’t recognize.
- You are contacted by a debt collector about a debt you don’t owe.
- You have trouble filing your taxes because the Internal Revenue Service says it already has a return from you.
- You receive notice from a bank or company you do business with that it has suffered a data breach.
How to protect yourself from this scam
- Do go to the FTC's IdentityTheft.gov site to report identity theft and create a personal, step-by-step recovery plan.
- Do use security software on your devices, and keep it updated.
- Do set up online access to your bank and credit card accounts. Check them regularly and contact the bank or card provider immediately if you spot any suspicious activity.
- Do switch to paperless billing and financial statements, so you get less sensitive information in the mail.
- Do check your credit reports. Through the end of 2022, you can get one free report per week from each of the three major reporting agencies, Experian, Equifax and TransUnion.
- Do consider putting a fraud alert or freeze on your credit report. A freeze prevents anyone from opening a credit account in your name; an alert requires prospective lenders or creditors to verify your identity.
- Do file your tax return as early as possible. Tax ID thieves who’ve obtained your personal information will try to beat you to it.
- Do shred bank statements, tax forms, medical bills and other documents containing personal or financial data before you throw them out.
- Do use a PIN or other type of passcode for unlocking laptops, tablets and smartphones. If a device is lost or stolen, it will be harder for thieves to get at what’s on it.
- Don’t use the same password for multiple online accounts. Create strong and varied passwords, and use two-factor authentication if available — it prevents people from accessing your accounts with just the password.
- Don’t carry your Social Security card, and only carry documents with your Social Security number on them when necessary.
- Don’t give out your Social Security number or other personal information over the phone unless you are certain who’s asking for it and why.
- Don’t check email, use social media, or do online shopping or banking on public Wi-Fi networks. Many are poorly secured, leaving openings for hackers to intercept sensitive data.
- Don’t leave personal information in your car, even if it’s locked.
Updated March 25, 2022