Identity theft is the number one consumer complaint in the country. The latest data from the Federal Trade Commission’s (FTC) Consumer Sentinel Network shows that identity theft was the top complaint in 49 of 50 states, plus Washington, DC and Puerto Rico. It accounted for nearly a third of the 4.7 million consumer complaint reports filed with the FTC.
And those numbers likely don’t reflect the true prevalence of identity theft, says Eva Velasquez, president and CEO of the national nonprofit Identity Theft Resource Center (ITRC). “A lot of people don’t report identity theft to the federal government,” she says. “We think those numbers are low.”
Where Identity Theft Happens Most Often
Identity theft strikes indiscriminately. “This notion that only certain subsets of the population are extremely vulnerable is out the window in the world we live in,” says Velasquez. “Demography can play a role, but it’s really general when it comes to demographics.”
As a result of the coronavirus pandemic, state and federal governments have become the primary industry for identity theft and fraud. Unemployment benefits, small business loans and grants, the Paycheck Protection Program and other initiatives aimed at supporting the US economy have been the main targets of criminals.
Here’s the top-to-bottom breakdown of where identity theft happens most often, according to FTC data.
Government Benefits and IDs: Identity theft involving public benefits, particularly unemployment benefits, and government identification documents skyrocketed nearly 3,000% from 2019 to 2020. The US Secret Service recently estimated that $100 billion dollars worth of pandemic relief money had been stolen.
The falsification and issuance of false driver’s licenses, passports and other forms of government identification have also increased.
Credit card accounts: New and existing credit card accounts are cited in almost 30% of identity theft reports, with the number of reported incidents increasing by 48%.
Loans and leases: Identity theft involving business and personal loans skyrocketed 127%, followed by home loans, auto loans and leases, student loans, and home and apartment rentals.
Employment and taxes: Identity theft related to consumer tax information jumped 225%, followed by theft related to employment or wages.
Telephones and public services: New and existing landline, mobile, and utility accounts are prime targets for identity thieves. New mobile phone accounts have the highest number of identity theft complaints in this category.
Bank fraud: New bank accounts, existing bank accounts, and payment methods, such as debit cards, electronic funds transfers, and automatic clearing house (ACH) payments, are a prime playground for thieves of identity.
Other main types of identity theft: The FTC aggregates identity theft complaints involving medical services, insurance, social media, online shopping, securities accounts, bogus charitable solicitations, credit bureaus, debt collectors, refund and other tricks.
The Consumer Sentinel Network highlights further details about where identity theft most often happens and to whom:
- The five states with the highest number of identity theft reports are Kansas, Rhode Island, Illinois, Nevada and Washington.
- Consumers between the ages of 40 and 49 filed the most identity theft reports, with the majority involving fraudulent government benefits or government documents.
- The 30-39 age group filed the second highest number of identity theft reports, most of them related to credit card fraud.
- The 50 to 59 age group filed the third highest number of reports, most of them relating to benefits or government documents.
Common ways scammers steal your identity
Cyberattacks are the main strategy of identity thieves, according to the Identity Theft Resource Center. Here are some examples of cyberattacks:
- Emails that look genuine but contain dangerous attachments or links. This is called “phishing”.
- Text messages that look legitimate but contain links to fake web pages. This is called “smishing”.
- Malware, or malicious software, that invades computers, phones, and other devices.
- Ransomware, a type of malware used to extort money from victims by blocking access to computer systems or by posing a threat, such as leaking personal data.
- Credential stuffing, where stolen usernames and passwords are used to gain access to multiple accounts.
- Massive data breaches from companies that hold personal information for thousands or millions of people. This could be a healthcare company, retailer, financial institution, social media platform, or other large entity.
- Biometric authenticators, such as fingerprints, add another layer of security to smartphones and other devices, but if the place they’re stored is hacked, identity thieves can gain access to digital wallets and more.
- The dark web is “like Amazon for scammers”, says ITRC’s Velasquez. This is a market where personal data stolen in previous breaches is sold to other criminals.
Scams by imposters
Scams by imposters include a wide variety of identity theft crimes. They are perpetrated through phone calls, emails, text messages, social media, websites, advertisements and other means.
Some common imposter scams include:
- False emergencies: These are often phone calls from someone claiming to be from the IRS, your bank or credit card company, the police department, or a computer company. They will tell you that you have an unpaid fine or there is a computer virus alert and they need to fix your computer. Another common false emergency is that a loved one is in distress and needs money.
- Bogus job opportunities: Advertisements for bogus employment agencies or work-at-home jobs trick victims into filling out applications and disclosing highly sensitive personal information such as social security numbers.
- Delivery notification scams: With more and more people ordering groceries and other products online, scammers can call, email or text fake delivery notifications. Victims may be prompted to call a number and provide updated account or payment information, or click on a bad “tracking link” that installs malware on their phone or computer.
- Romance scams: Imposters prey on people looking for human connections. They use information from victims’ social media accounts about who they are and what they like. They gain the trust of victims and quickly build strong relationships. If they still seem to be available, it’s because they’re online all the time, probably hacking into your accounts. After stealing your credentials or money, they disappear.
- Fake invitations to a videoconference: Taking advantage of the massive work from home and home schooling, identity thieves use emails, text messages and social media posts to send fake meeting invites that infect computers with malware. Or, they “phish” personal data saying you missed a meeting or your account was suspended, prompting you to enter your username and password, which they capture and use to defraud you.
- Charity scams: Criminals pretend to belong to a legitimate charity, food bank or other organization to steal personal data and money.
- Offers of fake vaccines and test kits: This is one of many COVID-related scams. Criminals steal personal information by tricking people into signing up for COVID vaccines and coronavirus test kits.
- Prizes, sweepstakes and lottery tricks: These impostor scams have been around for a long time. Identity thieves call, email, use direct mail or a social media notification to congratulate someone on winning a big prize or contest. But the victim is informed that they have to pay a tax, fee or duty to claim the money. The impostor can ask for bank account information, ask for a wire transfer, or ask the victim to buy a gift card and then ask for the gift card number.
The old-fashioned way
Some identity thieves use old-school street tactics, like pickpocketing in crowded areas, removing a forgotten credit card from a checkout counter, or taking a smartphone someone left behind .
There are also still “dumpster divers”, who will scavenge through people’s trash looking for discarded personal information that they can use to their advantage.
Mail stolen from a mailbox can be a rich source of personal information. Identity thieves take advantage of pre-selected credit card offers, uncashed checks, and new debit or credit cards that have not been activated.
Only your name and address are valuable to an identity thief, as they can be used to redirect your mail or access other information. Names and addresses are among the most breached data points, according to the ITRC.
At the end of the line
Identity thieves are creative and industrious. As technology advances, so do their tactics. They follow societal trends, such as the massive rise of online shopping, and use them to their advantage.
Don’t think you’re too smart or savvy to be a victim of identity theft. Basically, everyone is vulnerable to identity theft. “If you live in the United States and have IDs, I can guarantee you’ll have issues with impersonation,” Velasquez says.
“One of our biggest problems is the lack of recognition of our vulnerability. When we don’t admit it, we create additional vulnerability.