Identity theft encompasses all fraudulent activities that are designed to use another person’s personal information to gain illicit financial benefit. With millions of identity theft cases reported every year, the mechanisms used to launch successful identity theft attacks are varied. The most common types of identity theft include account takeover fraud, stolen passports, home title fraud, mortgage fraud, medical identity theft, synthetic identity theft, tax identity theft, biometric ID theft, Social Security number identity theft, online shopping fraud, mail identity theft, child identity theft, senior citizen identity theft, credit card fraud and driver’s license identity theft. There are many other kinds of identity theft as well, such as criminal identity theft and financial identity theft, but the types mentioned here should cover all the important ones.
A table consisting of the 7 most common types of identity theft and their differences is presented below.
| Identity Theft Type | Uses | Frequency |
|---|---|---|
| Social Security Identity Theft | Extract personal information, apply for loans, apply for new credit cards | Common |
| Child Identity Theft | Scammers can take out loans, open new accounts and credit cards, secure auto loans and apply for unemployment benefits | Rare (1 in 50 for children) |
| Medical Identity Theft | Fraudulent reimbursement, fake claims for Medicare, see a doctor, receive treatment, get a medical procedure and medication | Common |
| Synthetic Identity Theft | Open new accounts, make purchases, steal money from creditors, open lines of credit, file employment applications, create fake profiles | Most Common |
| Tax Identity Theft | File tampered tax returns, claim fraudulent tax refunds, report income under a different name, get a job | Very Common |
| Criminal Identity Theft | Provide a false name during investigations, create a fraudulent criminal record | Less Common |
| Financial Identity Theft | Create new accounts, compromise existing accounts and credit cards, take out loans, claim insurance compensation, bankrupt the victim, take on new debt | Most Common |
Table of Contents
1. Social Security Identity Theft
Social Security identity theft is among the most common types of identity theft. Hackers exploit an important piece of information that almost everyone has, at least in the United States and other countries with Social Security-like programs. This allows hackers to cast a wide net in terms of the target audience. Moreover, unlike some of the other types of identity theft, Social Security identity theft is a potential problem for everyone.
So, how does Social Security identity theft work? Fundamentally, cybercriminals get a hold of someone’s Social Security number through different methods such as hacking, extracting information from data breaches or infecting the target’s device with malware. Once the Social Security number is acquired, hackers start opening up fraudulent accounts in the victim’s name, including loans and lines of credit. Social Security identity theft can potentially ruin victims’ credit scores and cause issues with credit reports.
One of the signs of Social Security identity theft is unfamiliar credit or loan accounts on the victim’s credit report. If a bank suddenly denies an application for a loan, and the concerned person is unable to come up with a reason, this is another sign that a malicious actor has stolen the person’s Social Security card/number.
The disadvantages of Social Security identity theft are that hackers can commit credit card fraud, claim medical benefits, sell the victim’s SSN on the dark web and even potentially get the SSN blocked or deactivated.
2. Child Identity Theft
As the name suggests, child identity theft involves malicious actors stealing personal information from children/minors.
The primary way child identity theft is different from other types of identity theft is that fraudsters behind such attempts are only interested in minors because this demographic is more likely to have a clean Social Security number. Further, minor victims are less likely to find out if there has been a case of identity theft. Usually, the child/minor only finds out when applying for a student loan or a car license.
The major signs of child identity theft are essentially the same as any other type of identity theft. Mainly, the child may not get approved for government benefits, has a suspicious credit report, gets notices about unpaid taxes from the Internal Revenue Service and gets email messages regarding credit card offers.
As far as the disadvantages of child identity theft are concerned, the list includes applying to block or freeze SSNs, personal information about the child being shared on the dark web, compromised birth date and home address, potential debt unpaid balances and suspicious accounts.
3. Medical Identity Theft
Medical Identity theft is a type of fraud where malicious actors pretend to be another person and then claim medical services from the government. For the medical identity theft attempt to be successful, the malicious actor first must access the victim’s medical data.
Medical identity theft usually works by taking advantage of the data leaked and sold by hackers when a medical facility suffers a data breach. The most prominent sign of medical identity theft is when huge (or even normal) medical bills start showing up on the victim’s financial statements for treatments the victim did not have. Sometimes, hackers can purchase medical equipment on behalf of the victim and get the equipment shipped to the victim’s address.
Other less clear signs of medical identity theft include regular mistakes in the concerned person’s medical records or dubious entries. If the insurance company sends a notification of a request for an address change, that is another sign of medical identity theft. Finally, the biggest sign that the concerned person has been a victim of medical identity theft is when the insurance company denies any medical claims as the benefits have already been used up.
The major disadvantages of medical identity theft are loss of personal information, exposure of sensitive medical data, financial losses, insurance becoming useless, misdiagnoses (as treatments and tests show up on the victim’s medical record that the victim did not have), and not getting proper treatment (in case of urgent care as the records are in disarray).
4. Synthetic Identity Theft
Synthetic Identity Theft is a new type of identity theft where malicious actors commit a financial crime by exploiting real personal data (including items such as birthdays, addresses, names and SSNs) and combining that information with more identities (made up ones) to generate detailed profiles of people with near-perfect credit scores.
Synthetic identity theft is different from other types of identity theft in that malicious actors use both real and artificially generated data to carry out attacks. Once hackers have the profile in hand, the information can be used to apply for loans, open new accounts, sign up for auto services and transfer funds to offshore accounts.
The most obvious warning signs of synthetic identity theft are notifications (in the form of calls and emails) from banks and other institutions about newly registered credit accounts. Another sign is if notifications are addressed to a slightly different name than the person’s real name.
Some disadvantages of synthetic identity theft include hackers committing other financial crimes in the victim’s name, unexpected notices from banks, insurance companies and hospitals about transactions the victim doesn’t know anything about, and discrepancies in credit reports.
Banks may or may not cover the losses incurred due to synthetic identity theft, but the victim’s credit history and credit report are definitely damaged.
5. Tax Identity Theft
Among the many other old and tested types of identity theft, the most common is tax identity theft. In tax identity theft, malicious actors are able to get hold of information that allows for the filing of tampered tax returns under the name of the target/victim. In most cases, tax identity theft works by malicious actors “proving” certain types of income and expenses and then claiming huge sums of refund money from the Internal Revenue Service (IRS).
Similar to most other types of identity theft, malicious actors can launch subsequent fraud schemes with information accessed via tax identity theft. For example, tax identity theft enables most tax refund scams.
The difference between tax identity theft and other types of identity theft is the wide target audience—people who qualify to return taxes and receive refunds.
The most common sign of tax identity theft is an IRS agent contacting the target/victim (either in person, online or via phone) to glean information. Victims may also notice the appearance of unfamiliar documents such as financial transcripts, forms or tax papers. Tax identity theft cases usually result in discrepancies on the victim’s bank statements or tax returns. A good tax preparer should be able to spot such issues and alert the concerned person.
The disadvantages of tax identity theft include the requirement to report the problem to the IRS, gathering all the original documents since some might have been tampered with, financial and credit problems, legal issues, possible fines, and having to go through the process of disputing misinformation and correcting all relevant records, including credit reports and accounts.
6. Criminal Identity Theft
Criminal identity theft is a common type of identity theft where, as the name suggests, a criminal steals a target’s personal information (usually a driver’s license or SSN) and then performs malicious activities with that information at hand. Criminal identity theft is different from other types of identity theft because the victim may not be financially harmed, but eventually, the criminal will harm many other people and organizations in the name of the victim.
Another slightly different application of criminal identity theft involves a criminal being arrested and then providing the information of the target individual (the would-be victim) to law enforcement agencies instead of the criminal’s own. Following that, the victim of criminal identity theft typically doesn’t know the consequences of the criminal activities being carried out in the victim’s name until the situation becomes critical.
Criminal identity theft works like other common types of identity theft: The criminal first steals a target’s personal information and then tricks, deceives and loots people that may trust the first victim’s credentials. Similarly, malicious actors can also register for new accounts, loans, credit cards and a load of other things, such as treatments at medical facilities.
The most obvious sign of criminal identity theft is when law enforcement authorities put out an arrest warrant for the victim. Other less obvious signs include the victim getting citations for violations such as broken traffic laws or illegal parking. Another obvious sign is when the victim is legally notified to appear in court to answer for a crime the victim did not commit.
Note:
As mentioned before, criminal identity theft is perhaps the only kind of identity theft where the victim only starts to see the signs once everything has happened and the law has moved into motion.The main disadvantage of criminal identity theft is the victim having to face the consequences of criminal activities that someone else committed in the name of the victim. The victim should also use services such as identitytheft.gov to file a report with the Federal Trade Commission. Other disadvantages include having to spend money dealing with the supposed offenses, appearing in court and going to law enforcement offices or agencies like the Department of Motor Vehicles (DMV).
7. Financial Identity Theft
Even though financial identity theft appears lower on this list, that does not mean this type of identity theft is not common. Financial Identity theft is one of the most widespread types of identity theft. In financial identity theft, criminals use different methods to obtain information illegally or defraud the victim.
Financial identity theft is different from other types of identity theft because criminals are only looking for financial gain rather than claiming tax benefits, getting medical treatments or committing more crimes in the victim’s name.
To make any financial identity theft attempt a success, criminals first have to gain access to the target’s personal information (using cyberattacks or other means) and then use that information to access the potential victim’s credit card account or bank account. With information such as credit card numbers and bank account numbers in the hands of malicious actors, other criminal activities can be carried out for even more financial damage.
As a result of a successful financial identity theft attempt, criminals can purchase items online with the help of the victim’s credit card number (no need for a physical credit card), open up multiple lines of credit and take out loans.
Financial identity theft may also result in mortgage fraud, where malicious actors steal someone’s home equity with a fake line of credit. A newer sub-type of financial identity theft is reverse mortgage scam, which can cause further financial harm.
The major signs of financial identity theft include the usual unaccounted-for transactions on the victim’s credit card, unrecognized queries on the credit report, stolen credit card numbers, the online bank account being locked, a lower credit score and notifications from debt collectors (again, for transactions that the victim did not make).
Financial identity theft, like all types of identity theft, has many disadvantages, the most notable being that the compromised accounts and fake transactions only get caught after a significant amount of time has passed in days. Other disadvantages include a damaged credit score, fraudulent accounts opening up, the requirement to sign up for a monitoring service to keep safe from future thefts, loss of funds from compromised accounts and fraudulent purchases from the victim’s credit card.
Which is the Most Common Sort of Identity Theft?
The most common sort of identity theft is financial identity theft. That’s because of all the ways malicious actors can carry out theft and benefit from the stolen information. Financial identity theft has several sub-types, such as account takeover theft, mortgage fraud, loan fraud and new account fraud (including credit card fraud).
This is important:
Readers should understand that once a malicious actor takes over the target’s financial information and gains control of any accounts, a lot of opportunities open up. The malicious actor just needs to get hold of a verification code (and sometimes just a zip code) to process illicit purchases via online platforms. A malicious actor with information such as the target’s birth date can essentially call the bank and take over the account by changing critical information.Another reason why financial identity theft is so common is that there are so many ways in which the target can slip up, like in new account identity theft. In this type of identity theft, malicious actors can get credit card information and lots of other financial information from an application form the target filled out but then threw in the trash. After gaining access to the form, malicious actors can apply on behalf of the target individual.
If going through someone’s garbage to collect sensitive personal information was not enough, malicious actors can also search public records available on the internet. People who tend to share a lot of personal information via online forums are particularly susceptible to financial identity theft. In any case, malicious actors don’t even have to spend resources gathering information about the target to open new accounts.
As mentioned earlier, malicious actors know that the target individual will take a lot of time to detect a financial identity theft case. Bank statements are usually considered the easiest way to check for identity theft issues. But since malicious actors can easily change the target’s address while applying for new credit cards and accounts, the victim would not receive any statements.
How Does Identity Theft Happen?
Fundamentally, for any type of identity theft to happen, malicious actors will usually need the personal information of the target individual. Once such sensitive information is at hand, the malicious actors can launch any type of identity theft, depending on the objectives.
A common way identity theft happens is when someone loses a wallet or purse, malicious actors can glean sensitive information from the contents of the wallet, which could contain items such as bank cards, credit cards, a Social Security number card and a driver’s ID. After that, as indicated throughout the guide, malicious actors can apply for loans and new lines of credit, commit other frauds and make purchases in the victim’s name.
One of the less common ways identity theft happens is when malicious actors pay third parties money to purchase personal information. This is a particular risk when applying to different companies or even working for one where an employee can receive sums of money in exchange for personal information. Even when an individual is applying for credit, unscrupulous banks and financial services may not hesitate to share personal information. As indicated earlier, once malicious actors have stolen enough personal information, the validity of the stolen information will be checked first. If the data is accurate, malicious actors such as scammers will either try to steal more information from the target individual or process data to cause harm to others in the victim’s name.
Most cases of identity theft end up with scammers opening new accounts, stealing rental cars, launching insurance fraud attacks, compromising health insurance cards and ID cards, and selling the acquired private information on the dark web.
If malicious actors cannot access enough personal information from the company at which the target individual works, ATMs machines are the next target. Many people still don’t realize that identity theft can even happen at a place like ATM outlets. Hackers only have to install an electronic device on the ATM machine that enables data-stealing features. Usually, all of the user’s sensitive information is stored on the credit or debit card’s strip. Equipped with that information, hackers can launch stage two of the operation to either take over the individual’s account or open a new one.
But perhaps the simplest way identity theft happens is through people sharing too much personal information on the internet. When users share more information than necessary on social media platforms and add strangers to the friend list, the opportunities for successful identity theft increase exponentially. Hackers can acquire enough information from the target individual’s social media profile and then use the information to build a profile, verify the information and, just as before, open accounts, take loans and avail medical treatment, among other crimes.
Apart from checking garbage cans and stealing wallets, hackers also use methods such as fake phone calls, spear phishing, smishing, phishing and spam messages to get the needed sensitive information. Many types of malware —such as spyware, rootkits, screen scrapers, keystroke loggers, trojans, worms, viruses and backdoors—can also be employed to get personal information.
Finally, other avenues which are completely out of the target’s control include impersonation, pure hacking (using expensive software to break into a system to steal information) and stealing data from a company/service where the target already has an account.
Of course, there are lots of resources available on the internet where users can learn how to prevent identity theft. Researching those resources and adopting best practices for privacy can protect anyone from virtually all types of identity thefts.
What are the Warning Signals That My Identity has been Stolen?
The general warning signal that a person’s identity has been stolen is a notification from a service that monitors data breaches. Any number of services (such as banks, medical facilities, insurance companies, email services and social media platforms) can put out notifications informing that data related to customers/users has been compromised. Once a data breach happens and the notifications are pushed out, the affected individuals must move as quickly as possible to stop malicious actors from committing fraud. For the unique warning signs of each type of identity theft, refer to the sections above.
As indicated earlier, the clearest sign that someone’s identity has been stolen is when law enforcement agencies put out a warrant for the arrest of the identity theft victim. Malicious actors can use the personal information gathered from a variety of methods and then give that identity to law enforcement when caught. More information about this type of identity theft, known as criminal identity theft, can be found above in the relevant section.
Not being able to file tax returns is another big sign that someone’s identity has been stolen and a malicious actor has filed taxes on the victim’s behalf. Sometimes this type of identity theft is known as government identity theft.
Also, if a given individual’s medical claim is suddenly denied or the medical bills go through the roof, that is another warning signal of identity theft. Malicious actors that steal ID cards and other personally identifiable items can impersonate the victim at a doctor’s clinic or hospital. The victim has to deal with the impersonator’s medical history.
If household services such as utilities and cellphone lines lose functionality, that can be a warning sign of a successful identity theft attempt. Identity thieves can use the victim’s information to upgrade the service on a different device so that the previous device loses service. The same can happen with utilities.
Unfamiliar or missing bills are another sign that someone has succeeded in stealing an identity. Identity thieves can use the victim’s information to change mailing addresses or obtain credit cards. Then, items can be purchased and shipped to the new address.
Finally, if the concerned person’s credit reports, credit card records or bank statements don’t appear correct or up-to-date, that can be a signal of identity theft.
Why Is My Personal Information Being Stolen?
There are many reasons why someone’s personal information may be stolen. One of the most common causes of identity theft is financial fraud. Anyone who has inadequate financial knowledge or shares too much personal information online could easily end up being the target of financial fraud, as hackers can benefit from such mistakes in a number of ways.
Malicious actors steal personal information to hide other crimes as well. After stealing personal information, criminals may engage in other illegal activities and try to cover up by implicating the person whose identity was stolen in the first place.
Perhaps the biggest reason for personal information being stolen is that the potential to make money is quite high. Making quick and easy money is one of the most common causes of identity theft. In fact, there have been reports of criminals moving away from selling drugs or robbery when the money from identity theft started to eclipse revenue from those illegal activities. Regular people with less control of shopping urges can also steal personal information to commit identity fraud and make a quick buck to fund the next big purchase.
Sometimes, the motivation for stealing personal information is as simple as revenge. Not all identity thieves are motivated by money. Past friends, family members who have been cut off and ex-business partners can all use identity theft to harm the target individual. Stolen personal information can be used to empty bank accounts, make sensitive events public and exhaust credit card limits.
What Should You Do if Your Identity is Stolen?
Fortunately, there are many actions identity theft victims can take to respond and prevent further harm.
- One of the most important things to do is to clean all financial accounts. More specifically, contact banks, utility companies, insurance providers and phone services (basically any service where the victim’s account has been compromised) and inform them of identity theft. Cancel all compromised accounts and open new ones with the same service or different providers. As always, using a strong password that is hard to guess is an easy way to keep each account more secure than before.
- Contacting the licensing authority or Department of Motor Vehicles is a good start for people who have become a victim of driver’s license identity theft. Malicious actors can use a target’s state ID and/or driver’s license to impersonate the victim and commit other crimes. Another person’s driver’s license can help criminals generate fake personas and get away from police checks and traffic stops. The best way to keep safe from identity theft is to inform the concerned departments and flag the lost driver’s license number so that law enforcement agencies can proceed accordingly.
- Apart from banks and insurance companies, victims of medical identity theft can always inform hospitals or any other service providing medical care. Financial fraud may be the most common of all identity thefts, but medical identity theft is on the rise as well. Always check with medical service providers to monitor if an individual has used the insurance information of another.
- A very practical step in the case of any type of identity theft (but mostly financial identity theft) is to get in touch with the Internal Revenue Service. Any tax-related identity theft can be swiftly handled by the IRS. If a fraudulent activity does occur in the victim’s name, the IRS can inform the victim via notifications.
- There is also a time to contact local law enforcement agencies, as the Federal Trade Commission (FTC) recommends. Alerting the local police department is the best way to file an identity theft issue. Just make sure all the necessary documents are in place, such as a photo ID, current address documents (proof), any fraudulent notifications and the official FTC identity theft report. Once a police report has been filed, keep a copy of the document for future reference.
- In addition to the local police, victims of identity theft can also report an identity theft case to the FTC. Keep in mind that FTC deals more efficiently with identity theft cases, so try to stay away from reporting stolen credit cards and such. The main benefit of reporting to the FTC about an identity theft case is the FTC report. Victims of identity theft can take the FTC identity theft report to institutions and businesses when reporting identity theft.
- Reach out to any companies and businesses where malicious actors could have used the stolen identity information. Victims should also report compromised or false information to various credit bureaus to prevent damage to the victim’s credit report. With some proof of identity theft, the victim will have an easier time correcting false information.
Apart from the tips listed above, other steps victims of identity theft can take include contacting debt collectors for more information, documenting fraudulent activities and new accounts opened recently, freezing credit reports, getting copies of credit reports from various credit agencies for more insight into the damage caused, placing fraud alerts with credit agencies and seeking legal help.
Who is Responsible for Identity Theft?
First, the individual who carried out the successful identity theft attempt is the responsible party. The only problem is that such criminals are hard to find. Even if found, making a case is even harder. Of course, victims do have legal recourse in the U.S. Readers should also keep in mind that not all identity thefts have professional criminals working behind the scenes. Identity thefts can potentially involve friends, ex-partners, business partners, distant relatives and any other person the victim interacts with on a regular basis.
If the primary criminal behind the identity theft cannot be found and brought to justice, there are third-party actors who can be held responsible for identity theft. Essentially, any third-party service or organization that has the victim’s personal information can be held responsible. Personal information includes Social Security numbers, bank account numbers, addresses, credit card numbers, birthdays, and first and last names.
Any number of services and institutions may have slipped up to cause a great financial loss for the victim. Some third-party entities that can be held responsible for identity theft include government departments, employers, credit agencies, financial services, banks and credit unions. Previous sections have discussed what type of organization may be held responsible depending on the type of identity theft. Speaking to a qualified identity theft lawyer can make things clear for the victim who to contact and who to eventually sue if possible.
Note:
Since malicious actors need personal information to commit identity theft, whichever institution fails to protect the victim’s personal information can be held responsible—whether that is an email service or a phone service provider.Readers should also consider the possibility that malicious actors may have acquired personal information through a cyberattack. Sometimes if there are enough resources available and enough motivated hackers, different types of cyberattacks can help make identity theft attempts successful. That includes stealing information from the victim’s personal computer via spyware or adware or duping the victim into giving up personal information via phishing and malicious links.
When Is It Appropriate to Report Identity Theft?
Any time an identity theft victim suffers financial or reputational losses, reporting the identity theft becomes appropriate and even necessary. If the perpetrator is known, the victim must go to the police and report everything about the identity thief. Reporting identity theft also becomes a necessity in the case of criminal identity theft, where a criminal uses the victim’s personal information when interacting with the police. In other cases, an insurance company or creditor may require proof in the form of a police report.
Different types of identity theft may require the victim to report to different entities or organizations. For example, if there has been a medical identity theft fraud case, the victim may need to contact the Medicare fraud office or some other government department, depending on the victim’s situation. In the case of tax identity theft, victims can visit the Internal Revenue Service’s website and search for steps and other information about identity theft. In unemployment identity theft, victims would need to report to the state’s local labor department.
There are many other organizations that help people who have become victims of identity theft. For example, contacting the three biggest credit reporting agencies is a good start to freezing credit reports and moving ahead with fraud alerts. The three major credit reporting agencies are TransUnion, Experian and Equifax—all of which have dedicated sections for identity theft on the companies’ websites. Look for TransUnion Fraud Alert or Experian Fraud Center or Equifax Alerts. Some of the phone numbers victims of identity theft call include 888-909-8872 for TransUnion Fraud Alert, 888-397-3742 for the Experian Fraud Center and 800-525-6285 for Equifax Alerts.
Affected individuals can also report any case of identity directly to the FTC via the agency’s website. The National Long Term Care Ombudsman Resource Center is another place where identity theft cases can be reported for individuals in a care facility or nursing home. And as mentioned earlier, reporting identity theft to credit card companies, banks, insurance companies and others (whether or not such institutions are at fault for the identity theft is another matter) can always help.
If the victim of identity theft finds out that the criminal applied for various jobs in the victim’s name and opened accounts (not just at banks but also at retail shops and other services), then such entities can be contacted to report identity theft.
Is it Illegal to Steal Someone’s Identity?
Yes, stealing someone’s identity is illegal in most states. The criminal behind an identity theft attempt doesn’t even need to benefit financially for the act to be considered a crime. As far as specific laws are concerned, Congress passed a law to deal with identity theft and all of the crime’s consequences in 1998, after which identity theft became a federal crime. The Identity Theft And Assumption Deterrence Act makes identity theft a federal crime. The law defines identity theft as any action that an individual takes that knowingly transfers or uses a means of identification of another individual without lawful authority with the intent to abet unlawful activity or commit an illegal act that violates federal law.
Furthermore, the Theft Penalty Enhancement Act of 2004 increases the punishment for criminals caught engaging in identity theft. General offenses related to identity theft can now carry a prison sentence of two years. And if the identity theft offense is considered terrorism, the punishment is five years in prison.
To further solidify the position that identity theft is indeed illegal, Congress passed the Identity Theft Enforcement and Restitution Act of 2008, which made the scope of prosecution and victim compensation more widespread. Now, in addition to the FTC, agencies such as the IRS, Postal Inspection Service, Secret Service and Federal Bureau of Investigation have the authority to investigate and prosecute identity theft crimes.