Published on: October 31, 2024
Identity theft is a serious problem. Criminals have access to all sorts of tools and methods that make stealing personally identifiable information (PII) easier than ever.
In recent years, the rise of generative AI has opened new avenues for thieves to go after their victims. Fake voicemails, ChatGPT-generated documents impersonating official institutions, or deepfake videos are just the tip of the iceberg of the many ways in which artificial intelligence helps criminals gain access to our personal data.
Even with these advancements, most identity thieves rely heavily on their victims’ mishandling of personal data and lack of awareness. Equipping yourself with knowledge of how identity theft works, the most common methods, and the current trends can go a long way toward keeping your PII safe. You can start by reading this collection of helpful and informative statistics that will give you a better understanding of identity theft and its prevalence in today’s world.
What Is Identity Theft?
Simply put, the crime of identity theft happens when an impostor accesses their victim’s personally identifiable information (PII) to impersonate them. Usually, the type of personal data identity thieves go after includes Social Security numbers, dates of birth, or driver’s license numbers, just to name a few.
This stolen data, in combination with other easily accessible information about the victim, such as their name and address, allows criminals to take out loans or purchase goods and services in the name of their victims.
In other cases, criminals who are impersonating others might use stolen identities as part of their interactions with authorities, such as the police. When they present these fake identities (which could include false identification documents like a driver’s license or ID card), they are essentially creating a criminal record under someone else’s name.
Section 1: Identity Theft – A General Overview
Criminals use all sorts of sophisticated digital methods to steal their victims’ personal information, but it wasn’t always that way. In this section, we’ll dive deeper into the different types of identity theft, the history of the crime, and what thieves commonly use stolen identities for.
#1: The Term “Identity Theft” Was First Used in 1964
Identity theft started as a physical crime. Criminals would steal the IDs of people who recently died, sometimes even murdering their victims, to assume their name and Social Security credentials and get a “fresh start” in society.
The impersonation of Martin Guerre is the first identity theft crime on record. Arnaud du Tilh had discovered details about Guerre’s life years prior, after being mistaken for him by Guerre’s friends. Tilh returned after Guerre left town, and Tilh convinced friends and family that he was Guerre.
While there are several stories of identity theft from before the 20th century, the term itself was coined in 1964, according to the Oxford English Dictionary. This was right around the time when phone scams started to become common.
#2: The Two Main Categories of Identity Theft
There are many different ways in which cybercriminals can carry out both types of identity theft. For example, fake questionnaires and surveys, phishing, dumpster diving, or even something as simple as looking over the victims’ shoulders are all common true-name identity theft methods that have been used for decades.
Account takeover, on the other hand, has been made a lot easier thanks to the internet, generative AI, and the rise in popularity of online shopping. Maintaining an online presence and buying goods on the internet requires us to give our PII to the service providers. Failing to take basic cybersecurity precautions when surfing the web can turn consumers into prime targets for identity thieves.
#3: Three Most Common Types of Identity Theft
Financial, medical, and online identity theft can fit into either true-name or account takeover identity theft (discussed in the previous point). For example, financial theft can mean either using stolen PII to open a new account (true name) or acquiring the credentials needed to access existing accounts and draining them of funds.
Online identity theft generally refers to the unauthorized use of a victim’s PII to commit fraud online. With the right data, hackers can apply for loans, make false health insurance claims and fraudulent tax returns, or seek expensive medical services that are charged to the victim.
#4: Health Care Breaches Lead to Medical Identity Theft
Federal law requires these healthcare organizations to notify individuals when their medical information has been exposed. So, in theory, if your information was compromised, you should have been notified. This is critical because it gives patients a chance to take steps to protect themselves, perhaps by monitoring their credit or being on the lookout for identity theft.
#5: The Most Popular Methods of Initial Contact
One of the most common techniques used to extort personally identifiable information from victims is phishing, i.e. through sending out messages pretending to be a reputable institution that requires the receiver to click a malicious link or provide personal information. Phishers may contact victims via phone, SMS, email, or other messaging apps.
The rise of generative AI has also made phishing much easier. Software such as ChatGPT has enabled scammers to create more convincing emails in foreign languages and to mass-produce phishing messages. This allows thieves to radically increase their pool of victims.
Section 2: Current Trends in Identity Theft
I’ve discussed all the different facets of identity theft, the most popular cases, and how emerging technology is used by fraudsters, but what is the state of identity theft in 2024? Is the situation getting better, or do new technologies help scammers reach more people than ever before?
#6: Identity Theft Cases Almost Tripled Since 2012
The sharp rise in identity theft cases is partially because new technologies have made it much easier to steal people’s data. With the rise of social media and remote working (especially during the COVID-19 pandemic), we’re constantly made to give up our personal information to use free online services.
At the same time, people started working from home networks instead of from the safety of a company network. This made victims more vulnerable, and scammers targeted them more aggressively.
#7: The Alarming Growth of Identity Theft in the Financial Sector
The fact that more than half of all incidents in the financial sector are caused by identity theft suggests that it’s one of the most desirable ways to carry out a fraudulent transaction.
Many financial services that were traditionally provided in person have been digitized, presenting hackers with more opportunities to go after our data. Many people who use online financial services are not particularly well-versed in cybersecurity, which leaves their personal information vulnerable to attacks.
#8: Gen Z, Millenials, and Senior Populations Are Most Prone to Identity Theft
According to recent data, Millennials and members of Generation Z account for the greatest portion of identity theft victims due to the amount of time they spend online. However, Baby Boomers and the Silent Generation also make up a significant portion of reported identity theft cases.
Seniors are targeted mainly because they are less savvy about the risks and tactics of cybercrime and, therefore, more easily tricked. They also usually have more savings than younger people, which increases the impact of ID theft. In addition, they are often more isolated, which can protract the amount of time a scam lasts.
#9: Credit Card Fraud Was the Most Common Type of Identity Theft in 2023
Recent statistics on identity theft and credit card fraud reveal a problematic trend. In the first half of 2024, the most common form of identity theft reported was credit card fraud, which has been particularly prevalent since 2020. Although reports of identity theft and credit card fraud declined slightly in 2023 when compared to 2022, the numbers remained higher than pre-pandemic levels.
#10: Data Breach Incidents Were near the All-Time High in 2023
The number of reported data breaches hit a new high in 2023, with 3205 cases. That’s a 72% increase from the previous year’s total of 1,801 cases. But how exactly do data breaches relate to identity theft?
Stolen records obtained during data breaches are usually sold on the dark web. Their buyers can then use them for illicit financial gain, such as credit card applications, or by fraudulently applying for a tax refund on behalf of the victim.
#11: How Much Money Do Dark Web Vendors Make on Stolen PII?
The rates for some of the PII products sold on the dark web aren’t particularly high. For instance, stolen credit card information can be purchased for as little as $10. This is largely due to stolen cards needing to be used quickly. Cardholders block them as soon as they notice suspicious activity. The prices for stolen credit card information can vary depending on factors such as the account balance and the country of origin.
The disparity between prices for credit cards or payment processor accounts is caused by multiple factors. For example, PayPal account details are among the most commonly found items on the Dark Web marketplaces. Due to the high supply, these details are very cheap to purchase, although transferring money from a hacked account would be a more costly option.
Section 3: Identity Theft Around the World
Identity theft is a global issue but has a different impact on different parts of the world. In this section, we’ll go over the effects of this crime on both developed and developing countries around the globe.
#12: Credit Card Fraud Is the Most Reported Identity Theft in the US
Credit card fraud usually happens when victims type in their credit card information on compromised devices (i.e. their smartphones or laptops) or services, or fall for phishing emails that trick them into providing their card details.
The proliferation of online shopping has made it easy to store our credit card information on our smartphones or online. This makes it easier for our credentials to be compromised or stolen, making us increasingly more vulnerable to credit card fraud.
#13: Total Cost of Identity Theft in the US Is Down
The $9 billion decrease in total losses caused by identity thieves doesn’t necessarily mean that identity fraud is becoming less of an issue.
This improvement is due to better public awareness efforts by financial services and consumer advocacy groups, as well as more effective fraud prevention strategies by banks and credit unions. Due to these efforts, the number of victims fell by 2 million, but significant challenges remain in the ongoing fight against identity fraud and scams.
#14: India Reports the Most Identity Theft Victims Worldwide
In 2022, India and the United States ranked first and second for the number of reported victims of identity fraud. Given that they also rank first and third in total population size, their high numbers of fraud cases aren’t surprising. Japan, the twelfth-most populous country, had the third-highest number of reported victims – 10.5 million fewer than the US.
Unlike some other countries on the list, India has a large population and has historically lacked comprehensive data protection laws. That changed in 2023, when the Digital Personal Data Protection Act was formalized by the Indian government.
#15: The Netherlands Leads Europe in Personal Data Breaches
Germany had the most personal data breaches in Europe from May 2018 through January 2024, while the Netherlands ranked second. Germany also reports the most identity theft victims in Europe and the fourth-most globally, a stat for which the Netherlands falls outside the top 10.
Germany has the world’s fourth-largest economy, and its citizens earn nearly $54,000 on average, making the country an attractive hunting ground for cybercriminals. The personal data breach figures mirror a general rise in cyberattacks targeting German businesses – a trend German authorities largely attribute to increasing attacks from foreign actors.
#16: Identity Theft Is Common in Europe
According to 2019 data, 33% of European fraud victims suffered identity theft.
Western European countries were reportedly targeted the most. Notably, there was a strong correlation between countries with high numbers of e-commerce sales and high levels of scams and fraud. Online channels, particularly those that store or use banking information, are prime targets for fraudsters.
Section 4: The Most Famous Examples of Identity Theft
Criminals who resort to identity theft often remain hidden, but even the best of thieves sometimes get caught, and many of these cases gain major publicity.
These highly publicized instances have hopefully raised public awareness of the importance of protecting one’s PII. Unfortunately, even as awareness grows, bad actors seem to be winning the arms race.
#17: The Largest Identity Theft Case in US History
Responsible at the time for the “largest identity theft case in American history,” Philip Cummings defrauded some 33,000 victims between 2001 and 2002. The former help desk worker for a Long Island, NY, software company and his co-conspirators ran a scheme that netted them between $50 and $100 million.
Cummings’ enterprise involved obtaining credit reports from unsuspecting customers and then using this information to drain bank accounts and apply for credit cards. Cummings pleaded guilty in 2004 and in 2005 was sentenced to 14 years. The judge said the damage he caused was “almost unimaginable.”
#18: The Man Who Stole from Children
Turhan Lemont Armstrong was convicted and sentenced to 21 years in federal prison for running a credit card, loan, and real estate fraud scheme, according to the United States Attorney’s Office for the Central District of California. The illegal enterprise raked in $3.3 million before being shut down.
Armstrong was found guilty on all 51 counts for which he was charged. The criminal and his co-conspirators stole identities and Social Security numbers to open bank accounts, credit cards, and loans. Unlike similar schemes, this one focused on obtaining the Social Security numbers of children and people who had left the United States.
According to the US prosecutors, “[Armstrong’s] criminal conduct was more than a series of bad decisions – it was a way of life. The victims of [Armstrong’s] crimes run the gamut: banks, credit card issuers, car dealerships, utility companies, and the people all over the country whose identities [he] stole.”
Armstrong was ordered to pay $3,305,609 in restitution as part of his sentencing. In addition, two of his homes, purchased with illegal funds, were forfeited.
#19: Queens-Based Identity Theft Ring
The creation and use of fraudulent credit cards were the basis of an identity theft ring headed by Queens, NY, couple Amar Singh and Neha Punjani-Singh. Along with over 110 others, the two would purchase items at Apple and Best Buy using the cards, and then resell the items.
RFID scanners were used to swipe consumer credit card information at retail or food establishments and illegal websites as part of the scheme. Before being busted in October 2011, the criminals had racked up $14 million in stolen money.
Though he faced up to 250 years in prison, Singh pleaded guilty in 2012 and was sentenced to 5 1/3 to 10 2/3 years. His wife and others pleaded guilty to lesser charges.
#20: Million-Dollar PayPal Scam
Gibson’s scheme was fully automated using a computer script that ran 24 hours a day. Once the PayPal accounts were opened, the thief would apply for linked credit accounts using the stolen identities.
FBI Special Agent Glen Lovedahl noted, “He was moving small dollar amounts, and that doesn’t necessarily pop up on a company’s radar screen.”
In total, Gibson was able to steal up to $3.5 million before being caught. After pleading guilty to wire fraud, mail fraud, filing a false tax return, and aggravated identity theft, Gibson was sentenced to four years.
#21: The Celebrity Thief
New York-based Abraham Abdallah was arrested in 2001 for attempted grand larceny and the possession of forged devices.
For up to six months, Abdallah used cell phones, delivery services, and faxes to gain access to various celebrities’ credit card numbers and brokerage accounts. Accounts for Steven Spielberg, Oprah Winfrey, and Warren Buffet were among the 217 that he accessed.
He attempted to steal more than $22 million but was caught before all the illegal transactions occurred. He pleaded guilty to wire fraud, credit card fraud, and identity theft
Abdallah’s case is one of the first to involve identity theft in the digital age. He is believed to have served 11 years in prison before being released.
#22: The Kim Kardashian Theft Operation
In 2013, a then 19-year-old Luis Flores, Jr. called the credit card company American Express claiming to be Kim Kardashian. He changed her social security number and address to his own so that he could receive new cards. Suspicious, American Express reported Flores and his mother to the Secret Service.
Investigators found that Flores had a flash drive loaded with private data from celebrities and politicians – including Michelle Obama, Bill Gates, Paris Hilton, and Beyonce. The drive contained not only their personal details and social security numbers but also their credit card accounts.
What’s more, Flores was also linked to cases involving fraud against the US Marshals Service Director Stacia Hylton and former FBI director Robert Mueller. Using the personal information, he and his mother changed the victims’ addresses and phone numbers on their accounts, ordered replacement cards, and also made several wireless transfers from the targeted accounts to their own.
In 2014, Flores was sentenced to three and a half years in federal prison. Meanwhile, his mother was sentenced to three years of probation on top of her jail sentence for lying to the authorities in an attempt to cover up her son’s fraudulent activity.
Section 5: The Impact of Modern Technology on Identity Theft
When it comes to identity theft, the days of dumpster diving and telephone scams are all but gone. Today, criminals apply more sophisticated methods of scamming their victims and stealing their identities.
Most identity theft takes place online, and it doesn’t look like that’s going to change anytime soon. The rise of generative AI and deep fakes points toward a dangerous new trend in identity theft, as scams are going to get even more difficult to recognize.
#23: Social Media Users Are Prime Targets for Identity Theft
Through hijacking their victim’s social media profiles, thieves can gain access to their full name, date of birth, profession, relationship status, and much more. They can then use this information to send highly personalized phishing messages that have a higher likelihood of obtaining more sensitive information.
At the same time, thieves can scrape publicly available data on people from their social media accounts, which allows them to build a database of targets and send more personalized phishing messages.
#24: Social Media Account Takeovers
Most of the accounts that were taken over on social media in recent years remained in use after the hijacking. Hackers often target accounts with large followings so that they can sell them off on the dark web for a higher price.
In other scenarios, scammers use the victim’s account to attract brand deals. This often happens with influencers, who get high-ticket items or cash in exchange for promoting brands or collaborating with other channels on social media platforms.
#25: Account Takeovers Are Increasing
Social media account takeovers are an increasingly popular method of identity theft, and the number of cases seems to be growing exponentially. Scammers heavily target Instagram, but Facebook, Snapchat, and Twitter users are also at risk, especially if they run popular accounts with many followers.
Account takeovers increased by 7% between 2021 and 2023, with 29% of US adults saying they’ve experienced it at some point. Three-quarters of the victims had their personal accounts breached, but 21% had their work or business accounts hacked (up from 13% in 2021).
#26: Phishing Is the Most Popular Method of Account Takeover
Gaining access to someone’s account is only the beginning for seasoned identity thieves. That account can be used to “phish” for even more victims within that person’s friend circle, as people are more likely to click on suspicious links that come from a friend.
The advent and proliferation of generative AI have enabled scammers to step up their game even further. With tools such as ChatGPT, they can mass-produce natural-sounding phishing emails, even in languages they aren’t fluent in, further expanding their pool of potential victims.
#27: Formjacking Attacks Hit Thousands of Websites Every Month
Formjacking is when hackers put harmful code into websites to steal sensitive information. This usually happens on pages where you fill out forms, like when logging in or entering payment details. The hackers aim to capture sensitive information and either sell it on the dark web or use it to break into other systems.
When installing formjacking scripts, hackers look for things like credit card details, dates of birth, full names, and Social Security numbers.
#28: IoT Device Attacks Are a Potential New Avenue for Fraudsters
The IoT (Internet of Things) refers to all internet-enabled devices that have sensors, software, data processing capacity, and other technologies. Today, they include household items and wearable gadgets, such as smartwatches, and even healthcare devices like heart monitors. These objects can connect to the internet or networks to share data with other devices and systems.
To provide the best user experience, most consumer products that fall within the IoT category collect PII, such as names, dates of birth, or places of residence. These devices are often low-cost and designed to collect and transmit data without much regard for data protection. This makes them easy to exploit, even by less experienced hackers, posing a new threat to personal information.
#29: Businesses Are Being Targeted by Deepfake Fraud
Deepfakes can be used to gain access to employees’ and businesses’ data, as well as to trick businesses into providing services to fraudsters. Scammers use deepfakes to obtain authorization for transactions or recover “lost” passwords of their victims.
Synthetic identity fraud, i.e. combining fake and real ID information, allows criminals to open accounts and make purchases. They use AI to create false identities or alter existing ones in highly convincing ways. For instance, they might combine a real person’s voice with a fabricated video to impersonate someone else, tricking systems or people into believing they are interacting with the actual person.
This type of fraud is particularly concerning because it can be used to access secure information, steal money, or manipulate individuals and businesses. More than 9 in 10 organizations in the banking sector now consider AI identity fraud to be a major threat to their operations.
#30: Consumers Are Growing Increasingly Aware of the Dangers of AI
Consumers around the world seem to be well aware of the threats posed by AI. After all, mainstream news reports on AI advancements almost daily. AI tools are also much more accessible than others used by fraudsters – you don’t need to know how to code to use them, and tools like ChatGPT work just like regular chatbots. Finally, malicious AI is a major trope in pop culture, so many people are already extra-cautious when interacting with it.
How to Protect Yourself Against Identity Theft
Identity theft is running rampant on the internet, but that doesn’t mean individuals are defenseless against scammers. Just implementing a few basic cybersecurity practices can help protect your identity. In this section, we’ll cover how you can safeguard your identity, and also give you some pointers on how to react to your identity being stolen.
The Telltale Signs of Identity Theft
Sometimes it’s obvious when a person’s identity is stolen, but often it’s not so clear-cut. Here are some of the main signs that you might have fallen victim to identity theft:
- Unexpected account statements or credit card bills
- Receiving letters and calls from debt collectors
- Inaccuracies on your credit reports
- Calls from your credit card company about unusually large purchases at distant locations
- A tax return was filed in your name
- Receiving bills for services you didn’t use
Note that these signs transpire after the fact, i.e. after criminals have already gotten hold of your funds and used some of them. This is why acting quickly is incredibly important – every day of delay carries the risk of losing more money.
The best way to counteract identity theft is to take precautions against it and protect your personal data as best as possible, which we’ll get into below.
Identity Theft Prevention Practices
While it may be possible to get your money back after falling victim to identity theft, preventing future scams can be done fairly easily if you know how to establish the right precautionary measures.
- Learn to Identify Phishing Messages: Don’t click on links in messages from unknown senders. If you correspond with an organization via email, make sure the addresses you receive messages from match the ones you received before.
- Freeze Your Credit: That way, no one will be able to open new accounts or credit files in your name. If you want to open one yourself, you can simply unfreeze it.
- Come Up with Strong Passwords: Don’t base your passwords around security questions or easily identifiable family information. Password manager apps can help you add another layer of protection.
- Shred-Sensitive Documents: Thieves don’t dive into dumpsters as often as they used to, but your PII could still end up in the wrong hands if you mishandle documents.
- Use Two-Factor Authentication: That way, even if your password gets compromised, you still have the second factor to fall back on.
- Check Your Credit Reports and Financial/Medical Statements Regularly: This can help you catch any unauthorized activities or discrepancies early on.
- Use Alerts: Set up alerts with your bank and credit card companies to receive notifications of suspicious activities or transactions exceeding a certain amount.
- Monitor your mail: Keep an eye on the mail you receive and send. Consider using a secure mailbox or a P.O. box to receive sensitive mail and reduce the risk of theft.
Online safety is key to protecting yourself from identity theft. With so much of our activity transferred into the digital world, cybersecurity literacy can mean the difference between staying safe and becoming a victim.
How Should You React to Identity Theft?
As we already discussed, recuperating identity theft losses can be difficult, but that doesn’t mean there’s nothing you can do to remove scammers’ access to your accounts and bring them to justice.
- Notify all companies you do business with of your identity being stolen
- Inform law enforcement that your identity has been stolen
- Take inventory of any loss
- File a report with the FTC
- Place fraud alerts on your credit reports
- Freeze your credit to prevent future scams
- Review your credit reports and check for any “mystery” accounts
- Identify the unauthorized charges in your bank and credit card statements and dispute them
- File an identity theft insurance claim if you were insured
- Cancel your credit card or freeze your bank account
- Secure any breached accounts
The steps listed above prevent thieves from continuing to make purchases in your name. Furthermore, they allow you to gather all the records of unauthorized charges and purchases made in your name, giving you a shot at a refund.
In the US, you may be able to recover your money by promptly reporting unauthorized transactions to your bank or card issuer, following specific steps and timelines established by regulatory guidelines.
The Bottom Line
Identity theft as we know it today has been a major issue since the popularization of the telephone. It has since evolved to include many different, digital techniques of illegally obtaining people’s sensitive data.
The rise of generative AI carries the risk of exacerbating the problem. New technologies are always going to be exploited by criminals in creative ways, and by the time authorities catch up, newer inventions will take their place. The most effective way of preventing identity theft is to continuously educate yourself on the best personal data protection practices and stay up-to-date with the latest tech developments.
Important: SafetyDetectives owns the content and visuals in this article. We encourage you to share our content and visuals, provided you include a mention of SafetyDetectives with a link to the original article as the source. We appreciate your help in protecting our copyrights and enabling us to continue providing accurate and valuable information about cybersecurity.