10 types of identity theft and how to spot the warning signs.
In this guide we cover the top 10 types of identity theft and fraud and look at common early warning signs to help you protect yourself and your data.
Table of contents
What is identity theft
Identity theft might be a term you’re seeing more often in the news and online. And there’s ample reason – it’s a problem that is growing exponentially.
But what exactly is identity theft? ID theft happens when someone’s personal data is stolen and used against their will – in most cases for monetary gain. Personal data that’s commonly stolen includes social security numbers (if you’re in the US), credit card details, and even tax information. When cybercriminals have your personal data like your social security number they can commit many types of malicious acts such as impersonate you to get tax refunds, medical benefits, take out loans in your name and even empty your banks accounts.
You may think you will never fall victim to identity theft, but the reality is that these days we are all susceptible to it. Every one of us has personal data online (usually a lot of it) and with the increase in complexity of online fraud tactics, it’s not unlikely that an online criminal will try to steal and use your data.
With an increase in the types and complexity of identity theft methods, the reporting of such cases has exponentially increased in recent years. In 2023, the Federal Trade Commission’s (FTC) Consumer Sentinel Network had over 5.4 million reports in the USA alone. Of the 5.4 million reports, 48 percent were fraud reports and 19 percent were reports of identity theft. Notably, 40 percent of identity theft were forms of credit card fraud.
While these statistics only refer to identity theft in the US, it is a global problem, and no one is exempt from falling victim to the increasing types of identity fraud. That’s why today – more than ever, it’s extremely important to be aware of the types of identity theft and ensure you take measures to best protect your online identity.
So let’s go into detail on the 10 most common types of identity fraud.
Types of identity theft
1. Financial identity theft
Financial identity theft is the most popular type of fraud. Financial ID theft happens when an ID thief obtains your financial information: this could be a credit card number or banking details. The malicious attacker then uses your previously confidential information without your permission to, basically, steal money from you. Common examples are criminals taking out loans, opening more bank accounts, making transactions, and ultimately causing a lot of harm for the victim of the financial theft.
If you’ve fallen victim to financial identity theft or suspect suspicious activity with your bank accounts, report a fraud report immediately to the Federal Trade Commission or if you reside outside of the US, with your local law enforcement agency.
2. Social Security Identity Theft
In the US, one’s social security number (SSN) plays an important role. Each citizen, each permanent resident and each eligible nonimmigrant worker gets a unique nine-digit number for receiving wages, tracking Social Security benefits and more. This number is also used for identification purposes in the US, which makes it important to keep this number private. This is also the reason why cybercriminals are so keen on getting hold of social security numbers.
These days companies are quick to ask for your nine digit social security number, and many of us are quick to hand it out without blinking an eye. But every time you give out your social security number, you’re at greater risk of falling victim to social security identity theft by means of a data breach. Cybercriminals who obtain your social security number can use it for many types of serious fraud. Common cases involve cybercriminals using it to apply for credit cards, loans, and even government benefits.
While in some cases you are legally required to provide your social security number (for instance when taking on a job), in other cases companies ask for it but it isn’t legally required. In cases where you feel it is unnecessary to hand out your SSN, always say no. Your choice should be respected.
The importance of keeping access to this sensitive data as limited as possible can not be overrated. Massive data breaches like the Equifax one show the risk: The more companies have your data, the more likely the risk of falling victim to a data breach.
The massive Equifax data breach compromised around 140 million of American’s Social Security Numbers. In the fallout of this incident, a core piece of personal data of millions of Americans has become public information.
If you suspect your US social security number has been stolen or used maliciously, you should report this immediately to one of the following government agencies:
3. Tax identity theft or IRS identity theft
Tax identity theft also referred to as IRS identity theft involves ID thieves obtaining your personal details like your social security number or taxpayer identification number (ITIN) and using them to file tax returns in your name, as well as to claim credit or refunds.
In a case where there has been suspicious activity, or you think you’ve fallen victim to tax identity theft you should contact the IRS for assistance immediately.
4. Medical identity theft
Medical identity theft happens when criminals use your personal details for different medical reasons. From using your details to illegally buy drugs, to getting medical care and even submitting fake bills to your medical insurance provider. Medical identity theft causes havoc as thieves can use up all your medical insurance benefits, file fraudulent medical bill refunds, and create unpaid medical bills. This is a common practice targeting the elderly or people with disabilities as a means of stealing government payments to these people.
5. Digital identity theft
Because we all have a digital identity, made up of a lot of personal data that’s stored in online data bases, digital identity theft is common and canhappen to any of us. This type of ID theft occurs when your personal data is stolen online. Cybercriminals have complex methods to steal data, often without you even knowing. Common digital identity theft cases happen due to data breaches, email phishing attacks, and malware.
Once your digital data has been stolen, it can be used for many different purposes. In the case of exposed login credentials that have been sold or leaked during a data breach, you can easily fall victim to a credential stuffing attack and from there cybercriminals can pivot to access other online accounts. For this reason, it’s vital that you use a password manger, create unique, strong passwords for your online accounts, and add extra protection to your accounts with two-factor authentication (2FA).
6. Synthetic identity theft
With synthetic identity theft, criminals create illegal identities using both real and fake information. For example, an ID thief might use your social security number with a fake name. This type of ID theft usually targets children or people who are deceased. Because these social security numbers are usually not actively used, so fraudulent activity can go unnoticed for years. This can also be used as a means of stealing social security payments from retirees.
7. Employment identity theft
This type of ID theft happens when someone uses your personal information to gain employment. Your personal information stolen and used could include your social security number, name, and date of birth. Employment identity theft highlights how important protecting your SSN and other personal details are. Combined with social media sites like LinkedIn, imposters only need to scoop up a few key pieces of information to present themselves to companies in your name.
8. Criminal identity theft
This type of identity theft occurs when a crime is committed by someone, but under your name. In such cases, the ID thief might use your details when they are arrested, resulting in you gaining a falsecriminal record. In some cases, innocent victims of criminal identity theft have even received court summons for crimes they’ve never committed.
9. Account takeover
If you’re a social media user, it’s likely you’ve seen friends posting about having their accounts hacked or maybe you’ve even received strange direct messages on social media like Facebook from a friend asking for money. These tactics are used by malicious attackers who either copy your friend’s profile or take over their account in order to make you give them money. Account takeovers happen when hackers steal someone’s login credentials, change their passwords, and gain full control of their accounts. Very often these cybercriminals will try run scams under the hacked person’s name.
10. Child identity theft
Child identity theft occurs when an ID thief uses a child’s social security number for different fraudulent activities. Similarly with synthetic fraud, children are vulnerable to having their social security numbers exploited because they are not yet regularly used. As children have no credit history, the theft of a child’s SSN easily goes undetected for many years.
To best protect your child against any form of child identity theft, you should never share your child’s SSN if it isn’t legally required.
Warning signs
Before identity thieves drain your bank accounts, sell your information on the dark web, and cause havoc with your personal data, you should always be aware of these common warning signs:
-
Being notified of a data breach
-
Credit changes or unexpected bank withdrawals showing on your account
-
Bills for items you never purchased
-
Unexpected calls from debt collectors
-
Any unfamiliar notices from the IRS
-
Medical bills or having medical claims rejected due to having reached benefit limit
If you suspect that you or a family member has been involved in an identity theft crime, you should report it immediately to the Federal Trade Commission (FTC).
How to protect yourself and your data
There is not one perfect way to protect yourself from identity theft. We wish there was, but with ever changing complex theft methods, it’s something that will never disappear. If anything, the cases of ID theft and fraud will increase. Because of this, knowing how to best protect yourself might seem like a complex ordeal. Despite no silver bullet against identity theft, you can reduce your exposure in data breaches by regularly using email alias addresses and creating strong unique passwords. If pressed to “overshare” by a company, you can always gently state that you do not wish to provide unnecessary personal information.
A great start to protecting yourself against identity theft, is to protect your digital identity. If your digital identity is well secured, you are at less risk of falling victim to malicious attacks and identity theft. Knowing that there is a risk and staying alert is already a very good first step to protect yourself from identity theft. Matching this with best security practices as recommended in the follow-up post will most likely lead to fraudsters looking for easier targets.
In our in-depth guide to protecting your digital identity the Tuta Team have covered all the best security and privacy tips for protecting your digital identity from data breaches and cybercrime attacks. By reading this, and implementing the small changes we recommend, like using end-to-end encrypted email and strong authentic passwords, you will be one step ahead of malicious attackers and fraudsters.