In this article:
Identity theft and fraud protection for your finances, personal info, and devices.
How Does Someone “Steal” Your Identity?
When you think of identity theft, a stolen wallet or phishing scam might come to mind. But there are dozens of ways that fraudsters can get a hold of your personal information, from stealing your mail to buying your passwords (or even credit card numbers) on the Dark Web.
Identity thieves don’t discriminate when choosing their targets; all ages, genders, and backgrounds are fair game.
Even worse, once your identity has been stolen, you’ll likely be repeatedly targeted. Last year, nearly 70% of all identity theft victims said they were repeat victims [*].
The best thing you can do to stay safe is understand how identity theft happens, and then put systems in place to warn you so that you can shut down scammers fast.
The 10 Most Common Ways That Your Identity Can Be Stolen
1. Data breaches that leak personal information
Cybercriminals target large organizations that store vast amounts of sensitive information. They then sell stolen personal data, passwords, and financial information on the Dark Web.
Even if you do everything right when it comes to protecting your identity, you can’t control what other services or agencies do with the data you give them.
2024 has been an especially bad year for data breaches, with massive breaches from Ticketmaster [*], AT&T [*], and National Public Data [*] leaking billions of pieces of sensitive data — including full names, Social Security numbers (SSNs), and more.
How to take action: Data breaches can happen to anyone — so be mindful of the organizations, businesses, and people to whom you give sensitive information. Whenever possible, use limited (or fake) information when signing up for accounts. You can also check out of online stores as a guest to prevent your credit card details from being saved and stored.
2. Phishing attacks (via emails, text messages, phone calls, or fake websites)
Phishing attacks occur when scammers reach out via various platforms and pretend to be well-known companies, financial institutions, government agencies, or friendly acquaintances. These messages may include links to fake websites or requests for payment. In other cases, they're simply the beginning of more elaborate social engineering scams (such as Pig Butchering scams).
Phishing scams are getting harder to spot — especially as fraudsters access artificial intelligence (AI) tools that can help them write convincing messages [*]. However, there are some common red flags to look out for:
- Any sense of urgency or pressure to act quickly
- Suspicious links or attachments
- Odd design, formatting, or spelling
- Promises of too-good-to-be-true offers
How to take action: As a general rule, don’t respond to messages from people you don’t know, and verify any urgent requests directly with the company, agency, or individual via a safer contact method (such as calling their direct number or speaking to a representative in person).
For added safety, consider an all-in-one identity theft protection provider like Identity Guard that includes Safe Browsing tools to warn you of phishing attacks and fake websites.
3. Synthetic identity theft
Synthetic identity fraud happens when scammers merge your stolen real information with other bogus details to create “new” identities.
This form of identity fraud is particularly pervasive in the public sector, where con artists use synthetic identities to enroll in government services or open up counterfeit businesses to apply for loans or benefits.
How to take action: These scams historically target children and the elderly, who are less likely to monitor their SSNs. Enrolling in an SSN monitoring service can alert you to leaks and other suspicious activity involving your loved ones’ names, birthdates, and SSNs.
4. Stolen mail and dumpster diving
Bank statements, prescreened credit card offers, medical invoices, receipts, and utility bills all contain information — parts of your SSN, the last several digits of your card numbers, full account numbers, etc. — that thieves can use to piece together your identity.
Career criminals know what these documents look like and fish them out of people’s trash, personal mailboxes, and USPS collection boxes.
Last year, a woman in Rochester, Minnesota, admitted to dumpster diving and using the information she found to apply for a card in someone’s name.
Upon further investigation, law enforcement found fraudulent checks and personal identifying information (PII) belonging to over 200 individuals and businesses in her possession [*].
How to take action: Opt in for paperless billing whenever possible, and shred all sensitive documents before throwing them away.
5. Lost or stolen wallets and phones
Purses and wallets are gold mines for identity thieves. Beyond just a credit card, most people carry around some form of ID, like a driver’s license, which can give scammers access to a victim’s full name, address, date of birth, and signature. With this information, fraudsters can potentially take out new loans in your name or even apply for a job.
And that’s just what they can do by stealing a basic ID. Your Social Security card, credit and debit cards, and health insurance cards open the door to even more fraud.
Losing your phone could be just as dangerous. If your phone is unlocked or grifters crack your passcode, they could gain access to saved logins, stored credit cards, and Apple or Google Pay accounts.
While traveling in Greece, a tourist’s phone was stolen — and it happened to have her driver’s license attached to it. Turns out her birthday was the password to her phone and her online banking account. The scammer stole upwards of $15,000 [*].
How to take action: Limit the cards you carry with you, never write down your password and store it in your wallet, and keep your phone on your person while in public.
6. Home burglary
Your home likely stores a wealth of identity information, from passports to Social Security cards to birth certificates. Criminals could also come across your tax returns, bank statements — even your home title.
You may not even realize some of these items have been stolen because you don’t check on them regularly. In the meantime, burglars can create a synthetic identity or wreak havoc on your credit before you can enact a freeze.
How to take action: Make a list of the documents you have in your home in case they get stolen. Keep confidential documents in a locked safe.
7. Credit card skimming
In 2023, credit card fraud was the most common type of identity theft, with over 416,000 reports filed [*]. While swiped wallets lead to some cases, credit card skimmers make up a significant portion. Skimming or shimming devices both secretly collect your credit card information as you swipe — allowing scammers to clone, sell, or use your card information for themselves.
In May of 2024 , the Secret Service identified 20 credit card skimmers in grocery stores, gas stations, and ATMs throughout Northern Ohio [*]. Many others have been found across the United States this year, in Minnesota, Texas, and Connecticut.
How to take action: Be wary of card readers or ATMs that have sticky keys, abnormally bulky hardware, or look like they’ve been tampered with. Consider using a credit monitoring solution like Identity Guard to alert you to suspicious activity as soon as it happens.
8. Hacking and account takeover fraud
Nearly one in three people have had an online account hacked [*]. Once scammers take over your social media, email, or other accounts, they can access any stored information, or even impersonate you online and target your friends and family.
For example, scammers could hack your social media accounts and then request money transfers from your close friends who will think it’s you.
How to take action: Keep your accounts safe from takeovers by using strong, non-guessable passwords and multi-factor authentication (MFA). If you get a message from your “friend” that sounds off, don’t answer it until you’ve spoken with the person directly.
9. Wi-Fi “snooping” over public and unsecured networks
Public Wi-Fi is convenient when you’re on the go — but it’s also easy to hack. Fraudsters use hacked or fake Wi-Fi networks to install malware or spyware on victims’ devices, watching as they type in passwords or send off private emails.
This past June, an Australian man was arrested for setting up fake Wi-Fi networks at multiple Australian airports and on flights to steal people’s data [*].
These “evil twin” Wi-Fi networks looked just like legitimate ones, duping users into providing personal details to get online.
How to take action: A virtual private network (VPN) conceals your data when you’re working in public. If you don’t have a VPN, enable your phone’s hotspot. And if you must use public Wi-Fi, avoid entering or sharing passwords or sensitive information.
10. Data brokers and publicly available information
Data brokers and people finder sites gather information about you from census data, surveys, and other public records and sell it to marketing companies and employers. Unfortunately, scammers can also get their hands on broker data, using it to enhance their phishing attacks or combine it with other knowledge they already have to assume your identity.
This past April, the hacking group USDoD claimed to have stolen the personal records of 2.9 billion people from National Public Data, a broker that sells information to private investigators and staffing agencies. They offered the full dataset — including people’s full names, alternate names, addresses, dates of birth, and Social Security numbers — for $3.5 million on a Dark Web forum [*].
How to take action: Limit the photos you post on social media, don’t tag your locations, and never share any confidential information in posts or messages. Tighten your social media privacy settings and remove your data from Google search results. Though it’s time-consuming (you must contact each one), it’s also worth opting out of data broker lists.
What Are the First Warning Signs of Identity Theft?
- Unfamiliar charges on your bank accounts. Even small charges or unfamiliar withdrawals can be warning signs that your identity has been stolen. Make sure to follow up with any fraud alerts that you receive from your bank or lenders.
- Applications for new credit are denied. Identity thieves rack up charges on a card you rarely use, tanking your credit score in the process.
- Missing mail. Be especially cautious if bills or other sensitive documents go missing. In some cases, grifters will use a change-of-address request to redirect your mail to their address, giving them access to even more of your information.
- Data breach notifications. Companies are legally required to report breaches to impacted customers. If you get a notification — either via email or regular mail — you can assume your data is circulating on the Dark Web.
- Unexpected two-factor authentication (2FA) codes or password reset requests. These are clear signs that scammers have access to your email, password, or both — and are trying to lock you out of your accounts.
- Unfamiliar jobs or income on your Social Security statements. Imposters can use your Social Security number to apply for jobs or file fake tax returns and steal your refund. If the IRS suspects fraud on your tax return, they’ll send you a notification in the mail.
- Your utilities get shut off. Scammers may have used your name to activate power and water at another location.
- There’s a warrant out for your arrest. Crooks can present your ID to the police during traffic stops or other interactions, leaving you on the hook for their crimes.
What To Do If You Think Your Identity Has Been Stolen
If you believe your identity has been stolen, act quickly to shut down scammers and minimize the damage. Here are the first steps you should take:
- Freeze your credit. A credit freeze prevents anyone from reviewing your credit file, essentially blocking scammers from opening new accounts in your name. To activate a freeze, contact each of the three major credit reporting agencies individually: Experian, Equifax, and TransUnion. You’ll receive a PIN number you can use to unfreeze your account if you need to apply for a loan or credit card in the future.
- Report the theft to the Federal Trade Commission (FTC) and your local police department. Most financial institutions ask for proof of identity theft to reverse fraudulent charges. First, file a report with the FTC at IdentityTheft.gov. If you have information that could lead to an arrest, or your identity was used with the police, you should also file an identity theft report with your local law enforcement agency.
- Contact your bank to cancel compromised cards and accounts. Call the number on the back of your card, and ask to talk to the fraud department. You’ll want to cancel all compromised cards and accounts and then open new ones.
- Secure your online accounts. If hackers gained access to your online accounts, you should request a password reset, or contact the service to regain your access. Be especially cautious with sensitive accounts, such as your email and online financial accounts.
- Dispute unauthorized transactions. Contact the fraud department of every company where scammers have used your identity. Be ready to share details about each incident as well as your FTC and/or police report.
- Check your identity theft insurance. Whether you have a dedicated identity theft protection plan or coverage through your home insurance or work benefits, you may be entitled to compensation. For example, all Identity Guard plans include up to $1 million in identity theft insurance, plus dedicated support to help victims of identity theft.
How To Protect Yourself Against Identity Theft
Identity theft can happen to anyone — but with a few protective measures, you can help make yourself a less vulnerable target. Here are some ways to keep your identity safe:
- Be wary when asked to supply information online, over the phone, or to companies.
- Always use strong and unique passwords for your online accounts.
- Activate two-factor authentication (2FA) or multi-factor authentication (MFA) on sensitive accounts. Use an authenticator app instead of SMS; texts can be intercepted.
- Secure your devices, mail, wallet, and personal items in a safe place.
- Regularly review your bank statements and credit reports for signs of fraud. You can download weekly free credit reports from all three credit bureaus by visiting AnnualCreditReport.com.
Constantly being on guard is hard work. Thankfully, there are tools that can monitor your finances and identity for you.
Identity Guard continuously monitors your sensitive data by searching the Dark Web, data breach notifications, high-risk transactions, and more — and notifies you of suspicious activity in near real-time. You’ll also get access to advanced Safe Browsing tools to protect you and your family against phishing attacks, a secure password manager, up to $1 million in identity theft insurance coverage, and 24/7 assistance from a dedicated U.S.-based customer care team.
