Identity theft costs Americans billions of dollars per year and affects millions of people. But "identity theft" is a broad term that covers very different attacks with different consequences. Understanding exactly how it happens is the first step to preventing it.
The Most Common Types of Identity Theft
Financial identity theft — the most common type. Someone uses your personal information to open credit cards, take out loans, or access your bank accounts in your name. Consequences range from fraudulent charges to destroyed credit.
Tax identity theft — someone files a tax return using your Social Security number before you do, claiming your refund. You discover it when your legitimate return gets rejected. The IRS has an Identity Protection PIN program that prevents this.
Medical identity theft — someone uses your identity to receive medical care or prescription drugs. This is particularly dangerous because false information can be added to your medical records, affecting future care.
Synthetic identity theft — a criminal combines your real Social Security number with a fake name and date of birth to create a new identity. This is hard to detect because the victim's name never appears in the fraud.
Child identity theft — a child's SSN is used to build fraudulent credit. Often undiscovered until the child applies for credit as an adult, sometimes years later.
How Identity Theft Starts
Data breaches. When companies get hacked, your personal information enters criminal markets. A 2023 breach at a data broker exposed 3 billion records. Your information has almost certainly been in multiple breaches.
Data broker profiles. Your name, address, phone number, relatives' names, and estimated income are legally for sale on 4,000+ websites. Criminals use this to answer security questions, make impersonation calls more convincing, and target phishing attacks.
Phishing. You're tricked into entering credentials on a fake website or providing information to a scammer on the phone.
Mail theft. Pre-approved credit card offers, bank statements, and tax documents contain enough information to open accounts. Physical mail theft still accounts for a meaningful percentage of identity theft.
Social engineering. Attackers call companies impersonating you, using information from data brokers to pass identity verification.
How to Know If You're a Victim
- Unexpected drops in your credit score
- Credit card or loan applications you didn't submit
- Bills or collection notices for accounts you didn't open
- Tax return rejected because one was already filed with your SSN
- Medical bills for services you didn't receive
- Unfamiliar accounts on your credit report
How to Protect Yourself
Freeze your credit at all three bureaus (free). Use a password manager with unique passwords. Enable 2FA on all important accounts. Remove your data from data broker sites quarterly. Sign up for free monitoring at haveibeenpwned.com. Request your free annual credit report at annualcreditreport.com.