Personal data smuggling is a profitable business and the foundation for other devastating scams. It's no wonder, then, that incidents of identity theft rise by the day in nearly every part of the world. In this high-tech era, the personal data of millions of people is readily available across the internet, and perpetrators find identity fraud a quick, easy, and lucrative venture.
The following identity theft statistics don't make for very optimistic reading. You may find some of our discoveries disheartening, but it's all the more important to read them and prepare yourself for the potential dangers that lurk in the corners of the internet. Once again, in the world where technology and cyber reality are expanding to each sphere of our lives – knowledge truly is power!
Identity theft – types
Identity theft makes up the lion's share of all yearly fraud reports according to Consumer Sentinel by the Federal Trade Commission (FTC). As we can see on the graph below, the median fraud loss in the US in 2021 was $500.
Although most identity thefts have a common motif – financial gain – this is not always the case. Also, the strategies, tools, and medium through which these gains are achieved can significantly differ. Therefore, we have many specific identity theft categories. The following are the most common:
- Financial identity theft – is exactly what it sounds like – stealing money by faking someone's financial information. A typical example of financial identity theft is when someone takes your credit card number to make a transaction, without your authorization or knowledge.
- Criminal identity theft – is when someone uses another person's identity while performing a crime or during an arrest. For instance, someone could receive a court summons out of the blue, without having any involvement with the crime. The actual culprit has simply given another person's information to avoid charges.
- Medical identity theft – is a very common type of identity theft and involves using someone else's personal information to use a health care service or obtain prescription medication. Very often, people use another person's medical ID to get prescription drugs without the ID holder ever finding out.
- Synthetic identity theft – is when an imposter combines the personal information of several people, both real and fake, to create a completely new (synthetic) identity, and then uses it to apply for a loan, credit card, or similar. Thanks to the latest deepfake technology, creating synthetic identities is relatively simple nowadays.
- Tax identity theft – is when somebody uses another person's Social Security number to falsely file their income taxes and receive their refund. The perpetrator most often obtains the victim's Social Security number by impersonating an IRS representative or through phishing
- Child identity theft – sadly, there are criminals who won't hesitate to use a minor's personal information to commit financial fraud or another type of crime.
- Employment identity theft – people even steal identification and personal information to obtain employment. In that way, they can pretend to be someone more successful and conceal previous mistakes or criminal records from future employers.
- Government documents or benefits fraud – such as passport or driving license theft, are still very common, so you always have to take good care of your official documentation. Criminals either abuse them personally or sell them on the dark web for profit.
- Social media account takeovers – nowadays almost everybody has a social media, or at least an email, account. Criminals hack them and then use them to impersonate you or steal your valuable personal data for financial gain, or for other purposes – such as revenge, to run scams, etc.
Identity theft – statistics
1. Over 5.8 million Americans reported identity theft or some other type of fraud in 2021
The number of identity thefts and other frauds was at a record high in the US in 2021. Just four years earlier that number was twice as small, and in 2001 less than 0.33 million US citizens had reported some type of online fraud to the FTC.
2. Identity thefts made up 25% of all reported fraud in the US
Identity theft was the most common type of fraud in 2021. Over 1.4 million people in the US reported that their identities were stolen. Imposter scams were next in line with almost 1 million victims. Interestingly, business and job opportunities scams entered the top 10 with over 100,000 reports.
3. People in the US lost $6.1 billion to fraud in 2021
The year 2021 set the record for losses too. US citizens lost over $6.1 billion to fraud in total – one-fourth (25%) of which were identity frauds. So, the year 2021 saw an increase of more than 70% in losses since the year before, when the combined reported losses were $3.4 billion.
4. Government documents or benefits fraud is the most frequent type of identity theft
According to the same FTC report, government documents or benefits fraud was the most common type of identity fraud in 2021, with almost 400,000 reports, and the second most popular was credit card fraud. At the same time, credit cards were the most frequent payment method across all fraud reports. Bank transfers and payments accounted for total losses of $756 million, followed by over a $750 million loss in crypto payments.
5. Identity theft occurs every 2 seconds
Every two seconds somebody has their personal information stolen, according to a Javelin study. This may seem exaggerated, but when we consider all the types of identity thefts and frauds, the pace of technological advancements across the globe, and that the world's population is constantly increasing, this statistic doesn't sound so bizarre.
6. People with Facebook, Instagram, and Snapchat are 46% more likely to experience identity fraud
Social media puts you in a high-risk group for identity theft according to another study by Javelin. People who use Facebook, Instagram, and Snapchat are 46% more likely to become victims of account takeovers and identity thefts than those who aren't active on those social platforms. In general, a social media presence exposes you to a 30% higher risk of fraud, compared to if you weren't active.
7. Most identity theft reports came from people in their 30s
In relation to the above mention statistics, FTC found that people in their 30s (who are likely to have multiple social media and work-related network accounts) are most likely to report identity theft. Among 2.9 million fraud reports, 26.4% were from people between the ages of 30 and 40, with only 4.7% from people in their 70s. Of course, such a sizeable difference in the number of reports could be partially due to the fact that younger people find it easier to file an online report on a relatively new online platform, like the FTC online platform for reporting fraud.
8. Child identity theft is up by 63%
Unfortunately, children aren't exempt from identity fraud. According to the Identity Theft Resource Center (ITRC), approximately 1.3 million children's records are stolen each year. The research also found that foster children are at greater risk, with the percentage of identity thefts among them higher than other kids.
At the same time, the FTC recorded over 22,833 instances of child identity theft in 2021, a 63% increase compared to 14,000 the year before.
9. Approximately 87% of consumers take security risks on public Wi-Fi
According to the Norton Wi-Fi risk report, 87% of respondents have taken risks on public Wi-Fi, potentially exposing sensitive personal data while using emails, bank accounts, or social media. While public Wi-Fi remains generally unsafe, malware and fraud risks can easily be mitigated with the use of a VPN. Still, most people don't bother to protect themselves on public Wi-FI, which coincides with the finding that 60% of respondents believe that their personal information is safe when using public Wi-Fi.
10. Only 25% of consumers use a VPN to protect their data on public Wi-Fi
Despite its proven benefits, 75% of internet users still don't use a VPN with public Wi-Fi. As seen from the above report, most consumers simply connect to unsecured networks without protecting their connections or covering up their digital footprint. Worse still, one-third of the respondents had never heard of a VPN before participating in the Norton Wi-Fi risk research.
11. The median loss of people aged 80+ is 3x larger than the average median loss
Although people over the age of 70 report online scams less often than other age groups, the median loss of scams in which they are involved is much higher. And so, the median loss of people between 70 and 80 years old is $800 and people above 80 suffer a three-time larger median loss than the average, or $1,500 – as the Consumer Sentinel Network report has shown.
12. Account take over (ATO) losses increased by 90%
According to Javelin Research's 2023 Identity Fraud Study: The Virtual Battleground report, incidents of account takeover increased by 90% in 2021 compared to a year before, making up almost one-quarter of all identity fraud losses. What's more, estimated losses from ATO exceeded $11 billion in 2021.
13. 18 million people fell prey to payment scams during the Covid-19 pandemic
The pandemic revolutionized many aspects of our lives, including shopping and money transfers. As the vast majority of transactions became digital, criminals saw an opportunity to falsify payment info and other necessary personal details. Phishing emails saw a drastic rise during the period, and perpetrators started targeting digital wallets and online payment systems like Apple Pay and Zelle. The result was over 18 million victims of payment scams in the year 2020.
14. Credit card details with an account balance of up to $5,000 cost only $120 on the Dark Web
As the global health crisis draws out, followed by the war in Ukraine and rising inflation, the shadow economy keeps flourishing. The latest Dark Web Price Index shows us that the Dark Web market became even bigger and more diverse in the first half of 2023. However, the prices of stolen personal information have mostly dropped. And so, criminals across the world can get credit card details with an account balance of up to $5,000 for as little as $120 now, which is twice as cheap than at the end of 2021.
15. European Union passports are worth $3,800 in the shadow economy
Likewise, the price of EU passports has dropped from $4,000 in 2021 to $3,800 in 2023 on the Dark Web. The average price of the European Union National ID has increased from $120 to $160 over the last year or so, and a fake US Green Card is now $160, instead of the $150 that it was last year.
16. 79% of Americans admit they share their passwords
Despite numerous examples which draw a clear connection between account sharing and identity theft, a survey by The Zebra has found that nearly 79% of Americans still share passwords with people outside their home.
What is even more worrying is that only 13% of surveyed adults saw identity fraud as a real danger. Approximately 65% of respondents admit they reuse passwords across sites regularly, and 39% use the same password for everything.
If ProPrivacy had a quick reference book of what not to do to stay safe online – such poor online security habits would be it (for the most part)!
17. Over 77% of identity theft victims report increased stress levels
In a study from 2018, the ITRC investigated the physical and emotional impact of identity theft. The study named The Aftermath: The Non-Economic Impacts of Identity Theft revealed that over 77% of the victims have experienced increased stress levels in the aftermath of the incident. Also, almost 84% percent of victims felt violated, and over 69% admit that they had difficulties trusting people afterward – some even developing trust issues with family and friends.
Not only do ID thefts erode personal relationships, but because of the increased stress levels and deep emotional trauma, the victims often start developing psychosomatic conditions that lead to physical problems. Almost 56% of the ITRC study respondents reported they felt aches, pains, and/or cramps in different parts of their bodies, mostly the head and stomach.
18. 23% of identity fraud victims never get their money back
As the number of identity frauds keeps increasing, so does the number of people who never see their stolen money again. To be precise, in 2018, at least 23% of fraud victims were left out of pocket after being scammed, three times more compared to 2016.
19. Almost everybody in the US knows an identity theft victim
Around 20% of Americans have reported identity theft to FTC in 2021, meaning almost everybody in the US knows an identity fraud victim or has been a victim themselves. Rhode Island had the biggest percentage of identity thefts among all the frauds reported – a whopping 73%. Kansas was second with 62% and Illinois third with 46%.
20. EMV chip credit cards helped in reducing fraud
Credit card fraud dropped by 75% between 2015 and 2018, shortly after the EMV chip-embedded credit cards were introduced. Until that point, credit card fraud was the most dominant type of fraud in the US for years.
EMV chip adoption in the US didn't go as quickly as expected, however, by the second quarter of 2021, nearly 88% of merchants were using the systems that accepted the cards with chips, and every major card issuer introduced EMV chips into new cards.
21. Identity theft strikes equally at all income levels
According to Define Financial research, people of all income groups are at risk of identity fraud. Of course, not all the victims were willing to openly share their income range, and so 23% of respondents didn't respond. But, among the rest of the victims, 17% were earning $20,000 or less a year, 13% were earning between $30,000 and $40,000 a year, and 21% were earning from $50,000 to $75,000 at the time of experiencing identity theft.
22. The cost of cybercrime exceeded $6 trillion last year
The Center for Strategic and International Studies (CSIS) estimated that the global cost of cybercrime in 2020 was nearly $1 Trillion. A year later, due to worldwide lockdowns and digital industry expansion to all aspects of our lives, cyberattacks have increased in both frequency and intensity and losses have topped $6 trillion.
New cybersecurity threats over the last two years have been a 'collateral damage' of the Covid-19 pandemic and the acceleration of digitalization it induced.
Cybersecurity Ventures called cybercrime "the greatest transfer of economic wealth in history", estimating it will reach an annual cost of $10.5 trillion by 2025 – a 15% year-on-year increase over the next five years.
23. Married women are a high-risk target group for identity theft
According to the 2021 Consumer Aftermath report, Exhibit B by ITRC, the majority of identity theft victims in the US are Caucasians (65%), females (63%), and people with a college degree (61%). In other words, if you are a married female Caucasian with a college degree, you should really be on the lookout for identity fraud and take precautionary measures. But even if you belong to just one of these groups, you are already at a higher risk of identity theft.
24. Up to 10% of the US annual health budget is lost to fraud
To this day, over 2 million Americans have been victims of medical identity theft. Government and law enforcement agencies estimate the annual health budget loss at between 3% to 10%, which means more than $300 billion is lost each year. Considering all the difficulties one has to face to get proper health insurance in the US, and the cost of it, medical identity theft could escalate into a life-threatening situation.
25. eCommerce is the #1 cause of all credit card fraud
Nowadays, eCommerce is behind most credit card fraud, and so-called card-not-present (CNP) credit card theft is on the rise. This type of credit card fraud is mostly accomplished by hacking – the perpetrator breaks into corporate servers storing sensitive payment data and steals the information.
Imposter fraud is another very common way of stealing credit card payment information. Typically, criminals do it by phone. They contact the cardholder and seek the information under different pretexts – faking a business offer, collecting for charity, or pretending to call on behalf of their bank.
26. Most small businesses don't secure private information properly
Despite the great majority of companies experiencing a firmware attack over the past two years (more than 80%), not even a third (only 29%) of the security budget is allocated to firmware protection, according to the 2021 Security Signals study. What's more, 21% of enterprise representatives said their firmware data is basically unmonitored. Such poor security practices are leaving most companies utterly exposed to multiple threats.
27. A hacked Gmail account sells for $65
Many online users utilize their Gmail accounts to access their pastime, work-related, and other social platforms. It's not a surprise then that many cybercriminals target Gmail accounts, either as a gateway to other personal accounts or to sell them on the dark web for $65 per account.
28. One-third of all identity frauds happens in the US
According to a Merchant Risk Council report, the US reported approximately an $11 billion loss caused by credit card fraud in 2020. At the time, this made the US responsible for one-third of all credit card fraud worldwide. Taken that the number of credit card frauds in the US has increased since, we can assume that the US is still the reigning world champion of card fraud.
29. Account takeovers tripled during the pandemic
Researchers at Sift discovered that account takeovers have increased by 307% since April 2019, with 48% of victims having experienced this type of identity fraud more than once. While the majority of victims suffered a monetary loss as a result, every fifth victim was unsure of the consequences of their hacked account – perhaps cybercriminals couldn't use it as they planned or it only served them for testing.
Fraudsters will never stop adapting their techniques to overwhelm traditional fraud prevention, making suspicious logins look legitimate, and legitimate ones look suspicious.
30. 2021 was a record-breaking year for data breaches, greatly contributing to identity fraud
Each data breach increases the chances of identity theft, since the stolen personal information plays a major role in this type of fraud. The year 2021 was a record-breaking year for data breaches according to ITRC, and the negative trend mirrored in identity fraud spiking as well.
IT Governance reported 1,243 security incidents in 2021, with the estimation that they led to at least 5,126,930,507 breached records – an 11% increase from 1,120 breaches in 2020.
31. Number of fraud incidents continues to rise
Consumer Sentinel Network Data Book 2021 reports a 3% increase in the number of identity theft reports compared to 2020. What's more, these reports represented a quarter of all fraud reports in 2021, with 1.4 million isolated identity theft incidents.
Javelin Strategy & Research Study has concluded that victims are becoming quicker at identifying fraud attempts – 78% of identity theft victims reacted within a week's time. But the problem won't so easily go away and many people believe identity theft will remain one of the major 21st-Century problems.
Has your identity been stolen?
With so many "innovations" in the world of cybercrime, it's becoming increasingly difficult to detect a fraud attempt, especially during its early stages (which are the most critical). Still, if you discipline yourself and stay alert, it's possible. Here are the most common red flags to be mindful of:
- Odd activity on your credit cards/bank statements/social media accounts
- Unexpected or unusual texts and emails
- Suspicious phone calls/voicemails/physical mail
- Personal documents/mail/wallet missing
- Odd SMS verification codes
- Receiving bills for medical services you didn't request or use
- Not receiving income tax return or receiving an inaccurate amount
- Getting access requests for your online accounts from unfamiliar devices or distant countries
- There was a data breach in a company/sector in which you had your information stored
What to do in case of identity theft?
If you suspect that any of your accounts or personal data has been breached, try not to panic. Instead, follow these steps to minimize the damage as much as possible.
- Report identity theft to Identitytheft.gov and file a report with the Federal Trade Commission if you're a US citizen; if not, look up similar government websites in your country.
- Notify all the relevant companies and agencies of the incident – your bank, the company where the breach took place, IRS if your Social Security number has been compromised, etc.
- Notify your local police department and file a report, especially if you suspect the perpetrator is somebody you know. Don't forget to ask for a copy of the record, you might need it later on.
- File a claim with your insurance company if you have an identity theft protection plan. If not, check with your employer if you may have it through them – sometimes companies provide identity theft insurance as a job benefit.
- Freeze your credit, sign up for a credit monitoring service (if available), and place a fraud alert on your credit reports – this will make your credit report inaccessible to any third party and you'll get notified of any suspicious activities.
- Tighten security on all your other accounts, including social networks. Remove all sensitive personal information (addresses, phone numbers, your birthday, and similar) from your profiles and/or set them to private. Enable two-factor authentication where possible and change all your passwords – if you have many accounts make use of a password manager.
- Go through your credit card and bank statements and check if there have been any unauthorized charges. If necessary, block your credit card.
How can I prevent identity fraud?
Unfortunately, there's no single perfect solution to prevent identity theft, and monitoring services only inform you of breaches once it's too late. But there are some effective methods and habits you can practice to reduce your chances of falling victim to identity fraud.
Stay alert to phishing and other scams
Ransomware and Phishing are on the rise, along with many other types of scams. It's likely that somebody will call or email you pretending to be a government or business representative when they're actually a criminal trying to steal your information.
Never share your personal (or company) details in this situation, and, especially don't make any money transfers before you triple-checked the request and the person making it. And, never open suspicious attachments – most likely, they will contain malware.
Safeguard your important information
Information like your Social Security number (in the US), National Insurance number (in the UK), phone number, address, credit card number, and similar can be abused or used as a key to your other personal data. For that reason, you have to guard them at all times and be careful to share them only with trusted individuals and institutions. But even then, make sure you ask them why they need this information and how they will use and protect it.
Don't carry your cards and paperwork around with you, instead, store them in a safe place, or, even better, remember the needful and shred the extra paper.
Use strong passwords and set up 2FA
Secure each of your accounts with a strong, unique password to start with. Next, you shouldn't keep these passwords in your notes or online documents – as these can get easily breached. Also, don't share them with anybody!
But, don't worry, nobody expects you to remember every single password you have! Instead, you can use a password manager that will create and store lengthy, complex passwords for you. Adding two-factor authentication (2FA) to your important apps can further reduce the risk of identity theft.
Take good care of your new documents and destroy the old ones
Store your new documents and cards should in a safe place, shred or delete (if they are digital) old ones. People take expired documentation for granted, but your old credit card or bank or investment statements could be fished out of your garbage and used against you. Shred junk mail, and delete old emails, especially if they hold sensitive information about you.
Use a digital wallet
Digital wallets have become a must lately. They are a more secure, digital version of your credit and debit cards that are encrypted and tokenized. Online shopping comes with many risks, and has greatly contributed to identity thefts in 2021. But, your shopping can be much safer with a digital wallet.
Monitor your financial and medical statements and credit reports
Thoroughly read your financial statements every once in a while. Make sure you recognize all the dates and transactions. Any unusual activity should be immediately revised and reported. Go through your health care "explanation of benefits" statements as well and make sure you recognize all the services provided. If there's a record of a service you haven't used, the chances are, somebody has used it instead of you by stealing your identity.
Protect your mobile devices and use a VPN with public Wi-Fi
Our mobile devices go everywhere we go and know everything we know (sometimes even more), and are, therefore, very much targeted. According to a Javelin report, only 48% of consumers lock their mobile devices at all times, and, according to Norton, only 25% of people use VPNs on public Wi-Fi. Remember, using passwords, apps instead of browsers, and good VPNs on public networks can significantly decrease your odds of experiencing identity fraud.
As our data increasingly gets stored and shared across the internet, the chances of identity theft keep increasing too. Even though individuals and companies are getting better at detecting suspicious activities in their accounts, most of them aren't willing to work on their poor online habits and invest the extra effort needed to build a proper defense.
Considering these and many other factors involved, we can't (realistically) expect the identity theft statistics to improve anytime soon. However, we can – and should – all take action to protect ourselves individually. By taking steps to stay safe online, we are actually helping to create a safer and more enjoyable environment for everyone.