Preventing identity theft: How common it is and how to protect yourself
The Bankrate promise
At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here's an explanation for .
Since 2020, the past several years have brought on significant health and financial uncertainty, and more people are relying on the web for sensitive information. People are inputting their personal data — names, addresses, Social Security numbers and health information — into websites so they can access aid and necessary information.
Identity theft, or when a person’s private information is stolen for financial gain, has always been a risk. However, the amount of identity theft and other data compromises surged after the beginning of the pandemic.
The year 2021 held a record year for data compromises, and though 2022 hasn’t reached that peak, the number of victims surged 210 percent over the last three months, according to the Identity Theft Resource Center. While the idea of having your personal information stolen can seem overwhelming, understanding how identity theft can happen can help reduce your chances of being a victim of identity theft.
Key identity theft statistics
- 1.43 million identity theft reports were made in 2021, the most of all up-to-date Federal Trade Commission reports. (Federal Trade Commission)
- 1.38 million identity theft reports were made in 2020, more than twice as many as 2019. (Federal Trade Commission)
- 25% of people who reported identity theft say they lost money from the theft. (Federal Trade Commission)
- In 2021, the average victim of identity theft lost $1,551. (AARP)
- 30% of victims who reported identity theft to the Identity Theft Resource Center lost over $10,000. (Identity Theft Resource Center)
- Identity fraud affecting bank and insurance accounts cost consumers $7.8 billion in 2021. (AARP)
- 56% of identity theft victims who reported to the ITRC are 55 or older. (Identity Theft Resource Center)
Top 10 states reporting the most cases of identity theft
Though identity theft is widespread throughout the country, Rhode Island residents reported the highest instances of identity theft per capita in 2021, with 30,370 total reports, or 2,857 per 100,000 people. Identity theft represented 73 percent of the state’s total reported fraud, with the vast majority of those reports being government documents or benefits fraud.
The Providence-Warwick metropolitan area was the city with the highest number of reports per capita in the country, according to reports to the Federal Trade Commission (FTC), with nearly 2,000 per 100,000 people. This is how identity theft reports break down for the top 10 states:
|State||Reports per 100,000 people in 2021||Total number of identity theft reports in 2021|
Source: Federal Trade Commission
Who is most at risk of identity theft?
Those most at risk for identity theft are people between the age of 30 and 39, according to the FTC.
Also, the Identity Theft Resource Center (ITRC), a nonprofit which assists victims of identity theft, reached out to victims of identity theft in a 2021 survey. Among those individuals, 64 percent were white and 52 percent were women. Broken down by age, the highest percentage of victims, 30 percent, made over $100,000 a year.
Over the past year, people generally have seen a decrease in money lost due to identity theft, according to the ITRC. Most victims of identity theft tended to lose small amounts, and generally, 36 percent of identity theft victims had lost under $499. However, year-over-year, three times as many people have lost $10,000 or more. More than three times as many people also reported that they didn’t know how much money they had lost.
Half of those who experienced identity theft last year had been a victim before, and about 79 percent have since changed their habits to minimize their risk of experiencing identity theft again.
For those who depend socially and financially on social media, identity theft can be devastating when breaches happen through a social media account. The ITRC spoke to those who’d had their social media accounts breached last year and found:
Social media is pervasive, creating the opportunity for people to try and access social media accounts through phishing and other methods. Most social media account takeovers happen on Instagram and Facebook, according to responses from the ITRC survey, and people frequently experience takeovers when they click on links they think have been sent by a friend.
Factors putting you at a greater risk for identity theft in 2022 and 2023
Most identity theft usually comes in the form of government documents or benefits fraud, credit card fraud or other cases related to documentation. Though reports of it are still relatively low, the number of cases of securities account fraud have increased 122 percent, more than any other category of identity theft, according to the FTC.
About 82 percent of data breaches are due to human error, such as clicking on a phishing link or using weak login credentials, according to a report from Verizon. Using the same, easy-to-remember passwords frequently and not periodically reviewing financial statements can also put you at a greater risk of identity theft.
Other risky behaviors can include:
- Sharing online accounts and passwords with others.
- Accepting social media requests from suspicious accounts.
- Buying suspicious devices when you’re unclear about their security standards and privacy policies.
- Downloading suspicious apps on your phone and giving them permissions.
Common identity theft tactics and targets
As technology grows more advanced, so do methods for scamming. The following are common identity theft scams, although the list is not exhaustive:
- Phishing, where someone receives an email that invites them to input information like passwords or credit card information. The email could be fake, even if you recognize the person or brand it’s copying.
- Vishing, where thieves contact someone over the telephone, either live or through a recording, to ask for personal information.
- Credit card skimming, where fake card readers have been placed in places like ATMs or gas pumps to read your credit card information.
12 ways to help prevent identity theft
1. Safeguard foundational identity documents
Your Social Security card, birth certificate, driver’s license, passport and military discharge papers are among critical identification documents that should be well protected.
With the exception of a driver’s license, you should not carry these documents with you. The same goes for insurance papers and tax returns. Keep them in a home safe or a safe deposit box and make electronic backup copies.
“It’s important to have those documents and know where they are,” says Eva Velasquez, president and CEO of the nonprofit ITRC.
2. Freeze your credit
When you apply for a loan, the lender checks your credit history. But when you freeze your credit, no one can access your credit files at the major credit reporting bureaus of Equifax, Experian and TransUnion — not even you, unless you lift the freeze.
A credit freeze can prevent a criminal from opening an account or taking out a loan using your personal data. A credit freeze is free and your credit cards, accounts and automatic payments continue to function.
3. Read financial account statements
Carefully read bank and credit card statements. If you frequently shop online at places like Amazon, it’s easy to lose track of charges and overlook irregularities on your credit card statement.
Devise a system to keep track of purchases. Retain purchase confirmation emails until you have matched them up with your monthly account statement.
4. Check ‘explanations of benefits’ from your health insurer
The cost of doctor visits, screening tests, surgeries and other health care you receive is itemized in a form called the ‘explanation of benefits,” or EOB. Insurers send EOBs to customers to explain how much the insurer paid versus what the patient owes.
Look for charges for medical services you did not receive and other irregularities. Health care was a leading sector for data breaches, according to the ITRC’s 2021 data breach report.
5. Use complex passwords and two-factor authentication
Passwords should be different across all accounts, contain at least 12 characters and be complex — not words, phrases or numbers that might be easy to guess.
For example, don’t use your dog’s name, especially if you share information about your pet on social media. A password manager is a good tool to generate, retrieve and securely store strong passwords.
Two-factor authentication adds another layer of security. An example is when you sign in to an account with a login and password and you are sent a text message with a numeric code you must enter to access the account.
6. Monitor credit reports
Credit reports tell you what accounts you have, your balances and payment history. Lenders use them to decide whether to extend you credit. Landlords and employers sometimes look at them before deciding whether to lease you an apartment or make a job offer. Look for accounts you didn’t open and other errors or oddities in your reports.
The major credit reporting bureaus are giving consumers free weekly access to their credit reports. You can get your reports at AnnualCreditReport.com. Consumers normally are allowed one free credit report per year from each of the three reporting bureaus.
7. Collect mail every day
Don’t let mail pile up in your mailbox. Even junk mail with your name and address on it can be used to put in a fake change of address and have your mail redirected to a criminal. Put a hold on mail delivery when you go on vacation.
Use the U.S. Postal Service’s Informed Delivery email notifications so you know if mail you’re supposed to receive doesn’t arrive.
Shred unwanted mail, especially prescreened credit offers. Be suspicious if you stop getting mail, especially bills and account statements.
8. Get into the shredding habit
Don’t toss unwanted mail and other papers with your name, address or other personal data into the garbage.
Not all identity thieves are high-tech. Some will go through trash. Get into the habit of shredding unwanted mail and any paperwork that contains identifying information.
9. Be on guard against phishing, smishing and vishing
Identity thieves are often imposters who use emails, text messages and phone calls to get your personal data and your money.
“Phishing” emails appear to be from an authoritative source like your bank or credit card company but may contain attachments with malware.
“Smishing” text messages try to lure you into giving up personal information or have links to fake pages.
Phone callers who tell you they’re from the IRS and you owe money or they’re from Microsoft and your computer needs an update or repair are “vishing.” Never reveal personal information or send money to unsolicited callers.
Identity thieves also prey on people looking for jobs. Posing as legitimate employers or job placement services, they induce people into filling out applications and other forms requesting valuable personal information or sending money for fake certifications and service fees. Do research on these “companies.” Alarm bells should go off if an employer wants you to pay them for a job.
10. Scrub electronic devices before getting rid of them
Make sure personal files and data on computers and smartphones are securely erased and cannot be recovered before selling, recycling or donating them. Merely deleting files isn’t sufficient. Data can be restored from a recycle bin or recovered with the right tools.
Search online for articles and videos on how to scrub your devices. If you’re not comfortable with that, find a trustworthy techie to do it for you.
11. Set up transaction alerts and use digital wallets
Many financial institutions let you sign up for texts or emails that notify you when purchases, withdrawals and other account transactions are made. These can serve as early warning signals if something is amiss.
Making purchases with digital wallets, which are apps that are digital versions of debit and credit cards, is safer because each transaction generates a unique, random, one-time code and your account number isn’t transmitted during the transaction. Your data is encrypted. Digital wallets also eliminate the need to carry cards and risk losing them.
12. Be aware of your surroundings
In a high-tech world, there are still pickpockets who can fleece people on trains and crowded streets and “shoulder surfers” who eavesdrop as people give out a credit card number or Social Security number over the phone.
When you leave a store or restaurant, make sure you haven’t left your credit or debit card on the table or your smartphone in the restroom. Don’t leave a handbag in a shopping cart while you look at something that interests you.
Stay alert and don’t think identity theft can’t happen to you. If you’re a parent, teach your children tips and how-to’s to avoid ID fraud.
Identity theft can be a costly nightmare requiring an exhausting effort to undo, so it’s hard to be too cautious about guarding your personal information.
Reporting identity theft: What to do if you think your identity has been stolen
If your identity is stolen, your first steps should be to notify the company or agency that issued your information and alert a major credit bureau.
You can report identity theft to the FTC through IdentityTheft.gov or over the phone at 1-877-438-4338. Fraud targeting a specific resource, like Medicare, tax or unemployment, can be reported to their respective federal agencies. If you know the person attempting to steal your identity, or if a creditor asks for a police report, contact your local police station.
If you suspect an online account might be compromised in a data breach, change your password and, if possible, select two-step authentication on your account.