Identity theft is the leading consumer complaint across the country. The latest data from the Federal Trade Commission’s (FTC) Consumer Sentinel Network shows that identity theft was the chief complaint in 49 of the 50 states, plus Washington, D.C. and Puerto Rico. It accounted for nearly one-third of the 4.7 million consumer grievance reports filed with the FTC.

And those numbers don’t likely reflect how prevalent identity theft really is, says Eva Velasquez, president and CEO of the nationwide nonprofit Identity Theft Resource Center (ITRC). “A lot of people don’t report identity theft to the federal government,” she says. “We think those numbers are low.”

Where identity theft occurs most often

Identity theft strikes indiscriminately. “This notion that only certain subsets of the population are acutely vulnerable is out the window in the world we live in,” Velasquez says. “Demographics can play a factor, but it’s really across the board when it comes to demographics.”

In the wake of the coronavirus pandemic, state and federal governments became the leading sector for identity theft and fraud. Unemployment benefits, small business loans and grants, the Paycheck Protection Program and other initiatives to bolster the U.S. economy have been prime targets for criminals.

Here is the top-to-bottom breakdown of where identity theft occurs most often, according to the FTC data.

Government benefits and IDs: Identity theft involving public benefits, especially unemployment benefits, and government identification documents skyrocketed nearly 3,000 percent from 2019 to 2020. The U.S. Secret Service estimated recently that $100 billion in pandemic relief money had been stolen.

The forgery and issuing of fake driver’s licenses, passports and other forms of government ID also has surged.

Credit card accounts: New and existing credit card accounts are cited in nearly 30 percent of ID theft reports, with the number of incidents reported rising 48 percent.

Loans and leases: Identity theft involving business and personal loans skyrocketed 127 percent, followed by real estate loans, auto loans and leases, student loans and house and apartment rentals.

Employment and taxes: Identity theft connected to consumers’ tax information jumped a whopping 225 percent, followed by theft related to employment or wages.

Phones and utilities: New and existing accounts for landline phones, mobile phones and utilities are major targets for identity thieves. New mobile phone accounts have the highest number of identity theft complaints in this category.

Bank fraud: New bank accounts, existing bank accounts and payment methods, such as debit cards, electronic fund transfers and automatic clearinghouse (ACH) payments, are a leading playground for identity thieves.

Other leading types of identity theft: The FTC lumps together identity theft complaints involving medical services, insurance, social media, online shopping, securities accounts, fake charity solicitations, credit bureaus, debt collectors, refund scams and other ruses.

The Consumer Sentinel Network highlights other details about where identity theft occurs most often and to whom:

  • The five states with the highest numbers of identity theft reports are Kansas, Rhode Island, Illinois, Nevada and Washington.
  • Consumers ages 40 to 49 filed the most ID theft reports, with the majority of them involving fraudulent government benefits or government documents.
  • The 30-39 age group filed the second-highest number of ID theft reports, most of them related to credit card fraud.
  • The 50-59 age group filed the third-highest number of reports, with most of them having to do with government benefits or documents.

Common ways scammers steal your identity

Cyberattacks

Cyberattacks are the leading strategy of identity thieves, according to the Identity Theft Resource Center. Examples of cyberattacks are:

  • Emails that look authentic but contain dangerous attachments or links. This is called “phishing.”
  • Text messages that look legitimate but have links to fake webpages. This is called “smishing.”
  • Malware, or malicious software, that invades computers, phones and other devices.
  • Ransomware, a type of malware used to extract money from victims by blocking access to computer systems or making a threat, such as exposing personal data.
  • Credential stuffing, where stolen logins and passwords are used to access multiple accounts.
  • Massive data breaches of companies that have personal information for thousands or millions of people. It could be a health care company, a retailer, a financial institution, a social media platform or other large entity.
  • Biometric authenticators, such as fingerprints, add another layer of security to smartphones and other devices, but if the place where they are stored is breached, identity thieves can access digital wallets and more.
  • The dark web is “like Amazon for crooks,” Velasquez of the ITRC says. This is a marketplace where personal data stolen in previous breaches is sold to other criminals.

Impostor scams

Impostor scams comprise a wide variety of identity theft crimes. They are perpetrated through phone calls, emails, texts, social media, websites, advertisements and other avenues.

Some common impostor scams include:

  • Fake emergencies: These are often phone calls from someone who claims to be from the IRS, your bank or credit card company, the police department or a computer company. They’ll tell you that you have an unpaid fine or there is a computer virus alert and they need to fix your computer. Another common fake emergency is that a loved one is in distress and needs money.
  • Phony job opportunities: Ads for fake employment agencies or work-from-home jobs lure victims into filling out applications and divulging highly sensitive personal information such as Social Security numbers.
  • Delivery notification scams: With more people ordering groceries and other goods online, scammers may call, email or text phony delivery notifications. Victims may be asked to call a number and provide updated account or payment information, or click on a bad “tracking link” that installs malware on their phone or computer.
  • Romance scams: Imposters prey on people looking for human connections. They use information from victims’ social media accounts about who they are and what they like. They gain the trust of victims and build strong relationships quickly. If they seem to always be available, it’s because they are online all the time, probably hacking into your accounts. After they steal your credentials, or your money, they disappear.
  • Fake video conference invitations: Taking advantage of the massive work-from-home shift and at-home schooling, identity thieves use emails, texts and social media messages to send fake meeting invitations that infect computers with malware. Or, they “phish” for personal data by saying you missed a meeting or your account has been suspended, thereby prompting you to enter your login and password, which they capture and use to defraud you.
  • Charity scams: Criminals pretend to be from a legitimate charity, food bank or other organization to steal personal data and money.
  • Phony vaccine and test kit offers: This is one of the many COVID-related scams. Criminals steal personal information by getting people to sign up for COVID vaccinations and coronavirus test kits.
  • Prizes, sweepstakes and lottery ruses: These imposter scams have been around a long time. Identity thieves call, email, use direct mail or a social media notification to congratulate someone for winning a big prize or contest. But the victim is told they have to pay a tax, fee or customs duties to claim the money. The imposter may ask for bank account information, request a wire transfer or ask the victim to buy a gift card and then request the gift card number.

The old-fashioned way

Some identity thieves use old-fashioned street tactics, like pickpocketing in crowded areas, taking a forgotten credit card off a checkout counter or taking a smartphone someone left behind.

There are still “dumpster divers,” too, who will fish through people’s trash looking for discarded personal information that they can use to their advantage.

Mail stolen from a mailbox can be a rich source of personal information. Identity thieves take advantage of prescreened credit card offers, uncashed checks and new debit or credit cards that haven’t been activated.

Just your name and address are valuable to an identity thief, as they can be used to redirect your mail or get access to other information. Names and addresses are among the most breached data points, according to the ITRC.

Bottom line

Identity thieves are creative and industrious. As technology advances, so do their tactics. They follow societal trends, like the massive surge in online shopping, and use them to their advantage.

Don’t think you’re too smart or savvy to become the victim of identity theft. Basically, everyone is vulnerable to identity theft. “If you live in the U.S. and you have ID credentials, I can guarantee you will have identity theft problems,” Velasquez says.

“One of the biggest problems we have is the lack of acknowledgment that we are vulnerable. When we don’t admit that, we create additional vulnerability.”