case study for identity theft

SECURITY HERO

15 Famous Identity Theft Cases That Rocked The Nation

I have had my identity compromised. It sucks. While I shudder to think about what the thief did with the stolen information, it has forced me to develop good online security practices and get the best identity protection services .

Identity theft cases are rising globally, especially in the United States.

The US Federal Trade Commission received nearly 1.4 million identity theft fraud reports in 2021. Apparently, this was fuelled by uncertainty over COVID-19.

But while COVID contributed to this surge, there have been countless identity theft cases long before the pandemic.

In fact, the earliest identity theft case can be traced back to 1548, when an imposter took over Martin Guerre’s identity and lived as him until the real Martin returned.

If you fancy a bit of biblical story, then the first reported identity theft could well be between Jacob and Esau.

But we’re not about to go that far .

Many identity theft cases in recent years are enough to blow you away.

I will try to cover as many cases as possible and the lessons you should learn.

Hopefully, these events will highlight how far a scammer can go to steal your identity. And the terrible consequences that you might suffer – like financial loss, prison, or even death.

✔ Act Now! Protect yourself from identity theft horrors. For a short time, enjoy a discount on Aura Identity Theft Protection!

15 Famous Identity Theft Cases

1. the tinder swindler.

There’s a good chance you’ve seen the Netflix documentary, The Tinder Swindler .

If you haven’t, it’s a true crime documentary about an audacious scammer, Shimon Hayut, who posed as a wealthy businessman on Tinder.

Hayut tricked unsuspecting women with his supposedly lavish lifestyle and built fake relationships with them.

After gaining their trust, he would then tell his victims that business rivals were after his life and ask for their credit cards and loans.

Of course, he didn’t pay back. They never do.

As a result, many of Hayut’s victims are now burdened with crippling debt because he maxed out their credit cards.

According to The Times of Israel , he defrauded his victims of $10 million in two years.

Lessons You Should Learn

The Tinder Swindler is a classic example of a romance scam.

It’s a type of scam where scammers use love and romance to gain a victim’s trust.

When you finally find your dream match, they ask for money, gifts, or favors.

Unlike Simon Hayut, not all romance scammers will pose as wealthy people. While you’ll likely find sugar daddies and mommies, the core of this scam is building a romantic relationship with you online.

Anyone can fall victim to a romance scam – whether young or old. And the estimated 73,000 romance scam victims of 2022 alone will tell you that, too.

These Americans lost over $1 billion because they thought they found their knight in shining armor or their queen.

Romance scammers move fast. They’ll often declare their love quickly and make you do the same. Once they build a rapport, they start conjuring up different sob stories – their daughter has cancer, or a loved one needs emergency care.

It could also be the promise of an investment with a guaranteed ROI.

Don’t fall for it.

As a rule of thumb, never give money to someone you have only ever met online.

2. Phillip Cummings Stole 33,000 Credit Reports Which Cost Victims Between $50-100 Million

At the time it happened, Philip Cumming was responsible for the largest identity theft case in US history.

Cummings worked as a help desk for a software company in Long Island. After quitting, he took a spreadsheet containing customer login credentials.

Between 2001 and 2002, he sold customers’ credit reports to scammers for around $30 each.

The criminals he sold the sensitive information to netted between $50 to $100 million from roughly 33,000 customers.

Cummings pleaded guilty and was sentenced to 14 years imprisonment in 2005.

Although he claimed he didn’t know the con artists would take that much money, the judge said he caused “almost unimaginable” damage.

Lessons Learned

This scam is an example of a data breach.

A data breach is when criminals assess a company’s database and steal sensitive information.

Since Cummings’ scam, data breaches are now happening at an unprecedented rate – almost every 11 seconds .

To protect yourself, make sure you limit the amount of sensitive information you give companies and services you sign up for.

Protect your banking information, credit file, and social security number (SSN).

You should also review credit card transactions and bank statements regularly. Each credit bureau, Experian, Equifax, and TransUnion, provides a free annual credit report.

Scammers might initiate small transactions to see if you’ll notice. If you or your financial institution don’t flag them, they’ll make more expensive purchases.

✔ Act Now! Don’t let identity theft stories become your reality. Secure a discount on Aura Identity Theft Protection now!

3. Nicole McCabe Was Framed for Assassination

When most people think about the worst that could happen from an identity theft case, it’s usually financial loss.

But not always.

A con artist with your identity can do absolutely anything they want.

It just so happens that most scammers WANT money.

However, what happens when the scammer doesn’t need money?

Nicole McCabe knows a thing or two about this.

In 2010, Australian Nicole McCabe’s identity was allegedly stolen by the Israeli Intelligence Agency, Mossad, and used to assassinate Mahmoud Al-Mabhouh, a Hamas leader, in Dubai.

Imagine being framed for murder. How did it happen?

Her passport had been reportedly compromised.

McCabe was in her car when she heard the assassination news on the radio. And to her surprise, her name was also listed among the suspects.

Apparently, the assassination squad stole her identity along with two other Australians – Adam Korman and Joshua Bruce – to commit the crime. Many other people from the UK, France, Germany, and Ireland had their identities used.

McCabe was lucky because the identity theft was quickly reported, and the issue was resolved.

But not everyone will get off easily.

Her case demonstrates why you must keep sensitive documents, such as bank statements, medical reports, and passports, safe.

If these documents get into the wrong hands, they could be used to perpetuate terrible crimes.

And if you don’t have McCabe’s luck, you’ll find yourself in prison – or worse, on death row.

You can keep confidential materials in a safe or even in the bank.

4. Abraham Abdallah – the Crooked Robinhood

We all know the story of Robinhood. He stole from the rich and gave it to the poor.

Abraham Abdallah targeted the rich, but unlike Robinhood, he didn’t give to the less fortunate.

The con man gained access to the brokerage accounts and credit card numbers for up to six months. He used cell phones, faxes, and delivery services.

With his scheme, Abdallah accessed up to 217 accounts, including those belonging to Warren Buffet, Steven Spielberg, and Oprah Winfrey.

Fortunately, he was caught before all the illegal transactions could be completed – an amount totaling over $22 million.

After admitting to identity theft, wire fraud, and credit card fraud, Abdallah reportedly served 11 years in prison.

Perhaps the biggest lesson with Abdallah’s case is that cyber-criminals can target absolutely anybody. Regardless of social status or wealth, these con artists can and will use your identity to commit crimes if you’re not careful.

Abdallah’s credit card fraud was one of the earliest cases in the digital age.

Since then, scammers have become more creative and now have access to sophisticated technology.

This has made it all the easier to complete scams.

Like in the case of Cummings, it’s important to protect your credit file and other personally identifiable information.

When signing up for an organization that requests your sensitive information, ensure you ask how your documents will be used and who has access to them.

The next case will highlight how cyber-criminals have become highly sophisticated.

5. Amar Singh and His Wife, Neha Punjani-Singh

Amar Singh and his wife Neha Punjani-Singh entered a guilty plea in a $13 million scam.

They stole credit card numbers from victims and sold the information to buyers of fake cards, who then used it to make purchases worldwide.

The shoppers allegedly rented private jets, high-end cars, and five-star hotels using fake credit cards. When customers swiped their cards at retail or dining establishments, the attackers (Singh) used a skimming device to steal their personal information.

Singh received a sentence of less than 12 years in prison.

According to the FTC, credit card scams top the list of identity theft cases.

If you don’t want to be like Cummings’ or Singh’s thousands of victims, the best thing to do is freeze your credit.

No one can request or see your credit report. So, no one can open an account, apply for a loan, or get a new credit card while it’s frozen.

This service is free, it won’t impact your credit score, and you can temporarily lift the credit freeze whenever you want.

Other safety precautions include requesting annual credit reports, collecting physical mail daily, and reviewing bank statements and credit card transactions.

6. Senita Dill and Ronald Knowles SSN Fraud

Senita Birt Dill and Ronald Jeremy Knowles illegally acquired names, dates of birth, and Social Security numbers from 2009 to 2012.

They submitted over 1,000 false tax returns and received fraudulent tax refunds totaling more than $3.5 million .

Dill and Knowles filed and turned in false federal and state tax returns using tax preparation software.

The information on those filed returns was fake, including the amount of federal tax withheld and the income.

Afterward, they deposit their IRS refund check into a personal account.

The criminals were given prison terms of 324 and 70 months, respectively, and were required to pay the IRS $3,978,211 in restitution.

Dill and Knowles’ scam highlights the importance of protecting your social security number (SSN).

A hacker with your personal information like name and address can use your SSN, especially the last four digits to steal your money, open accounts in your name, and apply for government benefits.

They might even get tax or healthcare refunds in your name.

Never reveal your SSN in emails, phone calls, or text messages.

A criminal with your SSN can use it to access other personally identifiable information.

It’s also important to educate your children on why they shouldn’t reveal sensitive information to people on social media.

Children and seniors are more prone to identity theft frauds, especially those perpetrated by supposed friends or lovers.

Protect your social number as best as you can.

7. Russian Hackers Send Phishing Email to an American Politician

Some people find out they’ve been a victim of identity theft just right before college.

Others find out during a presidential election.

John Podesta fell for a classic email phishing scam while he was the chairman of Hilary Clinton’s presidential campaign.

Russian hackers posed as Google and emailed Podesta to change his password due to an “unusual activity.”

However, the link redirected to a malicious website where the hackers accessed his email account.

Once they broke in, the hackers released thousands of secret and reputation-damaging emails.

Right in the middle of a presidential election.

Lessons to Learn

Although most people will spot a phishing scam easily, cybercriminals have become increasingly creative.

This type of scam is called spear phishing.

In this kind of cyber attack, the perpetrators gather information about their target and create a scheme they are likelier to fall for.

Spear phishing can also target a group of people, such as seniors aged 60 and above. For example, these people are more likely to have medical issues and be confused about Medicaid and other healthcare programs.

In Podesta’s case, the hackers knew he would be nervous about a potential cyber-attack before the election. So, they preyed on his fears to gain access to his account.

Here’s how to identify and protect yourself from phishing scams:

Ensure you, your kids, and older adults understand how frequent phishing emails are and protect yourselves against these attacks.

8. The EminiFX Cryptocurrency Ponzi Scheme

They say cryptocurrency is the new gold.

But the victims of EminiFX will wish they didn’t believe the company’s CEO, Eddy Alexandre .

According to the FBI, Alexandre used his crypto ponzi scheme to dupe unsuspecting victims up to $59 million.

EminiFX promised investors a “guaranteed” 5% to 9.99% weekly return.

They jumped on it. And Alexandre eventually received almost sixty million dollars.

In reality, most of their money was never invested. Instead, Alexandre took at least $14.7 million into his personal account and bought a BMW with another $168,000.

He pleaded guilty in February 2023, agreeing to forfeit over $248 million. He currently faces up to 10 years in prison.

Cryptocurrencies lack regulation, which explains why scammers like using them.

They will likely create FOMO (fear of missing out) by promising enormous returns. Then, they steal the money that people “invest” or pay out earlier investors, which keeps the scam going.

But only for some time.

The more they pay earlier investors, the more people believe it could be real and keep reinvesting. Once they’ve got enough, they’ll run.

Investment schemes often come with an unbelievable guaranteed return – which is why you shouldn’t believe it.

If it is too good to be true, it probably is.

9. Kenneth Gibson – the Man Who Stole 8,000 Identities

Kenneth Gibson was an IT professional for a software bigwig from 2012 to 2017.

And like Cummings, he had access to the private information of thousands of people, including clients and fellow employees.

Unfortunately, he took advantage of this privilege.

Gibson built a computer software that would automatically create fake PayPal accounts in people’s names using information from the company’s database.

Then, he would use the stolen identities to apply for new credit accounts linked to the fake accounts he created.

Gibson eventually succeeded in creating over 8,000 accounts .

He would only transfer small amounts of money, take cash advances from the credit line, and use his debit card to access the cash.

This helped him continue the scam until he netted around $3.5 million from his victims.

Kenneth Gibson’s scam demonstrates why you must monitor your credit card transactions.

As I mentioned earlier, many scammers will test the waters with a small transaction before making an expensive one.

In Gibson’s case, he didn’t need to make a bigger purchase because he had thousands of accounts to steal from.

His scheme might have still been running till today had he not become careless.

Gibson would usually get cash from an ATM. However, he requested a check from PayPal and one occasion.

The name on one of the checks matched a victim’s name, which gave him away.

He was given a 4-year prison sentence in 2018, had to pay $1 million as compensation, and sold his assets to repay the amount he stole from his victims.

If you didn’t initiate a transaction, report it immediately, no matter how small.

10. SIM Swapping Scam on Jacy Erin

In Jacy Erin’s case, hackers broke into her mother’s email account, stealing sensitive information. This included her phone number and credit card information.

Then, they contacted her phone number to reroute all incoming calls to Erin and her parents to their phones.

Erin found out early and changed her family’s phone service.

But the deed had been done.

A few days later, Erin’s father learned that the scammers had used his credit card to spend almost $40,000.

Of course, the credit card company suspected foul play due to the odd purchase.

However, due to the earlier phone service rerouting, the calls went directly to the fraudsters.

In a SIM swapping scam, a scammer contacts your mobile phone provider and pretends to be you to get them to activate a new SIM card.

This means the fraudster now has a SIM card with your personal information, enabling them to receive your calls or texts.

Unfortunately, this lets them bypass security fraud alerts and two-factor authentication.

To prevent a SIM swapping scam, call your service provider to lock your phone number or SIM to your account.

You’ll typically need to create a secure PIN which only you know.

This means any scammer who wants to “port” your number to a new phone must enter the PIN you’ve created.

Chances are that the scammers will not know this information.

Although unfortunate, Erin’s case demonstrates how scammers can use one weak link in the family to exploit other family members.

This is why it’s essential to protect your children from identity theft. They are the most vulnerable demographic to ID theft.

Once there is a fraud attempt on any family member, or someone close to you who has been a victim, take urgent measures to secure your account.

11. Nakeisha Hall – the IRS Staff

Many identity theft cases involve the IRS.

For example, a scammer calls pretending to be from the IRS and talks to you about tax refunds, etc.

However, what if the scammer actually works for the IRS?

In 2016, Nakeisha Hall pleaded guilty to using taxpayer information to defraud hundreds of victims of $1 million.

Hall was given a nine-year, two-month sentence and was required to pay the IRS $438,187 in restitution.

Hall worked in several IRS offices from 2000 to 2011. The IRS Taxpayer Advocate Service in Birmingham, Alabama, was one of them.

The department was created to help taxpayers who had become identity theft victims.

Since the ID theft came from IRS staff, this is quite tricky.

However, many victims would have avoided this scam if their credit files had been frozen.

You can freeze your credit when not in use and unfreeze it temporarily whenever you want.

This case also demonstrates why you shouldn’t trust anyone – even IRS staff.

It’s important to do your due diligence and beware of contacts that request your personal information.

12. Turhan Lemont Armstrong and the Real Estate Fraud

Real estate is one of the most profitable places to invest in. That’s why scammers use it to entice unsuspecting victims.

Turhan Lemont Armstrong was at the heart of a long-running credit card, loan, and real estate scheme that saw him net $3.3 million using stolen identities , especially children’s.

Armstrong was charged with 51 counts and found guilty on all.

One peculiar thing about this scam is that it targeted the SSNs of children who had left the country.

That’s because these people were more unlikely to monitor their credit reports.

He used these stolen identities and SSNs to open bank accounts, obtain credit cards, apply for loans, set up shell companies, and buy homes and cars.

Armstrong was sentenced to 21 years in federal prison and ordered to pay $3,305,609 in restitution.

This case demonstrates the importance of protecting your children from identity theft.

Around 1 in 50 children become identity theft victims annually.

Scammers can use your child’s credit to stack up debts. And when it’s time to pay for college, you’ll be stuck with unpaid debts.

Here are some steps to protect your child from identity theft:

13. How David Matthew Read Impersonated Demi Moore and Spent Over $169,000

In 2018, David Matthew Read impersonated Hollywood actress Demi Moore.

The 35-year-old con artist reported that her no-limit American Express card had been stolen.

Read had found Moore’s SSN and other personal details online.

Armed with this sensitive information, he intercepted the new card at a FedEx facility pretending to be Moore’s personal assistant.

A 25-day shopping spree followed. And this saw Read spend over $169,000 in luxury stores.

Read wasn’t going to enjoy the money for long as the FBI identified him and another accomplice from surveillance footage of them using the card to make purchases.

The scammer was sentenced to 70 months for his identity theft scheme, including three years of supervised probation and full restitution.

14. Luis Flores Impersonated Kim Kardashian

It seems there is no end to people stealing celebrities’ identities.

But 19-year-old Luis Flores Jr. took it to the next level when he called American Express and claimed to be Kim Kardashian.

He tried to change her SSN and address to his own so that he could receive new cards.

As expected, the credit card company got suspicious and reported Flores and his mom to the Secret Service.

Apparently, Kim Kardashian was the least of his targets.

Investigators found a flash drive containing the private data of Bill Gates, Michelle Obama, Beyonce, and even Paris Hilton!

The driver had their SSN, personal details, and credit card accounts.

But that’s not all.

Flores was also linked to identity theft cases involving fraud against Stacia Hylton, the US Marshals Service Director at the time, and Robert Mueller, a former FBI director.

You’ve got to have some nerve to steal the identity of an FBI director.

He and his mother ordered replacement cards using the personal information and changed the victims’ addresses and phone numbers on their accounts. Then, they made numerous wireless transfers from the targeted accounts to their own.

Lessons Learned

The internet has made it super easy for people to put out personal information online.

Don’t be that person.

Read found Moore’s personal info online.

It’s important to keep details like your SSN, banking statements, credit card information, passports, birth certificates, etc., from social media.

Flores and his mom also compiled the personal data of multiple people to exploit them.

While their targets were mostly celebrities, scammers can easily defraud a regular person who puts their personal information online.

15. The Fake Hostage Phone Call

An Indiana woman received a fake hostage call from scammers who said they had her mother and would kill her.

The victim received what appeared to be a call from a scammer telling her they had a gun to her mother’s head and would shoot if she didn’t send $1,500 to their Venmo.

She could hear a woman screaming in the background, so she was unsure.

The victim was terrified and sent the money immediately.

After the call, she phoned her mom immediately.

You guessed right – her mom was perfectly fine.

This type of scam is called a hostage scam.

The scammer typically “spoofs” their phone number, making it look like the call was from the victim’s number.

Fraudsters can gather information from your social media and online footprint to know if you’re a possible target.

Another example of this scam is called the grandparent scam. This is when a fraudster calls a senior and pretends to be their grandchild who needs urgent financial help.

The fraudster may also claim that they’re calling on behalf of the grandchild.

For example, an elderly woman in Ohio was scammed of $20,000 in 2019 when the scammer pretended to be law enforcement.

The fraudster said her grandson was under arrest and needed bond money to be released.

To avoid virtual kidnapping schemes, ensure you:

Never make your dates, travel plans, or locations public.
Have a secret code with your loved ones that they can use when they’re really in trouble.
If you’re in doubt, hang up and call the number back.
Keep the scammer on the phone while you try texting or calling the person supposedly in trouble.

How to Protect Yourself from Identity Theft Scams?

The identity theft cases above are crazy. They also prove that identity theft can happen to anyone , from children to celebrities.

I know that I can never completely eliminate the risk of id theft, but I do my best to steer clear. My strategy involves two steps:

Practice good hygiene
Continually monitor

Here’s my 7-step process for practicing good online hygiene

In addition to this, I also use a good identity theft protection service like Aura, which constantly monitors my credit, and public records as well as the dark web and notifies me immediately of any breaches I have been affected by.

I find Aura’s constant monitoring and theft insurance, together with my online hygiene checklist, help me sleep well at night.

You can read my Aura review here or how it is compared to LifeLock .

Get Aura Identity Protection If:

You want the best identity theft protection service for your family
You have assets worth protecting
You like the peace of mind that Aura offers
Up to $5M theft insurance
Best in class credit and dark web monitoring
White-glove threat resolution
24/7/365 Expert Customer Service

These identity theft cases show how far scammers are willing to go to steal your identity.

It also demonstrates how creative these fraudsters are getting and the sophisticated tech they use.

The best way to protect yourself and your family from being an identity theft victim is to keep sensitive information private.

Learn to identify phishing and social engineering tactics, and always monitor your credit file, transactions, and banking statements.

If you have kids and older adults, they are the likeliest to be victims. Educate them on the importance of being safe online and help them create secure passwords with 2FA.

Don’t forget to use strong antivirus software such as Norton from LifeLock or McAfee, and Proton.

Life can be fast-paced, so it might sometimes be difficult. That’s why you should consider identity theft protection services.

Some examples are Aura, Identity Guard, IdentityForce, IDShield, ID Watchdog, and IdentityIQ.

haveibeenpwned.com is another useful resource to find out if your sensitive data has been affected by a data breach.

https://www.abc.net.au/news/2010-02-27/no-help-for-australian-caught-up-in-dubai-hit/344994
https://www.smh.com.au/national/three-australians-shocked-by-id-theft-20100225-p5zj.html
https://www.nbcnews.com/id/wbna6001526
https://www.justice.gov/usao-nv/pr/reno-man-sentenced-four-years-prison-creating-over-8000-fraudulent-online-accounts-stolen
https://www.justice.gov/usao-ndal/pr/irs-employee-sentenced-nine-years-and-two-months-prison-leading-1-million-id-theft-tax
https://www.washingtonpost.com/news/post-nation/wp/2016/08/11/her-job-was-to-help-victims-of-identity-theft-instead-she-used-them-to-steal-from-the-irs/
https://www.ice.gov/news/releases/los-angeles-area-man-convicted-scheme-used-stolen-identities-obtain-more-3-million
https://patch.com/california/los-angeles/id-thief-who-used-demi-moores-amex-card-sent-halfway-house

4 Case Studies in Fraud: Social Media and Identity Theft

Does over-sharing leave you open to the risk of identity theft.

Generally speaking, social media is a pretty nifty tool for keeping in touch. Platforms including Facebook, Twitter, Instagram, and LinkedIn offer us a thousand different ways in which we can remain plugged in at all times.

However, our seemingly endless capacity for sharing, swiping, liking, and retweeting has some negative ramifications, not the least of which is that it opens us up as targets for identity theft.

Identity Theft Over the Years

Identity theft isn’t a new criminal activity; in fact, it’s been around for years. What’s new is the method criminals are using to part people from their sensitive information.

Considering how long identity theft has been a consumer threat, it’s unlikely that we’ll be rid of this inconvenience any time soon.

Living Our Lives Online

The police have been using fake social media accounts in order to conduct surveillance and investigations for years. If the police have gotten so good at it, just imagine how skilled the fraudsters must be who rely on stealing social media users’ identities for a living.

People are often surprised at how simple it is for fraudsters to commit identity theft via social media. However, we seem to forget just how much personal information goes onto social media – our names, location, contact info, and personal details – all of this is more than enough for a skilled fraudster to commit identity theft.

In many cases, a fraudster might not even need any personal information at all.

Case Study #1: The Many Sarah Palins

Former Alaska governor Sarah Palin is no stranger to controversy, nor to impostor Twitter accounts. Back in 2011, Palin’s official Twitter account at the time, AKGovSarahPalin (now @SarahPalinUSA ), found itself increasingly lost in a sea of fake accounts.

In one particularly notable incident, a Palin impersonator tweeted out an open invite to Sarah Palin’s family home for a barbecue. As a result, Palin’s security staff had to be dispatched to her Alaska residence to deter would-be partygoers.

This phenomenon is not limited only to Sarah Palin. Many public figures and politicians, particularly controversial ones like the 2016 presidential candidate Donald Trump, have a host of fake accounts assuming their identity.

Case Study #2: Dr. Jubal Yennie

As demonstrated by the above incident, it doesn’t take much information to impersonate someone via social media. In the case of Dr. Jubal Yennie, all it took was a name and a photo.

In 2013, 18-year-old Ira Trey Quesenberry III, a student of the Sullivan County School District in Sullivan County, Tennessee, created a fake Twitter account using the name and likeness of the district superintendent, Dr. Yennie.

After Quesenberry sent out a series of inappropriate tweets using the account, the real Dr. Yennie contacted the police, who arrested the student for identity theft.

Case Study #3: Facebook Security Scam

While the first two examples were intended as (relatively) harmless pranks, this next instance of social media fraud was specifically designed to separate social media users from their money.

In 2012, a scam involving Facebook developed as an attempt to use social media to steal financial information from users.

Hackers hijacked users’ accounts, impersonating Facebook security. These accounts would then send fake messages to other users, warning them that their account was about to be disabled and instructing the users to click on a link to verify their account. The users would be directed to a false Facebook page that asked them to enter their login info, as well as their credit card information to secure their account.

Case Study #4: Desperate Friends and Family

Another scam circulated on Facebook over the last few years bears some resemblance to more classic scams such as the “Nigerian prince” mail scam, but is designed to be more believable and hit much closer to home.

In this case, a fraudster hacked a user’s Facebook profile, then message one of the user’s friends with something along the lines of:

“Help! I’m traveling outside the country right now, but my bag was stolen, along with all my cash, my phone, and my passport. I’m stranded somewhere in South America. Please, please wire me $500 so I can get home!”

Family members, understandably not wanting to leave their loved ones stranded abroad, have obliged, unwittingly wiring the money to a con artist.

Simple phishing software or malware can swipe users’ account information without their having ever known that they were targeted, thus leaving all of the user’s friends and family vulnerable to such attacks.

How to Defend Against Social Media Fraud

For celebrities, politicians, CEOs, and other well-known individuals, it can be much more difficult to defend against social media impersonators, owing simply to the individual’s notoriety. However, for your everyday user, there are steps that we can take to help prevent this form of fraud.

Make use of any security settings offered by social media platforms. Examples of these include privacy settings, captcha puzzles, and warning pages informing you that you are being redirected offsite.
Do not share login info, not even with people you trust. Close friends and family might still accidentally make you vulnerable if they are using your account.
Be wary of what information you share. Keep your personal info under lock and key, and never give out highly sensitive information like your social security number or driver’s license number.
Do not reuse passwords. Have a unique password for every account you hold.
Consider changing inessential info. You don’t have to put your real birthday on Facebook.
Only accept friend requests from people who seem familiar.

Antivirus software, malware blockers, and firewalls can only do so much. In the end, your discretion is your best line of defense against identity fraud.

You might also enjoy a great Motivational Speaker Video for social media safety tips

Jessica Velasco

Tech Company Pulls Ads from Olympics Over Controversial Opening Ceremony Performance C Spire, a Mississippi-based tech company, withdrew its Olympi…

Hurricane Beryl, Caitlin Clark Triple-Double, French Elections

Nba draft 2024, rivian stock, rapidan dam, subscribe to the skinny.

Complete Instagram, Facebook & Pinterest Management - Start Your Free 7 Day Trial

How Online Tools Can Streamline Business Processes

What is the role of technology in improving oilfield safety, digital innovation in paystub management for 2024, innovative approaches to improve personal injury lawyer ads and increase client acquisition, the viral sweep: mapping the social media buzz around online minesweeper challenges, how surveys can increase b2b lead generation, how to use ai to predict trends and increase sales, uber fined $324 million by the dutch data protection authority.

Worried you have been impacted by the latest data breach? Get protection now .

Worried you have been impacted by the

latest data breach? Get protection now .

The Most Unbelievable Identity Theft Stories of All Time

Here are the nine most unbelievable and terrifying identity theft stories that will show you just how grave identity theft can be.

Jory MacKay

Aura Cybersecurity Editor

Jory MacKay is a writer and award-winning editor with over a decade of experience for online and print publications. He has a bachelor's degree in journalism from the University of Victoria and a passion for helping people identify and avoid fraud.

Alina Benny

Alina Benny is an Aura authority on internet security, identity theft, and fraud. She holds a bachelor's degree in Electronics Engineering from the Cochin University of Science and Technology and has nearly a decade in content research. Twitter: @heyabenny

Identity theft stories and cases: Header image

Aura’s digital security app keeps your family safe from scams, fraud, and identity theft.

You Won't Believe These Identity Theft Horror Stories

It’s a fact: 40% of Americans believe that they are a victim of identity theft [ * ]. But while many criminals are content to break into your bank account , max out your credit card, or take out loans in your name, some carry on with disturbing persistence.

The most unbelievable identity theft stories range from criminals writing fake cheques during a globe-trotting crime spree to pretending to be a family’s long-lost child to evade criminal charges.

Unfortunately, most victims of fraud and identity theft think it could never happen to them — until it does.

Here’s a look at nine unbelievable scams that illustrate how creative con artists can be and how you can protect yourself and your family from the worst-case scenario that is identity theft.

9 Unbelievable Identity Theft Stories

The “Tinder Swindler” who scammed lonely lovers
The credit check fraudster who stole 33,000 identities
The celebrity identity thief who went after Oprah
The mom who stole her daughter’s identity
The phishing attack that targeted a presidential candidate
The scammer selling stolen cars on Facebook
The fake hostage phone call scam
The SIM swap scam that cost a YouTuber $40,000
The EminiFX crypto scheme

1. The “Tinder Swindler” who scammed lonely lovers out of millions

Shimon Hayut is the subject of the Netflix documentary The Tinder Swindler , and he’s one of the most brazen scammers on this list.

Hayut posed as a wealthy businessman on Tinder, and used his lavish lifestyle to impress women and build relationships. Soon after, he would tell his current target that business rivals were threatening his life and ask for credit cards and loans.

Hayut maxed out cards and didn’t repay the loans, leaving many of his victims straddled with crippling debt. The Israeli Times estimates that he defrauded his victims for a total of $10 million.

How the Tinder Swinder’s scam worked:

While Hayut’s scam seems made for our times, it’s really just a variation of an age-old scheme: the romance scam .

In a romance scam, con artists pose as wealthy and attractive individuals to gain their victim’s trust. Once they build rapport, they start asking for gifts, money, and favors. A total of 72,806 people were victims of romance scams in 2022 [ * ].

How to avoid becoming the victim of a romance scam:

There are several romance scammer red flags to watch out for. But there’s one in particular that gives them away: scammers like to move fast.

Romance scammers will often profess feelings of love quickly. They’ll pressure you to admit you feel the same way and then start asking for money or to invest in a “guaranteed” investment.

If you want to stay safe, just remember: never give money to someone you’ve only ever met online — no matter the reason.

📚 Related: New Netflix Scams: Why Someone Could Be After Your Account →

2. The credit check fraudster who stole 33,000 identities

In 2004, Philip Cummings pleaded guilty to one of the largest identity theft cases in the United States.

Cummings worked a desk job at Teledata Communications, Inc. in Long Island, New York, where he helped companies run routine credit checks. When he left his job, he packed up his belongings — along with the confidential passwords that belonged to 33,000 customers.

With the help of an accomplice, Cummings sold this sensitive data to criminals who used it to drain bank accounts and commit credit card fraud.

The U.S. Department of Justice estimated a total loss of $50 to $100 million due to this scam.

How Philip Cummings stole thousands of passwords:

Cummings’ scam was one of the earliest examples of a data breach . This is where criminals access a company’s database and then sell stolen sensitive information for a profit.

Major data breaches happen nearly every single day, especially in healthcare. Stolen personally identifiable information (PII) or a health record with the policyholder’s name and payment information could be used to commit medical identity theft.

How to protect yourself from a data breach:

The best way to prevent medical identity theft is to limit the amount of information you provide to companies. Be especially careful with where you share your Social Security number (SSN) or banking information.

Then, keep an eye on your credit report for suspicious activity. You’re allowed a free credit report check (from each of the three credit bureaus — Experian, Equifax, and TransUnion) every year on AnnualCreditReport.com.

Or better yet, sign up for a credit monitoring service. These services constantly monitor your credit file, bank account, credit cards, and more for signs of fraud.

📚 Related: Someone Stole My Tax Refund Check! What Should I Do? →

3. The celebrity identity thief who went after Oprah, Spielberg, and more

Abraham Abdallah targeted America’s richest individuals with his internet identity fraud scheme. His victims included Steven Spielberg, Oprah Winfrey, and Warren Buffet.

A restaurant worker by day, Abdallah used early web-enabled phones and library computers to find sensitive information on his targets, including home addresses, date of birth, phone numbers, and SSNs.

Then, he submitted change-of-address requests to reroute their mail. Soon, he gained even more sensitive information, such as credit cards, investment accounts, and more.

How Abraham Abdallah stole celebrity identities:

The critical piece in Abdallah’s identity fraud scam was what’s known as a change-of-address scam .

Fraudsters use your personal information to submit a request with USPS to reroute your mail. Before you can notice that your bills have stopped arriving, they’ve collected enough sensitive data to steal your identity and worse.

How to protect yourself from a change-of-address scam:

If it can happen to celebrities and billionaires, it can happen to you.

To stay safe from scammers like Abdallah, opt for digital statements for your bank, credit, and investment accounts. You want to keep your sensitive information out of your mailbox as much as possible.

Identity theft protection services may also include address monitoring. For example, Aura monitors USPS databases and will alert you if anyone is trying to change your address without your permission.

4. The mom who stole her daughter’s identity (to become a cheerleader)

If you had the chance to redo your life, would you take it?

That’s exactly what Wendy Brown tried to do when she stole her daughter Jaimi’s identity. Brown used her daughter's identity to enroll in high school and join the cheerleading squad.

She only got caught when the school called Jaimi's "old" school and discovered she'd never left. Brown was found not guilty by reason of mental disease or defect, and was committed to a psychiatric facility for three years.

How Wendy Brown stole her child’s identity:

Unfortunately, child identity theft has become more and more common in the past few years. Just last year, 915,000 children fell victim to ID fraud [ * ].

Children are an attractive target for criminals as few people monitor their child’s SSN. That means you won’t find out about the crime until your child applies for credit cards, student loans, or a driver’s license .

Even worse, the majority of child identity theft is committed by a parent or someone the child knows [ * ].

How to protect your child’s identity from scammers:

All a scammer needs to steal your child’s identity is their SSN. Make sure you keep their Social Security card safe and don’t give it out unless you absolutely have to.

You can also freeze your child’s credit until they’re 16 (and can legally apply for loans themselves). This will stop criminals from being able to open new accounts in their name.

For ultimate protection, sign up for a family identity theft protection plan. Aura monitors your child’s SSN for signs of fraud and will alert you if it’s been leaked to the Dark Web .

5. The phishing attack that targeted a presidential candidate

There’s no good time to become the victim of a phishing scandal, but right in the middle of a presidential election has to be one of the worst times.

John Podesta was the chairman of Hillary Clinton’s presidential campaign when he fell for a phishing scam.

Russian hackers sent an email posing as Google and asked Podesta to change his password due to an alleged hacking attempt.

However, the link went to a malicious website that gave the hackers access to his email account. Once they got in, the hackers released thousands of private and damaging emails — right before the election.

How hackers tricked a politician into giving them access to his inbox:

While phishing emails are often easy to spot, scammers have improved their schemes. In this case, Podesta was the victim of spear phishing. This is a type of cyber attack where criminals learn about their victim and craft a scam they’re more likely to fall for.

The hackers knew that Podesta would be nervous about a potential hack right before the election. And they used his fears against him to gain access to his account.

How to protect yourself from phishing emails:

Those organizations that haven’t experienced any data breaches to date invest the most in email security [ * ]. But as a consumer, do you know the red flags that can tip you off to a potential scam ? In particular, you should be on the lookout for:

The sender’s name and “from” email address don’t match.
The email comes from an unexpected or alternative domain (for example, “Google-support.com” instead of “Google.com”).
It uses threatening language to create a sense of urgency and get you to act quickly.
It includes strange or scrambled links or unexpected attachments.
There are spelling and grammatical errors.
The email claims to be from a government agency such as the IRS.

If you’re at all uncertain about the legitimacy of an email, contact your company’s IT team to make sure it’s safe.

6. The scammer selling stolen cars on Facebook Marketplace

When Cody Kneipp needed a fuel-efficient car to make deliveries, he turned to Facebook Marketplace. There, he found a car offered for sale by a man listed as “Yoni” on Facebook — but who said that he went by another name.

Kneipp met the seller in person to purchase the car and paid $3,500 cash. The seller gave him the car’s signed title and original key, so everything seemed above board. It wasn’t until Kneipp registered the car at the DMV that he discovered it had been listed as stolen.

He brought it to the police department. They told him that the original owners had gone on vacation and left the car title and a spare key in the glove box.

How the stolen used car scam works:

While this fraud story was simply a case of vehicle theft, scammers have found easy ways to make stolen cars look legitimate. Title washing is when scammers create a fake title for a vehicle that either changes the car’s status (for example, from salvaged to clear) or VIN.

How to safely buy a used car:

To verify ownership of a used car before you purchase, you can ask for an online VIN history and compare the car owner’s name to a valid form of ID from the seller.

If you want to be absolutely sure, ask the seller to meet you at the DMV where you can review the documents before going through with the purchase.

7. The fake hostage phone call scam

Indiana police are warning citizens of an unsettling new scam after a woman reported receiving a fake hostage call about her mother.

The victim, who chose to remain unnamed, received a phone call in the middle of the night that seemed to come from her mom. When she answered, a man addressed her using her name — and claimed that he was holding her mom hostage with a gun to her head. The scam victim could hear a woman in the background screaming.

The caller said he needed cash to get home and threatened to hurt her mom if the victim didn’t send money via Venmo. So she complied and sent $1,500 over Venmo.

After the thieves hung up, the victim called her mom back only to discover that she was unharmed, and never held hostage.

How the fake hostage phone call scam works:

Scammers use phone calls all the time as they’re an easy way to create urgency and trick their victims into acting. In this scam, the fraudsters “spoofed” their phone number to look like it was coming from the victim’s mother.

But how do they know who to call? There’s more than enough information in your online footprint and on social media for scammers to find a vulnerable target.

How to avoid being the victim of a virtual kidnapping scam:

The FBI has reported an increase in virtual kidnapping scams, and offers the following tips for protecting you and your family:

Don’t ever make your travel plans, dates, or locations public online.
Create a code word with your loved ones that they can use if they’re really in trouble.
When in doubt, hang up and call back on their number.

If you get a call like the one reported here, be aware of potential red flags. Callers who only accept wire transfers are probably scammers. If something seems off, you can keep the caller on the phone while calling or texting the person supposedly in trouble.

8. The SIM swapping scam that cost a YouTuber $40,000

YouTuber Jacy Erin’s ID theft story starts with her mother’s email address.

Hackers broke into Erin’s mother’s email account and stole sensitive information including her credit card information and phone number. They then contacted her phone service provider to have all incoming calls to Erin and her parents rerouted to their phone.

Erin snuffed out the hackers early and changed back their phone service. However, a few days later, Erin’s father realized that the scammers had spent almost $40,000 using his credit card.

The credit card company’s calls to verify the strange purchases had gone straight to the scammers.

How scammers rerout their victim’s phone number:

Unfortunately, SIM swapping is a common scam that’s easy to pull off for fraudsters. All they need to do is harvest enough information about you to convince your phone provider to “port” your number to a different phone.

Once the swap is complete, the scammers will receive all your calls and texts. This lets them bypass security features like fraud alerts and two-factor authentication codes.

How to keep your phone (and bank account) safe:

You can lock your SIM or phone number to your account with your provider. Just call them and ask to set up a secure PIN on your account.

You should also be on the lookout for signs of email hacking . For example, your friends receive spam messages from you, you can’t access your account, or there’s login activity from suspicious locations. If any of these happen to you, change your passwords and enable two-factor authentication (2FA) immediately.

📚Related: How To Know if Your Phone Is Hacked →

9. The EminiFX crypto scheme that funded its founder’s lavish lifestyle

According to the FBI, EminiFX chief executive officer, Eddy Alexandre ran an elaborate cryptocurrency Ponzi scheme that racked up over $6 million in losses.

EminiFX promised crypto investors a “guaranteed” return of 5% or more each week. Ultimately, Alexandre collected $59 million from individual “investors”. But there’s little evidence to show that he used the money for the advertised purposes.

According to the Justice Department, Alexandre invested $9 million in individual stocks, losing more than $6.2 million. It was also later discovered that the bulk of the money he collected helped fund his luxurious lifestyle.

How crypto investment scams work:

Scammers love cryptocurrencies due to the lack of regulation and hazy nature of the industry. They contrive a fear of losing out by promising huge returns but then either steal any money that people “invest” or use it to pay out earlier investors to keep the scam running (i.e., a Ponzi scheme).

Crypto investment scams are especially common on platforms like Telegram and in online dating scams.

How to avoid a crypto (or any other investment) scam:

High-yield virtual investment offers can seem tempting. But anyone who advertises a guaranteed return could be a scammer.

Protect Yourself Against Identity Theft With Aura

These horror stories demonstrate the various creative ways fraudsters can steal your identity.

To protect yourself and your family from identity theft, keep your accounts and sensitive information secure, avoid risky situations, and learn the warning signs of phishing. And for ultimate protection, consider an all-in-one digital security solution.

With Aura, you get:

Financial fraud protection. Aura monitors your credit and bank accounts in near-real time and alerts you of fraud four times faster than the competition.
Instant credit lock. Lock and unlock your Experian credit file with one click from your desktop or mobile app.
Identity theft protection. Aura can alert you if an online account has been compromised, monitor your SSN for signs of fraud, and even reduce the amount of spam calls and emails you receive.
Device and Wi-Fi protection for all your devices. Keep your computer, phone, and home network safe from hackers with powerful antivirus software and a military-grade Virtual Private Network (VPN).
Family identity theft monitoring for up to five people including children and adults.
$1,000,000 in coverage for eligible losses due to identity theft. If the worst happens, Aura will be there to walk you through the remediation process to help secure your identity and get you back on your feet.

Ready for ironclad identity theft protection? Try Aura free for 14 days .

Editorial note: Our articles provide educational information for you to increase awareness about digital safety. Aura’s services may not provide the exact features we write about, nor may cover or protect against every type of crime, fraud, or threat discussed in our articles. Please review our Terms during enrollment or setup for more information. Remember that no one can prevent all identity theft or cybercrime.

Award-winning identity theft protection with AI-powered digital security tools, 24/7 White Glove support, and more. Try Aura for free .

Illustration of a man staring at a mirror but his reflection has a question mark where his face should be

14 Dangers of Identity Theft That Can Leave You Reeling

From financial devastation to emotional pain, the dangers of identity theft are serious. Don't let identity theft cripple your life.

An illustration of an ID card where the person in the photo is holding a shield

How To Protect Yourself From Identity Theft

The best way to protect yourself from identity theft is to limit the information fraudsters can find about you — after that, it’s all about playing defense.

Try Aura—14 Days Free

Start your free trial today**

14 days FREE of All-In-One Protection

4.7 as of March 2024

8 Real Life Identity Theft Stories (And How They Were Resolved)

Facebook 12
Pinterest 6

When you purchase through links on our site, we may earn a commission. Here’s how it works .

A depressed man holding credit card over gray background wearing a watch and blue checkered long sleeve shirt

In 2021, 5.7 million reports were filed with the FTC about identity theft. That’s equivalent to the entire state of Colorado having their identities stolen. And that’s only complaints, aka, people who decided to contact the FTC about identity theft issues.

Can you imagine the number of people per year who have their identities stolen? Companies can guess all they want on this number, but the reality is that we can’t truly determine how many victims there were because many people don’t realize their identity has been stolen until years later.

Table of Contents

What Is Identity Theft?

What is identity theft? As defined by Merriam-Webster, identity theft is the illegal use of someone’s personal information (such as a Social Security number), especially in order to obtain money or credit.

11 Nightmare Identity Theft Cases

We asked our community for identity theft case examples. Unfortunately, we got plenty of horrifying stories in return. Below are some recent identity theft stories from real people.

“My first experience with stolen identity happened when my parents told me to get a credit card. Because I thought they needed financial help sometimes, I told them they could use it in emergencies. I hardly used it because I was terrified of debt. Then, years later, my sister suggested I look at the balance just to make sure everything was okay. It turned out my mom & my dad wracked up almost $14K in best under my name. I had no idea. When I approached them, they said I told them they could use it. While I did tell them they could use it in emergencies, I did not consider their every day and revolving expenses as emergencies. They were horrible with money and now I know much better.” – Jen T., Dallas, TX

“Somehow an app I downloaded on my phone took my credit card information and charged me $40-50 for it when it was $1. Then a month later I had someone open up a Walmart card with my bank account number and got charged $60-$70. My bank canceled everything and I just got back the $40-$50 charge but am waiting on the $60-$70 still. It was a scary situation. I got charged over draft fees and luckily my bank understood and took back those fees also. They said the $40 charges were from the UK.” – Hollee A., Oskaloosa, IA

“I have an identity theft protection service and my phone started going off over the 4th of July weekend. Each notice was “Did you attempt to open a credit account with this merchant”. I probably got 4 or 5 of them. Once the holiday was over, I was able to see that someone got a hold of my SSN and Drivers License number and tried to open credit accounts at quite a few merchants. Most were not opened, but the thieves were successful in opening 3 or 4. It was a pretty painless process to contact those merchants fraud departments and flag them. I get the feeling that every major merchant has these departments now. The accounts were closed and the merchants notified the credit bureaus that they were fraudulent. I feel very fortunate that I had identity theft protection in place, because if I didn’t find out about these accounts until months down the road, my credit could have been severely affected. I now have credit freezes in place.” – Jeff B., Safe Smart Living

“I’ve been notified twice about my identity being stolen. I don’t know how my identity was stolen, but I received two separate letters (one for each occurrence). The letters told me that the government had a large scale breach in which a large volume of former and current employees’ personal info had been stolen. They stated mine had been one of those. They also said they were going to provide identity protection services ( CSID and MyIDCare) secondary to the fact that my identity had been stolen. The first instance I was offered identity theft help from an online company that they were providing 5 years free coverage. The second time it was a different online company and they were providing 10 years free coverage, I believe. Nothing seems to have come of it up to this point. The companies email me when something happens (most of the time it’s registered sex offenders living near me, but it’s also notified me of our mortgage and other financial things). I try to keep an eye on my stuff independently as well.” – Patrick A., Indianola, IA

“Back in 2011 when I was an independent IT contractor, I used a credit card to buy equipment for customers. And then a supplier called and told me the card was denied. I called US Bank and spent more than an hour on the phone with the Fraud department. Kim was great. Since I’m an IT Security professional, I wanted my attackers to learn they’d picked on the wrong victim. Kim and I chased down every attempted fraudulent transaction. We even talked to one of the sales clerks, who had an address in Florida for one of the attackers. Kim and US Bank were great. They did everything right, including denying more than $14k in attempted fraudulent transactions and helping me chase down all the transactions. I wish I could say the same for law enforcement. I packaged all the information we’d gathered for the FBI – names, dates, addresses, transaction IDs, merchants – and then nothing happened. The FBI agent I spoke to here in Minneapolis said he was sending it to Florida where the fraudulent transactions occurred, and then it disappeared into a black hole. Nobody tried to catch my impersonator. As far as I know, this clown is still stealing from people to this day. And that, combined with carelessness of organizations who keep copies of our personal information, explains why identity theft is so prevalent.” – Greg S., Minneapolis, MN

“I got a call from my credit card company asking me if I recognized a particular transaction. At first it almost fooled me because there was a list of valid transactions before one that I clearly didn’t make. They also were able to tell that the card had been used at a Walmart in Florida. They issued me a new card, cancelled the charges, and I went about my way updating all my stored cards online. Shortly thereafter, I get another call from my CC company, and I’m thinking “no way – I’ve barely used the card!” But this time it was for my business card. I asked them how this happens and they said one way is that criminals install card skimmers in P.O.S. terminals (where you swipe your card when you checkout). They only need it installed for a short while, are able to grab all the cards that are swiped, and then typically they make off with several thousand dollars. So it occurred to me that, given the short amount of time between incidents, I could cross-reference my two credit card statements and see if there was a common merchant. There indeed was – a local sandwich shop. I called them and told them to check out their terminal. The manager wasn’t very helpful but maybe it helped identify the issue and prevent other people from getting scammed. At any rate, since then my cards have occasionally been compromised. There’s two things I’ve done that seem to have reduced the incidents, or at least the time it takes to get going again with the fresh card: 1) Use Paypal whenever possible to pay online, then if my card number changes, I only have to update it in one place; 2) Add an RFID blocker to your wallet , or purchase an RFID wallet to keep your card in (if successful, prevents scanners from being able to read your card remotely).” – Alex S., Safe Smart Living

“I’m not sure if it’s ID fraud, but I definitely got scammed. It turns out that when you pay at the pump there can be card readers that make a carbon copy of your magnetic strip when you swipe or dip your card which they can then put onto a gift card or other ‘fake’ card and use at a local ATM. This happened to my husband. He bought gas with our joint debit card and they next thing we knew, someone in Alexandria, VA withdrew all of the cash from our our joint checking account (perhaps they guessed the pin or maybe that data was also lifted by the card reader?). Then they tried to use our stolen information at a UPS store for a money order but thankfully that got declined. I called the bank right away when I got an alert from the bank that our checking was below the limit. They refunded us the money the next day and did a few weeks of ‘investigation’ to make sure we weren’t making the story up (my husband had the card in his possession so the card itself wasn’t stolen or used). We changed passwords and pins and learned the hard way never to use debit cards or pay at the pump with a card!” – Sadie C., Safe Smart Living

“My neighbors recently had their identities stolen via their use of PayPal so they had to cancel and get new cards for every card they had attached on their PayPal account since many had been used by the perpetrator! Further, they received hard proof of the crime when they received more than $2,000 in sex toys delivered to their home! Apparently, the thief forgot to update the address to their own home when placing this crazy order. PayPal and their bank suggested they not open any boxes received in error and return them all which required a lot of extra time on their part. My neighbors said PayPal was very helpful. At one point a PayPal rep asked her to describe the problem. She said just pull up the order, look at the pictures, and know that I am an 82-year-old woman. The man on the other end said “Oh my God. We will fix this.” – Neighbor, Lewisville, NC

Pro Tip: To help prevent your PayPal account from being hacked, implement 2-factor authentication , which is like having a second password to your PayPal account that changes every 30ish seconds.

If you want to hear some more identity theft stories, check out this Buzzfeed video.

As you can see from these identity theft examples, your identity can be stolen in many different ways, and it doesn’t always have to be a stranger that’s the culprit. These identity theft stories are a reminder of how important it is to take steps to prevent id theft.

The good news is we have a comprehensive comparison of ID theft protection services that you can check out now to start protecting your identity.

ID Theft Infographic

Learn more about why it happens, and what to do if you have it happens to you:

Frequently Asked Questions

Frequently asked questions from our readers about ID theft examples and stories. Got your own? Ask us in the comments !

What Is The Michelle Brown Story?

The Michelle Brown Story is a TV movie from 2004. It follows the true story of Michelle Brown, who one day innocently hands over her credit card details to rental clerk Connie Volkos. When Brown starts getting bills for services and goods she never bought, she realises what has happened. Then her nightmare begins, arrested for default, she must prove she is not the guilty party and her fight leads her all the way to the US Senate, where she fights for tighter laws on identity theft.

Do You Have an ID Theft Story?

As you can see, identity theft can be a harrowing experience. It doesn’t matter how small or big your id theft scare was. A common one, such as having a fraudulent charge on your credit card, is sometimes the beginning of a larger problem. Learn how to report identity theft and stop the leak of your personal information before it’s too late.

Curious about how widespread a problem identity theft is? It’s currently the number one consumer complaint to the FTC. And did you know there are 19 new victims every minute?

Check out our identity theft statistics article for more on who and what is most vulnerable, as well as some insight into areas of id theft you may not have anticipated (medical id theft, for example, is on the rise).

Kimberly Alt

Costco Complete ID Reviews: Pros, Cons, Consumer Reviews, Pricing, Vs LifeLock, & More

Hands holding a smartphone screen that is receiving a spam call. Caption: How To Stop Spoofing Calls

How To Stop Spoofing Calls: RoboKiller vs NomoRobo vs Hiya

Close-up of a woman's hands using scissors to cut a credit card on a desk. Caption: Identity Guard Review - Protection & Insurance In One

Identity Guard® Review: Customer Service, Plans, Credit Monitoring, Vs LifeLock, & More

Person holding phone with IDShield alerts (Caption: IDShield Reviews)

IDShield Reviews: Is It Worth It? Customer Reviews, Vs LifeLock, & More

Privacy and data protection

Leigh Prather - stock.adobe.com

Attack of the clones: the rise of identity theft on social media

The proliferation of social media has resulted in the rise of identity theft on these platforms, with accounts copied for fraudulent or malicious purposes. what can be done to mitigate it.

Peter Ray Allison

Earlier this year, Derbyshire-based freelance model Elle Jones was informed by acquaintances that they had been contacted by someone claiming to be her. Investigating, Jones discovered an Instagram account had been created mimicking her own profile, which offered pornographic content through a link. Jones reported the account, but two days later received an automated response saying the account had not been removed. She then emailed Instagram, contesting the inaction, and two days later the fraudulent account was removed.

Jones’s experience is not unique. Author Joe Dunthorne had his identity exploited when an Instagram profile, which claimed to be him, attempted to convince people to buy cryptocurrencies . Of course, the problem is not restricted to Instagram. For example, artist and cosplayer Giulietta Zawadzki had her Twitter account cloned earlier this year, in an attempt to sell pornography.

These impersonators are targeting businesses just as much as individuals – any account that has a significant following on social media can become a target for identity theft. In 2020, the Little Soap Company had its account cloned . Participants in its online competition were then privately contacted by the fraudulent account to be told they had won – and asked for their PayPal details.

As we become an increasingly digital society, there has been an associated rise in the number of fraudulent social media profiles being created. These accounts are then used to distribute misinformation, share fraudulent links, sell goods or attempt to solicit bank details.

“It’s fairly easy to create and clone the account of someone else, trying to steal their identity – of a person, company or institution – and using that account to force information from other people, force money, but also for spreading misinformation and so on,” says Piotr Bródka, a professor in the Department of Artificial Intelligence at Wroclaw University of Science and Technology .

The impact of social engineering attacks extends beyond any immediate losses due to malicious activities – the person whose profile is copied can become associated with the actions of the impersonator, causing reputational damage

The impact of these social engineering attacks extends beyond any immediate losses due to malicious activities. The person whose profile is copied can become associated with the actions of the impersonator, causing reputational damage. “The bigger problem, which we possibly don’t see, is the damage to the people; how they are seen by their friends and how damaging the misinformation is,” says Bródka.

“I’m seeing a lot of clients that will have a rival account set up on Twitter that looks very similar to them,” says reputation consultant Madelaine Hanson . “That person will then claim that the original account was hacked, or they can’t remember their password, and will then share recommendations on NFTs [non-fungible tokens] or cryptocurrencies to invest in.”

A problem for platforms, not just for users

There is also an impact on social media platforms, because as more of these incidents occur, there will be an associated loss of trust in that platform’s ability to protect its users. This will lead to user habits changing, such as limiting their use of platforms perceived as being vulnerable to identity theft, or switching to platforms that are seen as more secure.

“Since it happened on Instagram, I have changed my profile to a private account,” says Jones. “I was previously a business account, but with a private account I can see who asks to be a follower.”

One of the problems with social media identity theft is that the reporting mechanisms are limited. The support teams for social media platforms can often be swamped by demands, and reports of identity theft can be overlooked. When reporting cloned accounts, there is usually an option for blocking the account. Of course, the malicious account can also block the original account, thereby obfuscating the cloned account’s activities.

It is often several days before any response is received, and even then, it is not guaranteed that any action will be taken. Jones had to wait more than four days before an account was taken down. To date, there has still been no action taken against the profile mimicking Zawadzki on Twitter.

There are also limited legal avenues that victims can pursue. As identity theft is covered by fraud, it is only considered criminal if the victim has lost money through the perpetrator’s actions – irrespective of money made by the perpetrator through exploiting the victim’s identity.

“A crime will only be recorded when the individual or company who has or may have suffered a financial loss through the use of a stolen identity reports it,” explains a government spokesperson for the Home Office. “We encourage all victims to report incidents to Action Fraud , as it provides important information to law enforcement.”

However, equating reputational harm to financial loss can be challenging, as there needs to be evidence proving there has been a loss of earnings through the malicious activities by the cloned account. “Defamation law, in general, needs to be completely reformed,” says Hanson. “I’d like to see more focus on crime, such as impersonating others for information, being included under fraud.”

Is being verified enough?

The “blue tick” system, which is used by major social media platforms Facebook, Twitter and Instagram to indicate accounts that have had their identity verified, has had mixed success. Having verified status means it is easier and faster to have any bogus accounts taken down. However, only certain users are currently able to apply for the verified status, often depending upon the business they are associated with.

“A lot of people are perhaps not noteworthy enough to get a blue tick, but they’re big enough to influence markets,” says Hanson.

The application process for becoming verified is a delicate balancing act for social media platforms. If the prerequisites are too broad, the platforms can become swamped with applications, but if they are too narrow, their use becomes too limited to be beneficial.

Likewise, the verification systems used on each platform are not uniform. While one platform may grant a verified status, another will not, even if a user is already verified on an existing platform. This can cause people to question the legitimacy of a genuine but non-verified profile.

There has been some research into detecting cloned social media accounts. In 2014, Bródka published a paper titled Profile cloning detection in social networks . Profile cloning detection enables platforms to spot potentially fraudulent social media accounts, which are exploiting people’s trust for malicious purposes.

“We created a simple app, which was collecting your friends and friends of friends,” says Bródka. “Based on that, we did some experiments on how effectively we can create a cloned profile and how effectively we can detect them.”

In the paper, Bródka demonstrated two methods that could be used. The first method examines the similarity of attributes between profiles, the second evaluates the similarity between their social networks.

Both techniques proved useful in detecting cloned profiles, but the volume of data on social media platforms means the initial outlined methodologies would be unsuitable for mass deployment. “You would need to simplify that because I don’t think there is a possibility to effectively run it online for every account in big social networking services like Facebook,” says Bródka.

Unfortunately, in the wake of the Cambridge Analytica scandal , Facebook data has become harder to acquire for research purposes. As such, it has become challenging to research cloning detection.

What can be done?

The proliferation of social media and inadequate reporting mechanisms on the platforms has seen identity theft flourish online. This will continue until further action is taken to counter these malicious activities.

“I hope it’ll be much faster to freeze an account that’s impersonating you, as it’s very easy to do at their end,” says Hanson. “We need to recognise that people who commit crimes online are harmful and impactful.”

A proactive social media strategy should be followed, such as regularly checking for any cloned profiles. If any are found, the reporting mechanisms should be used for them to be taken down

The Online Safety Bill has been introduced to the UK Parliament and is currently at the committee stage. It includes a duty to prevent fraudulent advertising on the largest social media platforms, but only time will tell how effective it will be in tackling identity theft on social media.

“We are determined to crack down on fraudsters and are introducing legislation to make digital identities as trusted and secure as official documents such as passports and driving licences, including setting up a new Office for Digital Identities and Attributes,” says the Home Office.

Until then, individuals and organisations with a social media presence need to maintain vigilance regarding account cloning to protect their brand and reputation. Having verified status will help in that regard, but this measure is not foolproof.

Following his planned takeover of Twitter , Elon Musk tweeted “authenticate all real humans” , which implies a push for more Twitter profiles to be verified in the future.

In the current digital climate, a proactive social media strategy should be followed, such as regularly checking for any cloned profiles. If any are found, the reporting mechanisms should be used for them to be taken down. Screenshots of all comments and posts by the fraudulent account will provide further evidence of their illegal activity.

However, there is only so much that social media users can do to protect themselves from identity theft on social media. “The main responsibility lies on the authorities and social media platform owners to create mechanisms that will allow them to quickly identify such cases,” says Bródka.

LinkedIn scams, fake Instagram accounts hit businesses, execs

6 common social media privacy issues

Deep fake AI services on Telegram pose risk for elections

Meta Threads explained: Everything you need to know

Top 10 tips for employees to prevent phishing attacks

While agentic AI might excite CIOs as the next iteration of AI within business workflows, it will pose challenges for businesses,...

A strong AI strategy will help CIOs pick AI use cases and shed projects that aren't feasible at the moment.

As AI evolves, Forrester Research analysts believe agentic AI and automating complex business processes will be the next step ...

Fortinet confirmed that a threat actor stole data from a third-party cloud-based shared file drive, which affected a small number...

AI is changing technology as we know it. Discover how it's already improving organizations' ability to detect cybersecurity ...

Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats ...

CI/CD processes help deploy code changes to networks. Integrating a CI/CD pipeline into automation makes networks more reliable, ...

Predictive analytics can project network traffic flows, predict future trends and reduce latency. However, tools continue to ...

Test scripts are the heart of any job in pyATS. Best practices for test scripts include proper structure, API integration and the...

Lenovo adds to its AI portfolio with a new GPU-as-a-service offering, a move that challenges Dell and HPE. It also adds ...

AT&T claims its negotiated contract with VMware pre-Broadcom acquisition is not being honored, casting light on recent product ...

Rocky Linux and AlmaLinux are new distributions created after Red Hat announced the discontinuation of CentOS. These ...

Data governance isn't plug and play: Organizations must select which data governance framework best fits their business goals and...

Updates to HeatWave and Database 23ai, along with the introduction of Intelligent Data Lake, are all aimed at better enabling ...

With more employees of organizations now using artificial intelligence tools to inform business decisions, guidelines that ensure...

2020 Identity Fraud Study: Genesis of the Identity Fraud Crisis

Date: April 07, 2020
Krista Tedder
John Buzzard
Report Details: 52 pages, 34 graphics
Research Topic(s):
Fraud Management
Fraud & Security
PAID CONTENT

PERMISSIONS AND COPYRIGHT GUIDELINES

Javelin’s 2020 Identity Fraud Study provides comprehensive analysis of fraud trends in the context of a changing technological and payments landscape in order to inform consumers, financial institutions, and businesses on the most effective means of security, detection, and resolution.

The comprehensive analysis of identity fraud trends is independently produced by Javelin Strategy & Research and made possible with support from our sponsors. A thank you to our lead sponsors, AARP, Allstate Identity Protection, FIS, and Giact for making this report available to Javelin Advisory Services clients for their internal use only. The study is in its seventeenth consecutive year and is the nation’s longest-running study of identity fraud, with 85,000 consumers surveyed since 2003.

Javelin retains the ownership of the survey, raw data, methodology and all other project deliverables. While Javelin may selectively grant other non-competing organizations selective rights to use the project’s findings in other public venues, we retain ultimate discretion over such decisions.

Javelin Advisory Services clients and other non-sponsors do not have rights to cite any findings in their marketing campaigns, press releases, webinars, or any other external communications.

The results of Javelin’s 2020 Identity Fraud Survey serve as a wake-up call—one that will force financial institutions, businesses, and the payment industry to reevaluate how identity fraud is managed. Total identity fraud reached $16.9 billion (USD) in 2019, yet the dollar loss is only part of the story. To have a more fulsome understanding of identity fraud a comprehensive evaluation of the drop in number of victims lead to several unsettling findings. Criminals are targeting smaller numbers of victims and while inflicting damage that is more complex to prevent or remediate.

The type of identity fraud has drastically changed from counterfeiting credit cards to the high-impact identity fraud of checking and savings account takeover. At a time when consumers are feeling financial stress from the global health and economic crisis, account takeover fraud and scams will increase. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships.

Account takeover fraud is one of the hardest types of fraud to identify because of the multichannel account access and the desire to reduce friction in the consumer experience. New technology is available to help mitigate risk and improve the consumer experience, yet often it goes unused or is unavailable to consumers. What is clear is that criminals are adapting to new technology faster than consumers will adopt technology to reduce their risk.

During the next twelve months, criminals will strike at the heart of the financial services industry and negatively affect consumers. Areas of concern range from fraudulent account openings (synthetic identities), person to person (P2P), and full takeover of all accounts, not just checking or cards but also investment accounts and other high-dollar balances. Criminals will always try to take what isn’t theirs, and right now it is too easy. The level of fraud could climb back to pre-EMV levels if steps are not taken to prevent the new identity fraud schemes.

The challenge of reducing fraud losses is not always the lack of technology investment. It can also be the failure to focus on increasing consumer adoption of safer methods of safeguarding their information and managing their finances. To counter fraud and ensure data privacy, the conversation needs to change from monitoring activity that is occurring to securing the information before it is stolen.

CONSUMER RECOMMENDATIONS

Consumers can take active steps to prevent identity fraud from impacting their lives.

Changing existing behaviors in how people use payments and make purchases will help in keeping their financial lives healthy. The following are recommendations for consumers to follow:

Use digital wallets to manage in-store and online payments. The technology encrypts and tokenizes data so if it is stolen it is useless information to the criminals. Added benefit of using tap and go payments like digital wallets and contactless cards means that there are also fewer health implications when making payments in person.
Consumers need to adopt a zero trust contact policy. There are so many socialized scams today that leverage one-time passcodes and fraud verification services in order to perpetrate payment fraud and account takeover fraud. Most consumers fail at questioning the authority and authenticity of a text or caller and the damage can be rapid and costly. The only acceptable action when receiving unexpected contact with a potential imposter is to exhibit zero trust. The new mantra? “Hang up and call your financial institution.”
Turn on two-factor authentication wherever possible – but guard the one-time passcodes closely by not divulging them via text or phone call. Enabling two-factor authentication on sites that have that capability is a great idea, but it can be one rife with threat when a fraudster attempts to steal your password and one-time secondary passcode. For sites without two-factor authentication, use strong passwords or a password manager to secure highly complex and varying passwords on accounts.
Secure your devices. With consumers increasingly relying on their digital devices to access financial services, make purchases and share personal information, criminals have shifted their focus to these devices for the access they can provide to accounts and the information they store or transmit. Consumers should secure online and mobile devices by instituting a screen lock, encrypting data stored on the devices, avoiding public Wi-Fi and/or using a VPN, and installing anti-malware. Anti-malware protection is essential for all devices.
Place a security freeze on credit reports. Placing a freeze on your credit reports can prevent anyone else from opening one in your name and there is no cost to initiate. This security measure is especially important if you have been a victim of a data breach that has exposed sensitive, personally identifiable information. Credit freezes must be placed with all three credit bureaus and will prevent anyone except for existing creditors and certain government agencies from accessing your credit report. Should you need to open an account requiring a credit inquiry, the freeze can easily be lifted for up to 90 days or more through the credit bureaus websites and or smartphone apps.
Sign up for account alerts everywhere. A variety of financial service providers, including banks, credit card issuers and brokerages, provide their customers with the option to receive notifications of suspicious activity – as do businesses in other industries, such as email and social media providers. These notifications can often be received through email or text message, making some notifications immediate, and some go so far as to allow their customers to specify the scenarios under which they want to be notified, so as to reduce false alarms.
Can your financial services provider easily locate and contact you? Consumers often forget to update new addresses and phone numbers with their financial institutions and lenders. Payment cards are so popular today that they continue to work as long as there are funds to support them and this usually translates into a disconnect between the consumer and the provider when valuable information has to be exchanged via U.S. mail, email, or voice communication. Remember: You cannot receive a fraud alert if your new cellphone number hasn’t been updated.

Methodology

The Javelin Identity Fraud Study provides businesses, financial institutions, government agencies, and other organizations an in-depth and comprehensive examination of identity fraud and the success rates of methods used for prevention, detection, and resolution.

Survey Data Collection

The 2019 ID Fraud survey was conducted online among 5,000 U.S. adults over age 18; this sample is representative of the U.S. census demographics distribution. Data collection took place from October 22 through November 4, 2019. Final data was weighted by Dynata (formerly SSI), while Javelin was responsible for data cleaning, processing, and reporting. Data is weighted using 18+ U.S. Population Benchmarks on age, gender, race/ethnicity, education, census region, and metropolitan status from the most current CPS targets.

In adherence with best practices, in 2011 Javelin also moved from bracketed dollar amount calculations to true open-end numerical dollar calculations. On continuous variables captured from numerical open-ended items, extreme outliers were identified using a standard rule of approximately 2 standard deviations above the mean to retain consistency year over year. These extreme outliers were replaced with mean values to minimize their disproportionate effect on final weighted estimates. Where responses pertained to a range in value (e.g., “one day to less than one week”), the midpoint of the range was used to calculate the median or mean value. To ensure consistency in comparing year-to-year changes, historical figures for average fraud amounts have been adjusted for inflation using the Consumer Price Index.

Due to rounding errors, the percentages on graphs may add up to 100% plus or minus 1%.

Categorizing Fraud by FTC Methodology

With one exception, this report continues to classify fraud within the three categories originally defined by the FTC in 2003. For 2005 and beyond, debit card fraud has been recategorized as existing card account fraud instead of existing non-card account fraud. Javelin believes this change reflects a more accurate representation of debit card fraud, because much more of its means of compromise, fraudulent use, and detection methods parallel those of credit cards.

The categories of fraud are listed below rom least to most serious:

Existing card accounts: This category includes both the account numbers and/or the actual cards or existing credit and card-linked debit accounts.
Existing non-card accounts: This category includes existing checking and savings accounts and existing loans and insurance telephone and utilities accounts.
New accounts and other frauds: This category includes new accounts or loans or committing fraud or other crimes using the victim's personal information.

Figure 34. Javelin Categorization of Fraudulent Identity Transaction

Deviation from FTC Reporting

When the report cites victims’ average financial damages or resolution times in dollars or hours the entire amount of damages or losses is placed into every type of fraud the victims suffered. For example or a victim who reports that a total of $100 is obtained or both new accounts and other frauds category and existing card accounts the $100 is counted in both categories. This method of reporting costs by types of fraud will not change the overall total costs of fraud across all three categories but the average in dollars or time associated in the three types of fraud should not be summed because the result will be overlapping amounts.

Margin of Error

The ID fraud study estimates key fraud metrics or the current year using a base of consumers experiencing identity fraud in the past six years. Other behaviors are reported based on data from all identity fraud victims in the survey (i.e. fraud victims experiencing fraud up to six years ago) as well as total respondents where applicable.

For questions answered by all 5,000 respondents the maximum margin of sampling error is +/- 1.41 percentage points at the 95% confidence level. For questions answered by all identity fraud victims the maximum margin of sampling error is +/- 3.22 percentage points at the 95% confidence level.

Learn More About This Report & Javelin

Related content, ato fraud: why it remains fis' greatest fraud risk.

Despite years of anti-fraud investment, account takeover (ATO) continues to plague financial institutions and consumers. Traditional authentication methods offer too many gaps of o...

Ticketmaster Breach Inflates Complexity With Identity Fraud

At a time when account takeover and other identity fraud types are causing significant issues for consumers, the last thing consumers want to hear is that their information was sto...

Password Fatigue: A Case for Multilayered Passwordless Authentication

Traditional password-centered authentication is becoming less secure as cyberattacks increase in sophistication and consumers grow tired of strong password requirements. Financial ...

Make informed decisions in a digital financial world

U.S. Identity Theft: The Stark Reality

Datos insights.

March 6, 2021

Boston, March 9, 2021 – Identity theft is a growing problem in the U.S. In 2019, losses from identity theft cases were US$502.5 billion and rapidly increased to US$712.4 billion in 2020, a 42% increase year-over-year. Identity theft losses grew very rapidly in 2020 (and will continue in 2021) due to the very high rate of unemployment identity theft during the pandemic. Unemployment benefits were increased, and the length of time to draw unemployment was extended, making this a very attractive target for fraudsters. Aite Group projects that losses from all identity theft will grow to US$635.4 by 2023.

This report examines how victims of identity theft are impacted in the real world. It explores the ramifications to financial institutions when identity theft occurs and examines how consumer banking behaviors changed as a result of the COVID-19 pandemic. GIACT, an industry leader in payments and identity fraud prevention, commissioned Aite Group to conduct an online quantitative survey in December of 2020, and 8,653 U.S. consumers aged 18 or older were surveyed. Of those, 4,101 (47%) experienced financial identity theft. This survey forms the basis of this report.

This 46-page Impact Report contains 39 figures and one table. Clients of Aite Group’s Fraud & AML service can download this report, the corresponding charts, and the Executive Impact Deck.

About the Author

We are the advisor of choice to the banking, insurance, securities, and retail technology industries–both the financial institutions and the technology providers who serve them. The Datos Insights mission is to help our clients make better technology decisions so they can protect and grow their customers’ assets.

Synthetic Identity Fraud: Diabolical Charge-Offs on the Rise

January 5, 2021

Top 10 Trends in Fraud & AML, 2021: Onward and Upward

November 30, 2020

Key Trends Driving Fraud Transformation in 2021 and Beyond

2024 Datos Insights.

All rights managed

Privacy Policy
Terms of Use
Leadership Team
Advisor Team
Research Design & Data Team

Get Summary Report

" * " indicates required fields

Systematic review
Open access
Published: 10 February 2024

Identity fraud victimization: a critical review of the literature of the past two decades

Yasemin Irvin-Erickson ORCID: orcid.org/0000-0002-1467-5960 1

Crime Science volume 13 , Article number: 3 ( 2024 ) Cite this article

2889 Accesses

1 Citations

1 Altmetric

Metrics details

This study aims to provide an understanding of the nature, extent, and quality of the research evidence on identity fraud victimization in the US. Specifically, this article reviews, summarizes, and comments on the state of empirical research of identity fraud victimization in the US based on a narrative review of 52 published empirical studies. Studies included in this review suggest that the prevalence of identity fraud in the US has increased over the years and existing account frauds is the most prevalent type of identity fraud. There is a pressing need for more research on the prevalence of identity fraud victimization among minors, institutionalized individuals, and individuals from minority groups; long-term prevalence of identity fraud victimization; and emerging forms of identity fraud such as synthetic identity fraud victimization. Studies included in this review further suggest that identity fraud risk factors vary based on the fraud type considered. Identity fraud victims can experience a variety of harms. Longitudinal studies following identity fraud victims are essential for reliably estimating the risk factors for identity fraud victimization and the impact of identity fraud victimization on individual victims. The research on services for identity fraud victims is limited and suggests the positive impact of trauma-informed services for serious identity fraud victims. The overwhelming lack of research on the impact of programs and services for identity fraud victims necessitates more attention from scholars to study the impact of programs, interventions, and services for identity fraud victims on reporting of victimization, prevention of victimization, experiences of victims, and victim-centered cost benefit analysis of services. Policy and practice implications of these findings are discussed.

Identity theft and associated frauds have increasingly attracted public attention in the United States (US) with highly publicized data breaches and millions becoming victims of this crime every year. Efforts to educate the public about identity theft have raised attention to the risks of identity theft and fraud, however, an in-depth exploration of identity fraud victimization is needed to further the field’s and the public’s understanding of this crime.

Despite the comparatively scant evidence on identity theft in the field of criminology, the research on identity theft in the US has started picking up speed in the past decade with the availability of nationally representative data on this topic through the Bureau of Justice Statistics’(BJS) National Crime Victimization Survey Identity Theft Supplement (NCVS-ITS). The NCVS is the US’s primary data source on victimization since 1972. The NCVS is administered to non-institutionalized individuals who are 12 years old or older from a nationally representative sample of households in the US. The ITS is a supplemental survey to the NCVS which is administered to the respondents to the NCVS survey who are 16 years old or older. The ITS was first implemented in 2008 and gets fielded approximately every two years. This leading national level data source on identity theft victimization asks respondents if they had been victims of different forms of identity theft in the past 12 months and beyond the past year and the characteristics and consequences of victimization and help-seeking behavior if respondents indicate they had been victims of identity theft.

There has been a few review studies on the state of the US literature on identity theft through funding by the Department of Justice offices. For instance, the first literature on identity theft by Newman and McNally ( 2005 ) funded by the National Institute of Justice explored what is known about identity theft and the knowledge gaps based on their review of publications of different organizations, complaint data, less than 10 surveys conducted by different organizations, and a handful of research studies published at the time of that review. Another review study by Irvin-Erickson and Ricks ( 2019 ) funded by the Office for Victims of Crime examined the state of the literature on fraud victimization based on research evidence from academic and non-academic sources and practice evidence sources (such as fact sheets, podcasts, and other sources that are not traditionally considered in reviews) published between 2000 and 2018. This study expands upon the aforementioned reviews by considering not only the scope of the literature on identity theft victimization published in the past two decades but also the quality of conduct of these studies to provide a broad yet nuanced understanding of the state of the literature on this topic and the knowledge gaps. Although the aforementioned reviews provided invaluable information about the opportunity structure, risks, and consequences of identity theft victimization and the needs of identity theft victims, similar to other traditional narrative reviews of the literature in the grey literature, these reviews did not include risk of bias and quality assessments of the sources of evidence included in these reviews. The current study fills this critical knowledge gap in our understanding of the state of the literature on identity fraud victimization through consideration of the risk of bias and the quality of each study included in this review.

Despite the increase in the number of studies on the topic of identity theft victimization over the past decade, the evidence base on identity theft victimization is still limited. Accordingly, this review did not follow the format of a systematic review and instead followed steps similar to a scoping review to gain an understanding of the nature, extent, and quality of the research evidence on identity fraud victimization. Specifically, this review aimed to answer the following questions to present the size, scope, and quality of the emerging evidence base on identity fraud victimization:

What are the trends in the US literature on identity fraud victimization?

What do we know from the US literature on identity fraud victimization?

What are the topics most and least commonly studied in the literature on identity fraud victimization?

What are the risks of bias associated with existing studies?

What do studies with lower risk of bias and/or higher quality demonstrate about key concepts studied by these studies?

What are the knowledge gaps in the US literature on identity fraud victimization?

By answering these questions, this review primarily aims to provide suggestions for future research on identity fraud victimization including potential research questions for future systematic reviews as the evidence base on this topic becomes denser at which point researchers can conduct larger knowledge syntheses. Accordingly, although risk of bias and quality of studies are assessed for each study included in this review, a meta-analysis or statistical pooling of studies has not been performed.

Definitional issues regarding identity theft

There is an increased interest in the field to differentiate between the terms of identity theft and identity fraud because not all identity theft incidents involve a fraudulent act at the time of theft of personal information. Javelin Strategy and Research (2021) defines identity theft as “unauthorized access of personal information” and identity fraud as identity theft incidents in which there is an element of financial gain. The Federal Trade Commission (FTC) and the BJS define identity theft as “fraud that is committed or attempted using a person’s identifying information without authority” (FTC, 2004 ; Harrell, 2019 , p. 18). The acts considered by the BJS under this definition include unauthorized use or attempted use of an existing account, unauthorized use or attempted use of personal information to open a new account, and misuse or attempted misuse of personal information for a fraudulent purpose (Harrell, 2019 ).

Researchers differentiated between three stages of identity theft: acquisition of personal information, use of personal information for illegal financial or other gain, and discovery of identity theft (Newman & McNally, 2007 ). Personal information can be acquired through different means ranging from simple physical theft to more complex and even legal ways such as scams, cyber, or mechanical means and purchasing the information from data brokers. The acquired personal information is used for financial gain or other criminal purposes (Newman & McNally, 2007 ). However, fraudulent use of information might not happen at the time of acquiring of information and once personal information is exposed, a person can become an identity theft victim multiple times.

Another important stage of identity theft is the discovery of theft of personal information and associated frauds because the longer the discovery period is the less likely it is for victims to contact law enforcement (Randa & Reyns, 2020 ) and the more likely it is for them to experience aggravated consequences (Synovate, 2007 ). Police reports are critical for victims to pursue an identity theft case (OVC, 2010 ). For victims of certain forms of identity theft, the discovery of victimization can take as long as 6 months or more (Synovate, 2003 , 2007 ). In cases where personal information is exposed due to data breaches, victims might have greatly varying experiences of when and what they learn about this exposure (if at all) and the services available to them. Currently, all 50 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have laws requiring businesses, and in most states, government organizations to notify individuals of security breaches involving personal information (National Conference of State Legislatures, 2022 ). However, the decisions of organizations on whom to notify (such as the victims, the FTC, or law enforcement), when to notify, and how to notify can drastically vary from one geography to another based on laws. Two groups can become targets of identity fraud: individuals whose personal information is stolen and organizations which are in care of the stolen personal information or which become targets of fraud. Law enforcement might be more likely to put emphasis on organizations as visible and collective targets of identity theft (Newman & McNally, 2005 ).

In recognition of the stages and targets of identity theft, there has been an interest in the field to differentiate between the terms of identity theft and identity fraud. In popular knowledge, the terms “identity theft” and “identity fraud” have been used interchangeably considering the interrelated nature of acts considered under these terms. However, it is acknowledged that these terms legally refer to different things (Newman & McNally, 2005 ).

In statute, identity theft was legally defined at the federal level with the Federal Identity Theft and Assumption Deterrence Act (ITADA) of 1998 (Newman & McNally, 2005 ). ITADA made it a federal offense to “knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law” (the Identity Theft Act; U.S. Public Law 105-318). Prior to this legal definition of identity theft in the US, the terms “identity theft” and “identity fraud” were used to primarily distinguish between the individual victims and collective victims with the former being referred to as victims of identity theft and the latter as victims of identity fraud (McNally & Newman, 2008 ). In later years, these terms have been used to differentiate between the act of unlawful acquisition of identity information and the fraudulent use of personal information.

Over the years, different research and practice sources have generally considered the following acts under identity theft and identity fraud: criminal identity theft in which individuals use others’ personal information during interactions with law enforcement or for committing other crimes (Button et al., 2014 ); existing account frauds where an individual makes unauthorized charges to existing accounts such as bank, credit card, and other existing accounts; medical/insurance identity theft in which an individual fraudulently uses somebody else’s personal information to receive medical care; new account frauds in which an individual’s personal information is used unlawfully to open a new account; social security number (SSN) related frauds in which an individual uses the victim’s SSN to file for a tax return, for employment, or to receive government benefits; and synthetic identity theft in which different pieces of real and fake identity information are combined together to create an identity and to commit frauds (Dixon & Barrett, 2013 ; FTC, 2017 , 2018 ; GAO, 2017 ; Pierce, 2009 ).

The opportunity structure for identity theft

Earlier research on perpetrators of identity theft, using a conceptual framework informed by Cornish and Clarke’s ( 1986 ) Rational Choice Theory and the methodology of crime script analysis, has focused on the motivations and methods of committing identity frauds (see Copes & Vieraitis, 2009 , 2012 ) and the impact of experiences of perpetrators’ on their criminal involvement and criminal event decisions (Vieraitis et al., 2015 ). Regarding the organizational level of identity frauds, research has shown that perpetrators of identity theft and fraud might range from individuals to street-level and more advanced criminal organizations (Copes & Vieraitis, 2009 , 2012 ; Newman & McNally, 2007 ). Although earlier research has shown that perpetrators of identity theft used low-technology methods (Copes & Vieraitis, 2009 , 2012 ), perpetrators of identity theft have started using more complex schemes and relying more heavily on the internet to acquire identity information over the years (Pascual et al., 2018 ).

The number of identity fraud victims who know the perpetrators has decreased over the years. For instance, in 2008, about 40% of identity fraud victims knew how the incident happened, and from those, about 30% believed that their information was stolen during a purchase or other interaction and 20% believed that their personal information was stolen from their wallet, 14% believed the information was stolen from files at an office, and another 8% believed that the information was stolen by friends or family (Langton & Planty, 2010 ). In 2012, about 32% of identity victims in the US knew how their personal information was stolen and 9% knew the identity of the perpetrator (Harrell & Langton, 2013 ). Comparatively, in 2018, 25% of identity fraud victims knew how the offender obtained the information and 6% of victims knew something about the perpetrator (Harrell, 2021 ). This unknown status of how the information is obtained or who the perpetrator is sometimes interpreted as the technology-facilitated nature of the acquisition of information (Newman & McNally, 2005 ). However, victims of instrumental identity theft in which an individual’s information is stolen to commit other frauds and crimes, and individuals who have been victims of multiple types of identity theft in the recent past, are more likely to know how their information was stolen and the perpetrator (Harrell, 2019 ). New research examining the impact of the pandemic on identity fraud further suggest an increase in identity fraud scams and loan fraud in which perpetrators directly target consumers and a significant portion of victims of identity fraud scams and loan fraud (about 3 in every 4 victims) knowing their perpetrators (Buzzard & Kitten, 2021 ).

The most frequent way identity theft victims become known to authorities in the US is complaints to financial institutions (Harrell, 2021 ). The other ways victims report their victimization include complaints to federal institutions [such as the FTC and the Internet Crimes Complaint Center (IC3)] and non-governmental organizations [such as the Identity Theft Resource Center (ITRC) and the National Consumers League (NCL)] and crime reports to law enforcement.

In the past decade, federal and non-profit organizations increased their efforts to educate consumers on risks and reporting of identity theft and how to deal with the ramifications of fraud victimization. Several federal and other organizations provide information for services victims can receive such as reporting and assistance hotlines, civil and criminal legal services, and trauma informed counseling. Other available responses to identity theft include credit and identity theft monitoring, identity theft insurance, and identity theft restoration; however, these responses are typically provided by for-profit companies. Depending on who the victim contacts, victims might not be uniformly informed about all options available to them. Many victim service providers working in organizations funded by the Victims of Crime Act do not have the resources to recognize and respond to fraud’s harms (OVC, 2010 ). Furthermore, even when services are available, there might be significant barriers against victims’ access to these resources including financial barriers. Currently, majority of services available to identity theft victims are geared towards handling out-of-pocket expenses.

At the time of this review, there was a fast evolving opportunity structure for identity theft and identity fraud due to the hardships inflicted on individuals by the economic and health crises. Direct stimulus payments, increased loan applications, and the overall increase in online activities during the pandemic have provided increased opportunities for identity frauds such as account takeovers (Tedder & Buzzard, 2020 ) and identity frauds in relation to scams (Buzzard & Kitten, 2021 ). Furthermore, low-income individuals, older individuals, individuals who depend on others for their care, and individuals who might not have control over their finances can experience aggravated harms as a result of identity fraud victimization. Furthermore, some victims might experience a significant damage to their reputations (Button et al., 2014 ). All of these conditions necessitate more scientific inquiry and a better understanding of existing research evidence base on identity fraud.

Scope of review

This review focuses only on identity fraud victimization and excludes studies that focus on theft of personal information but not the fraud aspect of identity theft. As an example, although skimming, intentional data breaches, and mail theft are acts of identity theft, if a research study focused solely on these acts but not the fraud aspect, that study was excluded from the review. The review further excluded research on identity frauds targeting organizations and governments, harms of identity fraud to businesses and institutions, and research studies focusing on victims in countries other than the US. The review also excluded sources in which no data collection and analysis was attempted, paid research content, and research summaries with limited or no information about methodology.

The current review included empirical research studies that focus on identity fraud victimization in the US which were published in English and between January 2000 and November 2021. The resources that were reviewed included journal articles, PhD dissertations, government reports, and other reports found in major social science research databases and on websites of organizations focusing on identity theft. This review adopted a broad definition of “empirical” research focusing on studies using both quantitative and qualitative data analysis methods including descriptive analysis.

In this review, a comprehensive search strategy was used to search the literature for relevant studies. The search strategy was consisted of (1) a formal search of academic databases using search strings based on Boolean operators Footnote 1 and (2) an informal search of grey literature using keyword searches and searches on the websites of organizations focusing on identity fraud. Searches were conducted in the following academic databases: Proquest Social Sciences Collection, Web of Science Social Sciences Citation Index, Wiley Online, JSTOR, Criminal Justice Abstracts, SocIndex Full text, and Violence and Abuse Abstracts. Additional searches were completed on the websites of the BJS, the Internet Crime Complaint Center (IC3), the FTC, the ITRC, Javelin, the National White Collar Crime Center (NW3C), and the Ponemon Institute.

299 potential studies were identified through database searches (excluding duplicate records) and 37 publicly available empirical studies were identified from websites of leading organizations on identity fraud. Ultimately, 29 sources from these database searches and 23 sources from the aforementioned organizations met the inclusion criteria for this review (see Appendix 1 for the screening process). These included articles are denoted with an asterisk (*) in the references section.

Appraisal of quality of studies

Studies included in this review were appraised for methodological quality. Quality appraisal was conducted after deeming a study eligible for the review based on the inclusion criteria specified earlier. Appendix 2 and Appendix 3 show the two quality appraisal tools that were adapted from Hoy et al. ( 2012 ) and Mays and Pope ( 2020 ). Each quantitative study was assigned into one of three categories based on the evaluation of risk of study bias: low, moderate, or high risk of bias. Each qualitative study was assigned into one of three categories based on the evaluation of quality: low, medium, or high quality. For the only mixed-method study in this review, risk of bias and study quality were evaluated separately for qualitative and quantitative elements of the study. More information about quality rating process and quality ratings of studies can be found in Appendix 4 and notes on bias and quality assessments for included studies can be found in Appendix 5.

Trends of identity fraud victimization research

Of the 52 studies included in this review, the majority were NGO reports (n = 22) followed by journal articles (n = 18), government reports (n = 7), and PhD dissertations (n = 5). Almost all of the white papers from government organizations and NGOs (n = 28) were descriptive quantitative studies. All of the white papers included in this review (n = 29) were based on survey data. Of the 23 academic studies (i.e., journal articles and dissertations) included in the review, 19 quantitative studies used surveys and 4 qualitative studies used interviews or focus groups discussions as their data source. Among these 23 academic studies, the primary data analysis method was regression analysis (n = 15) followed by descriptive quantitative data analysis (incidence, correlation, ANOVA analyses (n = 4), narrative analysis (n = 3), and phenomenological analysis (n = 1). Only one quantitative study included in this review used a quasi-experimental design with propensity score matching, and none of the quantitative studies included in the review had random assignment. The earliest journal article included in this review was published in 2006 and half of the journal articles included in this review (n = 9) were published between 2019 and 2021 (n = 9).

The studies in this review thematically fell into one or more of the following four areas of identity fraud victimization research: (1) prevalence, incidence, and reporting, (2) risk factors, (3) harms, and (4) prevention, programs, and services. From the 52 studies included in this review, 31 focused on harms, 22 focused on prevalence, incidence, and reporting, and 15 focused on risk factors. Notably, only 3 studies included in this review focused on services for identity fraud victims and among these studies there were no experiments with random assignment focusing on the effectiveness of specific programs or interventions for identity fraud victims (see Table 1 for subtopics and citations of identity fraud studies included in this review).

Prevalence, incidence, and reporting of identity fraud victimization

A significant number of studies included in this review (n = 22) focused on the extent and reporting of identity fraud victimization, however the majority of these publications (n = 13) were evaluated to have a high risk of bias. Nine of the 22 publications in this area which were evaluated to have lower risk of bias (i.e., low or moderate risk of bias), were based on nationally representative surveys by the BJS and the FTC.

Prevalence, incidence, and types of identity fraud victimization

National estimates.

Seven lower bias studies included in this review uniformly demonstrated that the incidence and prevalence of identity fraud victimization have increased between early 2000s and 2018, and misuse or attempted misuse of an existing account has been the most common type of identity fraud victimization over the years (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ; Synovate, 2003 , 2007 ).

The FTC, the first organization that collected national survey data on identity fraud based on phone surveys of US adults aged 18 and older in 2003 and 2006 estimated that approximately 10 million, or 4% of US adults, experienced identity fraud in the year preceding data collection (Synovate, 2003 , 2007 ). As indicated earlier, BJS has been collecting individual-level data on identity fraud since 2008. The 2008 iteration of the NCVS-ITS was significantly different than the later iterations of the NCVS-ITS conducted in 2012, 2014, 2016, and 2018. Results from the 2008 NCVS-ITS are not comparable to the results from the subsequent surveys. One important limitation of the NCVS-ITS is that it does not include individuals younger than 16 and individuals living in institutional and transient settings in its sample (Harrell, 2021 ). Another limitation of the NCVS-ITS is that although it was designed to distinguish between victims of attempted identity fraud and victims of successful frauds, the 2008 NCVS survey couldn’t successfully distinguish between the two (Langton & Planty, 2010 ). Accordingly, reports based on the NCVC-ITS fielded between 2008 and 2018 do not provide disaggregated statistics on these two groups.

The 2008 NCVS-ITS, despite being different than the 2003 and 2006 surveys of the FTC with regards to its shortest prevalence and the age interval of its study participants, similarly found that 11.7 million, or 5% of all persons aged 16 or older in the US, have been victims of at least one type of identity fraud in the two years preceding the survey (Langton & Planty, 2010 ). Later iterations of the NCVS-ITS highlighted a significant increase in the share of identity theft victims among persons aged 16 and older, especially after 2015. While the 2012 and 2014 NCVS-ITS estimated that approximately 7% of all persons aged 16 or older in the US had been victims of identity fraud in the past year (Harrell, 2017 ; Harrell & Langton, 2013 ), the 2016 and 2018 iterations of the NCVS-ITS estimated that approximately 10% and 9% of persons aged 16 or older in the US had been victims of at least one form of identity fraud in the past 12 months, respectively (Harrell, 2019 , 2021 ).

In the FTC and the BJS identity theft surveys, three main subcategories of identity fraud are captured: existing account frauds, new account frauds, and use of personal information to commit other frauds. The FTC and the BJS surveys over the years have showed that existing credit card frauds are the most prevalent form of identity fraud victimization (Harrell, 2017 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ; Synovate, 2003 , 2007 ). Notably, neither the FTC nor the BJS surveys captured synthetic identity frauds.

In the FTC and the BJS surveys, more detailed forms of identity frauds are captured under the main subcategories of existing account, new account, and other frauds. The FTC reports included in this review provided estimates on identity theft victims who had been affected by these detailed identity fraud categories (see Synovate, 2003 , 2007 ). For instance, according to the 2006 FTC identity theft survey, fraudulent use of credit cards (existing account frauds), opening of new credit cards (new account frauds), and use of personal information to commit other crimes (other frauds) were the most frequently experienced detailed fraud types under the three broad subcategories of identity fraud (Synovate, 2007 ). Although the NCVS-ITS also collects data on detailed forms of frauds under these three categories, neither the BJS reports nor the academic studies in this review based on the NCVS-ITS provided disaggregated information on detailed categories of identity fraud considered under “new account” and “other fraud” categories. However, publications based on the NCVS-ITS showed that, existing credit card frauds is the most prevalent existing account fraud subcategory followed by bank account and other existing account frauds (Harrell, 2017 , 2019 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ).

Currently, surveys from the Ponemon Institute, which were classified to have high risk of bias, provide the most in-depth insights into medical identity fraud. In Ponemon surveys, medical identity fraud is defined as the use of an individual’s personal identity to fraudulently receive medical service or prescription drugs and goods, including attempts to commit fraudulent billing (Ponemon Institute, 2011 ). The number of US adult individuals who experienced medical identity fraud at some point in time increased from 1.49 million in 2011 to 2.32 million in 2014 (Ponemon Institute, 2011 , 2012 , 2013 , 2015 ). Lastly, another study with high bias risk by Navarro and Higgins ( 2017 ) found that among victims of familial identity fraud (identity frauds committed by family members), the most frequent type of identity fraud experienced was misuse of personal information for instrumental frauds such as government benefit frauds.

Although there is a recall bias associated with using cross-sectional surveys to capture distant past experiences, data from the FTC and the BJS surveys also provide important information about individuals’ exposure to multiple forms of identity theft and their repeat victimization. In 2003, the FTC estimated the 5-year prevalence rate of identity fraud victimization among US adults to be 12.7% (Synovate, 2003 ). In 2012 and 2014, the NCVS-ITS estimated that about 14% of individuals aged 16 and older experienced at least one incident of identity fraud in their lifetime (Harrell, 2017 ; Harrell & Langton, 2013 ). Analyses based on the two most recent iterations of the NCVS-ITS further show that nearly 1 in 5 persons aged 16 and older experienced identity fraud in their lifetime (Harrell, 2019 , 2021 ).

Data from the NCVS-ITS further show that number of identity fraud victims who experienced multiple types of identity fraud victimization in a single incident decreased between 2016 and 2018 and majority of multiple identity fraud victims in a given year experienced fraudulent use of a combination of existing accounts (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ). According to the 2008 NCVS-ITS, about 18% identity fraud victims experienced multiple types of identity fraud during their most recent victimization in the past year. Studies based on the 2012, 2014, 2016 iterations of the NCVS-ITS estimated that approximately 8% of victims experienced multiple types of identity fraud during a single incident (Harrell, 2017 , 2019 ; Harrell & Langton, 2013 ). According to the 2018 NCVS-ITS, only 6% of the identity fraud victims experienced multiple identity victimization in the past year (Harrell, 2021 ).

Subnational estimates

Publications by the AARP included in this review, which were evaluated to have a high risk of bias due to several design issues (see Appendix 5), showed that 15% to 30% of individuals who participated in the AARP surveys in Colorado, Minnesota, Montana, Oklahoma, Washington, and West Virginia have been victims of identity fraud or knew someone who has been victim of identity fraud in the past 5 years (see Binette, 2004 ; Burton, 2008 ; Dinger, 2006 ; Sauer, 2005 , 2010 ; Silberman, 2004 ).

Discovery of identity fraud victimization

Although majority of identity fraud victims discover their victimization quickly, some victims, and especially victims of new account frauds and other frauds, might be more likely to have a long discovery period (Synovate, 2003 , 2007 ). FTC surveys estimated that for 33% to 40% of all identity fraud victims, it took less than one week to discover that their personal information was misused (Synovate, 2003 , 2007 ). The same surveys further found that the discovery period was the quickest for victims of existing account frauds; and, victims of new account and other frauds were the least likely to discover their victimization within one week (Synovate, 2003 , 2007 ). Furthermore, for 24% to 27% of new account and other fraud victims, it took them 6 months or more to discover their victimization as opposed to less than 5% for existing credit card and other existing account victims (Synovate, 2003 , 2007 ). In parallel with these findings, the 2014 Ponemon medical identity fraud study found that most victims of medical identity fraud did not learn about their victimization until 3 months after the incident (Ponemon Institute, 2015 ). Surveys by the BJS over the years have consistently shown that the most common way identity fraud victims discover their victimization was through contact from a financial institution for victims of existing account frauds and contact from a non-financial institution for other types of identity fraud (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ).

Reporting of identity fraud victimization

The studies included in this review demonstrated that there is a considerable risk of underreporting of identity fraud victimization to authorities (especially to law enforcement) and to organizations which can provide the necessary information and services to handle the aftermath of victimization.

Looking at studies from early 2000s, the 2003 and 2006 FTC surveys show that, 38% of identity fraud victims did not report their victimization to any organization. In both surveys, 43% of the victims reported their victimization to the company that issued an existing credit card/account or the company that issued the new account and close to 75% of survey participants did not report their victimization to law enforcement (Synovate, 2003 , 2007 ). According to the 2008 NCVS-ITS, the majority of victims (68%) contacted a credit bureau or a bank to report their victimization. The 2008 NCVS-ITS estimated the reporting of identity fraud victimization to law enforcement at 17% (Langton & Planty, 2010 ), which is lower than the FTC surveys’ estimates of 25% in 2003 and 2006 (Synovate, 2003 , 2007 ). The later iterations of the NCVS-ITS confirmed the findings from earlier surveys by showing that not only identity fraud is underreported to law enforcement but reporting of identity fraud to law enforcement decreased significantly after 2008 with less than 10% of victims reporting their most recent victimization to law enforcement in 2012, 2014, 2016, and 2018 (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ). However, the same NCVS-ITS surveys also showed an uptick in reporting of identity fraud to non-law enforcement agencies. According to the 2012, 2014, 2016, and 2018 NCVS-ITS surveys, about 9 in 10 identity fraud victims reported their victimization to a non-law enforcement agency (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ) with credit card companies and banks being the most frequently contacted organizations and non-law enforcement victim service organizations being the least contacted organizations by the victims.

BJS reports based on all 5 iterations of NCVS-ITS further suggest that victims of existing account frauds are less likely than victims of new account frauds and other frauds to report their victimization to law enforcement (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ). The most common reason for victims to not report their victimization to law enforcement was victims handling the incident in a different way such as reporting their victimization to another non-law enforcement agency (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ). Other reasons for victims to not report their victimization to law enforcement include victims not suffering any monetary loss; victims thinking law enforcement cannot help them; victims thinking their victimization is not important enough; victims not knowing they can report their identity fraud victimization to police; victims being embarrassed, afraid, or burdened to report their victimization; and perpetrator being a family member or an acquaintance (Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ). The 2014 Ponemon Institute study similarly found that victims of comparatively more serious identity fraud cases are more likely to contact law enforcement. Ponemon surveys found reasons similar to those identified by the NCVS-ITS for victims not reporting their victimization to legal authorities (Ponemon Institute, 2012 , 2013 , 2015 ).

Two academic studies by Golladay ( 2017 ) and Reyns and Randa ( 2017 ), both based on the 2012 iteration of the NCVS-ITS, provide additional insight into reporting of identity frauds. According to Golladay ( 2017 ), higher income victims are more likely to report their victimization to a credit card company or financial institution whereas people of color, individuals who know the perpetrator, and individuals who did not have prior identity fraud victimization or who had a lower number of identity fraud victimization experiences in the past year were more likely to contact law enforcement. The Golladay ( 2017 ) finding on the positive relationship between knowing the offender and the likelihood of contacting organizations is surprising considering, the descriptive analysis of the NCVS-ITS suggest that individuals knowing the offender is a reason for not contacting law enforcement (Harrell & Langton, 2013 ). This discrepancy might be due to the increasingly technological nature of identity fraud cases where victims who know anything about the offender contacting the police or the omission of some variables in relation to the severity of identity fraud (such as discovery time or time spent trying to resolve issues in relation to victimization) from the regression models. According to the same study (Golladay, 2017 ), people of color (in comparison to individuals who identify as White), individuals who knew the perpetrator (in comparison to people who did not know), individuals with a higher monetary loss as a result of their victimization, and victims who experienced a higher number of identity frauds in the past year were more likely to report their victimization to a credit bureau.

Another study by Reyns and Randa ( 2017 ) compared the factors affecting reporting of victimization among victims of credit card fraud, bank fraud, any existing account fraud, and new accounts fraud. According to this study, seriousness of the offense (which the authors describe as incidents in which victims experienced more emotional distress and had more out of pocket losses and perpetrators obtained more money) appears as the only common factor affecting the decision to report victimization to law enforcement among all identity frauds considered. Other factors such as knowing how the personal information was obtained and a shorter time period between the fraud incident and the discovery of victimization were associated with increased odds of contacting law enforcement for credit card and bank fraud victims. According to the same study (Reyns & Randa, 2017 ), reporting the incident to a non-law enforcement agency was associated with increased odds of contacting law enforcement among victims of existing account frauds, however a sub-analysis of reporting patterns among bank fraud and credit card fraud victims showed that, while bank fraud victims who contacted other agencies were more likely to contact law enforcement, victims of credit card fraud who contacted other agencies were not as likely to contact law enforcement. This study further showed that income and sex were significant predictors of reporting when subcategories of identity fraud were considered. Victims of credit card fraud with higher incomes and female victims of new account frauds were less likely to report their victimization to law enforcement.

Other academic studies, which were evaluated to have a high risk of bias, provide additional insight into reporting behavior of identity fraud victims. A study by Gray ( 2010 ) found that individuals who knew which law enforcement agency to contact for reporting identity fraud were most likely to contact law enforcement (Gray, 2010 ). Another online survey of school counselors by Marcum et al. ( 2016 ) found that counselors who are White, who have a higher level of education, and who work in urban school settings were less likely than their counterparts to complete an incident report about identity fraud victimization reported by students.

Risk factors for identity fraud victimization

From the 52 publications included in this review, 15 focused on risk factors of identity fraud victimization. According to the evaluation of risk of bias among these 15 studies, 6 were classified to have a low risk of bias; 3 to have a moderate risk of bias and 6 to have a high risk of bias. The 9 studies with low and moderate risk of bias ratings suggest several individual-level risk factors for identity fraud victimization. Among these studies, demographic factors were the most commonly studied individual-level predictors of identity fraud victimization. The biggest takeaway from these studies is that predictors of identity fraud victimization vary significantly based on the identity fraud victimization type considered.

Among all demographic factors studied, the findings from different studies on the relationship between age, income, and identity fraud risk were in most agreement. In the broader victimology literature, victims and especially victims of violent crime have been shown to be younger (Turanovic & Pratt, 2019 ). The studies included in this review generally suggest that victims of identity fraud are older than victims of other crimes. However, as indicated in the earlier section, minors under the age of 16 who might be at increased risk of identity fraud victimization due to their clean credit histories and lack of control over their finances (FTC, 2011 ), have not been included in identity fraud data collection efforts in the studies that were reviewed. Accordingly, this exclusion should be taken into consideration in the comparison of age patterns among identity fraud victims and victims of other crimes. Although victims of existing bank account frauds tend to be slightly younger than victims of existing credit card frauds and new account frauds, overall, lower bias studies included in this review show that the victims of existing account frauds and new account frauds tend to be in older age categories (35–64 years of age) (see Anderson, 2006 ; Burnes et al., 2020 ; Copes et al., 2010 ; Harrell & Langton, 2013 ; Harrell, 2017 , 2019 , 2021 ; Langton & Planty, 2010 ). Another important finding from lower bias studies included in this review was that identity fraud victimization risk decreases after age 65 and individuals who are aged 75 and older have a lower risk of identity fraud victimization in comparison to other age groups (Anderson, 2006 ; Harrell & Langton, 2013 ).

High income was another common predictor of identity fraud among the majority of studies included in this review. Several lower bias studies not only showed that among all identity fraud victims, individuals with a household income of $75,000 or more are more likely to be an identity fraud in the general victim population (Anderson, 2006 ; Harrell, 2017 , 2019 , 2021 ; Langton & Planty, 2010 ; Reyns, 2013 ) but this pattern also holds for the subcategory of existing credit card/bank account fraud (Burnes et al., 2020 , 2017 , 2019 ). One exception to this finding was a study by Copes et al. ( 2010 ), which was evaluated to have a moderate level of bias, which showed that although the typical identity fraud victim earned $50,000 to $75,000, victims of non-credit card identity frauds were majority low-income individuals.

The relationship between racial/ethnic minority status and identity fraud victimization risk was another commonly studied topic. Based on the lower bias studies included in this review, the evidence on this relationship was mixed. Findings from the most recent studies based on the NCVS-ITS demonstrate the clear need for differentiating between credit card frauds and other types of identity frauds for exploring the nature of this relationship. A study by Anderson ( 2006 ) based on a regression analysis of data from the 2003 FTC survey showed that, when all identity fraud types are taken into consideration, individuals who identity themselves in the “Other” race/ethnicity group, which included individuals who do not identify as African American/Black, Asian, Hispanic, or non-Hispanic White, were more likely to become victims of identity fraud in comparison to individuals who identify with these racial/ethnic categories. On the other hand, later descriptive analyses based on NCVS-ITS showed that non-Hispanic White individuals were more likely to be victims of identity fraud in the general victim population and this pattern also held true for victims of existing credit card fraud (Burnes et al., 2020 ; Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ). Some of the lower bias studies included in this review showed that there were no differences between different racial/ethnic categories in their risk of experiencing existing bank account frauds (Harrell, 2017 ; Harrell & Langton, 2013 ), new account frauds, and other frauds (Burnes et al., 2020 ). One notable exception to this finding was results from the Copes et al. ( 2010 ) study which showed that victims of non-credit card frauds were more likely to be Black.

Similar to the relationship between racial/ethnic identity and victimization risk, the evidence on the relationship between sex and identity fraud victimization risk was mixed. While some of the lower bias studies included in this review suggested that there was no significant relationship between an individual’s sex and their identity fraud victimization risk (even when different subcategories of identity fraud were considered; see Burnes et al., 2020 ; Harrell, 2019 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ), other studies found that females have a higher victimization risk in general (Anderson, 2006 ; Copes, 2010 ; Harrell, 2021 ) and especially for non-credit card frauds (Anderson, 2006 ; Copes, 2010 ).

Lower bias studies included in this review further showed that other less commonly studied demographic factors such as education, marital status, number of children in the household, and number of adults in the household can be related to risk of identity fraud. While earlier studies found no relationship between marital status and identity fraud risk (Anderson, 2006 ; Copes, 2010 ), a recent regression study by Burnes et al. ( 2020 ), which was based on the 2012 and 2014 iterations of the NCVS-ITS, found that married people were more likely to be victims of instrumental identity frauds. The same study (2020) further showed that individuals who have attended at least some college degree have a higher likelihood of becoming a victim of an existing or new account fraud. The study by Copes ( 2010 ) also found that individuals with more than a high school education were more likely to become identity fraud victims. Although far less commonly studied, a higher number of children in the household (three or more) and having only one adult in the household were also found to be associated with a higher identity fraud victimization risk (see Anderson, 2006 ).

Burnes et al. ( 2020 ) further showed that individuals who experience multiple instances of identity fraud in a short amount of time and individuals who chronically experience identity fraud victimization are more likely to experience identity fraud victimization later. Repeat victimization is a particularly understudied topic within the literature on identity fraud and has important implications considering stolen personally information can be used over the years and the conditions that enable victimization in the first place can predict further victimization.

Lastly, a few of the lower bias studies included in this review examined the relationship between individuals’ protective behavior, routine online activities, and self-control and their risk of identity fraud victimization. For instance, Copes et al.’s ( 2010 ) study found that victims of identity fraud did not engage in any more risky behavior than non-victims and spent about the same time online as average Americans. Other more recent studies on the other hand found a significant relationship between lifestyles, routine activities, self-control and identity fraud victimization. For instance, Holtfreter et al. ( 2015 ) conducted a phone survey with individuals aged 60 and older living in Arizona and Florida and found that individuals who have a lower level of self-control were more likely to engage in risky online purchases and subsequently more likely to become identity fraud victims. Burnes et al. ( 2020 ) further found that some protective behaviors employed by individuals such as changing online passwords and shredding and destroying documents reduced the risk of identity fraud victimization.

Other studies that were evaluated to have a higher risk of bias also provided support for the findings discussed above and provided additional insights into predictors of identity fraud victimization. However, the findings from these studies should be considered carefully considering each study’s limitations (see Appendix 5). For instance, a study by Cornelius ( 2016 ) based on an online survey found that the higher an internet user’s knowledge of phishing risks, the higher likelihood that the user was victimized by online theft. In another study, Holt and Turner ( 2012 ) administered a survey to students, faculty, and staff at a university and found that females and individuals who update their protective computer software were more resilient against identity fraud. Kpaduwa ( 2010 ) conducted a survey with university students and found no significant correlation between students’ knowledge of identity fraud and their risk of identity fraud victimization. Another study by Navarro and Higgins ( 2017 ) found that victims of familial identity theft, younger victims, and repeat victims of identity fraud were more likely to experience non-account identity frauds. Ponemon Institute ( 2011 ) provided further support for the findings from lower bias studies by showing that victims of medical identity fraud tend to be older. Lastly, in another college sample, Reyns et al. ( 2019 ) found that the time spent sending e-mailing was positively correlated with identity fraud victimization risk.

Harms and consequences of identity fraud victimization

From the 52 publications included in this review, 31 focused on harms of identity fraud victimization. Studies based on the NCVS-ITS once again provide the most robust evidence on both economic and non-economic harms of identity fraud.

Economic consequences of identity fraud victimization

The studies included in this review focused on both direct costs of identity fraud for victims, which can include out-of-pocket and reimbursed losses to the victim and indirect costs such as monetary costs associated with dealing with the aftermath of the victimization experience (such as legal costs, bounced checks, and other expenses), lost wages, difficulty finding jobs, being denied loans, and damaged credit scores. The lower bias quantitative studies included in this review based on national samples revealed the following main findings: (1) the majority of identity fraud victimizations result in direct financial loss; (2) the initial money lost does not always result in out of pocket loss; (3) certain demographic factors might predict the likelihood of experiencing out of pocket losses; (4) the indirect and direct loss amount differs by the type of identity fraud victimization; and (5) victims whose personal information is used for other fraudulent purposes are most likely to experience direct and indirect losses, credit related problems, and other financial problems (Green et al., 2020 ; Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ; Reynolds, 2020 ; Synovate, 2003 , 2007 ).

For instance, the most recent statistics based on the 2018 iteration of the NCVS-ITS show that 68% of victims experienced a direct loss of $1 or more as a result of their most recent victimization (with a median loss of $200) but from these victims only 12% experienced an out of pocket loss of $1 or more (with a median out of pocket loss of $100) (Harrell, 2021 , p. 9). According to the same survey, among all victims, only 5% experienced an indirect loss that was $1 or more (with a median loss of $30) (Harrell, 2021 , p. 10). The same survey further showed that victims of existing account frauds were least likely to experience direct and indirect costs whereas individuals whose personal information was stolen for other fraudulent purposes were most likely to experience direct and indirect costs (Harrell, 2021 ). Another important trend is that victims who have a long discovery time had more severe economic consequences. For instance, the 2006 FTC survey found that while 30% of victims who discovered that their personal information was being misused 6 months or more after the incident spent $1000 or more to handle the aftermath of their victimization, only 10% of those who found the misuse within 6 months spent $1000 or more.

A recent study by Reynolds ( 2020 ) further found a relationship between economic costs and demographics. Individuals with lower income and educational attainment and unmarried individuals are at higher risk of experiencing out of pocket losses as a result of their identity fraud victimization. Another study by DeLiema et al. ( 2021 ) based on the 2014 and 2016 iterations of the NCVS-ITS also found that, among older adults, individuals who live at or below the federal poverty level were most likely to experience out of pocket losses.

Other high bias studies included in this review provide further support for the lower bias studies included in the review. For instance, studies by the Ponemon Institute found that medical identity fraud victims can experience distinct indirect costs such as increased insurance premiums and lost medical coverage (Ponemon Institute, 2011 , 2012 , 2013 , 2015 ). ITRC surveys further showcased the aggravated economic harms experienced by victims of comparatively more serious cases of identity fraud (i.e., non-account frauds) (see ITRC, 2003 , 2005 , 2007 , 2008 , 2009 , 2010 , 2014 , 2015 , 2017 , 2018a , 2018b , 2021 ).

Non-economic consequences of identity fraud victimization

The lower bias studies included in this review which are based on national surveys showed that a significant number of identity fraud victims (estimates ranging from 80 to 90%) experience some level of distress as a result of their victimization. Victims of new account frauds and other frauds (in comparison to victims of existing account frauds), victims of multiple types of identity fraud (in comparison to victims of one type of identity fraud), and victims who spend a longer time resolving problems associated with their victimization are much more likely to experience severe distress as a consequence of their victimization (Harrell, 2017 , 2019 ; Harrell & Langton, 2013 ; Langton & Planty, 2010 ). National studies further suggest that a small group of identity fraud victims might experience physical problems, legal problems, and problems with family, friends, work, and school in relation to their identity fraud victimization (Langton & Planty, 2010 ; Harrell, 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Reyns & Randa, 2020 ).

Looking deeper into the time burden aspect of identity fraud, national studies over the years revealed that, unsurprisingly, victims who discovered their victimization later spent a longer amount of time resolving the ramifications of their victimization (Synovate, 2003 ). These surveys further estimated that between 25 and 50% of victims resolved any issues experienced as a result of their victimization within 1 day of discovering they were victims (Harrell 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Synovate, 2007 ) but for a smaller group of victims (less than 10% of the victims) resolving issues took 6 months or more (Harrell 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ). National surveys also showed that new account and other fraud victims spent a longer amount of time resolving their problems in the aftermath of their victimization in comparison to victims of existing account frauds (Harrell 2017 , 2019 , 2021 ; Harrell & Langton, 2013 ; Synovate, 2007 ). According to the 2006 FTC survey, the top 10% and 5% of victims spent more than 100 h and 1000 h respectively to resolve their problems (Synovate, 2007 ).

Other lower bias regression studies and higher quality qualitative studies included in this review support these descriptive findings from national surveys and further suggest other individual and situation-specific factors that can predict who is more likely to experience these negative outcomes (Betz, 2012 ; Golladay & Holtfreter, 2017 ; Pryor, 2009 ; Randa & Reyns, 2020 ). For instance, a qualitative study based on in-depth interviews with identity fraud victims showed that individuals who experienced identity fraud as a minor but discovered the victimization as an adult can experience negative emotional consequences and these consequences might be aggravated if the victims do not have support from law enforcement and their families (Betz, 2012 ). Another study by Golladay & Holtfreter based on the 2012 NCVS-ITS suggested that individuals who have prior victimization experiences and individuals who are not White might be more likely to experience a higher level of negative emotional consequences. Another low bias study by Randa and Reyns ( 2020 ) found that while being older, being a female, spending more time resolving the ramifications of victimization, and higher amount of net loss as a result of victimization were all correlated with higher distress level; being married and having a higher education level were correlated with less distress reporting. The authors (2020) similarly found that while the net monetary loss and the time to clear the incident were positively correlated with the level of negative physical outcomes experienced by the victims; education level and being married were negatively correlated with the level of negative physical outcomes.

Green et al. ( 2020 ) conducted qualitative analyses based on data from interviews with 16 individuals who contacted the ITRC after experiencing a serious identity fraud victimization (defined by authors as victims who experienced identity frauds other than existing credit card fraud and who contacted the ITRC). According to this study, among victims of serious identity fraud, victims of criminal identity fraud (and especially identity frauds involving government-based services) had the most complicated and time-consuming cases with the most substantial indirect economic and legal consequences and the majority of victims of serious identity frauds attempted to investigate their own cases (despite being discouraged to do so). The study further showed that victims who strictly follow the best practices to document in detail their interactions and conversations with others during the remediation process, experienced a significant time burden and had a hard time in managing their daily routines. This study suggested that the experiences of victims of serious identity frauds trying to prove their situations to legal authorities is similar to those of survivors of sexual assault (Green et al., 2020 ).

Other studies that were rated to have a high risk of bias due to issues with the sampling frame and size, nonresponse rate, and missing data nevertheless provided strong support for the findings on the negative emotional and physical outcomes, legal problems, time burden, and other problems faced by the victims in the aftermath of their victimization (see ITRC, 2005, 2007, 2008, 2009, 2010, 2014, 2015, 2017, 2018a, 2018b, 2021 ; Li et al., 2019 ; Ponemon Institute, 2011 , 2012 , 2013 , 2015 ).

Prevention, programs, and services

From the 52 studies included in this review, prevention of victimization and programs and services for victims was the least researched topic. Notably, all of the three articles included in the review under this topic were published between 2020 and 2021 and by the same group of authors.

One of these studies by Green et al. ( 2020 ), which was rated to have a moderate risk of bias, found that victims of serious identity fraud, despite the increasingly online nature of this crime, still use internet search engines as the main method to learn about remediation options. The authors further found that victims of serious identity fraud who expressed a higher level of satisfaction with services provided to them were individuals who had a representative from an organization whom they felt was a partner in their pursuit of recovery from their victimization.

Another study by Green et al. ( 2021 ), which was rated to have medium quality, explored the needs of identity fraud victims from the viewpoint of a diverse group of professionals providing services for identity fraud victims. An important finding from this study was that organizations serving identity fraud victims are not equipped to respond to the long-term needs of victims of synthetic identity fraud in which perpetrators generally combine real and fake identity information to create new identities and victims do not become aware of victimization for years. The study findings further suggested that the field need to better understand the relationship between data breaches and subsequent identity fraud victimization to better educate and provide services to individual victims based on the nature of the stolen personal information.

Another quantitative study by Gies et al. ( 2021 ) examined the effect of using services provided by the ITRC on experiences of serious identity fraud victims (defined by authors as victims of any identity fraud other than misuse of existing credit card). The authors combined data from the ITRC’s 2017 Aftermath Survey and the 2016 NCVS-ITS to compare experiences of three groups of victims of serious identity frauds that have been matched on key demographic variables: (1) respondents to the NCVS-ITS who did not report their victimization to any entity ( no report ), (2) respondents to the NCVS-ITS who reported their victimization to one or more entities and received standard services from these entities ( treatment as usual ), and (3) individuals who contacted the ITRC and received specialized services which involves receiving caring and compassionate advice from specially trained (trauma-informed) employees of the ITRC including a continuity of care upon request of the victim ( ITRC treatment ).

First, this study showed that individuals who contacted the ITRC had a longer time period between the victimization incident and the discovery of victimization and spent a longer amount of time resolving the incident. Accordingly, it is reasonable to argue that although the groups were matched on key variables, individuals in the ITRC treatment group had comparatively more serious cases of identity fraud victimization. The study found significant differences between the three groups regarding the key outcomes measured. The respondents in the ITRC treatment group reported significantly more general problems, financial problems, employment/educational problems, family/friend problems, and physical health problems and more money loss in comparison to the individuals in the no report and treatment as usual groups. This finding is not surprising considering the victims in the ITRC treatment group had a longer discovery time and spent more time dealing with the ramifications of their victimization. However, surprisingly, the victims in the ITRC treatment group reported fewer health problems as a result of their victimization experience than the individuals in the no report and treatment as usual groups. This finding provides support for the model of services provided by ITRC (i.e., the trauma-informed focus of these services and the continuity of care in the long term if requested by the victims). However, these findings should be interpreted carefully considering some limitations of this study (see Appendix 5 for a detailed description) including the cross-sectional nature of data collection on which this quasi-experimental study was based on.

For this study, 52 studies were reviewed for their results on different aspects of identity fraud victimization. So, what does this emerging literature on identity fraud tell us about identity fraud victimization and what we can do as researchers and practitioners to narrow the gaps in the existing literature and to better identify, reach, and serve victims and to prevent victimization?

Cross-sectional national data collection efforts show that the incidence and prevalence of identity fraud victimization increased over the years and the misuse of an existing account is the most common type of identity fraud victimization. However, national identity fraud surveys likely underestimate the number of victims due to underreporting, the discovery period of identity frauds, and exclusion of certain groups and from survey samples. There is a pressing need for further analysis of existing data and collection and analysis of new data to explore the following: (1) the prevalence of identity fraud victimization among minors, individuals in institutional settings, and individuals in transient living settings; (2) long-term prevalence of identity fraud victimization; (3) prevalence of victimization to detailed subcategories of new account and instrumental frauds; (4) disaggregated analysis of prevalence of attempted and successful identity frauds; (5) subnational trends in identity fraud victimization; and (6) prevalence of synthetic identity fraud victimization.

The reluctance of victims to report identity frauds in general, and to law enforcement and victim service organizations in particular, suggest a pressing need to educate the public, the law enforcement, and victim service providers about stages of identity theft, forms of identity theft, and seriousness of this crime. As discussed earlier identity theft and identity fraud are two terms that are used interchangeably although acquiring of information precedes the fraudulent acts committed with the acquired information and theft of information does not have a monetary harm (Gies et al., 2021 ). The lack of distinguishing between these two stages of identity theft and not knowing about different forms of identity theft might result in individuals not fully understanding the potential long-term harms of exposure of their personal information.

Furthermore, in addition to public’s reluctance to report identity fraud victimization to law enforcement; the often cross-jurisdictional nature of identity theft and fraud, the interrelatedness of identity theft with other crimes, the lack of knowledge about the perpetrator, and the frequent handling and investigation of financial frauds by financial agencies make it hard for law enforcement agencies to identify and record identity theft and even disincentivize them to handle identity theft cases (Newman & McNally, 2005 ). The reluctance of victims to report their victimization and the reluctance of law enforcement to respond the cases of identity theft can: reduce victims’ access to criminal justice processes, affect investigation and prosecution of these crimes, increase victims’ sense of helplessness, and reduce victims’ chances of accessing critical information and resources to prevent victimization and revictimization and recover from the aftermath of their victimization. Accordingly, there is a need for individuals, law enforcement, victim service providers, and policymakers to put as much emphasis on the acquisition of personal information as the subsequent frauds (Gies et al., 2021 ) and to better understand the nature of this crime including stages, types, victims, perpetrators, and consequences of identity theft and the evolving opportunity structure for identity theft.

The research evidence on the lower likelihood of identity fraud reporting among individuals who had negative interactions with law enforcement further suggest that there is a need for making it easier for victims to report their victimization, increasing public outreach to encourage reporting, commitment of leadership to a victim-centered approach, training of police officers on the nature of identity theft and fraud and different forms of identity fraud. However, similar to the experiences of victim service providers, budget limitations can prohibit local law enforcement from putting in place organizational inputs (such as establishing an identity theft unit, having victim advocates, and providing continuous training) to ensure these outcomes. Collaboration between federal and local law enforcement organizations in training of officers and increasing state funding for police departments to have cybercrime and identity theft units and employ identity theft analysts and investigators can lift some of these barriers. There is also a need to better educate the employees of banks and financial institutions about the nature of identity theft and to use this communication between identity theft victims and these organizations as an opportunity to direct victims to government and non-profit organizations specialized in helping identity theft and identity fraud victims.

Studies on risk factors of identity fraud victimization further show that risk factors for victimization vary by identity fraud types. Studies in this review further showed that people of color, individuals from lower socio-economic backgrounds, individuals with chronic identity fraud victimization experiences, and individuals with multiple identity fraud victimizations at a short amount of time in the near past might be more likely to experience more serious forms of identity fraud and might be at heightened risk of experiencing aggravated harms. However, these studies exclude critical groups and do not provide information about the risk factors for detailed subcategories of identity fraud such as various subcategories of instrumental frauds. The research on protective behavior of individuals against identity fraud is not conclusive and is not able to temporally differentiate the impact of protective behaviors on identity fraud victimization due to the cross-sectional design of studies. Longitudinal studies of protective behavior and more detailed data collection and analysis on risk factors for victimization can provide critical insight for public education about risk factors and targeting of this information through different means to groups at risk.

Longitudinal studies following identity fraud victims are also essential for reliably estimating the true impact of identity fraud victimization on victims and the effectiveness of services and programs offered to identity fraud victims. There is also a need to better distinguish the impacts of identity fraud victimization for detailed categories of identity fraud.

The overwhelming evidence on the differential impact of identity fraud for victims of different identity frauds and victims of different circumstances reiterate the importance of recognizing that not every identity fraud is the same and not every identity fraud victim will experience severe trauma and other negative consequences. Considering the limited funding and resources for victims of crime in general, and victims of identity frauds in particular, better identification of victims who are in need of extended services and triage of services and resources between different organizations are essential to provide holistic and long-term services to victims who are at highest risk to experience chronic victimization and aggravated harms as a result of their victimization.

The overwhelming lack of research on the impact of programs and services for identity fraud victims necessitates more attention from scholars and practitioners to study the impact of programs, interventions, and services for identity fraud victims on reporting of victimization, prevention of victimization, experiences of victims, and victim-centered cost benefit analysis of services. The empirical evidence on the more positive outcomes experienced by victims of identity fraud who have a meaningful and satisfactory experience with victim service professionals and who are receiving specialized services suggest the promising potential of trauma informed services and continuity of services for a specific group of victims experiencing more serious forms of identity frauds. However, more research is needed to identify which characteristics and components of specialized services that are more likely to produce positive outcomes for identity fraud victims.

Although phishing and vishing (i.e., voice phishing) has not been included in the scope of this review, another emerging important topic in relation to the understanding individuals’ vulnerability to identity fraud and other types of frauds is the use of artificial intelligence (AI) in fraudulent activities. Recently, the ITRC ( 2019 ) reported the first case of the use of artificial intelligence in AI-related fraud in which AI was used to impersonate the head of a German company to successfully request money from the CEO of the UK branch of the company.

Lastly, although this review focused on individual victims of identity fraud, and not organizational victims, considering the increasing number of data breaches; greater preventative efforts are required at the organizational level to secure operations, to fix vulnerabilities, and to better notify involved parties (FTC, 2022 ). Establishment of uniform data security and data breach notification standards across the US and federal enforcement of these standards can simultaneously reduce identity theft and identity fraud risk by targeting both collective and individual targets of identity theft.

The following search string was used in all databases with the exception of JSTOR: (“identity theft” OR “identity fraud” OR “social security fraud” OR “credit card fraud” OR “account fraud” OR “internet fraud” OR “cyber fraud”) AND (victim*). For JSTOR database the following truncated search string was used due to word limitations: ("identity theft" OR "identity fraud") AND (victim*). These search strings were applied to the title or abstracts of the sources included in these databases.

*Anderson, K. B. (2006). Who are the victims of identity theft? The effect of demographics. Journal of Public Policy & Marketing, 25 (2), 160–171.

Article Google Scholar

*Betz, A.E. (2012). The experiences of adult/child identity theft victims. (Unpublished doctoral dissertation). Iowa State University, Ames.

*Binette, J. (2004). AARP Oklahoma Legislative issues survey: identity theft. https://assets.aarp.org/rgcenter/post-import/ok_id_theft.pdf* . Accessed 5 Dec 2021.

*Burnes, D., DeLiema, M., & Langton, L. (2020). Risk and protective factors of identity theft victimization in the United States. Preventive Medicine Reports, 17 , 101058.

Article PubMed PubMed Central Google Scholar

*Burton, C. (2008). Consumer fraud: A 2008 survey of AARP Colorado members’ experiences and opinions . AARP Foundation.

Google Scholar

Button, M., Lewis, C., & Tapley, J. (2014). Not a victimless crime: The impact of fraud on individual victims and their families. Security Journal, 27 (1), 36–54.

Buzzard, J., & Kitten, T. (2021). Identity fraud study: Shifting angles”. https://www.javelinstrategy.com/research/2021-identity-fraud-study-shifting-angles . Accessed 5 Dec 2021.

*Copes, H., Kerley, K. R., Huff, R., & Kane, J. (2010). Differentiating identity theft: An exploratory study of victims using a national victimization survey. Journal of Criminal Justice, 38 (5), 1045–1052.

Copes, H., & Vieraitis, L. M. (2009). Bounded rationality of identity thieves: Using offender-based research to inform policy. Criminology & Public Policy, 8 (2), 237–262.

Copes, H., & Vieraitis, L. M. (2012). Identity thieves: Motives and methods . UPNE.

Cornish, D., & Clarke, R. V. (1986). The reasoning criminal: Rational choice perspectives on offending . Springer-Verlag.

Book Google Scholar

*Cornelius, D. R. (2016). Online identity theft victimization: An assessment of victims and non-victims level of cyber security knowledge (Doctoral dissertation, Colorado Technical University).

*DeLiema, M., Burnes, D., & Langton, L. (2021). The financial and psychological impact of identity theft among older adults. Innovation in Aging . https://doi.org/10.1093/geroni/igab043

*Dinger, E., & Sauer, J. (2006). Protecting your name: A survey of Montanans on identity theft. https://www.aarp.org/money/scams-fraud/info-2006/mt_id.html . Accessed 5 Dec 2021.

Dixon, P. & Barrett, T. (2013). Medical identity theft. Office for Victims of Crime’s National Identity Theft Network. https://www.youtube.com/watch?v=sOa6AWzHSEs . Accessed 5 Dec 2021.

Federal Trade Commission (FTC). (2004). FTC issues final rules on FACTA identity theft definitions, active duty alert duration, and appropriate proof of identity. https://www.ftc.gov/news-events/press-releases/2004/10/ftc-issues-final-rules-facta-identity-theft-definitions-active . Accessed 5 Dec 2021.

Federal Trade Commission (FTC). (2011). Stolen futures: A forum on child identity theft. https://www.ftc.gov/news-events/events-calendar/2011/07/stolen-futuresforum-child-identity-theft . Accessed 5 Dec 2021.

Federal Trade Commission (FTC). (2017). Identity theft: planning for the future, parts 1, 2, and 3. https://www.ftc.gov/news-events/audio-video/video/identity-theft-planning-future-part-1 . Accessed 5 Dec 2021.

Federal Trade Commission (FTC). (2018). Consumer sentinel network data book 2017. Washington, DC: Federal Trade Commission. https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-january-december-2016/csn_cy-2016_data_book.pdf . Accessed 5 Dec 2021.

Federal Trade Commission (FTC). (2022). Data breach response: A guide for business. https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business . Accessed 20 Dec 2022.

*Gies, S. V., Piquero, N. L., Piquero, A. R., Green, B., & Bobnis, A. (2021). Wild, wild theft: Identity crimes in the digital frontier. Criminal Justice Policy Review, 32 (6), 592–617.

*Golladay, K. A. (2017). Reporting behaviors of identity theft victims: An empirical test of Black’s theory of law. Journal of Financial Crime . https://doi.org/10.1108/JFC-01-2016-0010

*Golladay, K., & Holtfreter, K. (2017). The consequences of identity theft victimization: An examination of emotional and physical health outcomes. Victims & Offenders, 12 (5), 741–760.

Government Accountability Office (GAO). (2017). Identity theft services: services offer some benefits but are limited in preventing fraud. https://www.gao.gov/assets/690/683842.pdf . Accessed 5 Dec 2021.

*Gray, K. (2010). Internet identity theft: An insight into victimology and law enforcement response. (Unpublished doctoral dissertation). Capella University.

*Green, B., Gies, S., Bobnis, A., Leeper Piquero, N., Piquero, A. R., & Velasquez, E. (2021). Exploring identity-based crime victimizations: Assessing threats and victim services among a sample of professionals. Deviant Behavior, 42 (9), 1086–1099.

*Green, B., Gies, S., Bobnis, A., Piquero, N. L., Piquero, A. R., & Velasquez, E. (2020). The role of victim services for individuals who have experienced serious identity-based crime. Victims & Offenders, 15 (6), 720–743.

*Harrell, E. (2017). Victims of Identity Theft, 2014. Washington, DC: US Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. https://www.bjs.gov/content/pub/pdf/vit14.pdf . Accessed 5 Dec 2021.

*Harrell, E. (2019). Victims of Identity Theft, 2016. Washington, DC: US Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. https://www.bjs.gov/content/pub/pdf/vit16.pdf . Accessed 5 Dec 2021.

*Harrell, E. (2021). Victims of identity theft, 2018. Washington, DC: US Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. https://www.bjs.gov/content/pub/pdf/vit16.pdf . Accessed 5 Dec 2021.

*Harrell, E., & Langton, L. (2013). Victims of identity theft, 2012. US Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. https://bjs.ojp.gov/content/pub/pdf/vit12.pdf . Accessed 5 Dec 2021.

*Holt, T. J., & Turner, M. G. (2012). Examining risks and protective factors of on-line identity theft. Deviant Behavior, 33 (4), 308–323.

*Holtfreter, K., Reisig, M. D., Pratt, T. C., & Holtfreter, R. E. (2015). Risky remote purchasing and identity theft victimization among older Internet users. Psychology, Crime & Law, 21 (7), 681–698.

Hoy, D., Brooks, P., Woolf, A., Blyth, F., March, L., Bain, C., Baker, P., Smith, E., & Buchbinder, R. (2012). Assessing risk of bias in prevalence studies: modification of an existing tool and evidence of interrater agreement. Journal of Clinical Epidemiology, 65 (9), 934–939.

Article PubMed Google Scholar

Irvin-Erickson, Y., & Ricks, A. (2019). Identity theft and fraud victimization: What we know about identity theft and fraud victims from research-and practice-based evidence. https://www.ojp.gov/ncjrs/virtual-library/abstracts/identity-theft-and-fraud-victimization-what-we-know-about-0 . Accessed 5 Dec 2021.

*ITRC. (2021). Identity theft: the aftermath study . Identity Theft Resource Center.

*ITRC. (2003). Identity theft: the aftermath 2003. https://www.idtheftcenter.org/images/page-docs/IdentityTheftTheAftermath2003.pdF . Accessed 5 Dec 2021.

*ITRC. (2005). Identity theft: the aftermath 2004. https://www.idtheftcenter.org/images/surveys_studies/Aftermath2004.pdf . Accessed 5 Dec 2021.

*ITRC. (2007). Identity theft: the aftermath 2006. https://www.idtheftcenter.org/images/surveys_studies/Aftermath2006.pdf . Accessed 5 Dec 2021.

*ITRC. (2008). Identity theft: the aftermath 2007. https://www.idtheftcenter.org/images/surveys_studies/Aftermath2007.pdf . Accessed 5 Dec 2021.

*ITRC. (2009). Identity theft: the aftermath 2008. https://www.idtheftcenter.org/images/surveys_studies/Aftermath2008.pdf . Accessed 5 Dec 2021.

*ITRC. (2010). Identity theft: the aftermath 2009. https://www.idtheftcenter.org/images/surveys_studies/Aftermath2009.pdf . Accessed 5 Dec 2021.

*ITRC. (2014). Identity theft: the aftermath 2013. https://www.idtheftcenter.org/images/surveys_studies/Aftermath2013.pdf . Accessed 5 Dec 2021.

*ITRC. (2015). Identity theft: the aftermath 2014 https://www.idtheftcenter.org/images/surveys_studies/Aftermath2014FINAL.pdf . Accessed 5 Dec 2021.

*ITRC. (2017). Identity theft: the aftermath 2016. https://www.idtheftcenter.org/images/page-docs/AftermathFinal_2016.pdf . Accessed 5 Dec 2021.

*ITRC. (2018a). Identity theft: the aftermath 2017. https://www.idtheftcenter.org/images/page-docs/Aftermath_2017.pdf . Accessed 5 Dec 2021.

*ITRC. (2018b). The aftermath: the non-economic impacts of identity theft . Identity Theft Resource Center.

ITRC. (2019). First-ever AI fraud case steals money by impersonating CEO . Identity Theft Resource Center.

*Kpaduwa, F. I. (2010). Evaluation of residential consumers knowledge of wireless network security and its correlation with identity theft (Unpublished doctoral dissertation). University of Phoenix.

*Langton, L., & Planty, M. (2010). Victims of identity theft, 2008. US Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. https://bjs.ojp.gov/content/pub/pdf/vit08.pdf . Accessed 5 Dec 2021.

*Li, Y., Yazdanmehr, A., Wang, J., & Rao, H. R. (2019). Responding to identity theft: A victimization perspective. Decision Support Systems, 121 , 13–24.

*Marcum, C. D., Higgins, G. E., & Mackinnon, A. (2016). Identity theft reports of adolescents. Journal of Financial Crime . https://doi.org/10.1108/JFC-07-2015-0038

Mays, N., & Pope, C. (2020). Quality in qualitative research. In C. Pope & N. Mays (Eds.), Qualitative research in health care (pp. 211–233). Wiley.

Chapter Google Scholar

McNally, M. M., Newman, G. R., & Graham, C. (2008). Perspectives on identity theft (Vol. 23). Criminal Justice Press.

National Conference of State Legislatures, (2022). Security breach notification laws. https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx . Accessed 20 Dec 2022.

*Navarro, J. C., & Higgins, G. E. (2017). Familial identity theft. American Journal of Criminal Justice, 42 (1), 218–230.

Newman, G. R., & McNally, M. M. (2005). Identity theft literature review. https://www.ojp.gov/ncjrs/virtual-library/abstracts/identity-theft-literature-review . Accessed 5 Dec 2021.

Newman, G. R., & McNally, M. M. (2007). Identity theft: a research review. https://www.ojp.gov/ncjrs/virtual-library/abstracts/identity-theft-research-review . Accessed 5 Dec 2021.

Office for Victims of Crime (OVC). (2010). Expanding services to reach victims of identity theft and financial fraud. https://www.ovc.gov/pubs/ID_theft/pfv.html . Accessed 5 Dec 2021.

Pascual, A., Marchini, K., & Miller, S. (2018). 2 018 Identity fraud: fraud enters a new era of complexity. Javelin Strategy & Research.

Pierce, P. (2009). Identity theft. Office for victims of crime training and technical assistance center. http://www.ncdsv.org/images/OVCTTAC_IdentityTheftResourcePaper_2012.pdf . Accessed 5 Dec 2021.

*Ponemon Institute. (2011). Second annual survey on medical identity theft. https://www.experian.com/innovation/thought-leadership/medical-identity-theft-second-annual-survey.jsp . Accessed 5 Dec 2021.

*Ponemon Institute. (2012). Third annual survey on medical identity theft. https://www.ponemon.org/research/ponemon-library/security/?tag=38 . Accessed 5 Dec 2021.

*Ponemon Institute. (2013). 2013 survey on medical identity theft. https://www.ponemon.org/local/%20upload/file/2013%20Medical%20Identity%20Theft%20%20Report%20FINAL%2011.pdf . Accessed 5 Dec 2021.

*Ponemon Institute. (2015). Fifth annual study on medical identity theft. https://static.nationwide.com/static/2014_Medical_ID_Theft_Study.pdf?r=65#:~:text=The%20five%2Dyear%20growth%20rate,victim%20or%20non%2Dvictim%20status.&text=This%20year%20we%20collected%2051,victims%20after%20sampling%205%2C000%20trials . Accessed 5 Dec 2021.

*Pryor, W. J. (2009). When your identity gets hijacked: The victim’s experience of identity theft (un published doctoral dissertation) . California Institute of Integral Studies.

*Randa, R., & Reyns, B. W. (2020). The physical and emotional toll of identity theft victimization: A situational and demographic analysis of the National Crime Victimization Survey. Deviant Behavior, 41 (10), 1290–1304.

*Reynolds, D. (2020). The differential effects of identity theft victimization: How demographics predict suffering out-of-pocket losses. Security Journal . https://doi.org/10.1057/s41284-020-00258-y

*Reyns, B. W., Fisher, B. S., Bossler, A. M., & Holt, T. J. (2019). Opportunity and self-control: Do they predict multiple forms of online victimization? American Journal of Criminal Justice, 44 (1), 63–82.

*Reyns, B. W., & Randa, R. (2017). Victim reporting behaviors following identity theft victimization: Results from the National Crime Victimization Survey. Crime & Delinquency, 63 (7), 814–838.

*Sauer, J.H. (2005). Stealing your good name: a survey of Washington State residents 18+ on identity theft incidence and prevention. AARP Knowledge Management, AARP Research. https://www.aarp.org/money/scams-fraud/info-2005/stealing_your_good_name_a_survey_of_washington_sta.html . Accessed 5 Dec 2021.

*Sauer, J.H. (2010). Consumer fraud issues: survey of AARP members 50+ in West Virginia. AARP Knowledge Management, AARP Research. https://www.aarp.org/money/scams-fraud/info-03-2010/wva_fraud_10.html . Accessed 5 Dec 2021.

*Silberman, S.L. (2004). AARP minnesota identity theft survey: a study of residents 18+. AARP Knowledge Management, AARP Research. https://www.aarp.org/money/scams-fraud/info-2004/aresearch-import-927.html . Accessed 5 Dec 2021.

*Synovate. (2003). Federal Trade Commission—identity theft survey report. https://www.ftc.gov/sites/default/files/documents/reports/federal-tradecommission-identity-theft-program/synovatereport.pdf . Accessed 5 Dec 2021.

*Synovate. (2007). Federal Trade Commission—2006 identity theft survey report. https://www.ftc.gov/sites/default/files/documents/reports/federal-tradecommission-2006-identity-theft-survey-report-preparedcommission-synovate/synovatereport.pdf . Accessed 5 Dec 2021.

Tedder, K. & Buzzard, J. (2020). 2020 Identity fraud study: genesis of the identity fraud crisis. https://www.javelinstrategy.com/research/2020-identity-fraud-study-genesis-identity-fraud-crisis . Accessed 5 Dec 2021.

Turanovic, J. J., & Pratt, T. C. (2019). Thinking about victimization: Context and consequences . Routledge.

Vieraitis, L. M., Copes, H., Powell, Z. A., & Pike, A. (2015). A little information goes a long way: Expertise and identity theft. Aggression and Violent Behavior, 20 , 10–18.

Download references

Acknowledgements

I would like to thank the anonymous peer reviewers, Dr. Schumann, and Dr. Wortley for their thoughtful feedback on this manuscript. I would like to thank Alexandra Ricks for her contribution to the early stages of this project. I would like to thank Dr. David B. Wilson for sharing resources on assessments of quality of qualitative research. I would like to also thank Dr. Christopher Koper for his review of and thoughtful feedback on an earlier version of this article.

Author information

Authors and affiliations.

George Mason University, 354 Enterprise Hall, 4400 University Drive, MS 4F4, Fairfax, VA, 22030, USA

Yasemin Irvin-Erickson

You can also search for this author in PubMed Google Scholar

Contributions

The author conducted the review presented in this article and approved the final manuscript.

Corresponding author

Correspondence to Yasemin Irvin-Erickson .

Ethics declarations

Competing interests.

The author declares that she has no competing interests.

Additional information

Publisher's note.

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Flow chart diagram of search results and identification of studies

Hoy et al. ( 2012 ) risk of bias tool

Note: If there is insufficient information in the article to permit a judgment for a particular item, please answer No (HIGH RISK) for that particular item.

Risk of bias item	Criteria for answers

1. Was the study’s target population a close representation of the national population in relation to relevant variables?	• Yes (LOW RISK): The study’s target population was a close representation of the national population • No (HIGH RISK): The study’s target population was clearly NOT representative of the national population
2. Was the sampling frame a true or close representation of the target population?	• Yes (LOW RISK): The sampling frame was a true or close representation of the target population • No (HIGH RISK): The sampling frame was NOT a true or close representation of the target population
3. Was some form of random selection used to select the sample, OR, was a census undertaken?	• Yes (LOW RISK): A census was undertaken, OR, some form of random selection was used to select the sample (e.g., simple random sampling, stratified random sampling, cluster sampling, systematic sampling) • No (HIGH RISK): A census was NOT undertaken, AND some form of random selection was NOT used to select the sample
4. Was the likelihood of non-response bias minimal?	• Yes (LOW RISK): The response rate for the study was > / = 75%, OR, an analysis was performed that showed no significant difference in relevant demographic characteristics between responders and nonresponders • No (HIGH RISK): The response rate was < 75%, and if any analysis comparing responders and non-responders was done, it showed a significant difference in relevant demographic characteristics between responders and non-responders

5. Were data collected directly from the subjects (as opposed to a proxy)?	• Yes (LOW RISK): All data were collected directly from the subjects • No (HIGH RISK): In some instances, data were collected from a proxy
6. Was an acceptable case definition used in the study?*	• Yes (LOW RISK): An acceptable case definition was used • No (HIGH RISK): An acceptable case definition was NOT used
7. Was the study instrument that measured the parameter of interest shown to have reliability and validity (if necessary)?	• Yes (LOW RISK): The study instrument had been shown to have reliability and validity (if this was necessary), e.g., test–retest, piloting, validation in a previous study, etc • No (HIGH RISK): The study instrument had NOT been shown to have reliability or validity (if this was necessary)
8. Was the same mode of data collection used for all subjects?	• Yes (LOW RISK): The same mode of data collection was used for all subjects • No (HIGH RISK): The same mode of data collection was NOT used for all subjects
9. Was the length of the shortest prevalence period for the parameter of interest appropriate?*	• Yes (LOW RISK): The shortest prevalence period for the parameter of interest was appropriate (e.g., point prevalence, one-week prevalence, one-year prevalence) • No (HIGH RISK): The shortest prevalence period for the parameter of interest was not appropriate (e.g., lifetime prevalence)
10. Were the numerator(s) and denominator(s) for the parameter of interest appropriate?*	• Yes (LOW RISK): The paper presented appropriate numerator(s) AND denominator(s) for the parameter of interest • No (HIGH RISK): The paper did present numerator(s) AND denominator(s) for the parameter of interest but one or more of these were inappropriate
	• LOW RISK OF BIAS: Further research is very unlikely to change our confidence in the estimate • MODERATE RISK OF BIAS: Further research is likely to have an important impact on our confidence in the estimate and may change the estimate • HIGH RISK OF BIAS: Further research is very likely to have an important impact on our confidence in the estimate and is likely to change the estimate

*All descriptive quantitative studies were evaluated based on items 1–5, 7(if necessary), and 8. Items 6, 9, and 10 were only used to assess the risk of bias within prevalence studies

Mays and Pope ( 2020 ) framework for assessing quality of qualitative studies

Features/processes of the study	Appraisal questions	Quality indicators (i.e., possible features of the study for consideration)
Findings	1. How credible are the findings?	Findings are supported by data/study evidence Findings ‘make sense’; i.e., have a coherent logic Findings are resonant with other knowledge Corroborating evidence is used to support or refine findings (other data sources or other research evidence)
Findings	2. How has knowledge or understanding been extended by the research?	Literature review summarizing previous knowledge and key issues raised by previous research Aims and design related to existing knowledge, but identify new areas for investigation Credible, clear discussion of how findings have contributed to knowledge and might be applied to policy, practice, or theory development Findings presented in a way that offers new insights or alternative ways of thinking Limitations of evidence discussed and what remains unknown or unclear
Findings	3. How well does the study address its original aims and purpose?	Clear statement of aims and objectives, including reasons for any changes Findings clearly linked to purposes of the study Summary/conclusions related to aims Discussion of limitations of study in meeting aims
Findings	4. How well is the scope for making wider inferences explained?	Discussion of what can be generalized to the wider population from which the sample was drawn or cases selected Detailed description of the contexts in which the data were collected to allow assessment of applicability to other settings Discussion of how propositions/findings may relate to wider theory and consideration of rival explanations Evidence supplied to support claims for wider inference Discussion of limitations on drawing wider inferences
Design	5. How defensible is the research design?	Discussion of how the overall research strategy was designed to meet the aims of the study Discussion of rationale for study design Convincing argument for specific features/components Use of different features and data sources evidence in findings presented Discussion of limitations of design and their implications for evidence produced
Sample	6. How well defended is the sample design or target selection of cases/documents?	Description of study locations, and how and why chosen Description of population of interest and how sample selection relates to it Rationale for selection of target sample, settings or documents Discussion of how sample/selections allowed necessary comparisons to be made
Sample	7. How well is the eventual sample composition/case inclusion described?	Detailed description of achieved sample/cases covered Efforts taken to maximize inclusion of all groups Discussion of any missing coverage in achieved samples/cases and implications for study evidence Documentation of reasons for non-participation among sample approached or cases selected Discussion of access and methods of approach, and how these might have affected coverage
Data collection	8. How well were the data collected?	Discussion of who collected the data; procedures and documents used; checks on origin, status, and authorship of documents Audio- or video-recording of interviews, focus groups, discussions, etc. (if not, were justifiable reasons given?) Description of conventions for taking field notes Description of how fieldwork methods may have influenced data collected Demonstration, through portrayal and use of data. that depth, detail, and richness were achieved in collection
Analysis	9. How well has the analysis been conveyed?	Description of form of original data (e.g., transcripts, observations, notes, documents, etc.) Clear rationale for choice of data management method, tools, or software package Evidence of how descriptive analytic categories, classes, labels, etc. were generated and used Discussion, with examples, of how any constructed analytic concepts, typologies, etc. were devised and used
Analysis	10. How well are the contexts of data sources retained and portrayed?	Description of background, history and socioeconomic/organizational characteristics of study sites/settings Participants’ perspectives/observations are placed in personal context (e.g., use of case studies, vignettes, etc. are annotated with details of contributors) Explanation of origins of written documents Use of data management methods that preserve context (i.e., facilitate within case analysis)
Analysis	11. How well has diversity of perspectives and content been explored?	Discussion of contribution of sample design/case selection to generating diversity Description of diversity/multiple perspectives/ alternative positions in the evidence displayed Evidence of attention to negative cases, outliers or exceptions (deviant cases) Typologies/models of variation derived and discussed Examination of reasons for opposing or differing positions Identification of patterns of association/linkages with divergent positions/groups
Analysis	12. How well has detail, depth and complexity (i.e., richness) of the data been conveyed?	Use and exploration of contributors’ terms, concepts and meanings Portrayal of subtlety/intricacy within data Discussion of explicit and implicit explanations Detection of underlying factors/influences Identification of patterns of association/conceptual linkages within data Presentation of illuminating textual extracts/observations
Reporting	13. How clear are the links between data, interpretation and conclusions?	Clear conceptual links between analytic commentary and presentation of original data (i.e. commentary relates to data cited) Discussion of how/why a particular interpretation is assigned to specific aspects of data, with illustrative extracts to support this Discussion of how explanations, theories, and conclusions were derived; how they relate to interpretations and content of original data; and whether alternative explanations were explored Display of negative cases and how they lie outside main propositions/theory; or how propositions/theory revised to include them
Reporting	14. How clear and coherent is the reporting?	Demonstrates link to aims/questions of study Provides a narrative or clearly constructed thematic account Has structure and signposting that usefully guide reader Provides accessible information for target audiences Key messages are highlighted or summarized
Reflexivity and neutrality	15. How clear are the assumptions, theoretical perspectives and values that have shaped the research and its reporting?	Discussion/evidence of main assumptions, hypotheses and theories on which study was based and how these affected each stage of the study Discussion/evidence of ideological perspectives, values, and philosophy of the researchers and how these affected methods and substance of the study Evidence of openness to new/alternative ways of viewing subject, theories, or assumptions Discussion of how error or bias may have arisen at each stage of the research, and how this threat was addressed, if at all Reflections on impact of researcher(s) on research process
Ethics	16. What evidence is there of attention to ethical issues?	Evidence of thoughtfulness/sensitivity to research contexts and participants Documentation of how research was presented in study settings and to participants Documentation of consent procedures and information provided to participants Discussion of how anonymity of participants/sources was protected, if appropriate or feasible Discussion of any measures to offer information, advice, support, etc. after the study where participation exposed need for these Discussion of potential harm or difficulty caused by participation and how avoided
Auditability	17. How adequately has the research process been documented?	Discussion of strengths and weaknesses of data sources and methods Documentation of changes made to design and reasons; implications for study coverage Documents and reasons for changes in sample coverage, data collection, analysis, etc. and implications Reproduction of main study documents (e.g., interview guides, data management frameworks, letters of invitation)

Quality/risk of bias evaluations and ratings for included studies

Evaluation of quantitative studies.

This review adopted criteria from Hoy et al.’s ( 2012 ) risk of bias evaluation tool (see Appendix 2) to evaluate the risk of bias within quantitative studies. Hoy et al.’s ( 2012 ) risk of study bias assessment, similar to the GRADE approach, does not include a numerical rating but rather evaluates the overall risk of bias based on assessment of risk of bias of individual risk items (Hoy et al., 2012 ). Each quantitative study in this study was assigned into one of the following three categories based on an overall evaluation of risk of study bias based on this tool: low risk of bias, moderate risk of bias, or high risk of bias (see below for individual study ratings and Appendix 5 for bias/quality notes).

Evaluation of qualitative studies

Seventeen appraisal questions from Mays and Pope ( 2020 ) were used to evaluate the quality of qualitative studies based on the reporting of findings, study design, data collection, analysis, reporting, reflexivity and neutrality, ethics, and auditability of the studies (see Appendix 3). In this review, each qualitative study was allocated into one of the following three categories based on an overall evaluation of the study quality based on these 17 indicators: low quality, medium quality, or high quality (see below for individual study ratings and Appendix 5 for bias/quality notes).

Evaluation of mixed-method studies

For the only mixed-method study included in this review (see ITRC, 2003 ), the risk of bias and the study quality were evaluated separately for qualitative and quantitative elements of the study utilizing the frameworks by Hoy et al. ( 2012 ) and Mays and Pope ( 2020 ) (see below for individual study rating and Appendix 5 for bias/quality notes).

Study	Rating	Study	Rating
1. Anderson ( )*	Low risk of bias	27. ITRC ( )*	High risk of bias
2. Betz ( )**	Medium quality	28. ITRC ( )*	High risk of bias
3. Binette ( )*	High risk of bias	29. ITRC ( )*	High risk of bias
4. Burnes et al. ( )*	Low risk of bias	30. ITRC ( )*	High risk of bias
5. Burton ( )*	High risk of bias	31. ITRC ( )*	High risk of bias
6. Copes et al. ( )*	Moderate risk of bias	32. ITRC ( )*	High risk of bias
7. Cornelius ( )*	High risk of bias	33. ITRC ( )*	High risk of bias
8. DeLiema et al. ( )*	Moderate risk of bias	34. Kpaduwa ( )*	High risk of bias
9. Dinger and Sauer ( ) *	High risk of bias	35. Langton and Planty ( )*	Moderate risk of bias
10. Gies et al. ( )*	Moderate risk of bias	36. Li et al. ( )*	High risk of bias
11. Golladay ( )*	Low risk of bias	37. Marcum et al. ( )*	High risk of bias
12. Golladay and Holtfreter ( )*	Low risk of bias	38. Navarro and Higgins ( )*	High risk of bias
13. Gray ( )*	High risk of bias	39. Ponemon Institute ( )*	High risk of bias
14. Green et al. ( )**	Medium quality	40. Ponemon Institute ( )*	High risk of bias
15. Green et al. ( )*	Moderate risk of bias	41. Ponemon Institute ( )*	High risk of bias
16. Harrell ( )*	Low risk of bias	42. Ponemon Institute ( )*	High risk of bias
17. Harrell ( )*	Low risk of bias	43. Pryor ( )**	Medium quality
18. Harrell ( )*	Low risk of bias	44. Randa and Reyns ( )*	Low risk of bias
19. Harrell and Langton ( )*	Low risk of bias	45. Reynolds ( )*	Low risk of bias
20. Holt and Turner ( )*	High risk of bias	46. Reyns and Randa ( )*	Low risk of bias
21. Holtfreter et al. ( )*	Moderate risk of bias	47. Reyns et al. ( )*	High risk of bias
22. ITRC ( )***	High risk of bias/low quality	48. Sauer ( )*	High risk of bias
23. ITRC ( )*	High risk of bias	49. Sauer ( )*	High risk of bias
24. ITRC ( )*	High risk of bias	50. Silberman ( )*	High risk of bias
25. ITRC ( )*	High risk of bias	51. Synovate ( )*	Low risk of bias
26. ITRC ( )*	High risk of bias	52. Synovate ( )*	Low risk of bias

*Studies that analyze data quantitatively were classified into one of the following three bias ratings: low risk of bias, moderate risk of bias, or high risk of bias
**Studies that analyze data qualitatively were classified into one of the following three quality ratings: low quality, medium quality, or high quality
***For the only mixed-method study included in this review, results from qualitative and quantitative analysis were evaluated separately

Bias and quality assessment summary notes for included studies

Study	Notes on bias and quality
AARP publications: Binette ( ) Burton ( ) Dinger and Sauer ( ) Sauer ( , Silberman ( )	Sample stratification based on few or no variables. Response weighting on few or no variables. Measurement of victimization experiences in the past 5 years (as opposed to a shorter time period) introduces risk of bias due to recall issues. Questions aimed at capturing respondents’ identity theft victimization experiences ask (1) if the respondent or somebody known by the respondent experienced identity theft victimization in the past 5 years and (2) what kind of identity theft was experienced by the respondent and somebody they knew. Although for the first question, it is possible to discern between the personal victimization experiences of the respondents and people known by the respondents, it is not possible to discern between (a) the type of identity theft experienced by respondents and people known by respondents and (b) the geographical scope of victimization. *the surveys ask about victimization experiences of people known by the respondents without limiting the residence of these acquaintances to respondents’ state of residence
BJS 2010 report: Langton and Planty ( )	The shortest prevalence period (two years) introduces recall bias
BJS 2012, 2014, 2016, 2018, 2021 reports: ( , , ); Harrell and Langton ( )	National surveys. The response rate was less than 75%, however, the nonresponse bias analysis suggested that there was little or no bias of substantive importance due to nonresponse in the ITS estimates
FTC reports: Synovate ( ,	National surveys. Sample weights including a design weight to provide unbiased estimates
Anderson ( )	There were no missing values in 3217 observations, but there was a missing value for one variable in 650 observations. There were missing values for three or more variables in only 111 cases. To avoid losing observations because of these missing data, conditional mean imputation was employed to provide estimates for missing values of independent variables. Weighted regressions are used
Betz ( )	The study had many strengths with regards to reporting of findings, description of the study design, sample, linking of study findings to the original conceptual framework, ethical considerations, and limitations of the study. The author used several strategies such as member checks, peer review, and reflexivity to increase the rigor of the study. However, this study was rated as moderate quality due to the author not explaining the scope for making wider inferences well-enough; the eventual sample composition; the author not providing much information with regards to the efforts taken to maximize inclusion of all groups; and the author not being able to achieve triangulation. Only 1 out of the 6 participants in the study engaged in one-on-one interviews with the author and provided additional documentation about their victimization. The rest of the interviews were conducted over phone and the author did not seek additional documentation from these 5 participants
Burnes et al. ( )	Data from national survey; pooled data (despite not being longitudinal); missing data were managed with a fully conditional specification multiple imputation method using five pooled data sets
Copes et al. ( )	This study used data derived from the second wave of the National Public Survey on White Collar Crime. The response rate was less than 75%; the authors did not describe the steps taken to address for any dissimilarities between the sample and the target population; there are important forms of identity theft not captured by the NW3C survey (e.g., utilities fraud, income tax fraud, or mortgage fraud); because the survey was administered at the household level, it is not always possible to ensure that that responses about victimization and reporting correspond to the responding individual's experience or whether it reflects the experiences of multiple individuals in the same household; the cross-sectional survey data does not allow for a determination of the exact causal ordering of risky behaviors and fraud victimization
Cornelius ( )	The researcher used Survey Monkey’s demographic selection tool to source potential and eligible participants for the study. There was no description of how the study sample resembles the target population; the author used listwise deletion for participants with missing responses and there was no description of how much data was deleted as a result of this process and the measures taken to reduce nonresponse bias; no study instrument was provided for the identity theft questions
DeLiema et al. ( )	The data is from two pooled iterations of the NCVS-ITS. Data were weighted to reflect a nationally representative sample in regard to age, gender and race/ethnicity and to compensate for survey nonresponse and aspects of the staged sampling design. The main shortcoming of the study was the study focuses on experiences of older individuals; however, certain groups are excluded from the NCVS-ITS: individuals in institutional settings, individuals living in transient settings and individuals with severe cognitive impairment all of whom might be at higher risk of identity fraud victimization among the targeted age group
Gies et al. ( )	The data for this study are derived from two sources: (a) a survey of persons who requested assistance from the ITRC regarding a serious identity crime incident and (b) the ITS administered as part of the Bureau of Justice Statistics’ NCVS. The first source of data is the ITRC Survey. The study used propensity score matching technique with key demographic variables identified by research and analysis revealed no significant differences between groups with regards to key matching variables. However, the ITRC survey response was very low and there was no discussion on strategies employed by the researchers to reduce bias associated with this low response. Furthermore, although the study design allowed for comparison of experiences of identity theft victims who contacted the ITRC, another organization, or did not contact any organization; because of the type of questions asked to capture these experiences, it is not possible to temporally discern if the outcomes are a result of help-seeking behavior of the victims. Method of data collection is not the same for the ITRC survey and the ITS survey
Golladay ( )	The analysis was based on the NCVS-ITS. With the exception of potential omission of some variables in relation to the seriousness of the offense, no other significant issues were detected with regards to study design, construction of the analysis model, or reporting of results
Golladay and Holtfreter ( )	The analysis was based on the 2012 NCVS-ITS and no significant issues were detected with regards to study design, construction of the analysis model, or reporting of results
Gray ( )	Data were retrieved from 70 respondents living in Rio Grande Valley, Texas via a 70-question survey over the Internet and data were analyzed using multiple regression to determine the variables most influential on the reporting of internet identity theft incidents. The study had a small non-representative convenience sample (snowball sampling) and a low response rate
Green et al. ( )	The scope for making wider explanations was not explained well; the information on data collection and data analysis and the impact of these on concluded results was fairly limited; there was not enough discussion on the limitations of the sample and the methodology; there was not enough information to reproduce the findings from the study (such as information about the changes made to the study instruments, data collection and data analysis plans); there was no discussion on how error or bias may have arisen at each stage of the research and how this was addressed
Green et al. ( )	The scope for making wider explanations not explained well; the information on data collection and data analysis and the impact of these on concluded results was fairly limited; there was no discussion on how error or bias may have arisen at each stage of the research and how this was addressed
Holt and Turner ( )	University sample. Information not provided regarding nonresponse rate, any issues regarding bias, or the strategies used to address such bias
Holtfreter et al. ( )	Sample excluded mobile phone only households; the response rate to the survey was low (less than 50%); underrepresentation of certain demographic groups in the sample in comparison to each state’s demographic profiles (i.e., individuals who identify as male, Hispanic, and individual who report a higher education level)
ITRC studies: ITRC ( , , , , , , , , , , , )	The population of these studies are individuals who contacted the ITRC which might be already a narrow group of victims who had more serious identity theft experiences. Very high non-response rate; no clear explanation of bias introduced by non-response and sampling frame and strategies used to address these biases
Kpaduwa ( )	Convenience university sample; stratified sampling but does not provide details about the process; does not provide information about what has been done to address nonresponse bias
Li ( )	Small sample size; no discussion on the bias introduced by the Qualtrics sample; no weighting to adjust for potential difference of the sample from the target population
Marcum et al. ( )	Low response rate; no explanation of strategies taken to reduce nonresponse bias; data on students’ victimization information is collected from counsellors
Navarro and Higgins ( )	Study is based on the 2012 iteration of the NCVS. The authors indicate that there is a large amount of missing data in the variables they included in their models and they excluded the cases with missing data. However, authors do not indicate how much of a loss this was and how they decided to exclude cases
Ponemon Institute reports: ( , , , )	Although the Ponemon studies aim for a nationally representative sample and the reports mention the performing of non-response bias tests, there is not enough information provided in any of the four studies included in this review to evaluate if the sample was representative of the US adult population and if non-response introduced any bias. Furthermore, survey participants provided victimization information for themselves and household members. Accordingly, prevalence estimates are not solely based on data collected directly from victims
Pryor ( )	The sample composition and case inclusion and the context of data were not explained in detail; diversity of perspectives were not explored in detail; the depth of the data was not conveyed in detail; the assumptions and values that have shaped the research and its reporting were not clear
Randa and Reyns ( )	The analysis was based on the NCVS-ITS and no significant issues were detected with regards to study design, construction of the analysis model; or reporting of results
Reynolds ( )	The analysis was based on the NCVS-ITS and no significant issues were detected with regards to study design, construction of the analysis model; or reporting of results
Reyns and Randa ( )	The analysis was based on the NCVS-ITS and no significant issues were detected with regards to study design, construction of the analysis model; or reporting of results
Reyns et al. ( )	University sample (with participants from 2 universities); the response rate to the survey was low; authors did not provide information regarding how the sample differed from the target population, the steps taken by the authors to address potential biases introduced by level of non-response to the survey, and the differences between the sample and the target population

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/ . The Creative Commons Public Domain Dedication waiver ( http://creativecommons.org/publicdomain/zero/1.0/ ) applies to the data made available in this article, unless otherwise stated in a credit line to the data.

Reprints and permissions

About this article

Cite this article.

Irvin-Erickson, Y. Identity fraud victimization: a critical review of the literature of the past two decades. Crime Sci 13 , 3 (2024). https://doi.org/10.1186/s40163-024-00202-0

Download citation

Received : 11 August 2023

Accepted : 27 January 2024

Published : 10 February 2024

DOI : https://doi.org/10.1186/s40163-024-00202-0

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Identity theft
Identity fraud

Crime Science

ISSN: 2193-7680

General enquiries: [email protected]

Digital Commons @ University of South Florida

USF Research
USF Libraries

Digital Commons @ USF > Office of Graduate Studies > USF Graduate Theses and Dissertations > USF Tampa Theses and Dissertations > 1322

USF Tampa Graduate Theses and Dissertations

A case study of identity theft.

Stuart F. H Allison , University of South Florida

Graduation Year

Document type, degree granting department.

Criminology

Major Professor

Michael J. Lynch, Ph.D.

Co-Major Professor

Schuck, Amie

Committee Member

Amie Schuck, Ph.D.

Kim M. Lersch, Ph.D

Fraud, Economic Crime, Trend Analysis

This thesis is an investigation of identity theft, although not a new crime it has recently attracted public concern. This concern has led to both federal and state governments to establish new laws to provide increased protection. Government agencies and the media have warned the public that an individual's social security number and other personal information are the tools that unscrupulous criminals can use to gain access to an identity. Once your identity is assumed criminals can use that new identity to obtain goods and services freely available in this world of instant credit lines.

The purpose of this study is to examine the magnitude and characteristics of identity theft. The objective is to determine if government official's claims and the media's portrayal of the substantial rise in identity theft incidents are supported empirically.

The data for this study comes from police records located in one southern-metropolitan city; from this two separate data sets were drawn. A case study methodology was selected for this project.

The results indicate that the identity theft trend is different than the trends for other theft related offenses -- credit card fraud, check fraud, robbery and motor vehicle theft. The data suggest that identity theft is increasing more rapidly than the other theft orientated offenses. However, future research should be conducted to help determine if the trend found in this study is a more a reflection of criminal behavior then of changes in reporting. Additionally, the available literature on identity theft suggested that attaining an arrest for identity theft is especially difficult. The empirical evidence found in this study is mixed on this point. Finally, the demographic characteristics of identity thieves in the area of study do not conform to other economically motivated offenders. African American female offenders make up a significantly large proportion of offenders. Determining the cause of these patterns would at this point be premature, but the existence of patterns warrants further research.

In conclusion, this study finds support for the expressed belief by media, private organizations, and government officials that there is greater reporting and recoding of identity theft.

Scholar Commons Citation

Allison, Stuart F. H, "A Case Study of Identity Theft" (2003). USF Tampa Graduate Theses and Dissertations. https://digitalcommons.usf.edu/etd/1322

Since February 24, 2011

Included in

American Studies Commons

Advanced Search

Email Notifications and RSS
All Collections
USF Faculty Publications
Open Access Journals
Conferences and Events
Theses and Dissertations
Textbooks Collection

Useful Links

USF Office of Graduate Studies
Rights Information
SelectedWorks
Submit Research

Privacy Copyright

An official website of the United States government

The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Publications
Account settings

Preview improvements coming to the PMC website in October 2024. Learn More or Try it out now .

Advanced Search
Journal List
Prev Med Rep
v.17; 2020 Mar

Risk and protective factors of identity theft victimization in the United States

David burnes.

a University of Toronto, Factor-Inwentash Faculty of Social Work, 246 Bloor Street West, Toronto, Ontario, M5S1V4, Canada

Marguerite DeLiema

b University of Minnesota, Twin Cities, School of Social Work, 105 Peters Hall, 1404 Gortner Ave., St. Paul, MN, 55108, USA

Lynn Langton

c RTI International, Division for Applied Justice Research, 701 13th Street NW, Washington DC, 20005, USA

Associated Data

• Identity theft is a pervasive problem and a public health issue.
• Frequent online purchasing behaviors result in greater risk of identity theft.
• Corporate and government data breaches put consumers at risk for identity theft.
• Risk factors vary by identity theft subtype.
• Routine individual preventative behaviors can mitigate identity theft risk.

Identity theft victimization is associated with serious physical and mental health morbidities. The problem is expanding as society becomes increasingly reliant on technology to store and transfer personally identifying information. Guided by lifestyle-routine activity theory, this study sought to identify risk and protective factors associated with identity theft victimization and determine whether individual-level behaviors, including frequency of online purchasing and data protection practices, are determinative of victimization. Data from sequential administrations of the U.S. National Crime Victimization Survey–Identity Theft Supplement (ITS) in 2012 and 2014 were combined (N = 128,419). Using multivariable logistic regression, risk and protective factors were examined for three subtypes: 1) unauthorized use of existing credit card/bank accounts, and unauthorized use of personal information to 2) open new accounts, or 3) engage in instrumental activities (e.g., applying for government benefits, receiving medical care, filing false tax returns). Existing credit card/bank accounts and new accounts identity theft victimization were associated with higher levels of online purchasing activity and prior identity theft victimization. All identity theft subtypes were associated with government/corporate data breaches and other crime victimization experiences. Routine individual-level preventive behaviors such as changing online passwords and shredding/destroying documents were protective. Identity theft subtypes showed divergent socio-demographic risk/protective profiles, with those of higher socioeconomic status more likely to be victims of existing credit card/bank account identity theft. Identity theft is a pervasive, growing problem with serious health and psychosocial consequences, yet individuals can engage in specific protective behaviors to mitigate victimization risk.

1. Introduction

Identity theft – defined as the intentional, unauthorized use of a person’s identifying information for unlawful purposes ( Federal Trade Commission, 1998 , Koops and Leenes, 2006 ) – is a growing public health problem. While identity theft is not a new crime, the magnitude of the problem has increased with society’s growing reliance on the electronic transfer and storage of personal information across all forms of commerce and services. Approximately 10% of U.S. adults experienced identity theft in 2016, up from 7% in 2012 ( Harrell, 2019 ), and consumer agencies have seen recorded complaints about identity theft increase almost five-fold since 2001 ( Federal Trade Commission, 2017 ). Even routine, mandatory interactions with government (e.g., filing taxes) and healthcare systems (e.g., health records) involve the online transfer and storage of highly identifiable information, such as social security and medical ID numbers, expanding opportunities for identity thieves to illegally obtain personal information ( Myers et al., 2008 ).

In addition to the rising incidence of identity theft, there is growing recognition of the negative emotional and physical health consequences of financial crimes. One in 10 identity theft victims, roughly 2.6 million people, reported experiencing severe emotional distress following victimization ( Harrell, 2019 ). A quarter of identity theft victims experienced sleep problems, anxiety, and irritation six months after the crime ( Sharp et al., 2004 ), with older adults and minorities experiencing more severe emotional consequences including depression, anger, worry, and sense of vulnerability ( Golladay and Holtfreter, 2017 ). While not specific to identity theft, Ganzini and colleagues ( 1990 ) found significantly higher rates of depression and anxiety among financial crime victims compared to demographically-matched controls. Financial crimes have also been associated with increased rates of hospitalization ( Dong and Simon, 2013 ) and all-cause mortality ( Burnett et al., 2016 ). Identity theft also diminishes public confidence in government and corporate entities, prompting increasingly restrictive access to government databases designed to promote public health research ( Wartenberg and Thompson, 2010 ).

The large number of high-profile data breaches in the 21st century (e.g., Equifax, Yahoo, Anthem, U.S. Office of Personnel Management) introduce the question of whether individual-level characteristics and behaviors affect the risk of identity theft victimization, or whether victimization risk is entirely contingent on corporate and government-level data security practices. Combining 2012 and 2014 data from the Bureau of Justice Statistics’ (BJS) nationally representative National Crime Victimization Survey – Identity Theft Supplement (NCVS-ITS), the current study provides a comprehensive examination of identity theft victimization risk and protective factors across three major identity theft subtypes: 1) Unauthorized use of existing credit card(s) and/or bank account(s) and; Unauthorized use of personal information to 2) open new account(s); or 3) engage in instrumental activities. Although the BJS provides basic descriptive and bivariate statistics from the NCVS-ITS with a focus on socio-demographic variables, a multivariable analysis is necessary to identify whether individual-level online routines and lifestyle behaviors affect the probability of victimization above and beyond risk factors that are largely outside of an individual’s control, such as corporate/government-level data breaches. Only through this more comprehensive analysis that isolates the impact of individual behaviors after controlling for other factors can we begin to understand where to effectively allocate security resources to help reduce the frequency and consequences of identity theft. In contrast to BJS reports that combine both “attempted” and “actual” cases of identity theft in analysis, the current study focuses on identity theft victimization and, therefore, includes only cases of actual identity theft (excluding attempted cases).

2. Theoretical framework

The current paper draws on lifestyle-routine activity theory (L-RAT; Cohen and Felson, 1979 , Hindelang et al., 1978 ) which proposes that individual lifestyles and routine activities influence the risk of crime victimization to the extent that they bring a potential target into contact with offenders or affect the availability of protective measures to prevent the crime ( Cohen et al., 1981 , Miethe and Meier, 1990 , Hindelang et al., 1978 ). L-RAT originally described crimes involving direct victim-perpetrator contact, such as assault and robbery, yet the theory has been modified for application to internet-based crimes in which the victim and perpetrator do not physically or necessarily instantaneously converge, including financial fraud ( Pratt et al., 2010 ) and identity theft ( Reyns, 2013 , Reyns and Henson, 2016 ).

According to L-RAT, individuals with greater visibility to offenders in unguarded/un-protected settings are more likely to be victimized ( Cohen et al., 1981 ). In the context of cyber crimes, online activity could expose a person’s identifying information to offenders if the device is infected with malware, hacked, or personal data is entered into an unsecure website. Identity theft research has generally supported the hypothesis that engagement in routine online commercial activities, such as banking, shopping, emailing/instant messaging, selling goods, downloading media, or higher overall levels of internet usage, is associated with victimization ( Holtfreter et al., 2014 , Reyns, 2013 , Reyns and Henson, 2016 , Williams, 2016 ). Yet beyond individual online activities, data breaches targeting retailers, healthcare insurers/providers, and government entities that store and transfer personal information may also increase risk of identity theft.

Previous studies examining L-RAT and criminal behavior have found that routine activities account for a substantial portion of the association between crime and socio-demographic characteristics ( Osgood et al., 1996 ). It is unknown whether identity theft victimization is correlated with demographic and socioeconomic characteristics—age, income, education, race, residential setting—given that personal information is often obtained through online channels with no direct victim-perpetrator contact. Yet these characteristics influence socio-cultural lifestyles and patterns of consumption that affect how often individuals use their identifying information and for what purposes. Previous researchers have found a positive relationship between income, educational attainment, and identity theft victimization ( Anderson, 2006 , Reyns, 2013 , Reyns and Henson, 2016 , Williams, 2016 ).

Prior studies have inconsistently found that both females ( Anderson, 2006 ) and males ( Holtfreter et al., 2014 , Reyns, 2013 ) are at greater risk of identity theft victimization. Similarly, different studies have shown that younger adults ( Williams, 2016 ), middle-aged adults ( Harrell, 2015 ), and older adults ( Reyns, 2013 ) are at increased risk of victimization. Rather than considering age as a continuous variable or according to arbitrary cut-offs, the current study examined age according to generational cohorts, which may be more indicative of age-cohort-related lifestyles and routine activity trends. The study also examined age and gender risk profiles separately for each identity theft subtype, as differences in how information is obtained and misused could explain previous mixed findings.

According to L-RAT, people with greater measures of protection or security, including social, physical, or safety measures are at lower risk of victimization ( Cohen et al., 1981 , McNeeley, 2015 , Wilcox et al., 2007 ). In the context of identity theft, behaviors such as installing antivirus software, shredding documents, and routinely changing passwords theoretically reduce opportunities for identity thieves to access personal information. This has received mixed results in the identity theft literature. Reyns and Henson (2016) found that protective computer/internet-based behaviors, such as use of antivirus software, deleting emails from unknown senders, and regularly changing passwords, were not related to identity theft victimization. Williams ( 2016 ) found that some security measures (using only one computer, filtering spam email, installing antivirus software and secure browsing) were associated with lower identity theft victimization, while other measures (changing security settings and passwords) were associated with greater victimization. However, existing identity theft research is limited by study designs that have been unable to determine whether reported protective behaviors were enacted as a general precautionary measure (prior to) or in response to (following) identity theft victimization. The current study only considered protective behaviors reported as general preventive measures and excludes protective behaviors enacted in reaction to a victimization experience.

This study combined cross-sectional data (n = 128,419) from a rotating panel design of consecutive, directly comparable 2012 (n = 64,132) and 2014 (n = 64,287) administrations of the NCVS-ITS ( U.S. Department of Justice, 2012 , U.S. Department of Justice, 2014 ). The broader NCVS study used a two-stage, stratified cluster sample design, representing all U.S. residents age 12 years or older living in housing units or group quarters. The ITS surveys were administered to eligible respondents age 16 or older at the end of their NCVS interviews using computer-assisted personal or telephone interviewing. While the ITS survey collected only data about respondent experiences with identity theft, respondents’ demographic data and their experiences with other types of crime victimization were collected through the broader NCVS survey. The overall NCVS-ITS unit response rates for NCVS households, NCVS persons, and ITS persons in 2012 and 2014 were 68.2% and 66.1%, respectively. Selection bias analysis found little or no bias to ITS estimates due to non-response ( Inter-University Consortium for Political and Social Research, 2012 , Inter-University Consortium for Political and Social Research, 2014 ). Data were weighted to be nationally representative but adjusted back to reflect the original sample size and avoid inflated p-values. Further details on NCVS-ITS methods can be found at www.bjs.gov ( Bureau of Justice Statistics, 2014 ).

3.2. Dependent variables

Consistent with empirically derived recommendations to maximize sensitivity and reduce respondent under-reporting in financial exploitation prevalence research ( Burnes et al., 2017 ), the NCVS-ITS measured identity theft victimization using a series of contextually oriented questions describing specific sub-categories, rather than a single, general self-report assessment question. Dependent identity theft variables include the unauthorized use of: 1) existing credit card and/or bank accounts; 2) personal information to open new accounts (e.g., financial, investment, utilities); and 3) personal information for instrumental purposes (e.g. filing false tax returns, obtaining medical services, applying for a job or government benefits). Because the mechanisms of identity exposure and the purposes of identity misuse differ across these three categories, risk and protective factors were assessed separately in the analysis. Victimization status was limited to respondents reporting identity theft within the previous year (1 = yes, 0 = No).

3.3. Independent variables

3.3.1. risk factors.

Potential risk factors for identity theft included: 1) frequency of online purchasing behavior in the past year (none, up to once per month, up to once per week, up to once per day, more than once per day); 2) prior year breach of personal information stored by a company or government (no = 0, yes [but social security number not exposed] = 1, yes [social security number exposed] = 2); 3) number of other forms of victimization experienced in the past year, such as theft and assault (continuous); and 4) whether the respondent experienced prior identity theft victimization during lifetime (yes = 1, no = 0).

3.3.2. Protective factors

Respondents were asked a series of seven questions (no = 0/yes = 1) designed to capture identity theft-related preventive/protective practices within the previous 12 months. The questions asked about the following behaviors: checked credit report; changed passwords on financial accounts; purchased credit monitoring services or identity theft insurance; shredded or destroyed documents containing personally identifying information; checked bank or credit card statements for unfamiliar charges; used computer security software; or purchased identity theft protection services. An affirmative response to each question triggered a follow-up question asking whether the behavior was enacted in response to a misuse of personal information. To address issues of temporal ordering as it relates to routine protective behaviors, respondents who indicated that a behavior was enacted in response to a victimization event in the past 12 months were coded as a “no” for the preventive behavior. To understand whether the seven binary protective practice items loaded onto one or more dimensional factors, a multiple correspondence analysis (MCA) was conducted, which analyzed the underlying structure of the binary/categorical data ( Greenacre & Blasius, 2006 ). As illustrated in the discrimination measures plot ( Appendix A ), two factors emerged based on whether the protective item was purchased or reflected a routine protective behavior. The purchased factor contained two items—credit monitoring services/identity theft insurance and identity theft protection services. The routine protective behavior factor had five items—checked credit report, changed passwords, shredded/destroyed documents, checked bank/credit card statements, used computer security software. These purchase and routine protective behavior variables (continuous) were entered separately into the models.

3.3.3. Controls

Age was operationalized according to generational cohorts to reflect age-related lifestyles that could impact exposure to identity theft: millennials (born 1981–1998), Generation X (born 1965–1980), baby boomers (born 1946–1964), and Silent/Greatest (born before 1945) ( Pew Research Center, 2016 ). Additional socio-demographic characteristics included gender (male/female), marital status (married/partnered vs. not married/partnered), education (high school or less, some college, college degree, advanced degree), annual household income ($0–24,999, $25,000–49,999, $50,000–74,999, $75,000 or more), and race/ethnicity (non-Hispanic white, non-Hispanic black, Hispanic, non-Hispanic Asian American/Pacific Islander/American Indian/Alaska Native [AAPI/AIAN], other). Other control variables included residential setting (urban, rural) and survey administration mode (in-person, telephone).

3.4. Analytic plan

Risk and protective variables and controls were regressed on each subtype of identity theft using multivariable logistic regression. Model fit was tested using the Omnibus Test of Model Coefficients and the Hosmer-Lemeshow Test. Tolerance and variance inflation factor statistics were used to test for multicollinearity in regression models. The existing credit card/ bank account analysis was limited to respondents who reported having a credit card or bank account. Missing data were managed with a fully conditional specification multiple imputation method using five pooled data sets. Analyses were performed using IBM SPSS version 25. Due to the large sample size, a p-value of less than 0.001 was considered statistically significant.

Table 1 provides a description of the weighted sample of victims across identity theft subtypes. Across identity theft subtypes, victims were proportionally more female, Caucasian, belonged to the Baby Boomer generation, and lived in urban settings. Whereas victims of existing credit card/bank account identity theft tended to belong to higher income households, victims of new accounts and instrumental purposes identity theft tended to belong to lower-income households.

Descriptive characteristics of weighted (sample-size-adjusted) victim samples across identity theft victimization subtypes.

	Existing Credit Card or Bank Account Victims (n = 7241)	New Accounts Victims (n = 492)	Instrumental Purposes Victims (n = 350)
Independent Variables	n (%), Mean (SD)	n (%), Mean (SD)	n (%), Mean (SD)

Online purchasing behavior frequency
None (0 times/year)	1393 (19.2%)	191 (38.8)	156 (44.7)
Up to once per month (1–12 times/year)	2761 (38.1%)	169 (34.5)	110 (31.6)
Up to once per week (13–52 times/year)	2070 (28.6)	88 (17.9)	45 (12.8)
Up to once per day (58–365 times/year)	777 (10.7	31 (6.3)	25 (7.2)
More than once per day (More than 365 times/year)	62 (0.8)	5 (1.0)	4 (1.1)
Number of other victimizations (cont. 0–10)	0.1 (0.4)	0.2 (0.6)	0.2 (0.6)
Breached personal information No Yes (SSN not exposed) Yes (SSN exposed)	6027 (83.2%)924 (12.8) 229 (3.2)	400 (81.3) 53 (10.8) 35 (7.1)	271 (77.4) 33 (9.4) 42 (12.1)
Identity theft victimization prior to past year
No	5987 (82.7)	406 (82.6)	291 (83.1%)
Yes	1209 (16.7)	81 (16.5)	55 (15.8)

Purchase protective services (0–5)	0.1 (0.3)	0.1 (0.4)	0.1 (0.4)
Routine protective behaviors (0–5)	2.3 (1.4)	1.6 (1.5)	1.7 (1.5)

Age generations Millennials Generation X Baby boomers Silent or Greatest	1706 (23.6) 2244 (31.0) 2612 (36.1) 678 (9.4)	1902 (24.0%)2449 (30.9) 2832 (35.8) 738 (9.3)	141 (28.8) 140 (28.4) 165 (33.6) 45 (9.2)
Gender Male Female	3461 (47.8) 3780 (52.2)	3770 (47.6%) 4152 (52.4)	235 (47.7) 257 (52.3)
Marital status Married Non-married	4384 (60.5) 2837 (39.2)	4671 (59.1%) 3229 (40.9)	225 (45.7) 267 (54.3)
Educational attainment
High school or less	1605 (22.2)	1867 (23.7%)	135 (38.5)
Some college or associate degree	2152 (29.7)	2388 (30.3)	124 (35.5)
Bachelor’s degree	2155 (29.8)	2270 (28.8)	63 (18.0)
Graduate/professional degree	1295 (17.9)	1360 (17.2)	26 (7.4)
Race/ethnicity White Hispanic Black AAPI/AIAN* Other*	5591 (77.2) 610 (8.4) 536 (7.4) 393 (5.4) 112 (1.5)	289 (58.7) 75 (15.2) 84 (17.1) 20 (4.0) 24 (4.9)	206 (58.9) 45 (12.8) 79 (22.5) 13 (3.8) 7 (2.1)
Household income $0–24,999 $25,000–49,999 $50,000–74,999 $75,000+	668 (9.2) 1199 (16.6) 1090 (15.1) 2934 (40.5)	114 (23.2) 105 (21.3) 63 (12.7) 117 (23.9)	86 (24.5) 81 (23.0) 41 (11.7) 66 (18.8)
Number of household members ≤ 12 years (cont. 0–9)	0.4 (0.8)	0.54 (0.95)	0.55 (1.01)
Residential setting
Urban	6096 (84.2)	426 (86.6)	309 (88.4)
Rural	1145 (15.8)	66 (13.4)	41 (11.6)
Interview type In-person Telephone	3170 (43.8) 4071 (56.2)	254 (51.8) 237 (48.2)	197 (56.4) 153 (43.6)

Table 2 presents the prevalence of identity theft victimization overall and by subtype. The prevalence of overall identity theft victimization (any type) was 6.2% in the combined 2012/2014 sample (95%CI = 6.0%–6.3%). The most common form of victimization was existing credit card or bank account identity theft, with a prevalence of 5.6% (95%CI = 5.5%–5.8%).

Identity theft victimization frequencies.

Identity Theft Victimization Subtype	Combined 2012/2014 (n = 128,419)
Identity Theft Victimization Subtype	n (%)
Any subtype	7921 (6.2)
Existing credit or bank account	7241 (5.6)
New accounts	492 (0.4)
Instrumental purposes	350 (0.3)

4.1. Risk factors

Table 3 presents results from the multivariable analysis of risk and protective factors of identity theft victimization for each subtype. Higher levels of online purchasing behavior were significantly associated with increasing odds of existing credit card/bank account and new accounts identity theft victimization; those engaging in daily online shopping were more than five times as likely to be victims of existing credit card/bank account identity theft as those not engaging in online purchasing (OR = 5.74, 95%CI = 4.31–7.64). Persons reporting breached personal information from a company or government were significantly more likely to experience identity theft, particularly if social security information was exposed (instrumental purposes: OR = 8.05, 95%CI = 5.66–11.46; new accounts: OR = 3.83, 95%CI = 2.67–5.51; existing credit/bank account: OR = 1.46, 95%CI = 1.26–1.68). Those reporting other NCVS victimizations were between 29% (existing credit/bank account: OR = 1.29, 95%CI = 1.23–1.35) and 46% (new accounts: OR = 1.46, 95%CI = 1.32–1.62) more likely to be victims of identity theft with each successive crime. Individuals with a history of identity theft victimization were 28% more likely to be victimized by existing credit/bank account identity theft in the past year than those with no prior history (OR = 1.28, 95%CI = 1.19–1.37).

Multivariable logistic regression models predicting identity theft victimization.

Independent Variables	Existing Credit or Bank Account (n = 116,042)	New Accounts (n = 128,419)	Instrumental (n = 128,419)
Independent Variables	OR (95% CI)	OR (95% CI)	OR (95% CI)

Online purchasing behavior frequency (ref. None)
Up to once per month (1–12 times/year)	2.45 (2.28–2.63)***	1.71 (1.35–2.17)***	1.35 (1.02–1.78)
Up to once per week (13–52 times/year)	3.54 (3.27–3.83)***	1.78 (1.33–2.38)***	1.12 (0.77–1.64)
Up to once per day (58–365 times/year)	4.44 (4.02–4.90)***	1.89 (1.25–2.85)	2.01 (1.28–3.16)
More than once per day (More than 365 times/year)	5.74 (4.31–7.64)***	4.52 (1.79–11.46)	4.03 (1.39–11.70)
Number of other victimizations (cont.)	1.29 (1.23–1.35)***	1.46 (1.32–1.62)***	1.41 (1.24–1.60)***
Breached personal information (ref. No)
Yes (SSN not exposed)	1.44 (1.33–1.56)***	1.96 (1.44–2.66)***	2.16 (1.47–3.19)***
Yes (SSN exposed)	1.46 (1.26–1.68)***	3.83 (2.67–5.51)***	8.05 (5.66–11.46)***
Identity theft victimization prior to past year (ref. No) Yes	1.28 (1.19–1.37)***	1.43 (1.11–1.85)	1.43 (1.05–1.95)

Purchase protective services (cont.)	1.02 (0.95–1.09)	1.62 (1.28–2.06)***	1.37 (0.99–1.87)
Routine protective behaviors (cont.)	0.76 (0.75–0.78)***	0.66 (0.61–0.71)***	0.71 (0.65–0.78)***

Age generations (ref. millennials)
Generation X	1.21 (1.12–1.29)***	1.28 (1.00–1.65)	1.68 (1.26–2.24)***
Baby boomers	1.38 (1.29–1.48)***	1.70 (1.32–2.20)***	1.79 (1.32–2.42)***
Silent or Greatest	1.10 (0.99–1.21)	1.23 (0.86–1.78)	1.12 (0.72–1.75)
Gender (ref. Male) Female	0.99 (0.94–1.04)	0.95 (0.79–1.13)	1.14 (0.92–1.42)
Marital Status (ref. Married/partnered) Not married/partnered	0.95 (0.90–1.01)	1.23 (1.00–1.51)	1.63 (1.28–2.09)***
Educational attainment (ref. High school or less)
Some college or associate degree	1.42 (1.33–1.52)***	1.70 (1.35–2.14)***	1.43 (1.11–1.86)
Bachelor’s degree	1.67 (1.56–1.80)***	1.66 (1.25–2.20)***	1.18 (0.84–1.66)
Graduate/professional degree	1.90 (1.74–2.07)***	1.85 (1.31–2.61)	0.95 (0.59–1.50)
Race/ethnicity (ref. non-Hispanic white)
Hispanic	0.85 (0.78–0.93)***	1.32 (1.00–1.73)	0.93 (0.66–1.32)
Black	0.78 (0.71–0.86)***	1.43 (1.11–1.86)	1.58 (1.20–2.09)
AAPI/AIAN	0.78 (0.70–0.87)***	0.73 (0.46–1.16)	0.69 (0.39–1.22)
Other	1.09 (0.89–1.32)	3.32 (2.17–5.09)***	1.18 (056–2.50)
Household income (ref. $0 to 24,999)
$25,000 to 49,999	1.05 (0.95–1.15)	0.77 (0.60–1.00)	0.90 (0.67–1.21)
$50,000 to 74,999	1.20 (1.08–1.33)	0.73 (0.54–0.99)	0.80 (0.56–1.13)
$75,000+	1.38 (1.25–1.52)***	0.71 (0.52–0.97)	0.74 (0.52–1.05)
Number of household members ≤ 12 years (cont.)	1.01 (0.98–1.05)	1.20 (1.08–1.33)	1.21 (1.07–1.36)
Residential setting (ref. urban) Rural	0.90 (0.84–0.96)	0.80 (0.61–1.05)	0.65 (0.46–0.91)
Interview type (ref. In-person) Telephone	0.91 (0.87–0.96)***	0.85 (0.71–1.02)	0.74 (0.60–0.92)

Note: All multivariable logistic regression models, except the New Accounts model, satisfied the Omnibus Test of Model Coefficients (p < 0.01). All multivariable logistic regression models satisfied the Hosmer-Lemeshow Test (p > 0.05). Across models, independent variables had tolerance of 0.70 or above and variance inflation factor of 1.43 or below, indicating no concern of multicollinearity.

CI = Confidence interval; OR: Odds ratio; SSN: Social Security Number; AAPI/AIAN = Asian American/Pacific Islander/American Indian/Alaskan Native. ***p < 0.001, (two-tailed tests).

4.2. Protective factors

Individuals engaging in a higher number of proactive, routine protective behaviors, such as shredding documents and updating passwords, were between 25% (existing credit/bank account: OR = 0.76, 95%CI = 0.75–0.78) and 35% (new accounts: OR = 0.66, 95%CI = 0.61–0.71) less likely to experience identity theft victimization with each additional protective behavior. Purchasing credit monitoring services and identity theft insurance, however, was associated with significantly higher odds of new accounts (OR = 1.62, 95%CI = 1.28–2.06) identity theft.

4.3. Socio-Demographic controls

Across all identity theft subtypes, baby boomers were most likely to be victims (existing credit/bank account: OR = 1.38, 95%CI = 1.29–1.48; new accounts: OR = 1.70, 95%CI = 1.32–2.20; instrumental: OR = 1.79, 95%CI = 1.32–2.42). Unmarried/un-partnered persons were 63% (OR = 1.63, 95%CI = 1.28–2.09) more likely to experience instrumental forms of identity theft. Higher levels of education were associated with increasingly higher odds of both existing credit card/bank account and new accounts forms of identity theft. Compared to non-Hispanic whites, existing credit/bank account victimization was less likely among Hispanic (OR = 0.85, 95%CI = 0.78–0.93), Black (OR = 0.78, 95%CI = 0.71–0.86), and AAPI/AIAN (OR = 0.78, 95%CI = 0.70–0.87) persons. Persons living in households in the highest income bracket were most likely to experience existing credit/bank account identity theft (OR = 1.38, 95%CI = 1.25–1.52) compared to those in the lowest income households. As a methodological finding, respondents who participated in a telephone rather than in-person interview were significantly less likely to report identity theft victimization.

5. Discussion

Approximately 1 out of every 15 adults aged sixteen years or older in the U.S. – over 16 million people – experience some form of identity theft each year. In addition to direct losses, consequences may include damaged credit, legal fees, loss of trust, and health outcomes such as stress, anxiety, and depression ( Harrell, 2015 , Golladay and Holtfreter, 2017 ). Among victims who experienced the misuse of personal information for instrumental purposes, approximately 56% suffered moderate to severe distress, a similar percentage as seen among victims of violence ( Harrell, 2015 ).

As large-scale data breaches have become an unfortunate part of our growing tech-based marketplace, this analysis examined whether online purchasing behavior and personal data security practices affect the risk of identity theft victimization, or whether becoming a victim is largely contingent on corporate and government-level data breaches. Findings provide support for the L-RAT model of victimization which suggests that individual lifestyle routines and degree of protective measures/guardianship influence the likelihood of victimization.

Respondents who stated that their information was part of a large data breach were significantly more likely to report all forms of identity theft, particularly when their social security numbers were exposed. Victims of identity theft for instrumental purposes were eight times as likely to say their social security numbers were exposed in a data breach compared to non-victims, likely because that form of identity theft requires social security numbers to access government benefits and other services. Although it is not possible to assess whether data breaches directly caused identity theft incidents, data breaches were significantly correlated with the misuse of identity information.

L-RAT proposes that routine lifestyle behaviors contribute to crime victimization risk. In the present study, individual risk and protective behaviors were consistent and strong (magnitude) predictors. Similar to findings using a Canadian sample ( Reyns & Henson, 2016 ), increasing levels of online purchasing activity were associated with incrementally higher odds of financial account and new account identity theft. Participating in commercial activities online reflects a major societal innovation and lifestyle shift that has allowed consumers to purchase products conveniently and globally, but entering personal data online entrusts vendors to safely store and manage this data. For example, Holtfreter et al. (2015) found that individuals who placed an order with a company they had never done business with before were significantly more likely to be victims of identity theft. While the NCVS ITS does not ask respondents what online retailers they have made purchases from, it is likely that as the frequency of online shopping increases, the odds of using an unsecured payment portal or having information exposed in a retail data breach increases. Further innovations in online security and payment systems are required to protect users’ information, and future research should explore precisely how online purchasing activities expose personal information.

In support of the guardianship principle of L-RAT, proactive individual behaviors, like shredding personal documents and routinely changing account passwords, significantly reduced the likelihood of identity theft. Unfortunately, the Pew Research Center ( Olmstead & Smith, 2017 ) found that half of U.S. respondents were not educated about everyday security practices. Given that routine safety behaviors reduce risk of identity theft, consumer protection efforts need to focus on educating consumers on the basics of online security. Purchasing external credit monitoring and identity theft protection services did not reduce risk and was related to greater likelihood of new accounts identity theft victimization. Perhaps respondents who purchased these services had some knowledge that their identity may be misused. Another explanation is that some criminal entities have reached a level of sophistication to evolve techniques ahead of current industry protection standards ( Moore et al., 2009 ).

This study found that exposure to other types of crime, as well as prior experiences with identity theft, were associated with a greater risk of identity theft victimization. Personal information may be stolen during the course of other crimes directly (e.g., theft of wallets, bank statements) or indirectly through theft of devices that contain personal information. This result is consistent with financial fraud research—prior fraud victimization increases the odds of re-victimization ( Titus et al., 1995 ). An underground system exists for identity theft where specified pieces of stolen identifying information are bundled and sold to other criminals, thereby increasing the odds that it is used for various identity crimes over time ( Moore et al., 2009 ). Services for identity theft victims should include help contacting the major credit bureaus to place a temporary freeze or fraud alert on credit reports to prevent criminals from opening new accounts with victims’ stolen credentials.

The socioeconomic and demographic risk patterns found in this study were roughly consistent with the predictions of L-RAT. In general, members of Generation X and the baby boomers, now between the ages of 39 and 73, were at the highest risk of most types of identity theft. This likely reflects the socioeconomic capacity and consumption patterns among Generation X and baby boomers relative to millennials. Together, these older generations constitute the bulk of the U.S. workforce and, therefore, have the economic means to engage in consumer activities where identities may be exposed. Longitudinal data is needed to determine whether the association between middle to late adulthood and increased risk of identity theft is indeed due to lifestyles or whether age has an independent effect.

Compared to Hispanic, Black, and Asian respondents, White respondents and those with higher educational attainment experienced significantly higher risk of existing credit card/bank account identity theft. Individuals with higher socioeconomic status have more purchasing power ( Charron-Chénier et al., 2017 ), have more access to credit ( Haushofer & Fehr, 2014 ), own more internet-enabled devices that store and transfer personal information, and are more likely to use credit cards ( Greene & Stavins, 2016 ). In support of L-RAT, this suggests that the association between existing credit card/bank account identity theft and demographic/socioeconomic profiles is related to lifestyle factors where there is greater reliance on these financial instruments, and thus more opportunities for criminals to intercept account information.

5.1. Limitations

While the NCVS Identity Theft Supplement is one of the most comprehensive sources of data on identity theft, the survey likely underestimates the true extent of the problem. First, the NCVS excluded adult sub-populations who may be particularly vulnerable, such as those living with cognitive impairment and/or in institutional settings. Second, the literature on financial fraud victimization finds that people tend to under-report victimization in survey research ( Beals et al., 2015 ), and this self-report error likely extends to the issue of identity theft. Finally, the nonresponse group is likely disproportionately represented by victims who are reluctant to provide personal information in response to a survey. Another limitation of the study was that data on other potentially important behavioral variables, such as the extent of online downloading, online financial account management, types of websites visited, and presence of malware, hacking or phishing events, were unavailable. To better understand risk of identity theft victimization within the L-RAT paradigm, measures are needed to account for system-level security practices among corporate and government entities, but this is beyond the scope of the NCVS.

5.2. Health implications

Identity theft victimization affects tens of millions of Americans each year. Financial exploitation, in general, is associated with major health-related consequences such as increased rates of hospitalization and all-cause mortality. Victims of identity theft experience severe mental/emotional distress, particularly among minority and older adult populations ( Harrell, 2019 , Golladay and Holtfreter, 2017 ). Given the increasing scope of this problem, the development of effective primary prevention strategies is critically needed and should focus on promoting relatively unintrusive and feasible everyday practices such as routinely changing financial account passwords, shredding documents, and checking credit reports and financial statements. The prevalence of this problem indicates that healthcare professionals will encounter patients who are victimized by identity theft on a regular basis. Healthcare settings represent an important place to both recognize vulnerable adults and provide victims with preventive education to mitigate the risk of identity exposure.

6. Conclusion

This study comprehensively examined the risk of different forms of identity theft victimization in the U.S. Although other research indicates that Americans have inadequate knowledge of cybersecurity practices ( Olmstead & Smith, 2017 ), findings from the current study demonstrated the importance of this knowledge in keeping personal information safe. Yet individual actions alone are not enough. As investment in cybersecurity grows, criminals respond with increasingly sophisticated and evolving techniques such as hacking, malware, and skimming to overcome these controls ( Pontell, 2009 ). Reducing the incidence of identity theft requires greater public/private investment in robust, dynamic data security systems and encryption tools, and more collaboration between criminal justice and law enforcement agencies to investigate and prosecute identity theft crimes.

CRediT authorship contribution statement

David Burnes: Conceptualization, Formal analysis, Data curation, Writing - original draft, Writing - review & editing. Marguerite DeLiema: Conceptualization, Writing - original draft, Writing - review & editing. Lynn Langton: Conceptualization, Methodology, Writing - original draft, Writing - review & editing.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Appendix B Supplementary data to this article can be found online at https://doi.org/10.1016/j.pmedr.2020.101058 .

Appendix A.

Multiple Correspondence Analysis Discrimination Measures Plot.

An external file that holds a picture, illustration, etc.
Object name is fx1.jpg

Appendix B. Supplementary data

The following are the Supplementary data to this article:

Anderson K. Who are the victims of identity theft? The effect of demographics. J. Public Policy Mark. 2006; 25 (2):160–171. [ Google Scholar ]
Beals M.E., Carr D.C., Mottola G.R., Deevy M.J., Carstensen L.L. How does survey context impact self-reported fraud victimization? Gerontologist. 2015; 57 (2):329–340. [ PubMed ] [ Google Scholar ]
Bureau of Justice Statistics, 2014. National Crime Victimization Survey: Technical documentation. Washington, DC: Bureau of Justice Statistics. https://www.bjs.gov/content/pub/pdf/ncvstd13.pdf (last accessed 1.5.20).
Burnes D., Henderson C.R., Jr, Sheppard C., Zhao R., Pillemer K., Lachs M.S. Prevalence of financial fraud and scams among older adults in the United States: a systematic review and meta-analysis. Am. J. Public Health. 2017; 107 (8):e13–e21. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Burnett J., Jackson S.L., Sinha A.K. Five-year all-cause mortality rates across five types of substantiated elder abuse occurring in the community. J. Elder Abuse Negl. 2016; 26 (2):59–75. [ PubMed ] [ Google Scholar ]
Charron-Chénier R., Fink J.J., Keister L.A. Race and consumption: black and white disparities in household spending. Sociol Race Ethn. 2017; 3 (1):50–67. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Cohen L.E., Felson M. Social change and crime rate trends: a routine activity approach. Am. Soc. Rev. 1979; 44 (4):588–608. [ Google Scholar ]
Cohen L.E., Kluegel J.R., Land K.C. Social inequality and predatory criminal victimization: an exposition and test of a formal theory. Am. Soc. Rev. 1981; 46 (5):505–524. [ Google Scholar ]
Dong X., Simon M.A. Elder abuse as a risk factor for hospitalization in older persons. JAMA Intern. Med. 2013; 173 (10):911–917. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Federal Trade Commission, 2017. Consumer sentinel network data book for January–December 2016. Washington, DC: Federal Trade Commission.
Federal Trade Commission, 1998. Identity theft and assumption deterrence act. Washington, DC: Federal Trade Commission. https://www.ftc.gov/node/119459 .
Ganzini L., McFarland B.H., Cutler D. Prevalence of mental disorders after catastrophic financial loss. J. Nerv. Ment. Dis. 1990; 178 (11):680–685. [ PubMed ] [ Google Scholar ]
Golladay K., Holtfreter K. The consequences of identity theft victimization: an examination of emotional and physical health outcomes. Victims Offenders. 2017; 12 (5):741–760. [ Google Scholar ]
Greenacre M., Blasius J. Chapman and Hall/CRC; Boca Raton, FL: 2006. Multiple correspondence analysis and related methods. [ Google Scholar ]
Greene C., Stavins J. Federal Reserve Bank of Boston; Boston, MA: 2016. Did the Target data breach change consumer assessments of payment card security? Research Data Report 16-1. [ Google Scholar ]
Harrell E. U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics; Washington, DC: 2015. Victims of identity theft, 2014. 1-26/NCJ 248991. [ Google Scholar ]
Harrell, E., 2019. Victims of identity theft, 2016. Washington, DC: U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics. 1-29/NCJ 251147. https://www.bjs.gov/content/pub/pdf/vit16.pdf (last accessed 1.5.20).
Haushofer J., Fehr E. On the psychology of poverty. Science. 2014; 344 (6186):862–867. [ PubMed ] [ Google Scholar ]
Hindelang M.J., Gottfredson M.R., Garofalo J. Ballinger; Cambridge, MA: 1978. Victims of personal crime: an empirical foundation for a theory of personal victimization. [ Google Scholar ]
Holtfreter, K., Reisig, M.D., Mears, D.P., Wolfe, S.E., 2014. Financial exploitation of the elderly in a consumer context. http://hdl.handle.net/20.500.11990/1235 .
Holtfreter K., Reisig M.D., Pratt T.C., Holtfreter R.E. Risky remote purchasing and identity theft victimization among older Internet users. Psychol. Crime Law. 2015; 21 (7):681–698. [ Google Scholar ]
Inter-University Consortium for Political and Social Research . University of Michigan; Ann Arbor, MI: 2012. National crime victimization survey: identity theft supplement: codebook. [ Google Scholar ]
Inter-University Consortium for Political and Social Research . University of Michigan; Ann Arbor, MI: 2014. National crime victimization survey: identity theft supplement: codebook. [ Google Scholar ]
Koops B.J., Leenes R. Identity theft, identity fraud and/or identity-related crime. Datenschutz und Datensicherheit-DuD. 2006; 30 (9):553–556. [ Google Scholar ]
McNeeley S. Lifestyle-routine activities and crime events. J. Contemporary Criminal Justice. 2015; 31 (1):30–52. [ Google Scholar ]
Miethe T.D., Meier R.F. Opportunity, choice, and criminal victimization: a test of a theoretical model. J. Res. Crime Delinquency. 1990; 27 (3):243–266. [ Google Scholar ]
Moore T., Clayton R., Anderson R. The economics of online crime. J. Econ. Perspect. 2009; 23 (3):3–20. [ Google Scholar ]
Myers J., Frieden T.R., Bherwani K.M., Henning K.J. Ethics in public health research: privacy and public health at risk: public health confidentiality in the digital age. Am. J. Public Health. 2008; 98 (5):793–801. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Olmstead K., Smith A. What the public knows about cybersecurity. Pew Res. Center. 2017 [ Google Scholar ]
Osgood D.W., Wilson J.K., O’malley P.M., Bachman J.G., Johnston L.D. Routine activities and individual deviant behavior. Am. Soc. Rev. 1996; 61 (4):635–655. [ Google Scholar ]
Pew Research Center. 2016. Millennials overtake baby boomers as America's largest generation. Pew Research Center. http://www.pewresearch.org/fact-tank/2016/04/25/millennials-overtake-baby-boomers/ .
Pontell H.N. Identity theft: bounded rationality, research, and policy. Criminol. Public Pol. 2009; 8 (2):263–270. [ Google Scholar ]
Pratt T.C., Holtfreter K., Reisig M.D. Routine online activity and internet fraud targeting: extending the generality of routine activity theory. J. Res. Crime Delinquency. 2010; 47 (3):267–296. [ Google Scholar ]
Reyns B.W. Online routines and identity theft victimization: further expanding routine activity theory beyond direct-contact offenses. J. Res. Crime Delinquency. 2013; 50 (2):216–238. [ Google Scholar ]
Reyns B.W., Henson B. The thief with a thousand faces and the victim with none: identifying determinants for online identity theft victimization with routine activity theory. Int. J. Offender Th. 2016; 6 (10):1119–1139. [ PubMed ] [ Google Scholar ]
Sharp T., Shreve-Neiger A., Fremouw W., Kane J., Hutton S. Exploring the psychological and somatic impact of identity theft. J. Forensic Sci. 2004; 49 (1):1–6. [ PubMed ] [ Google Scholar ]
Titus R.M., Heinzelmann F., Boyle J.M. Victimization of persons by fraud. Crime Delinquency. 1995; 41 (1):54–72. [ Google Scholar ]
U.S. Department of Justice [dataset], 2012. National crime victimization survey: identity theft supplement. Washington, DC: Office of Justice Programs, Bureau of Justice Statistics. ICPSR34735-v1. Doi:10.3886/ICPSR34735.v1. Retrieved from Inter-university Consortium for Political and Social Research: http://www.icpsr.umich.edu/icpsrweb/NACJD/studies/34735 .
U.S. Department of Justice [dataset], 2014. National crime victimization survey: identity theft supplement. Washington, DC: Office of Justice Programs. Bureau of Justice Statistics. ICPSR36044-v1. Doi:10.3886/ICPSR36044.v1. Retrieved from Inter-university Consortium for Political and Social Research: http://www.icpsr.umich.edu/icpsrweb/NACJD/studies/36044 .
Wartenberg D., Thompson W.D. Privacy versus public health: the impact of current confidentiality rules. Am. J. Public Health. 2010; 100 (3):407–412. [ PMC free article ] [ PubMed ] [ Google Scholar ]
Wilcox P., Madensen T.D., Tillyer M.S. Guardianship in context: implications for burglary victimization risk and prevention. Criminology. 2007; 45 (4):771–803. [ Google Scholar ]
Williams M.L. Guardians upon high: An application of routine activities theory to online identity theft in Europe at the country and individual level. Br. J. Criminol. 2016;27;56(1)::21–48. [ Google Scholar ]

Cyber & Technology Law
Family & Personal Law
Business & Commercial Law
Criminal Law
Constitutional & Administrative Law
Environmental & Property Law
Health & Medicine Law
International Law
Terms and Conditions
Privacy Policy
Copyright Notice
Cookies Policy
Changing Your Child’s Surname: Legal Steps and Considerations
Legal Challenges in Multiracial and Multiethnic Adoptions
The Legalities of Marrying Your First Cousin
Introduction to Health & Medicine Law: Bridging Health, Ethics, and Legality
The Intricacies of Community Property in Divorce
The Role of a Guardian Ad Litem in Child Custody Cases
The PATRIOT Act: Balancing National Security with Civil Liberties
Prenuptial Agreements: Protecting Assets Before Saying ‘I Do
The Legalities of International Adoption: A Guide
Case Study-Business & Commercial Law
Case Study-Constitutional & Administrative Law
Case Study-Criminal Law
Case Study-Cyber & Technology Law
Case Study-Environmental & Property Law
Case Study-Family & Personal Law
Case Study-Health & Medicine Law
Case Study-International Law
Uncategorized

Jonathan D. Keeler

Let's make law simple , stay notified.

Unlock Premium Legal Insights – Subscribe Today!

Threats of identity theft in cyberspace - case study

ASEJ Scientific Journal of Bielsko-Biala School of Finance and Law 24(2):10-14
24(2):10-14

Wyższa Szkoła Finansów i Prawa w Bielsku-Białej

Discover the world's research

25+ million members
160+ million publication pages
2.3+ billion citations

Onyeka Chrisanctus Ofodile

Edy Santoso

P Ławrowski
Recruit researchers
Join for free
Login Email Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google Welcome back! Please log in. Email · Hint Tip: Most researchers use their institutional email address as their ResearchGate login Password Forgot password? Keep me logged in Log in or Continue with Google No account? Sign up

To read this content please select one of the options below:

Please note you do not have access to teaching notes, identity theft and university students: do they know, do they care.

Journal of Financial Crime

ISSN : 1359-0790

Article publication date: 30 September 2014

This study aims to explain what factors influence the relationship between the university students’ knowledge of the risk of identity theft and the preventive measures they take.

Design/methodology/approach

A series of semi-structured interviews was used as the primary data collection tool. The sample for this study comprised 12 undergraduate students (six males and six females) from the Flinders Business School. The interviews were designed as face-to-face interviews.

The current findings indicate that, despite the fact that students were reasonably knowledgeable regarding the general risk of identity theft, many of the students had only limited knowledge about specific issues related to identity theft. It was found that the limited knowledge or misunderstanding of specific issues prevented students from using appropriate measures that could reduce the risk of identity theft. The students demonstrated a significant misunderstanding of who perpetrators typically were targeting when stealing personal information or what perpetrators of identity theft were looking for.

Originality/value

The results of the study contribute to a better understanding of the students’ knowledge about the risks associated with identity crime. They may also assist governments and other stakeholders with vested interests, such as financial institutions and educational providers, to educate individuals about the circumstances where they are potentially vulnerable to identity theft.

University students
Identity crime
Identity fraud
Identity theft

Seda, L. (2014), "Identity theft and university students: do they know, do they care?", Journal of Financial Crime , Vol. 21 No. 4, pp. 461-483. https://doi.org/10.1108/JFC-05-2013-0032

Emerald Group Publishing Limited

All feedback is valuable.

Please share your general feedback

Report an issue or find answers to frequently asked questions

Contact Customer Support

An official website of the United States government

Here's how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The Attorney General
Organizational Chart
Budget & Performance
Privacy Program
Press Releases
Photo Galleries
Guidance Documents
Publications
Information for Victims in Large Cases
Justice Manual
Business and Contracts
Why Justice ?
DOJ Vacancies
Legal Careers at DOJ

Licensed professional counselor indicted in $2 million health care fraud scheme

McALLEN, Texas – A 46-year-old resident of Mission has been taken into custody on charges of health care fraud and aggravated identity theft in connection with a scheme to defraud the Texas Medicaid Program, announced U.S. Attorney Alamdar S. Hamdani.

Juan Martin Flores, 46, is set to make his initial appearance before U.S. Magistrate Judge J. Scott Hacker at 9 a.m.

The indictment, returned Aug. 7 and unsealed upon his arrest Sept. 12, alleges he submitted or caused the submission of over 15,000 fraudulent claims to Medicaid for services that were never provided. Between 2018 and 2022, the claims resulted in approximately $2 million in Medicaid payments, according to the charges. The indictment further alleges Flores used the personal information of Medicaid beneficiaries without their consent to facilitate the fraudulent billing scheme.

According to the charges, Flores submitted claims under his national provider identifier number, representing that he provided counseling services at his office in Brownsville. However, he allegedly never actually rendered those services. The indictment details multiple instances in which he unlawfully used Medicaid beneficiaries' identities in the fraudulent claims.

Flores is charged with 10 counts of health care fraud, each carrying a possible 10-year-maximum sentence and up to a $250,000 fine. He is also facing three counts of aggravated identity theft. If convicted, he faces a mandatory two years in federal prison which must be served consecutively to any other sentence imposed.

The FBI, Department of Health and Human Services – Office of Inspector General and Texas Attorney General’s Medicaid Fraud Control Unit conducted the investigation. Assistant U.S. Attorney Andrew R. Swartz and Eric D. Flores are prosecuting the case.

An indictment is a formal accusation of criminal conduct, not evidence. A defendant is presumed innocent unless convicted through due process of law .

Crime and Public Safety | Mt. Pleasant man sentenced in federal identity…

Crime and Public Safety

Crime and public safety | mt. pleasant man sentenced in federal identity theft, fraud case.

United States District Judge Thomas L. Ludington on Thursday also ordered Anthony Demasi, 50, to participate in the Bureau of Prisons Inmate Financial Responsibility Program, “during which time BOP staff will develop a financial plan and assure that (Demasi) is making ‘satisfactory progress’ in meeting his financial responsibility plan.'”

Demasi, who has been free on bond since his indictment by a federal grand jury Dec. 14, 2022, was ordered to surrender “as notified by the United States Marshal,” according to the judgement document.

Demasi, who was originally charged with three counts of identity theft and three counts of fraud, owns Goldman Advisors, LLC in Mt. Pleasant, and was accused of attempting to take out credit cards from banks using the identities of people without their consent.

The federal indictment alleged that Demasi attempted to apply for credit cards from Capital One, JP Morgan Chase, and Barclay’s of Delaware in 2018, according to court records.

Bank fraud carries a maximum penalty of 30 years; identity theft is punishable by a maximum of 15 years.

Demasi entered guilty pleas to one count each of bank fraud and identity theft March 21 in front of Magistrate Judge Patricia A. Morris in Bay City.

As part of the plea agreement, Demasi is paying more than $12,000 in full restitution to two FDIC- insured banks.

Demasi previously served time in prison after pleading guilty to three counts of wire fraud and two counts of securities fraud in federal court in the Northern District of Illinois in March 2010, according to court records.

He was alleged to have lured more than two dozen victims to invest a total of roughly $4.7 million in commodity trading pools and using the money instead to fund two nightclubs in Chicago, pay gambling debts and other living expenses, and to make Ponzi-type payments to earlier investors, according to a report in the Chicago Tribune.

More in Crime and Public Safety

A 47-year-old Mt. Pleasant man was killed Friday morning while working construction on U.S. 127 in Union Township.

SUBSCRIBER ONLY

Mt. pleasant construction worker hit, killed on u.s. 127 in isabella county.

Local News | Chippewa Township woman dies following Monday accident

A Mt. Pleasant music store owner still hopes police can recover a stolen guitar Thursday after a man walked out with it the day before.

Local News | B’s Music owner seeks return of $3,000 guitar

An Isabella County man accused of killing a dirt biker and trying to do the same to another will face trial in November.

Crime and Public Safety | Isabella murder trial delayed until November

Thank you for visiting nature.com. You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

View all journals
Explore content
About the journal
Publish with us
Sign up for alerts
Open access
Published: 13 September 2024

Risk benefit analysis to evaluate risk of thromboembolic events after mRNA COVID-19 vaccination and COVID-19

Huong N. Q. Tran ORCID: orcid.org/0000-0003-3828-3862 1 ,
Malcolm Risk 2 ,
Girish B. Nair 3 &
Lili Zhao 4

npj Vaccines volume 9 , Article number: 166 ( 2024 ) Cite this article

Metrics details

Epidemiology
Thromboembolism
Viral infection

We compared the risks and benefits of COVID-19 vaccines using a causal pathway analysis to weigh up possible risk factors of thromboembolic events post-vaccination. The self-controlled case series (SCCS) method examined the association between thromboembolic events and vaccination while a case-control study assessed the association between thromboembolic events and COVID-19, addressing under-reported infection data issues. The net vaccine effect was estimated using results from SCCS and case-control studies. We used electronic health record data from Corewell Health (16,640 subjects in SCCS and 106,143 in case-control). We found increased risks of thromboembolic events post-vaccination (incidence rate ratio: 1.19, 95% CI: [1.08, 1.31] after the first dose; 1.22, 95% CI: [1.11, 1.34] after the second dose). Vaccination attenuated infection-associated thromboembolic risks (odds ratio: 4.65, 95% CI: [4.18, 5.17] in unvaccinated vs 2.77, 95% CI: [2.40, 3.24] in vaccinated). After accounting for vaccine efficacy and protection against infection-associated thromboembolic events, vaccination decreases thromboembolic event risk, especially during high infection rate periods.

Introduction

The Coronavirus Disease 2019 (COVID-19) pandemic prompted a race to develop and distribute effective vaccines. Approximately 81.4% of the US population have been vaccinated with at least one dose, and 69.5% have completed the primary series of COVID-19 vaccination 1 . While the benefits of vaccination are widely acknowledged, concerns have emerged regarding the development of thromboembolic events after vaccination 2 . Phase 3 clinical trials were not statistically powered to identify rare adverse events 3 . The risks of new vaccines were not fully known during regulatory approval, particularly for mRNA-based vaccines (mRNA-1273 or BNT162b2), which were under authorized emergency use. Therefore, it is important to conduct post-marketing safety surveillance of the vaccines. More specifically, cases of venous thromboembolism following a mRNA-based vaccination were reported in 2022 after COVID-19 vaccines were administered in the US and some other countries 4 , 5 , 6 , 7 , drawing attention to the potential risk of thromboembolic events after the first vaccination dose. One study confirmed an increased risk of thromboembolism, ischemic stroke, and cerebral venous sinus thrombosis after the first dose of BNT162b2 8 , and another retrospective cohort study found an increased risk of cerebral venous thrombosis and portal vein thrombosis after any mRNA-based vaccination 9 . Moreover, a recent systematic review 10 has shown that thromboembolism is the most frequent cardiovascular complication following a mRNA-based vaccination. Despite those findings, vaccination is still recommended to reduce the likelihood of COVID-19, hospitalization, and mortality 8 , 11 . Furthermore, COVID-19 itself substantially increases the risk of thromboembolic events 12 , 13 , 14 , 15 , 16 , 17 , 18 , with a more prolonged and significant threat compared to vaccine-associated risks 8 . Therefore, studying the risk of thromboembolic events after COVID-19 vaccination should incorporate the protective effect of vaccines against COVID-19 severity and hence COVID-19-associated thromboembolic events.

Several studies have reported a positive correlation between thromboembolic events and mRNA-based vaccines, with reported incidence rate ratios (IRRs) between 1.04 and 1.22 8 , 19 , 20 , 21 , 22 . These studies used the self-controlled case series 23 (SCCS) design, which is a standard approach to studying adverse events of vaccines. The same design was used to evaluate the risk of thromboembolic events after COVID-19, with reported IRRs between 6.18 and 63.52 8 , 11 , 14 . However, since a thromboembolic event typically requires a hospital visit (emergency visit or hospital admission), subjects with a thromboembolic event are subject to a higher rate of COVID-19 testing, and so at a lower likelihood of misclassification as uninfected compared to subjects without an event. Hence, the SCCS design is subject to some risks of bias 24 , which we would expect to inflate the SCCS estimated relative risk (RR) of thromboembolic events after COVID-19.

The objective of this study is to evaluate whether the overall effect of the COVID-19 vaccination is to increase or decrease the risk of thromboembolic events. To do so, we first quantified the risk of thromboembolic events after mRNA-based vaccination using the SCCS method. Secondly, we evaluated the association between thromboembolic events and COVID-19 using a case-control study, avoiding the misclassification bias associated with the SCCS method. Finally, we conducted a risk-benefit analysis by comparing the magnitude of the increased risk through the direct effect of the COVID-19 vaccination with the reduced risk through the indirect pathway via protection against infection-associated thromboembolic events.

Our studies used electronic health record (EHR) data from the Corewell Health East (CHE, formerly known as Beaumont Health) and Corewell Health West (CHW, formerly known as Spectrum Health) healthcare systems, which includes demographics, mortality, hospital admissions, and COVID-19 testing. We obtained accurate COVID-19 vaccination records (vaccine types, dates, and doses) by linking EHR data at Corewell Health with the Michigan Care Improvement Registry (MCIR), giving more complete data for individuals who received the COVID-19 vaccines outside the healthcare system. We included all patients aged ≥ 18-years-old and were registered with a primary care physician within 18 months before Jan 1st, 2021.

We identified thromboembolic events based on ICD-10 (International Classification of Diseases version 10) codes from a hospital visit (emergency visit or hospital admission). These ICD-10 codes represent diagnoses for venous thromboembolism, arterial thrombosis, cerebral venous sinus thrombosis, ischemic stroke, and myocardial infarction (Supplementary Table 1 ). We also used patients with physical injury at a hospital visit (list of ICD-10 codes in Supplementary Table 2 ) to identify potential bias related to the misclassification and further leveraged them as a control group to estimate the effect of COVID-19 on thromboembolic events.

Estimate effect of mRNA-vaccination on thromboembolic events

We used the SCCS design to examine the association of thromboembolic events and the first two doses of mRNA-based COVID-19 vaccines (mRNA-1273 or BNT162b2) from December 1st, 2020, to August 31st, 2022. The SCCS method compares the incidence rate of thromboembolic events before and after vaccination. In this method, subjects are under their own control, and comparisons are made within subjects, thus avoiding any time-invariant confounding. We included subjects who had a thromboembolic event and received at least one dose of the primary series of mRNA-based vaccines in the study period. The control period was defined from December 1st, 2020, to 28 days before the first dose of vaccination, excluding the period of 28 days prior to vaccination to avoid bias due to contra-indications 25 . Two separate risk periods for the first and second doses were defined until 28 days after vaccination, death, or August 31st, 2022, whichever occurred first (Supplementary Fig. 1 ). We also excluded subjects who had COVID-19 within 90 days before a thromboembolic event to remove the confounding effect of infection on that event. We used a conditional Poisson regression 22 with an offset for the length of each period to estimate the IRRs of dose one and dose two simultaneously. Specifically, the model has an independent variable of the period with three categories (control periods, and two risk periods after the first and second dose). Using the control period as the reference, we derived the IRRs for the two doses. As Poisson regression assumes the independence between recurrent events, therefore, we considered only events that occurred at least one year after the previous events.

Estimate effect of COVID-19 on thromboembolic events

In an initial analysis of the association between thromboembolic events and COVID-19, we used the SCCS design and included patients who had at least one positive COVID-19 test (PCR or antigen) and a thromboembolic event at a hospital visit during the same period as in the previous study of vaccination. However, due to the missing infection data in patients who did not have any hospital visits for thromboembolic events or other reasons, the SCCS design resulted in a biased estimate of the association between thromboembolic events and COVID-19. Patients visiting the hospital, almost always received a COVID-19 (PCR or antigen) test, especially early in the pandemic, while patients who did not visit the hospital were subject to underreporting infection data. This underreporting (or misclassification of infected as uninfected) led to an inflated IRR of thromboembolic events after COVID-19.

We proposed a simple and efficient method to quantify the association between thromboembolic events and COVID-19 while dealing with the misclassification issue. The main idea is to select a subset of control (i.e., subjects without thromboembolic events) who had a hospital visit for reasons independent of COVID-19 and therefore had complete infection data. To this end, we used patients who had a diagnosis code for physical injury (see Supplementary Table 2 ) at a hospital visit as the control group, since we would not expect any causal association between physical injury and COVID-19. We used a case-control design, in which patients with a thromboembolic event are considered as cases, and patients with a physical injury are considered as controls. If an individual had multiple hospital visits for thromboembolic events or physical injuries, we considered only the first visit. As physical injuries can be risk factors for thromboembolic events 26 , 27 , we therefore excluded patients who experienced both events at the same visit. We determined the COVID-19 status based on the COVID-19 test results during the 28 days prior to the date of the event (Supplementary Fig. 2 ). If an individual had a positive test result, this subject was classified as exposed to COVID-19, otherwise, unexposed. We compared the odds of infection (exposed) vs no infection (unexposed) in the cases (with thromboembolic events) vs controls (with physical injury) using a logistic regression model adjusted for age, race, gender, Charlson comorbidity index (CCI), number of visits, and prior vaccination status (yes/no). Patients who had any COVID-19 vaccine between the date of the positive COVID-19 test and the date of the event were removed. The number of visits was fit with a natural spline with three degrees of freedom. The CCI was obtained using the R package comorbidity and categorized into four categories, ‘0’, ‘1–2’, ‘3–4’, and ‘ ≥ 5’ 28 , 29 . Analyses were done after excluding patients with incomplete covariate data.

Estimate the net effect of mRNA-vaccination on thromboembolic events: a risk-benefit analysis

COVID-19 vaccines are protective against COVID-19 and COVID-19 severity 30 , 31 , 32 , and so can indirectly decrease the likelihood of experiencing a thromboembolic event. Hence, we conducted a risk-benefit analysis to estimate the net RR of thromboembolic events after vaccination by considering the role of vaccination in preventing infection-associated thromboembolic events. Figure 1 illustrates the direct and indirect effect of the COVID-19 vaccination on the occurrence of thromboembolic events while considering vaccine efficacy (VE). As presented in the diagram, the association between thromboembolic events and COVID-19 vaccination is described by two paths, the direct association between thromboembolic events and vaccination, and the indirect association between thromboembolic events and vaccination via potential reduction in the risk of thromboembolic events through decreasing the risk of COVID-19. We estimated the overall influence of vaccination on the occurrence of thromboembolic events by considering both direct and indirect paths.

COVID-19 (I), individuals with COVID-19. COVID-19 vaccination (V), individuals with COVID-19 vaccines. Thromboembolic events (Y), individuals with thromboembolic events. V → I indicates vaccine effect (VE) in preventing COVID-19, V → Y indicates the risk of thromboembolic events after COVID-19 vaccination, I → Y indicates the risk of thromboembolic events after COVID-19, V → Y (via I) indicates the risk of thromboembolic events after vaccination accounting for vaccine effect in reducing infection-associated thromboembolic events.

Let ${\rm{P}}\left({\rm{I}}|{\rm{V}}\right)$ and ${\rm{P}}\left({\rm{I}}|\bar{{\rm{V}}}\right)$ be the probability of COVID-19 ( ${\rm{I}})$ in vaccinated ( ${\rm{V}}$ ) and unvaccinated ( $\bar{{\rm{V}}}$ ) subjects, respectively. Let ${\rm{P}}\left({\rm{Y}}|\bar{{\rm{V}}},\bar{{\rm{I}}}\right),{\rm{P}}\left({\rm{Y}}|{\rm{V}},\bar{{\rm{I}}}\right),{\rm{P}}\left({\rm{Y}}|{\rm{I}},\bar{{\rm{V}}}\right),$ and ${\rm{P}}\left({\rm{Y}}|{\rm{I}},{\rm{V}}\right)$ be the probability (or risk) of thromboembolic events ( ${\rm{Y}})$ in unvaccinated and uninfected, vaccinated and uninfected, unvaccinated and infected, and vaccinated and infected subjects, respectively.

With the above notations, for a vaccinated subject, the total risk of thromboembolic events is ${\rm{P}}\left({\rm{Y}}|{\rm{V}},\bar{{\rm{I}}}\right)+{\rm{P}}\left({\rm{I}}|{\rm{V}}\right)\times {\rm{P}}\left({\rm{Y}}|{\rm{I}},{\rm{V}}\right)$ , where the product ${\rm{P}}\left({\rm{I}}|{\rm{V}}\right)\times {\rm{P}}\left({\rm{Y}}|{\rm{I}},{\rm{V}}\right)$ is the indirect risk calculated by multiplying the risk of COVID-19 of a vaccinated subject and the risk of thromboembolic events given a COVID-19 in the vaccinated group. Similarly, the overall risk of thromboembolic events for an unvaccinated subject is given by ${\rm{P}}\left({\rm{Y}}|\bar{{\rm{V}}},\bar{{\rm{I}}}\right)+{\rm{P}}\left({\rm{I}}|\bar{{\rm{V}}}\right)\times {\rm{P}}\left({\rm{Y}}|{\rm{I}},\bar{{\rm{V}}}\right)$ . Hence the net RR ( ${{\rm{RR}}}_{{\rm{Net}}}$ ) of thromboembolic events for a vaccinated subject compared to an unvaccinated subject is

The terms ${{\rm{RR}}}_{{\rm{V}}}$ is the RR of thromboembolic events comparing vaccinated versus unvaccinated in subjects without COVID-19, and ${{\rm{RR}}}_{{\rm{I|}}\bar{{\rm{V}}}}$ is the RR of thromboembolic events comparing subjects with and without COVID-19 in the unvaccinated group. The term ${{\rm{RR}}}_{{\rm{IV}}}$ is the RR of thromboembolic events in subjects who have both vaccination and infection, compared to the group of subjects who do not have any exposures.

We further defined VE as ${\rm{VE}}=1-{\rm{P}}({\rm{I|V}})/{\rm{P}}({\rm{I|}}\bar{{\rm{V}}})$ , then plugged VE into Eq. (1) to obtain

If ${{\rm{RR}}}_{{\rm{Net}}}$ is smaller than one, COVID-19 vaccination offers protection against thromboembolic events, with a lower ${{\rm{RR}}}_{{\rm{Net}}}$ implying a stronger protection.

Statistical analyses were performed in R 4.3.0. We reported odds ratio (OR) and IRR with 95% CIs and p -values from the two-sided test. We generated a figure for ${{\rm{RR}}}_{{\rm{Net}}}$ over a range of VE values based on the estimates of ORs and IRRs.

We used de-identified EHR data, the use of which was approved by the Institutional Review Board of Corewell Health.

Study population

During the study period from December 1st, 2020, to August 31st, 2022, there were 747,070 subjects at Corewell Health who received mRNA-based vaccines, among which 279,229 (37.38%) had the primary series of mRNA-1273 and 467,841 (62.62%) took BNT162b2. Overall, the number of fully vaccinated patients was 711,460 (95.23%), and 35,610 (4.77%) patients received only one dose. The median age was 57 (with interquartile range [IQR]: 40–69), and 59.81% of patients were female. There were 367,105 patients taking at least one COVID-19 test (antigen or PCR), among which 78,568 (21.4%) patients received positive results. The median age was 52 (with interquartile range [IQR]: 34–67), and 61.44% of patients were female.

In the study cohort of vaccination exposure, there were 16,640 patients who had at least one thromboembolic event and had the first dose of either mRNA-1273 or BNT162b2 vaccine. Patient demographics are presented in Table 1 . We identified 2724 events in the control period, 722 events within 28 days after the first dose, and 786 events within 28 days after the second dose.

In the study cohort of COVID-19 exposure, there were 18,004 patients who had a thromboembolic event (cases) and 88,139 patients who had a physical injury (controls) at a hospital visit. 16.96% of cases and 1.48% of controls had COVID-19 within 28 days before the event. Demographics of patients are presented in Table 2 .

Based on the SCCS analysis, we found an increased risk of thromboembolic events 28 days after the first dose (IRR = 1.19, 95% confidence interval (CI): [1.08, 1.31], p -value < 0.001), and after the second dose (IRR = 1.22, 95% CI: [1.11, 1.34], p -value < 0.001) of the mRNA-based vaccines.

We studied the risk of thromboembolic events in a 28-day window after vaccination based on prior research 8 . An event that occurs in a short period (such as 28 days) is more likely to be attributable to the vaccines. We also conducted a sensitivity analysis using a 60-day window after vaccination. The conclusions remained the same with slightly lower IRRs (IRR = 1.13, 95% CI: [1.03, 1.24] after the first dose, and IRR = 1.14, 95% CI: [1.05, 1.3] after the second dose).

Supplementary Figs. 3 and 4 show the IRRs for subgroup analyses by age (“18–31”, “31–50”, and “≥51”) and gender (female/male). We found that the effects of vaccination on thromboembolic events were similar between age groups and gender groups.

Naïve SCCS analysis showed a very large increased risk of thromboembolic events associated with COVID-19 (IRR = 19.36, 95% CI: [17.64, 21.26], p -value < 0.001). However, a similar analysis using the physical injury as an event also derived a large increased risk (IRR = 3.31, 95% CI: [3.10, 3.54], p -value < 0.001), indicating misclassification bias as COVID-19 should not substantially increase the risk of physical injury. In the case-control analysis with controls having a physical injury, we found that COVID-19 increased the risk of thromboembolic events but with a much smaller magnitude than the risk in the SCCS analysis (although it is still larger than the vaccination exposure). Moreover, the degree of the increased risks was modified by vaccination status (Fig. 2 ). The reported OR for the unvaccinated group was 4.65 (95% CI: [4.18, 5.17], p -value < 0.001) compared to 2.77 (95% CI: [2.40, 3.24], p -value < 0.001) for the vaccinated group. We observed the increased risks of thromboembolic events after COVID-19 in both groups, but vaccination appears to confer some protection against infection-associated thromboembolic events, given the lower OR. Alternatively, we divided the vaccinated group into four categories based on the time to the last vaccination (“≥365 days”, “180–365 days”, “90–180 days”, and “<90 days”). The effects of COVID-19 on thromboembolic events were similar across the four vaccinated groups. The results are in Supplementary Fig. 5 .

OR is denoted by a solid circle and a 95% CI is represented by a line. The x -axis is plotted on the natural log scale. CCI Charlson comorbidity index. Infection or non-infection refers to COVID-19.

We also conducted two sensitivity analyses. In the first analysis, rather than adjusting for the CCI, we adjusted individual risk factors that might be related to a thromboembolic event. These are congestive heart failure, peripheral vascular disease, cerebrovascular disease, chronic pulmonary disease, diabetes with complications, cancer, moderate or severe liver disease, and metastatic solid tumors. We included the above eight risk factors (present or absent) in the logistic regression model. The effect of COVID-19 on the outcome of thromboembolic events was similar to the analysis with CCI. Results can be found in Supplementary Fig. 6 .

We assumed that patients who visited hospitals were routinely tested for COVID-19, especially during the early pandemic. Based on Corewell Health’s policy, patients who visited the healthcare system before March 1st, 2022, were tested for COVID-19. In our study cohort, 74.05% of participants had a hospital visit before March 1st, 2022. We conducted a sensitivity analysis using only these patients and the conclusions remained the same. See results in Supplementary Fig. 7 .

Our analysis in the previous sections gave an IRR of 1.22 as the measure of the association between thromboembolic events and the second dose of COVID-19 vaccination, therefore, we set ${{\rm{RR}}}_{{\rm{V}}}$ = 1.22. We also obtained odd ratios ${{\rm{OR}}}_{{\rm{I|}}\bar{{\rm{V}}}}$ = 4.65 and ${{\rm{OR}}}_{{\rm{IV}}}$ = 2.82 from the analysis using the case-control design. Since the RR is very close to the OR when the event is rare, we therefore set ${{\rm{RR}}}_{{\rm{I|}}\bar{{\rm{V}}}}$ = 4.65 and ${{\rm{RR}}}_{{\rm{IV}}}$ = 2.82, as the thromboembolic events are rare 33 . Hence, plugging these estimators into Eq. (2), the ${{\rm{RR}}}_{{\rm{Net}}}$ becomes

Figure 3 illustrates the ${{\rm{RR}}}_{{\rm{Net}}}$ of thromboembolic events after COVID-19 vaccination as a function of VE. As VE increases from 0 to 1, ${{\rm{RR}}}_{{\rm{Net}}}$ decreases and reaches a point where vaccine benefits outweigh the harms. Specifically, vaccines with higher VE offer higher protection against thromboembolic events. For example, the effectiveness of mRNA-based COVID-19 vaccines against infection was 61% during the Delta period and 46% during the Omicron period 34 , 35 , 36 . Given an infection rate of 0.08 among unvaccinated subjects, the risk of thromboembolic events was decreased by 4.62% in the Delta period, which is higher than 2.07% in the Omicron period. Moreover, vaccines offer stronger protection during periods with higher infection rates. For example, with the infection rate of 0.1 in unvaccinated subjects, the reduction of the risk of thromboembolic events was higher (by 9.19% in Delta and 6.23% in the Omicron period), compared to the scenario when the infection rate was 0.08.

The x -axis is VE, and the y -axis is the net RR of thromboembolic events.

The list of ICD-10 codes for thromboembolic events is based on a previous publication 8 , including old myocardial infarction (I252). Old myocardial infarction (I252) reports for any myocardial infarction described as older than four weeks. However, our study cohort removed subjects with an I252 code who had any thromboembolic event with ICD-10 codes listed in Table S1 in the prior year. Therefore, we can consider observing I252 in the study period as a new incidence. There were 20,002 (18.84%) patients with a hospital visit associated with the I252 code. We conducted a sensitivity analysis by excluding these patients and the conclusions did not change. The estimated IRRs of thromboembolic events are 1.16 and 1.17 after vaccine dose 1 and dose 2, respectively, which are slightly smaller than the original results including the I252 code (IRRs were 1.19 and 1.22 after the first and second dose). The association between COVID-19 and thromboembolic events is higher in the unvaccinated group (OR = 5.77 without I252 and OR = 4.65 with I252) and similar in the vaccinated group (OR = 2.80 without I252 and OR = 2.77 with I252). Hence, given the same infection rate and VE, vaccination offered a stronger protection, compared to the analysis with the I252 codes. For example, given an infection rate in the unvaccinated population of 0.08 and a VE of 0.8, vaccination lowers the risk of thromboembolic events by 17.14% without I252, compared to 6.67% in the analysis with I252. Detailed results are in Supplementary Figs. 8 and 9 . We considered the analysis that includes the I252 code as the main analysis to represent more conservative results.

We found that both COVID-19 vaccination and COVID-19 increase the risk of thromboembolic events. However, evidence implies that the likelihood of experiencing a thromboembolic event after COVID-19 is much higher than after vaccination. Our analysis agrees with previous research, indicating that COVID-19 is a more dangerous risk factor for thromboembolic events than vaccination 8 , 11 , 12 , 13 , 14 .

Different from existing work, we evaluated the association between thromboembolic events and COVID-19 using a case-control study, avoiding the misclassification issue associated with the SCCS design. We also studied the effect of prior vaccination on reducing infection-associated thromboembolic events. Moreover, we included both COVID-19 vaccination and COVID-19 in the analysis of the risk of thromboembolic events and conducted a risk-benefit analysis by comparing the magnitude of the increased risk through the direct effect of COVID-19 vaccination with the reduced risk through the indirect pathway via protection against severe diseases. Our analysis provides evidence that COVID-19 vaccination directly increases the risk of thromboembolic events, but indirectly reduces the risk of infection-associated events. Results show that the indirect benefit of preventing infection-associated thromboembolic events outweighs the direct harm if the VE and infection rate reaches certain levels. Moreover, COVID-19 vaccination may have additional benefits in preventing thromboembolic events associated with COVID-19, as a higher rate of vaccination increases the overall level of immunity in the population, reducing the spread of the virus and conferring collective protection against infection-associated thromboembolic events and other health risks associated with COVID-19.

There are several limitations to this study. First, using ICD-10 codes to identify thromboembolic events may be subject to phenotype errors. Second, Corewell Health has 22 hospitals, and the catchment area for these hospitals is across many counties, hence patients may seek care at other facilities outside the Corewell Health system, leading to missing data such as infection data. To deal with the missing infection data, we used the case-control study. Moreover, the use of a prior number of hospital visits as covariates in the regression model mitigates the bias due to differing degrees of interaction with the Corewell Health system between infected and control subjects. However, patients with a hospital visit due to injuries may not be the perfect control group, but it is clearly better than a control group of patients without thromboembolic events. Therefore, we may not totally correct the bias, but we reduce it. Finally, the study population for vaccine doses 1 and 2 are different. If a subject had a thromboembolic event after the first vaccine dose, this subject is unlikely to receive the second dose, therefore, the population who received the second dose only includes subjects who did not have a thromboembolic event after the first dose.

Despite these limitations, our study makes a critical contribution to quantifying the net risk of thromboembolic events associated with COVID-19 vaccination. It accounts for both the direct effects of vaccination and the indirect effects of protection against COVID-19 and severe diseases. The dual consideration is vital for a comprehensive understanding of the risk-benefit profile. The mechanism of vaccination is to simulate the immune response the body has against infection using a dead/attenuated virus or mRNA, which can lead to side effects similar to those of the virus, albeit in a less severe form (e.g., thromboembolic events, myocarditis 37 , acute kidney injury 38 , 39 ). Our finding highlights the necessity of evaluating both the indirect benefits and direct harms of vaccination to provide a complete and accurate assessment of vaccine safety. This comprehensive approach ensures a balanced understanding of the risks and the benefits, reinforcing the overall safety and efficacy of vaccination programs.

Our risk-benefit analysis was conducted on the population level. This analysis can also be stratified by patient groups of interest. For example, the risk-benefit of vaccination might be different between older and younger populations. Moreover, our findings are for a broad range of thromboembolic conditions, so more research is needed on the specific biological mechanisms connecting COVID-19 and mRNA vaccination to these events, both to establish causality and help identify a more specific set of conditions or risk factors.

Data availability

The datasets analyzed during the current study are not publicly available due to privacy or ethical restrictions.

Code availability

Code for this study is available from the corresponding author on request.

Centers for Disease Control and Prevention. COVID Data Tracker. Atlanta, GA: U.S. Department of Health and Human Services, CDC ; https://covid.cdc.gov/covid-data-tracker (2023).

Avinash, M. & Vineeta, O. Thromboembolism after COVID-19 vaccination: a systematic review of such events in 286 patients. Ann. Vasc. Surg. 84 , 12–20 (2022).

Article Google Scholar

Fan, B. E. et al. COVID-19 mRNA vaccine-associated cerebral venous thrombosis: rare adverse event or coincidence? Am. J. Hematol . 98 , E4–E7 (2023).

Leonor, D. et al. Cerebral venous thrombosis after BNT162b2 mRNA SARS-CoV-2 vaccine. J. Stroke Cerebrovasc. Dis . 30 , 105906 (2022).

Elizabeth, A. A., Rohan, K., Mirnal, C. & Ulka, S. Three cases of acute venous thromboembolism in females after vaccination for coronavirus disease 2019. J. Vasc. Surg. Venous Lymphat. Disord. 10 , 14–17 (2021).

Google Scholar

Giuseppe, C., Ilaria, N., Marco, R., Salvatore, B., & Alberto, T. Deep vein thrombosis (DVT) occurring shortly after the second dose of mRNA SARS-CoV-2 vaccine. Intern. Emerg. Med . 16 , 803–804 (2021).

Zaitun, Z., Nur, A. S. & Abdul, R. I. G. Cerebral venous sinus thrombosis 2 weeks after the first dose of mRNA SARS-CoV-2 vaccine. Acta Neurochir. 163 , 2359–2362 (2021).

Julia, H. et al. Risk of thrombocytopenia and thromboembolism after COVID-19 vaccination and SARS-CoV-2 positive testing: self-controlled case series study. BMJ . 374 , n1931 (2021).

Maxime, T., Masud, H., John, R. G., Sierra, L., & Paul, J. H. Cerebral venous thrombosis and portal vein thrombosis: a retrospective cohort study of 537,913 COVID-19 cases. EClinicalMedicine . 39 , 101061 (2021).

Farah, Y. et al. Adverse events following COVID‐19 mRNA vaccines: a systematic review of cardiovascular complication, thrombosis, and thrombocytopenia. Immun. Inflamm. Dis . 11 , e807 (2023).

Frederick, K. H. et al. Thromboembolic risk in hospitalized and nonhospitalized COVID-19 patients: a self-controlled case series analysis of a nationwide cohort. Mayo Clin. Proc . 96 , 2587–2597 (2021).

Xiaoming, X., Jianhua, C., & Qinglei, G. Prevalence and risk factors of thrombotic events on patients with COVID-19: a systematic review and meta‐analysis. Thromb. J . 19 , 32 (2021).

Sam, S., Yu, H., & Stavros, K. Venous thromboembolism in COVID-19. Thromb. Haemost . 120 , 1642–1653 (2020).

Ioannis, K., Osvaldo, F., Paddy, F., Krister, L., & Anne-Marie, F. C. Risk of acute myocardial infarction and ischaemic stroke following COVID-19 in Sweden: a self-controlled case series and matched cohort study. Lancet . 398 , 599–607 (2021).

Mahmoud, B. M. et al. Thromboembolism risk of COVID-19 is high and associated with a higher risk of mortality: a systematic review and meta-analysis. EClinicalMedicine . 29 , 100639 (2020).

Ahuja, N. et al. Venous thromboembolism in patients with COVID-19 infection: risk factors, prevention, and management. Semin. Vasc. Surg . 34 , 101–116 (2021).

Yu, Y. et al. Incidence and risk factors of deep vein thrombosis in hospitalized COVID-19 patients. Clin. Appl. Thromb. Hemost . 26 , 1076029620953217 (2020).

Klok, F. A. et al. Confirmation of the high cumulative incidence of thrombotic complications in critically ill ICU patients with COVID-19: an updated analysis. Thromb. Res. 191 , 148–150 (2020).

Article CAS PubMed PubMed Central Google Scholar

Simpson, C. R. et al. First-dose ChAdOx1 and BNT162b2 COVID-19 vaccines and thrombocytopenic, thromboembolic and hemorrhagic events in Scotland. Nat. Med. 29 , 1290–1297 (2021).

Marie, J. J. et al. Myocardial infarction, stroke, and pulmonary embolism after BNT162b2 mRNA COVID-19 vaccine in people aged 75 years or older. JAMA 327 , 80–82 (2022).

Jacob, D. B. et al. Analysis of thromboembolic and thrombocytopenic events after the AZD1222, BNT162b2, and MRNA-1273 COVID-19 vaccines in 3 Nordic Countries. JAMA Netw. Open . 5 , e2217375 (2022).

Chui, C. S. L. et al. Thromboembolic events and hemorrhagic stroke after mRNA (BNT162b2) and inactivated (CoronaVac) covid-19 vaccination: a self-controlled case series study. EClinicalMedicine 50 , 101504 (2020).

Whitaker, H. J., Farrington, C. P., Spiessens, B., & Musonda P. Tutorial in biostatistics: the self-controlled case series method. Stat. Med . 25 , 1768–1797 (2006).

Gareth, J. G. et al. Collider bias undermines our understanding of COVID-19 disease risk and severity. Nat. Commun . 11 , 5749 (2020).

Bu, F. et al. Bayesian safety surveillance with adaptive bias correction. Stat. Med. 43 (2), 395–418 (2023).

Article PubMed Google Scholar

Knudson, M. M., Ikossi, D. G., Khaw, L., Morabito, D. & Speetzen, L. S. Thromboembolism after trauma: an analysis of 1602 episodes from the American College of Surgeons National Trauma Data Bank. Ann. Surg. 240 , 490–498 (2004).

Article PubMed PubMed Central Google Scholar

Van, S. K. J., Rosendaal, F. R., & Doggen, C. J. Minor injuries as a risk factor for venous thrombosis. Arch. Intern. Med . 168 , 21–26 (2008).

Charlson, M. E., Pompei, P., Ales, K. L. & MacKenzie, C. R. A new method of classifying prognostic comorbidity in longitudinal studies: development and validation. J. Chronic Dis. 40 , 373–383 (1987).

Article CAS PubMed Google Scholar

Gasparini, A. An R package for computing comorbidity scores. J. Open Source Softw. 3 , 648 (2018).

Fleming-Dutra, K. E. et al. Association of prior BNT162b2 COVID-19 vaccination with symptomatic SARS-CoV-2 infection in children and adolescents during omicron predominance. JAMA 327 , 2210–2219 (2022).

Katherine, E. F. et al. Preliminary estimates of effectiveness of monovalent mRNA vaccines in preventing symptomatic SARS-CoV-2 infection among children aged 3–5 years—increasing community access to testing program, United States, July 2022–February 2023. MMWR Morb. Mortal. Wkly. Rep. 72 , 177–182 (2023).

Kelly, M. H. et al. Effectiveness of coronavirus disease 2019 (COVID-19) vaccination against severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection among residents of US nursing homes before and during the delta variant predominance. Clin. Infect. Dis . 75 , S147–S154 (2022).

Silverstein, M. D., Heit, J. A., Mohr, D. N., Petterson, T. M., O’Fallon, W. M., & Melton. L. J. Trends in the incidence of deep vein thrombosis and pulmonary embolism: a 25-year population-based study. Arch. Intern. Med . 158 , 585–593 (1999).

Chen, S. et al. Efficacy of COVID-19 vaccines in patients taking immunosuppressants. Ann. Rheum. Dis. 81 , 875–880 (2022).

Malcolm, R. et al. Comparative effectiveness of coronavirus disease 2019 (COVID-19) vaccines against the delta variant. Clin. Infect. Dis . 75 , e623–e629 (2022).

Malcolm, R. et al. COVID-19 vaccine effectiveness against omicron (B.1.1.529) variant infection and hospitalisation in patients taking immunosuppressive medications: a retrospective cohort study. Lancet Rheumatol. 4 , e775–e784 (2022).

Martian, P. et al. Risk of myocarditis after sequential doses of COVID-19 vaccine and SARS-CoV-2 infection by age and sex. Circulation . 146 , 743–754 (2022).

Huiting, L. et al. Acute kidney injury after COVID-19 vaccines: a real-world study. Ren. Fail . 44 , 958–965 (2022).

Fabrizi, F. et al. COVID-19 and acute kidney injury: a systematic review and meta-analysis. Pathogens 9 , 1052 (2020).

Download references

Acknowledgements

We thank Kevin Heinrich at Quire and Martin Witteveen-Lane for querying the data from the Corewell Health Epic system. This study was funded by the National Institute of Allergy and Infectious Diseases of the National Institutes of Health under award number R01AI158543. The funder played no role in the study design, data collection, analysis, and interpretation of data, or the writing of this manuscript.

Author information

Authors and affiliations.

Division of Biostatistics & Health Informatics, Corewell Health Research Institute, Royal Oak, MI, USA

Huong N. Q. Tran

Department of Biostatistics, University of Michigan, Ann Arbor, MI, USA

Malcolm Risk

William Beaumont University Hospital, Corewell Health East, Royal Oak, MI, USA

Girish B. Nair

Division of Biostatistics, Department of Preventive Medicine, Northwestern University, Chicago, IL, USA

You can also search for this author in PubMed Google Scholar

Contributions

H.N.Q.T.: manuscript writing, study design, statistical analysis, and data preparation. M.R.: manuscript writing and study design. G.B.: clinical advice and study design. L.Z.: manuscript writing, method development, study design, and statistical analysis.

Corresponding author

Correspondence to Lili Zhao .

Ethics declarations

Competing interests.

The authors declare no competing interests.

Additional information

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Supplementary information

Supplementary information, rights and permissions.

Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/ .

Reprints and permissions

About this article

Cite this article.

Tran, H.N.Q., Risk, M., Nair, G.B. et al. Risk benefit analysis to evaluate risk of thromboembolic events after mRNA COVID-19 vaccination and COVID-19. npj Vaccines 9 , 166 (2024). https://doi.org/10.1038/s41541-024-00960-7

Download citation

Received : 06 May 2024

Accepted : 29 August 2024

Published : 13 September 2024

DOI : https://doi.org/10.1038/s41541-024-00960-7

Share this article

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Quick links

Explore articles by subject
Guide to authors
Editorial policies

COMMENTS

15 Famous Identity Theft Cases That Rocked The Nation
2. Phillip Cummings Stole 33,000 Credit Reports Which Cost Victims Between $50-100 Million. At the time it happened, Philip Cumming was responsible for the largest identity theft case in US history. Cummings worked as a help desk for a software company in Long Island.
4 Case Studies in Fraud: Social Media and Identity Theft
Case Study #2: Dr. Jubal Yennie. As demonstrated by the above incident, it doesn't take much information to impersonate someone via social media. In the case of Dr. Jubal Yennie, all it took was a name and a photo. In 2013, 18-year-old Ira Trey Quesenberry III, a student of the Sullivan County School District in Sullivan County, Tennessee ...
Seattle man who used stolen identities to seek nearly $2 million in
Seattle - A former Seattle resident who defrauded federal COVID-19 benefit programs of more than $1 million pleaded guilty today in U.S. District Court in Seattle, announced U.S. Attorney Nick Brown. Bryan Alan Sparks, 42, was indicted for the fraud scheme in November 2021. Today Sparks pleaded guilty to wire fraud and aggravated identity theft.
The Most Unbelievable Identity Theft Stories of All Time
9 Unbelievable Identity Theft Stories. 1. The "Tinder Swindler" who scammed lonely lovers out of millions. Shimon Hayut is the subject of the Netflix documentary The Tinder Swindler, and he's one of the most brazen scammers on this list. Simon Hayut (aka the Tinder Swindler). Source: The Sun.
8 Real Life Identity Theft Stories (And How They Were Resolved)
11 Nightmare Identity Theft Cases. We asked our community for identity theft case examples. Unfortunately, we got plenty of horrifying stories in return. Below are some recent identity theft stories from real people. "My first experience with stolen identity happened when my parents told me to get a credit card.
Real-Life Stories of Identity Theft: Exposing the Scams
Identity theft is a pervasive issue that affects millions of Americans each year, with the Federal Trade Commission reporting approximately 41.4 million victims in 2022 alone. The average financial loss per victim in the same year was about $7,697, highlighting the significant impact this crime can have on individuals' financial well-being. Moreover, the rise in …
Victims of Identity Theft, 2021
For 76% of identity-theft victims in 2021, the most recent incident involved the misuse of only one type of existing account, such as a credit card or bank account. About 59% of identity-theft victims had financial losses of $1 or more that totaled $16.4 billion in 2021. In 2021, about 2% of persons age 16 or older experienced the misuse of an ...
PDF Victims of Identity Theft, 2021
Financial loss for all identity theft. Across all incidents of identity theft reported in 2021, about 59% of victims experienced a financial loss of $1 or more (table 5). These victims had financial losses totaling $16.4 billion. The mean loss was $1,160 per victim, and the median loss was $200. TABLE 5.
Attack of the clones: the rise of identity theft on social media
A cloned account mimicking that of freelance model Elle Jones offered pornographic content through a link. One of the problems with social media identity theft is that the reporting mechanisms are ...
A Case Study of Identity Theft
reports of identity theft has increased over the study time period. From 2000 to 2001, identity theft jumped from 112 to 230 - a 105% increase. Over the same time period, credit card fraud increased 43%, motor vehicle theft increased 13%, robbery remained. stable, and check fraud decreased 32%.
2020 Identity Fraud Study: Genesis of the Identity Fraud Crisis
OVERVIEW. The results of Javelin's 2020 Identity Fraud Survey serve as a wake-up call—one that will force financial institutions, businesses, and the payment industry to reevaluate how identity fraud is managed. Total identity fraud reached $16.9 billion (USD) in 2019, yet the dollar loss is only part of the story.
My Identity Was Stolen—Here's How They Did It
In my case, my credit card company thwarted my identity thieves before they made a single charge. I did, however, lose several days of my life trying to shore up my compromised identity.
2018 :: New York Court of Appeals Decisions
In these consolidated appeals involving Appellants' convictions for identity theft, the Court of Appeals held (1) the law defines the use of personal identifying information of another as one of the express means by which a defendant assumes that person's identity; and (2) therefore, the People may establish that a defendant "assumes the identity of another" within the meaning of New ...
U.S. Identity Theft: The Stark Reality
Datos Insights. Boston, March 9, 2021 - Identity theft is a growing problem in the U.S. In 2019, losses from identity theft cases were US$502.5 billion and rapidly increased to US$712.4 billion in 2020, a 42% increase year-over-year. Identity theft losses grew very rapidly in 2020 (and will continue in 2021) due to the very high rate of ...
Identity fraud victimization: a critical review of the literature of
Police reports are critical for victims to pursue an identity theft case (OVC, 2010). For victims of certain forms of identity theft, the discovery of victimization can take as long as 6 months or more (Synovate, 2003, 2007). In cases where personal information is exposed due to data breaches, victims might have greatly varying experiences of ...
Identity Theft, Trust Breaches, and the Production of Economic
I focus on the case of identity theft, showing how that event—experienced by tens of millions of Americans annually—contributes to economic insecurity. ... Huff Rodney, Kane John. 2010. "Differentiating Identity Theft: An Exploratory Study of Victims Using a National Victimization Survey." Journal of Criminal Justice 38(5):1045-52 ...
"A Case Study of Identity Theft" by Stuart F. H Allison
A case study methodology was selected for this project. The results indicate that the identity theft trend is different than the trends for other theft related offenses -- credit card fraud, check fraud, robbery and motor vehicle theft. The data suggest that identity theft is increasing more rapidly than the other theft orientated offenses.
Risk and protective factors of identity theft victimization in the
Abstract. Identity theft victimization is associated with serious physical and mental health morbidities. The problem is expanding as society becomes increasingly reliant on technology to store and transfer personally identifying information. Guided by lifestyle-routine activity theory, this study sought to identify risk and protective factors ...
The Case of Stolen Identity: Cybercrimes in the Digital Era
The process of restoring one's financial standing after identity theft is time-consuming and stressful. 5. Essential Measures to Protect Against Identity Theft in the Digital Era 5.1 Safeguarding Personal Information: Best Practices for Individuals. In the digital era, protecting personal information is crucial to prevent identity theft.
Threats of identity theft in cyberspace
consequences of identity theft. A th reat t hat has emerged with the development of Internet. services is undoubtedly the ease of obtaining s hort-term. financial support - via avai lable Internet ...
Identity theft and university students: do they know, do they care?
The students demonstrated a significant misunderstanding of who perpetrators typically were targeting when stealing personal information or what perpetrators of identity theft were looking for. , - The results of the study contribute to a better understanding of the students' knowledge about the risks associated with identity crime.
Assessing Our Knowledge of Identity Theft:
However, because the case was brought under the FCRA, it is unclear whether the holding applies to all identity theft cases or just to those prosecuted under FCRA. 4. In fact, many police departments in the United States, until recently, were not equipped to investigate identity theft and would even refuse to take a report unless the actual ...
Licensed professional counselor indicted in $2 million health care
Flores is charged with 10 counts of health care fraud, each carrying a possible 10-year-maximum sentence and up to a $250,000 fine. He is also facing three counts of aggravated identity theft. If convicted, he faces a mandatory two years in federal prison which must be served consecutively to any other sentence imposed.
Mt. Pleasant man sentenced in federal identity theft, fraud case
A Mt. Pleasant man who pleaded guilty to identity theft and bank fraud has been sentenced to serve a year and a day in prison. United States District Judge Thomas L. Ludington on Thursday also ...
Former New York Rep. George Santos pleads guilty to wire fraud
Former Rep. George Santos was expelled from Congress after questions were raised about the New York Republican's resume and his use of campaign funds.
Risk benefit analysis to evaluate risk of thromboembolic events after
The net vaccine effect was estimated using results from SCCS and case-control studies. We used electronic health record data from Corewell Health (16,640 subjects in SCCS and 106,143 in case-control).

15 Famous Identity Theft Cases That Rocked The Nation

15 Famous Identity Theft Cases

Lessons You Should Learn

2. Phillip Cummings Stole 33,000 Credit Reports Which Cost Victims Between $50-100 Million

Lessons Learned

3. Nicole McCabe Was Framed for Assassination

4. Abraham Abdallah – the Crooked Robinhood

5. Amar Singh and His Wife, Neha Punjani-Singh

6. Senita Dill and Ronald Knowles SSN Fraud

7. Russian Hackers Send Phishing Email to an American Politician

Lessons to Learn

8. The EminiFX Cryptocurrency Ponzi Scheme

9. Kenneth Gibson – the Man Who Stole 8,000 Identities

10. SIM Swapping Scam on Jacy Erin

11. Nakeisha Hall – the IRS Staff

12. Turhan Lemont Armstrong and the Real Estate Fraud

13. How David Matthew Read Impersonated Demi Moore and Spent Over $169,000

14. Luis Flores Impersonated Kim Kardashian

Lessons Learned

15. The Fake Hostage Phone Call

How to Protect Yourself from Identity Theft Scams?

4 Case Studies in Fraud: Social Media and Identity Theft

Identity Theft Over the Years

Living Our Lives Online

Case Study #1: The Many Sarah Palins

Case Study #2: Dr. Jubal Yennie

Case Study #3: Facebook Security Scam

Case Study #4: Desperate Friends and Family

How to Defend Against Social Media Fraud

Jessica Velasco

Hurricane Beryl, Caitlin Clark Triple-Double, French Elections

How Online Tools Can Streamline Business Processes

The Most Unbelievable Identity Theft Stories of All Time

You Won't Believe These Identity Theft Horror Stories

9 Unbelievable Identity Theft Stories

1. The “Tinder Swindler” who scammed lonely lovers out of millions

How the Tinder Swinder’s scam worked:

How to avoid becoming the victim of a romance scam:

2. The credit check fraudster who stole 33,000 identities

How Philip Cummings stole thousands of passwords:

How to protect yourself from a data breach:

3. The celebrity identity thief who went after Oprah, Spielberg, and more

How Abraham Abdallah stole celebrity identities:

How to protect yourself from a change-of-address scam:

4. The mom who stole her daughter’s identity (to become a cheerleader)

How Wendy Brown stole her child’s identity:

How to protect your child’s identity from scammers:

5. The phishing attack that targeted a presidential candidate

How hackers tricked a politician into giving them access to his inbox:

How to protect yourself from phishing emails:

6. The scammer selling stolen cars on Facebook Marketplace

How the stolen used car scam works:

How to safely buy a used car:

7. The fake hostage phone call scam

How the fake hostage phone call scam works:

How to avoid being the victim of a virtual kidnapping scam:

8. The SIM swapping scam that cost a YouTuber $40,000

How scammers rerout their victim’s phone number:

How to keep your phone (and bank account) safe:

9. The EminiFX crypto scheme that funded its founder’s lavish lifestyle

How crypto investment scams work:

How to avoid a crypto (or any other investment) scam:

Protect Yourself Against Identity Theft With Aura

Ready for ironclad identity theft protection? Try Aura free for 14 days .

Related Articles

Try Aura—14 Days Free

14 days FREE of All-In-One Protection

8 Real Life Identity Theft Stories (And How They Were Resolved)

What Is Identity Theft?

11 Nightmare Identity Theft Cases

ID Theft Infographic

Frequently Asked Questions

What Is The Michelle Brown Story?

Do You Have an ID Theft Story?

Kimberly Alt

Costco Complete ID Reviews: Pros, Cons, Consumer Reviews, Pricing, Vs LifeLock, & More

How To Stop Spoofing Calls: RoboKiller vs NomoRobo vs Hiya

Identity Guard® Review: Customer Service, Plans, Credit Monitoring, Vs LifeLock, & More

IDShield Reviews: Is It Worth It? Customer Reviews, Vs LifeLock, & More

Attack of the clones: the rise of identity theft on social media