Skip to Main Content
It looks like you're using Internet Explorer 11 or older. This website works best with modern browsers such as the latest versions of Chrome, Firefox, Safari, and Edge. If you continue with this browser, you may see unexpected results.

Identity Theft

A guide on the many types of identity theft and resources for prevention.

The Scope of Identity Theft

The 2017 Identity Fraud Study, released by Javelin Strategy & Research, found that $16 billion was stolen from 15.4 million U.S. consumers in 2016, compared with $15.3 billion and 13.1 million victims a year earlier. In the past six years identity thieves have stolen over $107 billion.

Following the introduction of microchip equipped credit cards in 2015 in the United States, which make the cards difficult to counterfeit, criminals focused on new account fraud. New account fraud occurs when a thief opens a credit card or other financial account using a victim’s name and other stolen personal information.

Identify Theft and Fraud Complaints

The Consumer Sentinel Network, maintained by the Federal Trade Commission (FTC), tracks consumer fraud and identity theft complaints that have been filed with federal, state and local law enforcement agencies and private organizations. Of the 3.1 million complaints received in 2015, 16 percent were related to identity theft.  Identity theft complaints increased by more than 47 percent from 2014, they were the second most reported after illegal debt collection. The FTC identifies 30 types of complaints. In 2015 debt collection complaints displaced identity theft in the top spot among complaint categories for the first time in 16 years, due in large part to a surge in complaints related to unwanted debt collection mobile phone calls.

Insurance Information Institute

Identity Theft

Identity (ID) theft is a crime where a thief steals your personal information, such as your full name or social security number, to commit fraud. The identity thief can use your information to fraudulently apply for credit, file taxes, or get medical services. These acts can damage your credit status, and cost you time and money to restore your good name. You may not know that you are the victim of ID theft until you experience a financial consequence (mystery bills, credit collections, denied loans) down the road from actions that the thief has taken with your stolen identity. 

There are several common types of identity theft that can affect you:

  • Child ID theft - Children’s IDs are vulnerable because the theft may go undetected for many years. By the time they are adults, the damage has already been done to their identities.
  • Tax ID theft - A thief uses your social security number to falsely file tax returns with the Internal Revenue Service or state government.
  • Medical ID theft - This form of ID theft happens when someone steals your personal information, such as your Medicare ID or health insurance member number to get medical services, or to issue fraudulent billing to your health insurance provider.
  • Senior ID theft - ID theft schemes that target seniors. Seniors are vulnerable to ID theft because they are in more frequent contact with medical professionals who get their medical insurance information, or caregivers and staff at long-term care facilities that have access to personal information or financial documents.
  • Social ID theft - A thief uses your name, photos, and other personal information to create a phony account on a social media platform.

Prevent Identity Theft

Take steps to protect yourself from identity theft:

  • Secure your social security number (SSN). Don’t carry your social security card in your wallet or write your number on your checks. Only give out your SSN when absolutely necessary.
  • Don’t respond to unsolicited requests for personal information (your name, birthdate, social security number, or bank account number) by phone, mail, or online. 
  • Watch out for “shoulder surfers.” Shield the keypad when typing your passwords on computers and at ATMs. 
  • Collect mail promptly. Ask the post office to put your mail on hold when you are away from home for several days. 
  • Pay attention to your billing cycles. If bills or financial statements are late, contact the sender.
  • Review your receipts. Promptly compare receipts with account statements. Watch for unauthorized transactions.
  • Shred receipts, credit offers, account statements, and expired cards, to prevent “dumpster divers” from getting your personal information.
  • Store personal information in a safe place at home and at work.
  • Install firewalls and virus-detection software on your home computer.
  • Create complex passwords that identity thieves cannot guess easily. Change your passwords if a company that you do business with has a breach of its databases
  • Order your credit report once a year and review to be certain that it doesn't include accounts that you have not opened. Check it more frequently if you suspect someone has gained access to your account information.

Report Identity Theft

Report identity theft to the Federal Trade Commission (FTC) to get an identity theft report and recovery plan. Create an account using FTC's website IdentityTheft.gov, you can update your recovery plan, track your progress,  and receive prefilled form letters to send to creditors. If you report it online, but don't create an account, remember to print or save your identity theft report and recovery plan, because you won't be able to access them again. Download the FTC's publication, "Taking Charge-What to do If Your Identity is Stolen" for detailed tips, checklists, and sample letters. 

You can report identity theft to the FTC by phone at 1-877-438-4338. The FTC will collect the details of your situation, but won't provide you with an ID theft report or recovery plan.  You may also choose to report your identity theft to your local police station.  It could be necessary if:

  • You know the identity thief
  • The thief used your name in any interaction with the police
  • A creditor or another company affected by the identity theft requires you to provide a police report.  

Report Specific Types of Identity Theft

You may also report specific types of identity theft to other agencies.

  • Long-term Care Identity Theft - Report a claim to the long-term care ombudsman in your state, if the theft was a result of a stay in a nursing home or long-term care facility.
  • Medical Identity Theft - Contact your health insurance company’s fraud department or Medicare's Fraud Office.
  • Tax Identity Theft - Report this type of ID theft to the Internal Revenue Service and your state’s Department of Taxation or Revenue.

Report Identity Theft to Other Organizations

In addition to federal government agencies, you should also report the theft to other organizations, such as:

  • Credit Reporting Agencies - Contact one of the three major credit reporting agencies to place fraud alerts or freezes on your accounts so that no one can apply for credit with your name or social security number. Also get copies of your credit reports, to be sure that no one has already tried to get unauthorized credit accounts with your personal information. Confirm that the credit reporting agency will alert the other two credit reporting agencies. 
  • Financial Institutions - Contact the fraud department at your bank, credit card issuers and any other places where you have accounts. You may need your ID theft reports from the police and Federal Trade Commission in order to report the fraud. 
  • Retailers and Other Companies - You will also need to report the fraud to companies where the identity thief created accounts, opened credit accounts, or even applied for jobs in order to clear your name.
  • State Consumer Protection Offices or Attorney General - Your state may offer resources to help you contact creditors, dispute errors and other helpful resources.

USA.gov

Medical Identity Theft

Thieves are hunting down your medical ID. They’re after your health-insurance number, Social Security number and other sensitive personal information. Scammers take over your medical ID. They line their pockets with false claims against your health policy.

Your medical information can be stolen anytime in our wired world. It happens almost every day. Malware, hacks, phishing, smishing, vishing, spoofs and other digital tactics are doubling your danger. Defend your medical identity every way you can.

The Scams

Illegal and bogus treatment. Medical ID thieves bill your health plan for fake or inflated treatment claims. They can be doctors and other medical staff. Organized theft rings also steal your information — they sell it to crime rings on the Dark Web.

Buy addictive drugs. Medical staff steal painkillers and other prescription drugs in your name — to feed their addictions or sell for big profits. Pharmacists bill your health policy for narcotics. Nurses call in prescriptions using a patient’s name, but pick it up themselves.

Steal free treatment. People receive free medical treatment if they’re uninsured … courtesy of your health policy. Often they’re trusted friends or relatives; they took your information when you weren’t looking. They pretend they’re you at a hospital or clinic. So you’re billed for their surgery.

The Price You Pay

Credit ruined. Thieves disappear without paying medical bills charged to you. Your credit can be wrecked. Regaining your good credit rating can take months or years. You could be hounded by bill collectors, turned down for loans or mortgages, or pay higher lending costs.

Health coverage lost. Bogus claims can max out your health policy. You’ll have no coverage when you need expensive surgery. Your premiums also can rise.

Records inaccurate. Medical ID theft can threaten your health or life. A thief’s treatment history can end up on your medical records. This could be your wrong blood type, or medicine to which you’re allergic.

Legal troubles. True story: A pregnant woman stole the medical ID of a mother. The woman delivered a baby who tested positive for illegal drugs. Social workers tried to take away the real mother’s four children. They falsely thought she was the addict.

Fight Back

Check your EOBs. Review the explanation of benefits form your insurer sends. If you see treatments you never received, tell your insurer right away.

Defend your credit. Review your credit reports with Equifax, Experian and TransUnion at least twice a year. Was your credit damaged by unpaid medical bills? Place a fraud alert and credit freeze.

File a police report. Filing a police report notifies law enforcement that your medical identity was stolen. Send the report to your insurer, medical providers and the three credit bureaus.

Correct medical records. If you suspect an ID theft, obtain your records from your doctor, hospital, pharmacy or laboratory. Have errors corrected, and appeal if you’re refused.

Digital Defense

Avoid wi-fi. Don’t log into health accounts on public wi-fi — or access or send health info on public networks. Thieves troll coffee shops and other public wifi sites.

Careful of email. Never send sensitive medical info to your health provider via email — it’s not secure. Use the provider’s secure portal — and shred outdated medical info.

Stay private on social. Avoid talking about your medical conditions on social media. Medical thieves troll social-media accounts to compile a digital identity of your health. This helps thieves make realistic claims against your health policy.

Careful when email, texting. Never email or text sensitive medical info to your medical provider. They aren’t secure. Only use a secure medical portal.

Gone phishing. Unexpected emails from your medical provider or health insurer could be traps to install data-stealing malware. Does the message ask you to open a link? Is the domain the same as the presumed medical provider? Delete if in doubt and call your provider to confirm.

Phony phone caller? Your phone says the unknown caller is from Medicare, with an 800 number. Yet the caller asks for your Medicare number and credit card information so you can “buy” a new Medicare card. Just hang up.

Support group supportive? Online support communities for people with specific conditions are common targets of thieves. Avoid posting sensitive info unless it’s a secure site.

Coalition Against Insurance Fraud

 

What is tax-related identity theft?

Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.
You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your SSN. Or, the IRS may send you a letter saying we have identified a suspicious return using your SSN.

Know the warning signs:

Be alert to possible tax-related identity theft if you are contacted by the IRS or your tax professional/provider about:

  • More than one tax return was filed using your SSN.
  • You owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.
  • IRS records indicate you received wages or other income from an employer for whom you did not work.

If you suspect you are a victim of identity theft, continue to pay your taxes and file your tax return, even if you must do so by paper.

Steps to take if you become a victim:

If you are a victim of identity theft, the Federal Trade Commission recommends these steps:

  • File a complaint with the FTC at identitytheft.gov.
  • Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records:
    • Equifax, www.Equifax.com, 800-525-6285
    • Experian, www.Experian.com, 888-397-3742
    • TransUnion, www.TransUnion.com, 800-680-7289
  • Contact your financial institutions, and close any financial or credit accounts opened without your permission or tampered with by identity thieves.

If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:

  • Respond immediately to any IRS notice; call the number provided.
  • Complete IRS Form 14039, Identity Theft Affidavit, if your efiled return rejects because of a duplicate filing under your SSN or you are instructed to do so. Use a fillable form at IRS.gov, print, then attach the form to your return and mail according to instructions.

If you previously contacted the IRS and did not have a resolution, contact us for specialized assistance at 1-800-908-4490. We have teams available to assist.

About data breaches and your taxes:

Not all data breaches or computer hacks result in tax-related identity theft. It’s important to know what type of personal information was stolen.

If you’ve been a victim of data breach, keep in touch with the company to learn what it is doing to protect you and follow the “Steps for victims of identity theft.” Data breach victims should submit a Form 14039, Identity Theft Affidavit, only if your Social Security number has been compromised and your efile return was rejected as a duplicate or IRS has informed you that you may be a victim of tax-related identity theft.

How to reduce your risk:

Join efforts by the IRS, states and tax industry to protect your data. We all have a role to play. Here's how you can help:

  • Always use security software with firewall and anti-virus protections. Use strong passwords.
  • Learn to recognize and avoid phishing emails, threatening calls and texts from thieves posing as legitimate organizations such as your bank, credit card companies and even the IRS.
  • Do not click on links or download attachments from unknown or suspicious emails.
  • Protect your personal information and that of any dependents. Don’t routinely carry Social Security cards, and make sure your tax records are secure.

See Publication 4524, Security Awareness for Taxpayers, to learn more.
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

 IRS

How Social Media Identity Theft Happens

Identity thieves who go through social media to get to their targets have plenty of methods to choose from. Here are a few of their main tactics:

  • Impersonation. Since it’s so easy to create an account on social media sites, identity thieves impersonating people online is common. They can create accounts in others’ names, then add pictures and personal info they find elsewhere online to make the account seem as real as possible. If they pose as your friend, they can find ways to access your info, as well.
  • Public Personal Information. Even seemingly innocuous information about your life can give criminals all they need to steal your identity. A warning you have likely heard before is not to post about your vacations because burglars could see it and know exactly when to rob your home. With identity thieves, you can never be too sure. Even things like your hometown or the name of the high school you graduated from can give them the clues they need to steal your identity.
  • Direct Message Phishing. Just like email phishing, direct message phishing involves fake accounts and malicious links. An account (either fake or hacked) will message you with an unfamiliar link. If you click on it, identity-stealing malware might download to your computer. Be suspicious of any unfamiliar links you receive.
  • Data Breaches. This is the method of identity theft that you have the least power to prevent. Data breaches happen when a company’s database of customer information is hacked. Social media websites are big targets for these hackers. If they get through, all of the info you have on your profile could make you susceptible to identity theft. Keep up with the news and check on your accounts if there is a data breach. If so, take prompt measures. At a minimum, change your password and check any other social media accounts you may have linked.

Preventing Social Media Identity Theft

There are many ways you can counteract the efforts of identity thieves on social media. Overall, use your common sense. If something doesn’t seem right, it probably isn’t. Here are some specific ways you can protect yourself:

  • Increase your privacy settings. On every social media site, there are adjustable privacy settings. You can make your accounts as private as possible in order to conceal your personal info from the public eye. Be aware that this isn’t a watertight method, and you should still be cautious about what you post.
  • Create strong passwords. “Password1” is no longer an acceptable choice for your social media accounts – not that it ever was. Your account passwords need to be unique and strong, in addition to not containing any personal info. For example, you shouldn’t set your password to be the digits of your birthday. That’s an easy password to guess, especially if your birth date is public.
  • Don’t even think about your SSN. Under no circumstances should you type in your Social Security number on a social media site. If an app asks for it, don’t comply. Think your direct messages might be safe enough to share your SSN? Think again. Direct messages can be hacked or leaked, which was made obvious in recent news. Even if the message comes from someone you know, it may be a fake account.
  • Post the least amount of personal info possible. It sounds obvious, but it can be more complicated than you think to decide which information is safe to share. Especially if your social media profiles are public, you need to think carefully before you post.
  • Be wary of fake friends. Have you ever gotten a friend request from someone you thought you were already friends with? You may think, “Hm, maybe they got a new account,” and accept the request without giving it a second thought. Turns out, your friend probably never made a new account; someone is impersonating them. Identity thieves create these accounts to gain access to more people’s personal information. If you accept a friend request from one of these spoofed accounts, your privacy settings become useless. Be mindful of which requests you accept.
  • Avoid apps that want your account info. Many of those little quizzes you see on Facebook ask for access to some of your profile information before they give you your results. Although you may really want to see which B-list celebrity your profile picture looks like, it’s best to skip out on these apps. You can never be sure what they will do with your profile information.
  • Don’t click suspicious links. If you see a strange post or receive a weird message that contains a link, don’t click it. It is likely baiting you into downloading malware.

What to Do If You Are a Victim of Social Media Identity Theft

First, how do you know that you’re a victim? If an identity thief has figured out how to access your Social Security number, credit card number, or other info through your social media account, you can check for signs of identity theft.

If you are worried about impersonation, you can Google your own name or search for your name on social media sites to see if there are other profiles posing as you. You could also find out about an online impersonator if a friend tells you they got a strange message or friend request from an account with your name. Once you are certain you are being impersonated, you can report your identity thief.

In general, you should follow the same procedures you would for other forms of identity theft, including reporting it to the Federal Trade Commission. If that seems like overkill — or not enough — you can also report the problem to the social network itself.

How to Report Identity Theft on Facebook

Here are the current steps to report impersonation on Facebook:

  1. Go to the Timeline of the impersonator
  2. Click the “…” button in the upper right and then select Report
  3. Click Report this account
  4. Click This person is pretending to be me or someone I know and then complete the on-screen directions
  5. Finally, click Submit to Facebook for Review

If you don’t have a Facebook account but know someone is impersonating you, use this form to report it.

Facebook routinely changes its layout, so you should always look for the latest instructions on the website itself. Go to http://www.facebook.com/help and click on Report an Issue for guidance.

How to Report Identity Theft on Twitter

Twitter policy allows for “parody, commentary, or fan accounts,” but will remove accounts it agrees portray another person in a “confusing or deceptive manner.” To report an account:

  1. Go to the impersonation form. You don’t need to be logged in
  2. Select I am being impersonated
  3. Select A user is pretending to be me or someone I know
  4. Specify whether you are the user or an authorized representative of the victim. They will turn you away if you select the friend/fan option
  5. Provide information including your name, email, username, and a description of the problem including the offending account
  6. Click Submit

How to Report Identity Theft on LinkedIn

LinkedIn does not have a specialized channel for reporting impersonation accounts. To report an account:

  1. LinkedIn asks that you first make sure the account is not a duplicate you accidentally created with an alternate email address, since this is a common problem. Use this FAQ to check and, if so, get help merging your contacts into one profile.
  2. If you are sure the account was not created by you, log in and click Get Help under Account & Settings in the upper right. The icon is your profile picture.
  3. Click on Help Forum in the navigation menu up top.
  4. Click on Contact Us in the navigation menu. (You have to pretend to look for help before the site will let you click there.)
  5. Fill out the form, using the issue type Privacy/Abuse and a subject line such as “Report Fake Profile.” Describe the situation and provide a link to the offending profile, then click Continue.
  6. A box will pop up to steer you back toward possible answers. Confirm your message by clicking Submit.

Safeguarding Your Information on Social Networks

In addition to the potential for thieves to impersonate you, there are other ways social networks can provide them with your personal information. Follow these tips to minimize your risk:

  • Avoid posting photos of financial information or mail.
  • Learn and understand your privacy settings at the account level and with each individual post you make to avoid oversharing. Understand the privacy impact of accepting a friend or follow request.
  • Be skeptical of links to unfamiliar websites, especially ones that promise shocking video, photos or gossip. They may be designed to hijack control of your account and information, and trick your friends into doing the same.
  • If you log into social media on a computer other than your own, remember to log off before leaving. Avoid checking the box to remember your username or password.

Most victims of unemployment identity theft are unaware that claims have been filed and/or that benefits have been collected using their identities. Many people only find out unemployment identity theft occurred when they receive something in the mail, such as a payment or state issued 1099-G tax form that’s incorrect or for benefits not received.

Sample form from the IRS.gov website: IRS form Certain Government Payments 1099-G

Report Unemployment Identity Theft | U.S. Department of Labor (dol.gov)

Justice Department Warns on Fake Unemployment Benefit Websites

The Department of Justice recently warned that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, for the purpose of unlawfully capturing consumers’ personal information.
To lure consumers to these fake websites, fraudsters send spam text messages and emails purporting to be from an SWA and containing a link. The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data. That information can then be used by fraudsters to commit identity theft.

Help stop these scams by reporting them and using the list of state contacts at DOL.gov/fraud.

Is a scammer getting unemployment benefits in your name? | FTC Consumer Information

Live Chat