Identity theft is the act of stealing a victim’s Personal Identifying Information (PII), which could include name, address, Social Security number, or other identifying numbers such as medical insurance or credit card accounts. Identity thieves can steal personal and financial information using a variety of electronic and low-tech methods. Learn 11 of the most common ways of identity theft can happen.

1. Phishing

Scammers often use phishing emails to trick victims into providing personal or financial information. Phishing emails can be deceiving in that they may appear to come from a known or trusted company, such as a bank or an online retailer, and use various tactics to get the victim to click a link or open an attachment.

2. Smishing

Scammers may also target victims via text message—a crime called smishing. Similar to phishing attacks, criminals may impersonate trusted organizations or even friends to trick victims into divulging information. Smishing may be increasing as more people trust text messages over phone calls and emails.

3. Vishing

Fraudsters can also use phone calls, also known as voice phishing or vishing, to target potential victims. Phone scammers sometimes use promises, like the offer of a prize, or threats, such as the risk of not getting a tax refund, to prompt victims into giving up personal information. Scammers will also use spoofing to send falsified information to a caller ID. A spoofed call looks like it’s coming from a local number or a trusted organization when it could be originating anywhere in the world.

4. Fake Websites

Fake websites often look like legitimate and trustworthy sites to make people more apt to provide their personal information. Some online shopping scams use a bogus website or mobile app that mimics a trusted retailer, including a familiar logo and similar URL. Purchases made on these fraudulent sites will likely never arrive, or worse, scammers may seed the website with malware that infects the victim’s device and harvests personal or financial information.

5. Impersonation Scams or Confidence Fraud

Confidence fraud occurs when a criminal deceives a victim into believing they have a trusted relationship—as a family member, friend, or romantic interest—to convince the victim to send money, provide information, make purchases, or even launder money. One way thieves steal taxpayer information is through IRS impersonation scams. Scammers call their victims claiming to work for the IRS or send fraudulent emails that look like official communications.

6. Data Breaches

A data breach is the intentional or unintentional release or theft of information, whether it is due to a cyberattack or simply the improper disposal of physical documents. If an individual is notified of a breach, their financial or personal information may have been exposed. The theft of usernames and passwords from data breaches may also fuel credential stuffing attacks in which criminals use stolen username and password combinations to hack into other accounts.

7. Skimming
Skimming occurs when a criminal steals information as the debit or credit card is swiped. Scammers may tamper with the electronic card reader so that it captures card data, place a recording device at an ATM, or recruit a crooked salesperson to steal customers’ card data.

8. Public Wi-Fi and USB Charging Stations
Many public Wi-Fi networks are vulnerable to threats from hackers, making it possible for thieves to eavesdrop on users’ private information. Scammers may also employ a USB charging scam, called juice jacking, in which malware infects the user’s device when connected to an airport USB charging station or hotel USB port.

9. Purchase of Information on the Dark Web
The dark web, or dark net, is a part of the internet that serves as a highly profitable marketplace where criminals can purchase stolen personal information. Private photos, medical records, and financial information have all reportedly been stolen and shared on the dark web. Security researches have reported a concerning trend that cybercriminals have begun targeting children—even infants—and advertising their stolen information for sale on the dark web.

10. Theft by a Family Member or Friend
An identity could be stolen by a family member or friend, such as a parent who uses a child's information to get a credit card or loan, or someone who uses their spouse’s information without permission to open an account. According to one report, 51 percent of new account fraud victims stated that they personally knew the individual who committed the fraud.

11. Theft of a Wallet, Mail, or Even Trash
Personal and financial information can also be stolen using low-tech methods, such as a criminal going through the victim’s mail or even their trash.

Regardless of how a criminal obtains the victim’s PII, once thieves have the information, they may use it to commit fraud. This could include draining bank accounts and racking up credit card charges, getting medical treatment using the victim’s health insurance, stealing their tax refund, or selling the information to other criminals. In some extreme cases, a thief might even give the victim’s name during an arrest and prompt a false criminal record. Identity theft victims may be unaware of the crimes until there is already substantial damage to their financial assets, credit, and reputation.

Better Protect Yourself and Your Loved Ones from Identity Theft

Fortunately, there are steps you can take to better protect yourself and your family from identity theft and identity fraud. Download the white paper Your Guide to Identity Theft to learn more about the various types of identity theft, common warning signs, and steps individuals can take to better protect themselves.

How to Report an Incident

According to the FTC, if you or a loved one believe you have been the victim of identity theft, report it immediately at IdentityTheft.gov, the federal government’s resource for identity theft victims.