With remote work, e-commerce activity and sophisticated breach capabilities at an all-time high, there is a perfect storm brewing. Identity fraud is not going away anytime soon.

Take a look at nine common types of identity fraud, the warning signs and some identity management advice. This way, you can reduce the risk of falling victim to these scams.

What is identity fraud?

Identity fraud is when someone uses another person’s stolen personal information to deceive other people, businesses or organizations, often for financial gain or criminal goals. The unauthorized use of sensitive details, like credit cards, bank accounts or passports, can cause serious problems for victims. It impacts their finances, credit score, assets and reputation.

According to the Federal Trade Commission (FTC), consumers filed over 2.1 million fraud reports in 2020. The total losses exceeded $3.3 billion — almost double the $1.8 billion lost to fraud in 2019.

As lockdowns led to the closure of brick-and-mortar stores, a boom in e-commerce has brought millions of new shoppers online. That includes many older consumers and people who aren’t as tech-savvy as digital natives. And so, the problem of identity fraud is rapidly growing.

What is the difference between identity theft and identity fraud?

Identity theft is when a person steals someone else’s personal information, like their credit card, passport or property deeds.

Identity fraud is when a person uses another’s identity for financial gain. They may do this through criminal activity or simply by making purchases using the stolen details.

These two terms are closely linked, as identity theft almost always leads to identity fraud. The thief almost always has fraud planned when they steal personal information from their victim.

There are several ways a thief can steal your identity, from older methods like common theft of your wallet and cold calls to acquiring your details through phishing or a data breach.

9 Types of identity fraud to watch out for in 2022

Once thieves take hold of your sensitive information, they can do different kinds of damage. They might affect your credit score, personal finances, business reputation and livelihood. You may even face criminal charges and court if the fraudsters leverage your details for illegal acts.

Here are nine types of identity fraud that you should know about in 2022:

Account takeover fraud

Account takeover fraud is when someone gains access to your accounts without permission. Once inside, a fraudster is free to make transactions and transfer money out of the account. 28% of customers claim they would stop shopping with a business if their online account was breached in this way.

Online shopping fraud

Shopify reported that only 13.6% of sales came from online purchases in 2019. The pandemic’s impact led to a surge in online shopping. By 2024, e-commerce will account for almost 22% of retail sales. With this growth come openings for scammers.

Fraudsters use phony websites, fake gift cards and phishing emails and messages to deceive people into sharing their credit card information. A common example is the fake delivery scam. Criminals send messages about delivery issues disguised as trusted courier services — like UPS or FedEx — in a bid to trick people into clicking a bogus link or sharing their details.

Card identity fraud

One of the more obvious types of fraud is when someone uses your debit or credit cards without permission. It could be a subway pickpocket or a friend or family member who gets their hands on your wallet. Once they have the essential details, they can purchase items in your name or make large transfers out of your account.

Elder fraud

Senior citizens are at greater risk of identity fraud as many aren’t tech-savvy and many live alone, making them open to scams. According to the FTC, consumers aged 80 and older lose more money to fraud than any other age group.

One common type of identity fraud is known as ‘the grandparent scam,’ where criminals pretend to be a grandchild on a phone call to an at-risk elderly person. The scammers will try to coerce the target into sending money or sharing card details to help with some urgent problem.

Social security number identity theft

Your Social Security number (SSN) is the master key to your identity. Lose that, and you could lose everything. There were 147 million SSNs exposed when attackers breached Equifax in 2017, which caused widespread panic. If attackers get access to your SSN, they can reach your bank accounts, credit line, tax refunds, medical care and more.

But it doesn’t take a data breach to lose your SSN. Thieves could get what they need from you by lifting your wallet, rifling through the trash, sending phishing emails or even simply hearing you talking on the phone.

Medical identity theft

Medical identity theft is whenever somebody uses your information, such as a Medicare number or SSN, to receive medical services or file a claim. If you fall victim, you could face bills for medical services and prescriptions you never received.

In January 2022, a Florida hospital warned about medical identity theft after a data breach. The attack compromised 1.3 million records belonging to patients and staff.

Tax identity theft

Tax identity fraud is when somebody uses another person’s sensitive financial information to file a tax return. Quite often, the victim won’t realize the scam has happened until they make their real tax return, only to discover that one has already been processed in their name. By that time, the thief has collected the refund and vanished.

In January 2022, a former New Mexico Taxation and Revenue office employee was found guilty of tax identity fraud. George Martinez had abused his position for over seven years to alter tax refunds and direct them to bank accounts he owned.

Deed identity fraud

Deed fraud is the illegal transfer of a real estate title without the legal owner’s knowledge or consent. Fraudsters will get forged deeds to take illegitimate ownership of a property. Also known as home title fraud, this problem is on the rise in lower-class neighborhoods, especially where the legal owner has died.

A Dallas-area real estate investor, William Baldridge, was found guilty of defrauding dozens of Detroit homeowners with this scam, including June Walker. The 65-year-old thought she had finally bought her own home after two years of hard saving, only to discover later Baldridge was running deed fraud and pocketing her rent each month.

Biometric ID theft

Sadly, we now live in a time where passwords and two-factor authentication aren’t enough to keep our identity and accounts safe. Biometric authorization takes this a step further by verifying user identity through fingerprints, facial recognition or voice.

But the criminals aren’t giving up easily, as biometric ID theft is a growing problem, thanks to video editing and artificial intelligence. In 2020, a threat actor group used deep fake tech to fool a Hong Kong bank manager into believing he was talking to a company director he knew. Entirely convinced, the manager proceeded to transfer $35 million

The capabilities of this technology are a cause for growing concern. A GitHub project called MockingBird claims to be able to clone a voice in just five seconds, before enabling the user to generate speech with the cloned voice in real-time. While not much is known about the project, the prospect alone poses a significant threat of identity theft that we cannot ignore. 

5 Signs of identity fraud

Knowing what to look for is half the battle in fraud prevention. Here are five warning signs:

Unfamiliar transactions on financial accounts

If you notice odd transactions on your bank account or credit card statements, it could be a sign of identity fraud. Even a small error is worth looking at, as fraudsters often test accounts with small transactions before making a larger transfer.

New bills or missing bills

An identity thief may change the mailing address of their victim in order to redirect important information. If you notice some bills are no longer arriving, you should follow up with the providers to confirm there is nothing sinister at play. Thieves may also use your identity to set up new accounts, so you should also beware of any new bills that arrive in your name.

Lost cellphone or utility service

If a thief upgrades a phone contract in your name, they may switch service to the new device that they have in their possession. Phone service can be cut out for many honest reasons, but it’s best to contact the network provider. The same applies if there is any disruption to your other utilities like gas, electricity and water.

Contact from debt collectors

If you receive mail from a debt collection agency or have bailiffs arrive on your doorstep, it’s never a good time. But it’s much worse if you’re completely innocent. If this happens to you, it’s probably fraud. In this case, you should contact the three major credit reporting agencies — Experian, Equifax and TransUnion. You can explain what’s happening and dispute the case.

Denied claims for medical care or tax returns

When you make a medical claim or tax return in the U.S., it’s a process you want to complete without a hitch. If the claim is rejected, it can cause a lot of stress and financial burden. Medical fraud or tax claim fraud can have serious impacts here, potentially denying people the money or health care they need.

How to prevent identity fraud

In a time when we think little of buying items online, it’s easy to forget that every time we share our personal information online, we take a risk. Let’s look at five fraud prevention steps that will help keep your identity safe.

Take care on new online stores

Fraudsters will create duplicate sites of popular brands. You can often spot fake websites as many have design flaws, typos and issues with functionality. Also, a trustworthy site should have ‘HTTPS’ in the URL and the little padlock icon in the address bar.

All that said, many good-looking scam websites exist. For that reason, it’s best to stick to trusted brands and popular stores that have good social proof when shopping online. If you visit a lesser-known store, it might not be as secure — even if it’s bonafide, the owner may not have the same security features as a more established business.

Use a password manager

Don’t reuse passwords or save them on paper. Instead, use a password manager app to create and store long, unique codes for every account. More complex passwords will offer better protection from potential attackers.

Set up alerts

Nowadays, almost every business, bank or lender will send a message whenever there is a transaction on your account. Ensure you enable email or text alerts so you always know when there is a purchase, deposit or withdrawal.

Monitor your credit and accounts

Get into the habit of checking your credit reports and financial statements from all accounts, medical care and bills. With good practices of reviewing your financial life, you can catch any suspicious issues before they spiral out of control.

Freeze your credit

You can freeze (and unfreeze) your credit for free by contacting the three major credit bureaus. Doing this will stop anyone from opening new credit files in your name.

We all must do our part to prevent identity fraud

With so many of us working, shopping and sharing information online, the internet is a gold mine for identity thieves.

SIEM is a solution that helps enterprises spot cybersecurity threats before severe damage or disruption occurs. But while this software is widespread in security management, it is not common across e-commerce stores.

Although businesses must step up to protect their consumers, people must also be proactive and take more responsibility to protect their own identity and personal information in 2022.

More from Risk Management

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today