Proton

The more personal information we share on the internet, the greater the privacy risks(new window) that make us vulnerable to identity theft(new window). This issue affects millions globally, impacting people financially and personally, with over 24 million victims(new window) in 2021 in the United States alone.

To understand how to defend yourself against digital thieves, it’s useful to know the different ways they try to enrich themselves with your data. This article explores different kinds of identity theft and provides security measures(new window) to keep your information safe, including encrypted document storage(new window) and secure file sharing(new window).

Examples of identity theft

Financial identity theft

Financial identity theft happens when someone uses stolen personal information(new window) to access your financial resources, such as credit cards and bank accounts, to steal money directly or incur debts in your name.

For example, a criminal could commit bank fraud by stealing your bank account information through phishing scams to withdraw funds, transfer money, or take out loans. In case of credit card fraud, a malicious actor could get your credit card numbers by using credit card skimmers at ATMs or by going through your trash to find discarded billing statements. For loan fraud, your stolen identity could be used to apply for auto loans, mortgages, or personal loans.

Social security identity theft 

Social security identity theft means having your social security number (SSN) misused to commit fraud or theft. It can have especially serious consequences because the SSN is commonly used to access various personal and financial services.

For example, a thief could use your SSN to open a new credit account, apply for a loan, or make big purchases, since the SSN is necessary for credit and identity verification. In another scenario, your SSN could be used to apply fraudulently for government benefits like social security, unemployment, or other aid programs.

If your SSN was stolen(new window), you should immediately report it to the authorities and big credit bureaus.

IRS identity theft

IRS identity theft (or tax identity theft) occurs when someone uses stolen personal information like your SSN or individual taxpayer identification number (ITIN) to file tax returns and claim refunds or credit. A criminal might also use your SSN to get a job and commit employment fraud since the income is reported to the IRS under your name.

If you suspect you’ve been a victim of tax-related identity theft, you should immediately contact the IRS(new window), provide your identity, and file the appropriate forms to report the fraud. It could take a while for the IRS to resolve the issue and for you to receive any refund you’re due.

Medical identity theft

In medical identity theft cases, someone uses your identity and health information, like your name, SSN, or Medicare number, to access medical services or prescription drugs. The thief could also file fraudulent claims with insurers to get money, leading to incorrect medical bills and draining your insurance benefits. If these false medical bills go unpaid and are sent to collections, it can harm your credit score.

It’s important to regularly review your medical and insurance statements. You should report any suspicious activities immediately to your healthcare provider(new window) and insurance company.

Insurance identity theft

Insurance identity theft happens when a criminal uses your stolen personal information to apply for insurance services, such as health, auto, life, or homeowners insurance. You might only become aware of this when receiving mail from an insurance company about a policy you didn’t sign up for. Thieves might also access your existing insurance policies to file fraudulent claims for compensation or benefits, or sell your insurance details to third parties.

Be sure to regularly check your insurance statements and explanations of benefits (EOB) for any claims you don’t recognize or service you didn’t receive. Additionally, your insurance provider should notify you about reaching your benefit limits or changes in your policy that you didn’t request. If you’re a victim, report the fraud to your insurance provider and to the police if the theft is extensive.

Synthetic identity theft

Synthetic identity theft is more sophisticated and difficult to detect since it involves creating a brand new identity using both real and fake information.

For example, a thief could steal a SSN from someone who doesn’t frequently use credit, such as a young adult, and combine it with a fake name, address, and birth date. When they first try to obtain credit, the application is likely to be denied since there’s no credit history. But this attempt starts a credit file, and the thief slowly builds a good credit rating by making small purchases and paying them off promptly. Once they have a good credit score, the criminal maximizes the credit limits, maxes them out, and disappears, leaving large debts that go unpaid. 

Criminal identity theft

In criminal identity theft, an individual poses as someone else by using their name and SSN or driver’s license to commit crimes or avoid getting caught.

For instance, if a thief gets caught for a crime and uses your information instead of theirs, you could end up with a criminal record. This could also lead to court orders or arrest warrants issued in your name without you even knowing.

Alternatively, if someone gives your details during a traffic stop and then doesn’t show up in court or pay fines, you might be held accountable for these issues, which could bring unexpected legal problems like losing your driving rights.

Child identity theft

Child identity theft happens when someone illegally uses a minor’s personal information to commit financial fraud or other crimes. Thieves might get a child’s SSN from stolen documents, leaked digital records, or by exploiting family or friends.

Besides the emotional toll identity theft can take on a young adult starting their independent life, they may also face a severely damaged credit history, making it difficult to obtain student loans, housing, or employment. Parents should periodically check with major credit bureaus whether a credit report exists for their child.

Digital identity theft

Digital identity theft involves stealing someone’s personal information online(new window) to impersonate them, usually to steal money or access private services. This can be done through methods like phishing attacks, data breaches(new window), malware and spyware, WiFi eavesdropping, and SIM swapping.

For example, in a phishing attack(new window), the thief sends you a fake email or message that appears to be from a legitimate bank or government agency. You are asked to click on a link that leads to a fake website where you provide personal information like passwords(new window), SSNs, or credit card numbers. In a SIM swap scam, a thief tricks your mobile provider into switching your phone number to a SIM card they own, so they can use it to bypass two-factor authentication (2FA)(new window) and access your online accounts.

Sometimes, digital identity theft leads to account takeover. In this case, a thief accesses your online account and changes settings like your email address, password, and security questions(new window) to lock you out permanently. Once in control, they can exploit your account in various ways: reset passwords for other accounts linked to your email, steal personal information, transfer money, or send phishing links to your contacts to access their confidential data too.

How to prevent identity theft

There are several steps you can take toward identity theft protection and mitigation. 

The most important is to simply stay on guard against phishing attacks and always communicate securely with others. You should also make sure to use online services that protect your sensitive information with end-to-end encryption(new window). For example, if you keep financial documents, copies of identity documents, or tax returns in Google(new window) or iCloud(new window), those files are not end-to-end encrypted. This means those companies and their employees can see them, and they could be leaked in the event of a data breach.

Proton offers multiple layers of protection to help you easily reduce your chances of leaking your data. Here are just a few: 

If your data does leak on the web, you should have a way to know about it so you can lock down your accounts and report potential identity theft to credit agencies. Proton Pass Monitor(new window) is a powerful tool we developed that tracks breaches and alerts you if your email is leaked to dark web marketplaces where criminals trade stolen data.

By preventing and mitigating identity theft, you can significantly reduce your chance of financial losses.

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.