Avast Academy Privacy Identity Protection The Ultimate Guide to Identity Theft

The Ultimate Guide to Identity Theft

Identity theft is a serious crime that affects millions of people every year — often more than once. Our ultimate guide will help you define identity theft, teach you everything you need to know to avoid it, and show you how a strong privacy and security tool like Avast One can protect you against data theft right now.

Editors' choice
Top Rated
Written by Ivan Belcic
Published on November 25, 2020

What is identity theft?

Identity theft is a crime in which someone steals your personal information, usually with the intent to commit fraud. The definition of identity theft includes many types of personal information and resulting fraud, ranging from financial theft to the use of a victim’s data to receive medical treatment or apply for credit.

Hamburguer menu icon

This Article Contains :

    Stealing an identity can be as simple as hacking into someone’s social media account, or as complex as filing tax returns in someone else’s name. Since many people freely share information about themselves online, identity theft has become more prevalent than ever.

    Often, identity theft becomes identity fraud — where the thief impersonates the victim or acts in their name. Many victims of identity theft and fraud spend years trying to untangle the crimes, with no guarantee of fully recovering their losses.

    Types of identity theft

    Identity theft covers a diverse array of crimes, depending on the type of personal data stolen and how the thief uses it. In most data breaches, the information stolen includes full names, social security numbers (or other government-issued IDs), and banking details. As for what constitutes identity theft, most instances of these crimes fall into one of several broad categories.

    Financial identity theft

    Financial identity theft is the most common and straightforward type of identity theft, because it happens anytime someone uses a victim’s information to fraudulently obtain money. It’s also one of the most damaging types of identity theft, as it represents a direct loss to the victim.

    The following examples are just a few ways that financial identity theft can happen. Depending on the information they steal and what they want to do with it, a financial identity thief could:

    • Log into your bank account and transfer money elsewhere.

    • Add their name to your bank account in an “account takeover.”

    • File fraudulent tax paperwork and receive your tax return.

    • Obtain loans or other credit in your name.

    • Make purchases with your credit card or other financial information.

    Criminal identity theft

    All identity theft is criminal, but criminal identity theft refers to a situation in which someone assumes your identity to avoid legal consequences. Usually, this happens when somebody gives false information to the police when they’re arrested.

    Criminal identity thieves may have official government documents fraudulently obtained with their victim’s data, or they may simply have a fake ID. If someone’s out there committing crimes in your name, it can be difficult to convince the police that you’re innocent (and clear your name) — especially if they can’t find the real criminal.

    The effects of criminal identity theft can linger for years, since many victims find out about it only by chance, such as when an employer conducts a background check.

    Medical identity theft

    Medical identity theft happens when someone receives medical treatment in your name. The risks of medical identity theft are especially high in countries with for-profit healthcare systems, like the US — healthcare costs can skyrocket quickly, so the incentives for someone to commit medical identity theft are strong. But even in other countries, medical identity theft is used to help thieves receive treatment or get pharmaceutical drugs they don’t necessarily need.

    Then, when the victim goes for medical care themselves, they may find themselves denied treatment, since the thief has already gotten it insead. Victims may also have the thief’s medical history added to their own medical record.

    Child identity theft

    Child identity theft, perhaps the most insidious type of identity theft, occurs when someone steals and uses a child’s identity to achieve any of the above goals and more. They might use a child’s social security number or other identification to apply for credit, buy property, or obtain official government documents.

    Because children typically don’t have any debt or credit, their identities are valuable for anyone looking for a clean source of credit. Sadly, many cases of child identity theft happen within foster care systems, because many different people have access to the children’s information.

    Is identity theft a crime?

    Absolutely! Like most types of theft, identity theft is an illegal, criminal act. And since identity theft often happens over the internet, it’s a type of cybercrime as well — meaning that these days, identity thieves are cybercriminals.

    Identity thieves want your sensitive information so that they can use it to hijack your accounts, buy goods or services, apply for loans and other credit, obtain legal documents in your name, get out of jail, and all sorts of other misdeeds.

    How identity theft happens

    The internet makes it incredibly easy for identity thieves to get the job done. Whether it’s on social media or on an ecommerce website, we eagerly pump out information about ourselves all the time — our hometowns, jobs, relationships, birthdays, and more are all sitting exposed in the public sphere, waiting to be used against us.

    Data breaches

    Data breaches, or data leaks, happen when hackers steal sensitive data from a company’s servers or databases. If the hackers can crack the company’s security and access user or customer data — which, depending on the company they target, can include social security numbers, other ID numbers, passwords, addresses, passport numbers, credit card info, and so on — they can sell this data to identity thieves. Data brokers, companies who collect and sell people’s personal information, are frequent targets for data breaches.

    Avast Hack Check is a free tool you can use to see if any of your passwords have been exposed in a breach. Try it out!

    Avast Hack Check is a free tool to check and see if your personal data has been exposed.

    While big data breaches, such as the 2017 Equifax leak that exposed the data of over 150 million people, sometimes make news headlines, smaller breaches happen every day. Once a hacker exploits a data breach, they’ll usually upload and sell this information on the dark web — and that’s where our identity thieves can get their hands on it.

    The dark web

    After a data heist, the thieves need to turn that stolen data into profits — this is where the dark web comes in. The dark web is a part of the internet that you won’t find in your everyday Google searches, because you need special software, such as the Tor Browser, to access it. And you need to know where you’re going, because search engines don’t index the dark web.

    But if you’re in the know, as many identity thieves are, you can find reams of stolen data for sale. And this is where Avast BreachGuard comes in — we scan the dark web 24/7 for any traces of your data, and if we find any, we’ll alert you ASAP. That way, you can take action to protect yourself before identity thieves have a chance to buy your data and use it against you.

    Social media

    You know how many websites ask you to set security questions that you can answer when you forget your password? Conveniently for hackers, lots of these answers line up easily with our social media content. Which elementary school did you go to? If a would-be identity thief knows where you grew up, this answer is a piece of cake — if they can get your questions right, then they can walk straight into your account.

    Check your privacy settings on Facebook, Instagram, and any other social media platforms you use, and consider making your accounts more private.

    Phishing and pharming attacks

    Identity thieves can also use phishing and pharming attacks to fool you into handing over sensitive personal information. Phishing attacks involve luring a victim with bait, like a sneaky email that appears to come from a trusted contact, or with messages from a spoofed social media account. If you reply, you risk disclosing the info that the attacker needs to steal your identity.

    Pharming is similar to phishing but on a much wider scale. Instead of using phishing bait, pharming attacks stealthily redirect victims to fake websites designed to look like legitimate sites you trust. Once there, if you attempt to log in or conduct other business, you risk giving your personal data to the attacker.

    Since both phishing and pharming attacks rely on deception and social engineering tricks, always practice smart email and website safety habits.


    Malware, or malicious software, is a favored tool for many cybercriminals, identity and data thieves included. Certain types of malware are particularly well-suited for the job — like spyware, which can secretly record your online behavior and collect your data. With spyware, you won’t even know that a hacker has infected your computer or phone to stealthily vacuum up all your sensitive personal data.

    Avast One protects you with 24/7 malware detection, blocking, and removal. Any malware already on your computer will be immediately removed, and you’ll be safe against future attacks. And should you come across any phishing emails, the built-in Email Shield and Web Shield will detect and block the malicious attachments and links they use to try to fool you.

    Avast One is also packed with an assortment of privacy tools to make sure your personal data remains private.

    Email hacking

    If an identity thief obtains your email password, they can comb through your emails to collect all sorts of information. They can even pose as you and email other people to collect even more information about you and your contacts.

    Identity thieves usually buy passwords on the dark web from those who’ve already stolen them. Then, acting as email hackers, they can use malware, phishing, and even various password cracking tools to gain access to your account.

    Protect your email account with a strong and unique password that uses a mix of letters, numbers, and symbols (or generate a random password), and update it frequently to keep hackers guessing. Always log out after checking your email on any computer you don’t own. And use a strong password manager to keep track of all your passwords. 

    Wi-Fi hacking

    We talk a lot about being careful on unsecured public Wi-Fi, and here’s why: Anyone with a little hacking know-how and access to the right tools can park their computer on a public Wi-Fi network and spy on everyone else. For a data thief, public Wi-Fi is an all-you-can-eat buffet, and they’re back for their fifth plate.

    If your home Wi-Fi router isn’t properly protected with a strong password, hackers can easily gain access to your router. With the ability to control your router, a hacker can redirect your traffic to pharming websites or install malware, like sniffers that collect your data.

    Protect yourself on unsecured Wi-Fi with a VPN, which encrypts all your internet traffic, even on unsafe networks. Using a reliable VPN — like Avast SecureLine VPN — is a must any time you’re using public Wi-Fi.

    Unsecured browsing

    Even if your router is sealed tight with the world’s most uncrackable password, your browser might be giving your data away. So before entering personal information into any website, always look for a little padlock icon in your browser’s address bar. The padlock means that the website you’re using is protecting you with HTTPS encryption, which secures your data as it travels to and from that website.

    See if a website is safe by checking for HTTPS encryption.The website on the left has HTTPS encryption and is secure; the site on the right does not.

    Websites without HTTPS can leave you exposed to anyone peeking in on your traffic. This includes the Wi-Fi hackers described above, as well as your internet service provider (ISP), or even your government.

    HTTPS also lets you know that you’re (likely) connected to a legitimate website. Many pharming websites will use plain old HTTP instead. The next time you log into your online banking account, check for HTTPS — if you don't see it, that’s a big red flag that something is wrong.

    Our free Avast Secure Browser forces websites to use HTTPS encryption when you connect. Even if you’re going to an unsecured website, your traffic will be safe from prying eyes. This automatic HTTPS encryption is just one of the many built-in security-enhancing features included with Avast Secure Browser.

    How common is identity theft?

    Sadly, identity theft happens far too often. The Federal Trade Commission (FTC) in the US received 444,602 identity theft reports in 2018 alone. This represents a 41% increase in annual identity theft reports since 2008. Over 35% of reports received were instances of credit card fraud, which is when an identity thief opens a new credit card in someone else’s name. 

    Meanwhile, the Center for Victim Research reports that 21% of victims in the US suffer multiple instances of identity theft per year. The actual number of victims in the US is closer to 7 to 10% of the total population, because many victims are successfully targeted more than once.

    How do I know if I'm at risk?

    No one is immune from identity theft, but some people are at higher risk than others. Identity thieves prey on people less likely or less able to regularly monitor their financial accounts. They’ll also look for people without good internet security habits, like anyone who uses the same password for multiple accounts.

    People in the following groups may be at an elevated risk of identity theft.

    • College students and recent graduates: Young adults taking their first steps into financial independence may not have the experience needed to avoid scams and phishing attacks. They’re also prone to oversharing on social media, which can expose valuable information.

    • Children: Identity thieves are drawn to clean credit histories, which makes children ideal targets. Children may also be less savvy when it comes to detecting online threats.

    • Seniors: Seniors are frequently targeted for all types of scams, including identity theft. Like children, they’re also prone to being exploited by their caregivers.

    • High-income people and business owners: Every thief loves a big score. Identity thieves target people with advanced degrees and higher income or net worth because the payoff may be larger — and they may also hold keys to valuable corporate data.

    • Deployed service members: Anyone unable to regularly check their finances, like active service members, is at a higher risk of identity theft, since they may not notice suspicious activity until it’s too late. Deployed service members are even targeted by friends and family who know they won’t be coming home for a while.

    • Incarcerated people: Like active service members, people in prison may also have a hard time performing regular checks on their finances and credit — and they’re vulnerable to exploitation by friends and family for identity theft.

    • The deceased: The spectre of death itself is no deterrent to an enterprising identity thief. Stealing the identity of a deceased person is known as “ghosting,” and if no one’s paying attention, the thief can successfully pose as their target for years.

    How do I know if my identity has been stolen?

    The more vigilant you are, the earlier you’ll detect the warning signs of identity theft. If you’re closely monitoring your financial statements and credit card reports, you’ll be in a much better position to notice anything strange as soon as it starts happening.

    Look out for the following warning signs of identity theft:

    • Suspicious activity on your financial records. Any purchases or transactions you didn’t make yourself can indicate identity theft. The same goes for unfamiliar loan applications on your credit report. Always contact your financial providers ASAP if you notice anything that doesn’t belong on your statements.

    • Unexplained credit score changes. Your credit score may climb when an identity thief is approved for a loan, and it may decline if someone’s racking up bills in your name. 

    • You’re denied a loan or credit. While this doesn’t always indicate identity theft, if you’re qualified for the loan, a denial may indicate that an identity thief has been abusing your credit.

    • You’re denied a tax refund. If an identity thief has fraudulently claimed your tax returns, your government will tell you that your tax paperwork has already been filed.

    • Your private info is being used against you. Identity thieves may acquire your personal information and threaten to publish it or otherwise blackmail you in an insidious practice known as doxxing.

    • Debt collectors are harassing you. As identity thieves spend more and more money under your name, you may begin to hear about it from collection agencies.

    • Unrecognized login alerts. Lots of websites send alerts when you log into your account with a new device. But if you haven’t done so, it can mean that someone else has gotten their hands on your credentials.

    • Unfamiliar medical records. Medical identity theft can result in the thief’s medical history being added to yours. Be on the lookout for mysterious healthcare procedures or health conditions, and also watch out for insurance statements listing medical treatments you haven’t received.>

    What to do if you're a victim of identity theft

    Have you noticed a few of the above warning signs? Don’t panic — if you think you may be a victim of identity theft, you can take action now. And remember that you’re not alone. Identity theft and fraud affect tons of people every year, all around the world. The sooner you report identity theft, the greater your chances are of recovering completely.

    Your first step is to immediately report any warning signs to the relevant organizations. For example, if your credit card statement is showing unfamiliar charges, contact your credit card provider and tell them what you’re seeing. They’ll know what to do.

    Next, freeze all your other accounts and freeze your credit as well, if you can. This will prevent an identity thief from causing any additional damage. Always report cybercrimes to the proper governing body or agency in your country. It’s important to remember that identity theft and fraud are cybercrimes.

    After submitting all your reports, it’s time to prevent future instances of identity theft. To that end, update all your passwords, making sure to use unique and hard-to-crack passwords on all your accounts. You may also need to replace legal documents or update personal records, such as your criminal or medical history, that were affected by the identity theft.

    How to protect yourself against identity theft

    Identity thieves will always go after the most vulnerable targets they can find. That's why it’s so important to make yourself as tough a nut to crack as possible and prevent identity theft with a few easy changes to your digital lifestyle.

    • Create unique passwords. We’ve mentioned this tip a lot in this article because of how crucial it is. If a thief obtains one of your passwords, their access will be limited only to that one account.

    • Monitor your records. This is the best way to catch an identity thief. Always scrutinize your bank statements, credit card statements, medical insurance records, and so on.

    • Use two-factor authentication. Activate two-factor authentication (2FA) anytime you can. It’s not bulletproof, but it makes cracking your account a lot harder.

    • Lock your phone. If you lose your phone, a password, PIN, or fingerprint lock will keep thieves out. But think twice before activating facial recognition, because that makes it easy for someone to unlock your phone simply by pointing it at you.

    • Minimize social sharing. Limiting the information you share online means that identity thieves won’t know so much about you.

    • Keep your credit frozen until you need it. Unfreeze your credit when you need a loan, and freeze it as soon as you’re done.

    • Use a VPN. Encrypt your internet traffic with a VPN to prevent eager hackers from siphoning your data as your surf. This is doubly important when using public Wi-Fi.

    • Learn to recognize phishing and pharming attacks. Always check emails and websites before engaging with them, entering personal info, downloading anything, or clicking any links.>

    • Use antivirus software. The best antivirus software not only protects against malware. It shields you against phishing attacks and malicious websites as well.

    Keep close tabs on your personal data with Avast

    While it’s never too late to fight identity theft, prevention is always the best cure. Avast One features a built-in identity theft monitoring tool that scans data breaches for any traces of your personal info. If your details are ever found to be compromised, Avast One will help you lock down your accounts before your credentials are used to steal your identity.

    And, in the unfortunate event that your data is exposed, Avast will help you with the fallout and help you protect your passwords. There’s only one person who needs access to your financial accounts, and that’s you. Keep everyone else out with Avast One.

    Get comprehensive security and privacy for your phone with Avast One

    Free install

    Get comprehensive security and privacy for your iPhone with Avast One

    Free install
    Identity Protection
    Ivan Belcic