Identity Theft and Fraud Can Be Devastating. Here’s How to Avoid It

Artificial Intelligence is making it harder to detect these frauds. Common warning signs of a scam, for example, are texts or emails requesting personal information that include misspellings and grammatical errors, suspicious URLs, or missing or not-right logos. Scammers know this — and they’ve adapted.

“Criminals can use generative AI to create something that looks incredibly realistic and nearly impossible to distinguish from a legitimate bank communication,” says Suzanne Sando, Javelin’s senior analyst in fraud and security and author of the AARP-sponsored report. “We know that criminals are constantly switching their tactics. They’re doing whatever they can to circumvent whatever technology is out there to detect them or anything that consumers have been taught to look for.”

 And AI is becoming increasingly sophisticated. “Not only can someone create a fake ID, they can create a fake voice,” says Adam Singer, principal of Credit Report Law Group in New York. ​ ​

Synthetic identity theft

AI is also fueling a type of fraud known as synthetic identity theft. With this fraud, criminals create fake identities using both real and phony information. Rather than posing as you, criminals use a mishmash of info to create a new identity. “These random and disconnected pieces of information come alive to create a whole new non-existent person, one that credit reporting agencies and lenders have never heard of,” the Identity Theft Resource Center (ITRC) states. For example, a criminal might start with your Social Security number and combine it with a fake birthday and address.

AI is not necessary for synthetic identity theft, but it has simplified the process for criminals.​ ​

When identity theft leads to identity fraud

Once scammers have stolen your private information, they have many options for cashing in. Criminals can “open a credit card or utility account in your name, or use your information to get a loan, a job, or medical care,” the FTC warns. “They might even file taxes in your name to get your refund.” They can also give your name to police if they’re arrested, the FTC adds.

The tactics are becoming more sophisticated, but you can still take steps to fight back.​ ​

Warning signs

Consider it a red alert for identity theft if you:

• Receive invoices or bank and credit card statements with withdrawals or purchases you don’t recognize (the same is true for medical bills with equipment or services you didn't receive).​
• Stop receiving a bill. This could mean that someone changed your billing address.​
• Find unfamiliar accounts or liabilities on your credit report.​· Hear from debt collectors about debts you don’t owe.​
• Encounter difficulties filing your taxes because the Internal Revenue Service (IRS) says it has already received your return.​
• Obtain information from the IRS stating that you earned income from an unknown employer.​
• Learn that your bank or a company you work with has suffered a data breach. ​
• Are rejected for a medical claim because your health plan shows you’ve reached the benefits limit, but you know that's not possible (or you don’t receive coverage because your medical records show a condition that you don’t have).​ ​

How to protect yourself

​ ​Reduce your paper trail

• ​Set up online access to your bank and credit card accounts. Check them regularly and immediately contact your bank or card provider if you spot suspicious activity.​
• Sign up for paperless billing and financial statements so sensitive information doesn’t arrive in the mail.​
• Shred, rather than toss, sensitive documents. Shred bank statements, tax forms, medical bills and other documents containing personal or financial data before you throw them out. ​
• Leave your Social Security card at home in a secure place. Carry documents listing your Social Security number only when necessary.​
• Don’t leave personal information in your car , even if it’s locked.​ 

​Strengthen security ​

• Use different passwords for different accounts. Sixty-five percent of Americans don’t do that, according to a 2024 report from AARP. That means that when one account is compromised, others are also at risk.​
• Enable multifactor authentication. “It’s more than just having one-time passcodes,” Sando says. “Those are becoming easy for criminals to intercept.” Ask your bank or credit union if they offer third-party authenticators, such as Google Authenticator.
• Use security software on your devices. Update it regularly.​
• Put a fraud alert or freeze on your credit report. A freeze prevents anyone from opening a credit account in your name; an alert requires prospective lenders or creditors to verify your identity. (It’s easy to briefly unfreeze it when necessary — if you are purchasing a new home, for example.)​
• Avoid using public Wi-Fi networks. Many are poorly secured; hackers can exploit them to intercept sensitive data.​
• Use a PIN or another type of passcode for unlocking laptops, tablets and smartphones. If a device is lost or stolen, a code will make it harder for thieves to get at what’s on it.​
• File your tax return as early as possible. Tax ID thieves who’ve obtained your personal information will try to beat you to it.​ ​

Activate alerts ​

• Turn on alerts from your bank. Not just fraud alerts but notifications for actions such as a change of address or phone number, a password change, and adding an authorized user. “If you didn’t make those changes, then something is going on,” says Sando.
• Enable push notifications for your bank app. That way, when you receive an alert, you know the source. “If someone isn’t comfortable with push notifications, go directly to your bank. If you get a fraud alert, confirm that they sent it,” Sando says.​
• Never click on links from unsolicited texts or emails. And never answer calls from numbers you don’t recognize.​ ​

Protect your privacy ​

• Don’t overshare on social media. This includes information such as your birthday, hometown, family members, and education history. “There’s so much information that people just willingly put out there,” Sando says. “People can easily trace that back to finding out your home address or where you work.”​
• Don’t put personal info in AI programs such as ChatGPT. “It’s not kept confidential — on the contrary, it’s almost like a public database,” says Singer.​ ​

Monitor your data ​

• Check your credit reports monthly. Experian, Equifax and TransUnion are the nation’s three main credit reporting companies, but you can access all of your credit reports through the free site AnnualCreditReport.com . “If you see an account that doesn’t belong to you, or you see other personal identifying information that doesn’t belong to you, like addresses or telephone numbers, dispute that information directly with the credit bureaus,” says Singer.​ ​

Report the crime ​

• Contact the FTC at IdentityTheft.gov IdentityTheft.gov  or by calling 877-438-4338. Online identity theft can also be reported to the FBI’s Internet Crime Complaint Center, IC3.gov.​
• The AARP Fraud Watch Network has a toll-free helpline (877-908-3360), where trained volunteers provide victims and family members with support and guidance on next steps.​
• The ITRC offers information on ways to prevent ID theft and how victims can recover their identities.​​