Identity Fraud and Scams Cost Americans $47 Billion in 2024

Victims are losing more money to these crimes, a new AARP-backed report finds

Christina Ianzito,

AARP

Comments

En español

Published March 25, 2025

Getty Images

American adults lost $47 billion to identity fraud and scams in 2024, an increase of $4 billion over 2023, according to a new report produced by Javelin Strategy & Research and cosponsored by AARP.

Based on a survey of 5,023 U.S. adults, that total includes $27 billion lost to traditional identity fraud, which affected more people — 18 million — than in 2023 (when the number was 15 million and $23 billion was lost). Traditional identity fraud occurs when a criminal deceives an organization by obtaining and using someone else’s personal information, such as a Social Security number, home address, date of birth or bank account data, and uses it fraudulently.

It also encompasses $20 billion stolen through scams, in which perpetrators deceive consumers through social engineering (psychological manipulation) to steal money or sensitive personal information. Scams can lead to identity fraud. Many scams — those focused on health, finances, family, or investments, for instance — are deliberately crafted to exploit older adults, says Jennifer Pitt, Javelin’s senior fraud analyst and the report’s author. She notes that this is because criminals might perceive this group “as having significant savings, being overly trusting, and less comfortable with technology.”

The report surmises that overall identity fraud losses are growing partly because “technological innovation has outpaced security,” which gives criminals “exploitable gaps.” It also points to the growing number of data breaches and “lackluster U.S. privacy laws” where “organizations often share or sell data without even consulting consumers.”

Pitt says, “Information is more of a hot commodity than just money because information can be used. You can sell information to get money or use it to open new fraudulent accounts or take over existing accounts.”

Seventy-one percent of survey respondents who reported having lost money to scams also shared personal information with the criminals.

Bank account fraud

Javelin reports that the problems of account takeovers and new-account fraud, where criminals use a victim’s personal information to open fraudulent new accounts, are growing. Account takeover fraud resulted in $15.6 billion in losses in 2024 (up from $12.7 billion in 2023), and new-account fraud reached $6.2 billion (compared with $5.3 billion in 2023).

More on how identity fraud occurs

There are different ways that criminals can access your personal information. They include identity fraud scams, where criminals influence consumers to expose sensitive data, often by misrepresenting themselves. They may do so through phishing attempts, where scammers send emails “fishing” (phishing) for personally identifying information and/or including links containing malware that can infect your device and steal data. These commonly are in the form of impersonation scams, where you’ll receive calls, emails or texts spoofing, among others, a government agency, law enforcement, a delivery service, your bank, or a toll road service. The impostor will attempt to elicit your Social Security number, account number or other sensitive information.

The report warns that texts are increasingly fraud criminals’ favorite way to reach potential victims: 54 percent of survey respondents who experienced identity fraud in 2024 were first contacted by text, up from 49 percent in 2023.

And older people lose more money to these crimes than their younger counterparts, in part because they tend to have more to lose: The Federal Trade Commission found that last year, among the victims who included their ages in their complaints, adults in their 70s reported a median of $1,000 stolen through fraud, compared with a median of about $417 reported by those in their 20s.

There’s also more straightforward identity theft — unauthorized access to personal information — which can occur without a scam or identity fraud. It’s commonly carried out through large-scale data breaches of online platforms, where cybercriminals hack into a company’s systems and steal sensitive consumer data. Sometimes they encrypt the captured data and request a ransom for its unencryption and release.

There were 3,158 data breaches last year — about the same as in 2023 (3,205) but far higher than the 1,801 breaches in 2022, according to the Identity Theft Resource Center. In the past few months, they’ve included, among many others, the leaking of personal information of more than 3 million people who’ve applied to New York University over the years and the theft of more than one million records from Community Health Center, a Connecticut-based health care provider.

How to protect yourself from identity fraud

Key steps:

Be more aware of what information you’re sharing and where you’re sharing it. Before offering personal information requested by a business (or anyone), ask: How do you protect my personal information? Why do you need this information? As Pitt puts it, “Think about verifying instead of trusting. This applies no matter what they say or who it appears to come from.” She adds, “If I get emails or text messages from my mother that have a link or something odd that I have to click on, I always call and ask her first, ‘Did this come from you?’”

Freeze your credit. This restricts access to your credit and prevents identity thieves from opening new accounts in your name. (This story explains when and how to freeze your credit.)

Use different passwords for every account. And make them as complex as possible (using something like password123 is almost like having no password at all). A password manager can help you keep track of them all.

Use multifactor identification. You should not rely solely on passwords. Many financial institutions will give you the option to add another layer of security to your account with multifactor identification (sometimes called two-factor identification). The bank will send you a one-time passcode by text, email or phone — or by way of an app that generates the code for you — every time you (or anyone) attempt to log in to your account.

Avoid using public Wi-Fi networks without protection. Most are poorly secured, and hackers can exploit them to intercept sensitive data. If you want to use public Wi-Fi, first install a Virtual Private Network (VPN) that protects your data.

Use a PIN or another type of passcode to unlock laptops, tablets, and smartphones. If a device is lost or stolen, a code will make it harder for thieves to get at what’s on it.

Resources

Report fraud to local law enforcement and the FBI’s Internet Crime Complaint Center, IC3.gov.
The AARP Fraud Watch Network has a toll-free helpline (877-908-3360), where trained volunteers provide victims and family members with support and guidance on next steps.

%{postComment}%

Christina Ianzito covers scams and fraud, and is the books editor for aarp.org and AARP The Magazine. Also a longtime travel writer and editor, she received a 2020 Lowell Thomas Award for travel writing from the Society of American Travel Writers Foundation.