Eva Velasquez is president and CEO of the Identity Theft Resource Center (ITRC), a nonprofit that supports victims of identity theft. Here, she talks to Kiplinger about key identity theft problems to know about in 2025.
What are the most common identity theft schemes?
Our most recent contact center data shows that 51% of personally identifiable information (PII) compromises — which take place when someone is trying to access your personal information — come from scams, with the most common types of scams being impersonation and employment scams.
Impersonation scams occur when whoever is on the other end of the interaction is not who they say they are. They may say they’re from Amazon and your delivery is delayed, or they may pose as a credit card representative, asking whether you authorized a purchase.
With job and employment scams, we’re seeing fraudulent postings on legitimate sites such as Indeed and LinkedIn, as well as unsolicited text messages and emails from phony recruiters.
What trends in ID theft do you expect to see in 2025?
It’s hard to predict the next global event, such as a pandemic or natural disaster, but that’s what the scammers love to leverage. During those events, consumers know something is going on but don’t have a lot of information, and then they get a bunch of requests for money or information from scammers.
Business impersonation, which occurs when someone claims to be from a company, such as Amazon or your bank, is going to continue to grow in 2025 because bad actors can easily purchase stolen personal information on the dark web and use it to seem credible when they contact victims.
There are also a lot of social media account takeovers, in which bad actors hack into someone’s account and then reach out to their connections and friends to ask for donations and information. Social media companies aren’t responding quickly enough to these takeovers, so people end up walking away from hacked accounts. We have a proliferation of accounts that are no longer in the original owner’s control.
What can people do to protect themselves from scams?
Approach all digital communication with skepticism. If you didn’t initiate the contact with an entity that is requesting information or money from you, go to the source and verify that it reached out to you. That may mean calling the phone number on your credit card if someone purports to be from your card company, responding to a voice message from someone who says they’re from your utility company by finding the company’s number online, or checking the message center in your Amazon account if you receive an email or text message from someone who says they work for Amazon.
Our recent data also shows that 16% of PII compromises were the result of lost or stolen items, so remember that your smartphone and other devices are just as important as your wallet, and you need to treat them as such. Make sure that a lock screen is enabled on all your devices, and use biometric authentication of your face or fingerprint. Enable location detection for your device and the ability to remotely delete information from it if it is stolen. Finally, freezing your credit is one of the most robust measures you can take to prevent fraud.
What should you do if your personal information is involved in a data breach?
You have limited options once your information has been exposed, but you can react quickly to news of a breach. The most important first step is to understand what specific data of yours was compromised. If your username and password were stolen, you should immediately change your password on any account where you’ve used the compromised password.
We have a free tool on the ITRC website where you can see whether a company has had a breach before you do business with it. You can also sign up to get an alert if a company you do business with experiences a breach in the future.
Note: This item first appeared in Kiplinger Personal Finance Magazine, a monthly, trustworthy source of advice and guidance. Subscribe to help you make more money and keep more of the money you make here.
