Impersonation scams surge as AI fuels identity theft

Impersonation scams and AI-driven fraud are redefining the threat landscape of identity theft in the United States, according to the Identity Theft Resource Center’s 2025 Trends in Identity Report, which covers crimes reported from April 1, 2024, through March 31, 2025.

The report paints a troubling portrait of how identity-related crimes are shifting away from traditional financial fraud and expanding into housing, education, and digital services, driven by more sophisticated tactics and a growing reliance on AI, which has fundamentally altered the dynamics of identity crime.

Fraudsters are using AI to mass-produce convincing scam content, simulate voices and faces, and create fake websites and emails that are nearly indistinguishable from legitimate ones, allowing criminals to scale their operations and personalize their attacks, making them more effective and harder to trace.  AI has proven to be a force multiplier within this underground ecosystem. It is a technological advantage that is allowing bad actors to operate with greater efficiency and scale, complicating efforts to stop them.

High-profile cases illustrate the scope and impact of identity crimes. Former U.S. Rep. George Santos was sentenced to over seven years in prison for wire fraud and aggravated identity theft. He had used donors’ credit card information without authorization, engaged in financial misrepresentation, and impersonated various individuals for political and personal gain.

Minnesota Vikings rookie Dallas Turner lost $240,000 after scammers, posing as bank employees, convinced him to transfer funds. The fraudsters used spoofed caller IDs and AI-powered voice cloning, illustrating how difficult it has become even for tech-savvy individuals to spot fraud.

Even top government officials aren’t immune. The purse of U.S. Homeland Security Secretary Kristi Noem was stolen and her personal information was used in multiple credit fraud incidents. The case led to charges of aggravated identity theft.

The expansion of identity crimes into sectors like real estate and higher education underscores the adaptive nature of these criminals. As banks and consumers improve their defenses against classic forms of identity fraud like unauthorized credit card charges and bank account breaches, cybercriminals are targeting weaker areas with less oversight.

ITRC noted that fraudulent property leases and rentals rose by 102 percentage points, while fraudulent federal student loans increased 111 percentage points during the reporting period.

At the same time, digital services are emerging as a new frontier for exploitation. Criminals now use synthetic identities or stolen credentials to gain access to streaming platforms, app subscriptions, and AI-assisted software, often taking advantage of systems with weak identity verification. This evolution indicates that identity theft is no longer solely about direct financial theft but about securing access and benefits across sectors.

These crimes are increasingly being perpetrated by organized groups operating within broader online criminal marketplaces. These platforms, often hosted on the dark web, enable the buying and selling of stolen identity data, forged documents, malware, and AI-enhanced tools.

According to Global Initiative, as of 2025 there are approximately 30,000 active websites on the Dark Web, with 56 percent to 60 percent involved in criminal activity. Other cybersecurity studies support similar figures. Market.us reported that in 2022 there were about 30,000 dark web sites, with over 65 percent being used for illicit activities. Many of these sites offer complete identity profiles, including names, Social Security numbers, and account credentials.

And these operations are not limited to small-time actors, either. They often involve international networks of financially motivated criminals and state-sponsored entities. The sophistication of these bad actors requires a response that goes well beyond personal vigilance. According to ITRC, what is needed now more than ever is global coordination, real-time intelligence sharing, and systemic resilience.

The ITRC report highlights that while total reports of identity crime have decreased by 31 percentage points compared to the previous reporting period, the severity and complexity of incidents have grown. Along with the Federal Trade Commission and the Federal Bureau of Investigation’s Internet Crime Complaint Center, ITRC believes this decline is due more to underreporting than an actual drop in crimes.

Compounding this concern, the number of individuals reporting multiple forms of identity misuse has increased from 15 to 24 percent. And nearly one in four victims faced more than one incident, such as an account takeover followed by fraudulent new account creation or tax-related identity abuse.

Among those contacting ITRC, 52 percent said their personal data had been misused while 35 percent reported data compromise. Account takeovers made up most misuse cases (53 percent), followed by new account creation (36 percent). Financial services remained the most frequent target, with 69 percent of victims reporting that criminals attempted to open new accounts using their data. Existing accounts were targeted in 31 percent of cases.

Credit card accounts were the most frequent targets (56 percent), followed by checking accounts (14 percent). Technology-related account takeovers surged, rising by a staggering 754 percent. Person-to-person payment apps like Venmo and Zelle saw a 47 percent increase in account takeovers, reflecting the growing appeal of these platforms to fraudsters.

Scammers have also intensified efforts to exploit weaker identity defenses in emerging sectors. While voluntary sharing of personally identifiable information (PII) in scams dropped by 41 percentage points, other methods of compromise increased. Reports of stolen physical documents jumped 71 percent, with driver’s licenses, Social Security cards, payment cards, and birth certificates among the most stolen items. Reports of stolen birth certificates surged by 612 percent, pointing to a troubling trend of criminals targeting foundational documents for broad-spectrum fraud.

Scams overall remained central to ITRC’s findings. Impersonation scams led all reported scam types, increasing by 148 percent and making up 34 percent of scam-related reports. Fraudsters most often impersonated general businesses (51 percent) or financial institutions (21 percent). The impersonation of federal and state agencies dropped by 32 percent. Other scams included job fraud (10 percent), Google Voice scams (9 percent), and, for the first time, toll road scams (3 percent).

Bad actors target specific PII to carry out their scams. In ITRC’s dataset, Social Security numbers were stolen in 9 percent of cases, driver’s license numbers in 7 percent, and payment and account numbers in 4 percent each. A mix of digital manipulation and physical theft is often used to acquire this information. AI-powered phishing emails, spoofed websites, and fake online ads play a key role, while texts and emails purporting to be from legitimate companies or agencies lure victims into revealing sensitive credentials.

The report also examined demographic patterns to understand who is most affected. Older adults, particularly those over 50, were more likely to report identity concerns. Children, disturbingly, were primarily victimized through fraudulent employment schemes.

Among those who disclosed their income, 41 percent made less than $20,000 a year. Victims in this income range experienced more frequent incidents of document theft, mobile access breaches, and credit fraud. Hispanic and Asian individuals were disproportionately affected by PII-sharing scams and employment fraud.

Unfortunately, lower-income individuals often rely on fewer financial safeguards, use older or less secure devices, and may be less likely to use advanced cybersecurity tools such as multi-factor authentication or identity protection services, making them easier targets for mobile breaches and credit fraud. Additionally, these individuals may be more susceptible to phishing attempts promising financial assistance or job opportunities, leading to increased incidents of document theft and unauthorized access to mobile devices.

As for Hispanic and Asian individuals being disproportionately affected by PII-sharing scams and employment fraud, language barriers, distrust or unfamiliarity with government institutions and higher engagement in gig or informal labor markets can increase exposure to fraudulent job postings or scams targeting vulnerable workers. Scammers may also exploit cultural dynamics like community-based communication networks to spread fraudulent schemes more effectively within specific ethnic groups.

These patterns point to how systemic vulnerabilities, digital inequity, and social targeting intersect in identity crime, allowing criminals to prey on those with fewer protections and greater exposure.

California, Texas, and Florida recorded the highest number of identity theft victims. California led in account takeovers and new account creations. In Texas, mobile device breaches were the most common method of compromise, and North Carolina and Illinois led in breach incidents. Arizona and Illinois reported the highest number of fraudulent employment cases.

There is, however, reason for cautious optimism. ITRC found that more individuals are seeking help before falling victim. Twenty-nine percent of inquiries came from people unsure if they had been targeted, and 14 percent reached out for preventative advice, signaling a growing public awareness of identity threats and a willingness to take proactive steps.

The overarching takeaway from the ITRC report is clear: identity theft is no longer an isolated issue. It is a sprawling, technologically advanced threat with implications across every sector of society. Whether it involves AI-fueled impersonation, foundational document theft, or multi-layered financial fraud, the danger is escalating. The report is both a warning and a roadmap for action, urging vigilance, investment in safeguards, and support for organizations on the frontlines of identity protection.

Article Topics

AI fraud  |  financial crime  |  identity theft  |  Identity Theft Resource Center  |  synthetic identity fraud  |  United States