Imagine discovering that your identity has been stolen. You were conned into giving out personal information to sources that seemed legitimate, maybe on social media or over the phone. Situations like this are not uncommon and are becoming some of the most common identity theft scams.

The Federal Trade Commission receives an average of 2.6 million reports of fraud every year[1].  An ever-rising percentage of these involve a category of fraud known as social engineering. This involves tricking someone into thinking the scammer is a friend or a representative of a legitimate and trusted organization. The objective is to steal your personal information and use it against you.

If you’re not careful, you may not realize what is happening until it is too late. Being aware of all the scams out there puts the odds in your favor. Here are some of the most popular identity theft scams to watch out for.

The Changing Form of Identity Theft Scams

The face of identity theft is changing rapidly. Fraudsters are moving away from the old methods such as dumpster diving, wallet theft, and mailbox raids. They’ve discovered that they don’t need to steal your identity if they can persuade you to give it to them.

The goal is to make you comfortable so will relax and let your guard down. This is when you are most vulnerable and most likely to give out your information. There are several ways they achieve this.

In 2024 and 2025, scammers have added powerful new tricks to their arsenal. Thanks to advances in artificial intelligence, deepfake videos and cloned voices are now being used to impersonate friends, family, and even company executives. At the same time, criminals have found ways to get around multi-factor authentication, often by bombarding victims with repeated login requests until they finally approve one by mistake (a tactic known as “MFA fatigue” or “push bombing”).

1. The One-on-One Relationship

A one-on-one relationship scam typically starts with an online meeting, but can also involve the telephone or mail. The scammer approaches you as a potential love interest or friend. You’re flattered. Once you let your guard down, the scammers make their move.

👉 Example

The Tinder Swindler (Shimon Hayut) is a classic example of this, made famous by a Netflix documentary. Hayut posed as the son of a billionaire diamond dealer, using money from previous marks to make an impression. He used Tinder to form romantic connections and gain the trust of his victims before creating excuses to gain access to their finances.

Hayut lived lavishly spending the proceeds from each of his victims. He would seek out new women on Tinder and do the same thing to keep up his lifestyle. Law enforcement did not become actively involved until Hayut had stolen $10 million.

This is a high-profile example, but romance scams overall are all over the internet and reported losses are constantly on the rise, reaching $672 million in 2024.

☝️ Romance scams aren’t the only kind of relationship-based fraud. Watch out for “affinity fraud”, where a scammer tries to get close to you by pretending to share your religious, political, or other interests.

How to Protect Yourself from Relationship Scams

The best way to avoid these scams is simple caution and common sense. It’s flattering to have a person with an attractive profile picture pop out of nowhere pretending to be madly attracted to you. It’s exciting to have engaging new friends that seem interested and attentive.

We still have to be realistic. If someone is just a little too interested and too available, the red flags should go up. Be careful, and if someone asks for money or personal financial information, cut the relationship off. That can hurt, but getting robbed hurts a lot more.

2. Phishing

Scammers often impersonate a person or an organization. This is called phishing. They want you to believe that there’s a problem and that the person you’re talking to can fix it. This might be an issue with your bank or investment accounts, Social Security, Medicare, or almost anything else.

Of course in order to “help you”, the friendly customer service representative will need sensitive information like your Social Security number, account numbers, and even passwords.

Once the scammer has all of the information they will steal your identity and use it against you. They might empty your accounts, take out loans in your name, or even sell your personal information on the dark web.

Sometimes, these scammers will call you on the telephone and say they are from a government agency. For example, a scammer calls you stating they are from the Social Security Administration. Any call, email, or SMS that you didn’t initiate could be an attempt to get access to your personal information.

☝️ Remember that these scammers may only need a few pieces of information. They can fill in the rest from public sources, often your own social media pages and public directories.

In the past, phishing emails often gave themselves away with broken English or sloppy formatting. That’s no longer true. Scammers now use AI to write flawless, highly personalized messages that mimic the style of a real person or organization.

Some even go beyond text: “vishing” (voice phishing) now includes phone calls using AI-cloned voices that sound almost identical to someone you know. In 2024, there were several high-profile reports of deepfake voice calls convincing employees to transfer money or disclose credentials.

Protect Yourself from Phishing

If you get a suspicious call, hang up and call the organization directly. You can find their phone number by doing a Google search and contacting the organization. If the caller is pretending to represent your bank, credit card company, or another company you do business with, use the customer service number on your account documents.

Do not give out personal information over the phone, especially if you did not initiate the conversation. Government agencies and companies will not just call you and ask for personal information.

3. SMS Phishing

SMS phishing uses SMS messages claiming to be from a legitimate company or government agency. There is a message stating that something is happening with your account or personal information. It often says that your account is at risk of being closed.

There’s usually a link in the message. Don’t click it! It may lead you to a site that steals your information or places spyware on your devices. It may simply open you up to an attempt to win your trust. Either way, you don’t want it.

When you receive texts like this don’t open them. Don’t respond to anything they are saying. If you are really concerned, look up the organization’s telephone number and call them directly. The odds are high that these unsolicited texts are identity theft scams.

Text scams are also evolving. Instead of simple fake links, attackers now send QR codes (“quishing”) or direct you to instant messaging apps like WhatsApp or Telegram. These methods make the scam feel more casual and personal, increasing the odds that you’ll click before you think.

4. Tax Scams

Tax scams use the telephone, emails, and SMS messages that claim to be from the Internal Revenue Service (IRS). The callers claim that you owe back taxes and must pay immediately. They may threaten you with prosecution and jail time if you don’t comply. They want you to panic and send them money.

Don’t fall for it. The IRS will not call you if you have tax arrears. They will send you written notice. Hang up and don’t respond. If you’re concerned that you might have a problem with the IRS you can contact them yourself and clarify whatever issue exists.

A caller may also claim that your file lacks some information and they need to update it. Don’t fall for that either. The IRS is not going to call you up and ask for your personal information!

5. You Won! Lottery and Investment Schemes

Lottery and investment scams are extremely common. You will receive calls, emails, and texts about a huge investment opportunity or a prize that you have mysteriously won. These scammers may ask for bank details or other personal information or they may demand that taxes or fees be paid upfront before you can claim your “prize”.

Keep it real. Ignore the messages.

👉 Here’s a simple rule: if it sounds too good to be true, it’s not true. Sure, we’d all love to win a contest we never entered, but is that realistic?

6. Website Spoofing

Website spoofing is another form of phishing. it involves entire websites that are designed to look almost exactly like the websites of actual banks, government agencies, or other credible institutions.

You’ll probably be directed to the website by an equally official-looking email or SMS. Expect to see the official logo of the organization and professional-looking stock photos. Some of these websites can look very authentic.

No matter how authentic the site looks, it is fake. It is designed to convince you to provide personal information or to place spyware on your device that will gather and send personal data.

How to Protect Yourself from Website Spoofing

Any time you get an email or message from a bank or other company that asks you to visit a website, stop. Check the real URL – the web address- of the company. Compare it to the one you’ve been given. If it’s different – even by a single letter – you’re being scammed.

If you are in doubt, close the email, look up the phone number of the company, and call them. Explain the situation and ask to confirm

In most cases, if the email is unsolicited your best bet is to avoid it. Don’t even open it.

7. Deepfake and AI Impersonation Scams

Scammers are now using deepfake technology to mimic voices, faces, and even entire video calls. Imagine getting a FaceTime or Zoom request from what looks and sounds like your boss, spouse, or child. Only it isn’t them.

The goal is the same as ever: to get you to hand over money or sensitive information.

👉 Example: In 2024, a major advertising firm reported that criminals used a deepfake video call to impersonate their CEO and nearly tricked employees into transferring millions of dollars.

In another case, older adults received AI-generated “emergency calls” that sounded exactly like their grandchildren, begging for quick financial help.

How to Protect Yourself from Deepfake Scams

If you receive an urgent request by phone or video, always verify it through another channel you trust. For example, call the person back using a number you already know, or confirm with another family member or colleague.

Avoid posting too many public videos or voice clips online, since these can be used to train deepfake models.

And remember: no matter how real it looks or sounds, if someone is pushing you to act immediately, it’s time to slow down and double-check.

If You’re Already A Victim

If you’ve already sent personal information to a suspicious caller or site, or you’ve already clicked on a link you think may be risky, you’ll need to take action at once. Many people hesitate to report identity theft scams because they are embarrassed or ashamed at falling for something that in retrospect seems obvious.

Thieves count on that attitude. It protects them and keeps their victims vulnerable. Don’t cooperate. If you act quickly you can prevent or minimize damage.

👉 We’ve written about what to do if you’re a victim of identity theft, and those steps are worth following even if you think you may have been targeted. Better safe than sorry!

If you believe you’ve been targeted by a deepfake or AI impersonation, save any evidence (recordings, emails, screenshots) and report it right away to the platform where it happened and to the Federal Trade Commission (FTC).

If financial accounts are involved, contact your bank or credit card company immediately and ask them to flag suspicious transactions.

It’s also wise to put a fraud alert on your credit reports, so lenders know to take extra steps before issuing credit in your name.

You Can Stop The Scams!

Many identity theft scams built on social engineering straddle the line between identity theft and a straight con. Some scammers won’t even bother stealing your identity: they will just talk you into giving them money. Others embrace a more traditional identity theft model, pursuing information that can be used or sold.

Either way, the scam is built around trust. Identity theft scammers will often use social media to learn about your life, giving them the information they need to build a persuasive pitch. You can protect yourself by keeping your privacy settings strict and not posting revealing information on any public account.

Be careful about accepting friend requests from people you don’t know. Once they are inside your friend list they can work through your history and learn everything they need to know to spot your vulnerabilities.

You still have the upper hand, because there’s nothing they can do unless you cooperate. If you stay skeptical and keep your guard up, you can cut them off before they come close to making their move.

The key to protecting yourself in 2025 is alertness. Scams are becoming slicker, faster, and harder to spot, but the core tactic is still the same: pressure you into acting before you think. Whether it’s a text with a fake link, a deepfake video of a loved one, or a flood of MFA requests, your best defense is to pause, verify, and only trust communication channels you initiate.

Nobody wants to live in constant suspicion, but a healthy dose of skepticism is now a basic survival skill. Build the habit of checking details, confirming requests, and keeping your guard up. That extra moment of caution could save you from becoming the next victim of identity theft.

0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments