Digital Transactions Authoritative, insightful and timely information for payments professionals
While fewer consumers reported identity crimes between April 2024 and March 2025 compared to the same time a year earlier, the number of consumers reporting multiple identity crimes increased, The Identity Theft Resource Center says.
In its annual industry report, the IRTC says reports of identity crimes declined 31% to 9,038 from the second quarter of 2024 through the first quarter of 2025, compared to a year earlier. But the fraction of consumers reporting multiple identity-related concerns to the ITRC rose to 24%, up from 15%. The IRTC notes that the FBI and Federal Trade Commission are also reporting declines in identity crimes, which indicates the trend is widespread.
The IRTC’s definition of identity crimes includes identity theft, fraud, scams, and account takeover.
The report offers several reasons fewer identity crimes were reported. The use of artificial intelligence by criminals to more precisely target potential victims, which reduces the need to attack higher volumes of people, is one. In addition, consumers are taking more responsibility for protecting their identity information, and more organizations are deploying tools that effectively block or minimize attacks. Victim fatigue is another reason, as the high number of data breaches and cyberattacks has created a sense of hopelessness and powerlessness among identity-crime victims, according to the report.
Criminals’ use of AI has improved, making it harder to spot texts and emails impersonating a trusted source to persuade consumers to give up their personal information, says Mona Terry, chief operating officer and head of victim services for the IRTC.
These messages are sent as part of impersonation scams, in which a criminal pretends to be a trusted individual or organization, such as government agencies, banks, or even friends and family members.
The number of impersonation scams increased nearly 1.5 times from the second quarter of 2024 through the first quarter of 2025, compared to a year earlier, the report says. Of the impersonation scams reported, 51% were linked to general business and 21% to a financial institution.
The most common types of personal information targeted by criminals are Social Security Numbers, drivers-license numbers, and payment card and account numbers.
“We’ve seen an uptick in impersonation scams from criminals sending text and emails that look to be coming from a legitimate person or company, which is making it hard tell the difference from messages from non-legitimate sources,” Terry says. “We’re just not seeing the visual cues, such as misspellings, that we once did in these scams.”
Another emerging trend is that criminals are increasingly targeting consumers’ mobile phones to gain access to those devices. The interconnected nature of today’s digital services means access to a device or to an account on the device can provide a pathway to others. Reports of phones being hacked account for 15% of total identity-crime reports, a more than 100% increase from the same period a year ago.
“A phone is a one-stop shop for criminals because consumers usually access multiple accounts through their phones,” Terry says. Criminals gain access to phones through compromised apps consumers download. Consumers can also fail to stay current with the device’s software updates, according to the IRTC.
One growing problem is that criminals are finding ways to hack consumers’ Apple IDs or Google IDs. With those IDs, criminals have access to all of a consumer’s personal information, even if the consumer replaces a device he or she suspects has been hacked. “If a consumer’s Apple or Google ID is hacked, getting a new device won’t help,” Terry adds.
One bright spot is that consumers are taking steps to protect their personal data. “We are receiving a lot of calls from consumers reporting something is fishy with a message or call they received, but have not yet been victimized,” Terry says. “As good as AI has gotten at fooling consumers, this shows consumers are taking the time to protect their data before a compromise occurs.”
