Identity Theft Statistics: 10 Key Data Points to Know in 2025

Imagine checking your bank account and finding it empty, or seeing social media posts you never wrote. 

This scary scenario is real. It’s called identity theft, and it's getting worse each year. Criminals keep finding more innovative ways to steal your personal information, often using new tricks like fake videos (deepfakes) or tricky emails. 

Identity threat detection software helps fight against this growing threat. These tools can spot threats early and protect you before any real harm happens. 

To help you stay safe, I have collected some critical identity theft statistics showing just how advanced these scams have become.

Identity theft statistics at a glance

Here’s an overview of all the statistics we cover in this article. 

Top 10 stats on identity theft in 2025

Below are some statistics and insights on identity theft that showcase just how far identity theft has come. These aren’t just numbers to gloss over; they reflect real threats with real consequences. 

1. The cost of cybercrime is expected to rise to $10.5 trillion annually by 2025.

That’s up from $3 trillion in 2015. If annual cybercrime were a country, it would have the third-largest gross domestic product (GDP) in the world, right behind the U.S. and China. 

Many behind the losses are identity thieves who use victims’ personal information to steal benefits like Supplemental Nutrition Assistance Program (SNAP) assistance, small business loans, and other resources.

AI is driving this rise in identity theft, with deepfakes and sophisticated phishing attacks powered by generative AI. World Economic Forum highlights the surge in fraud in the U.S. during the pandemic, driven by the increased digitization of government services. Between 2018 and 2022, annual federal losses due to fraud ranged from $233 billion to $521 billion.

Entrust reports deepfakes now account for 40% of biometric frauds. 

2. Synthetic identity fraud could reach $23 billion in U.S. losses by 2030.

Synthetic identity fraud occurs when scammers create fake identities using a combination of real and fabricated information. They might steal a real Social Security number, often from a child or someone with no credit, and add fake details like a made-up name or birthday. Then, they use this fake identity to get credit cards, loans, or government benefits. Because the identity doesn’t belong to a real person, it’s tough to catch. 

Daniel Flowe, Head of Digital Identity at LSEG Risk Intelligence, expresses his views regarding the growing synthetic identity fraud challenge. He says, “2025 will see synthetic identity fraud break out and become a substantial — and growing — challenge. The tools and technologies that fraudsters can leverage to create hyper-realistic synthetic identities are becoming cheaper and more readily available. At the same time, bad actors are becoming increasingly skilled.”

Companies need to implement robust vendor management systems, secure payment methods, real-time account verification, and continuous transaction monitoring. 

3. Across all document fraud, 40.8% target national ID cards.

In 2024, the identity fraud rates across the Americas, APAC, and EMEA regions were 6.2%, 6.8%, and 3.4%, respectively. Some of the most targeted documents include the Indian tax ID, the Pakistan national ID card, the Bangladesh national ID card, and the French passport. 

Most documents are flagged either for visual authenticity (47%) or data validation issues (36%), indicating an increasingly sophisticated range of attacks.

4. Frauds happen 24/7 but spike between 3 a.m. and 6 a.m. UTC.

While fraud occurs 24 hours a day, 7 days a week, fraudsters exploit what businesses and customers assume to be business downtime. 

Source: Entrust

Businesses may benefit from deploying and enforcing their fraud prevention tactics 24/7, with special attention paid during the “downtime” period. 

Timing-based fraud happens when criminals strike during vulnerable moments. These moments can be beyond downtime, such as month-end closings, payroll runs, vendor payments, holidays, or when your defenses are weakest.

Beyond relying only on 24/7 monitoring, businesses need smarter, behavior-based defenses that can spot activity that doesn’t match the standard user patterns. Adding layers of authentication, approvals, and velocity rules will give you a better construct to protect against such fraud. 

5. 61% of IT and IT security practitioners are preparing for the post-quantum era.

As quantum computing continues to mature, the technology is getting close to the cryptographically relevant quantum computers (CRQCs). These systems are capable of breaking encryption, which we rely on to keep data safe and secure. 

Recognizing this risk, the National Institute of Standards and Technology (NIST) issued its first post-quantum cryptography (PQC) standards in August 2024. These standards include instructions for incorporating them into products and encryption systems.

Entrust’s State of Zero Trust and Encryption Study reports that 61% of IT and IT security practitioners in their organizations are planning to migrate to PQC within the next five years. 

6. 46% of businesses reported a year-over-year increase in deepfakes and generative AI fraud.

Deepfakes aren’t easy to detect and fight. Although 46% of organizations report an increase in deepfake frauds, 50% feel that they are at a consistent level YoY.

According to Authentic ID’s research, 76% of business owners are confident in their ability to detect deepfakes. However, 47% of employees are equally confident in a business’s deepfake detection capability. 

Blair Cohen, President and Founder of AuthenticID, expresses his thoughts on Deepfakes: “Despite the sophistication of deepfake technology, subtle clues in language and context can sometimes betray their authenticity. As the battle against misinformation intensifies, the quest for effective safeguards and consumer education against deepfakes remains imperative.”

7. Account takeover scams increased by 250% in 2024.

Approximately 40% of victims in these scams reported experiencing identity theft. A typical victim loses around $180 in these scams. Malicious hackers take control of the target’s social media, banking, email, or even e-commerce accounts to propagate into more critical systems. 

Scammers typically obtain a wide range of information from these accounts, including personal and conversational data. Some experts predict that these tactics will overshadow other methods, such as ransomware, in 2025. 

8. 32.52% of workplace-related fraud involves impersonation of an employee.

Beyond impersonating an employee, 18.7% involve misrepresented or fake employee applications for a position. 30.89% of incidents occur due to employee account takeover, and 19.51% of identity frauds result from physical or intellectual property theft. 

Phishing is the most common method used to trick people in these scams. 76.86% of frauds involve phishing. This is evident, as 90% of cyber threats are driven by social engineering. 

On average, there are 34 annual attempts targeting personal data or user accounts for unauthorized access.

9. 18.59% of identity frauds target the gaming industry, while 5.74%  target retail.

Fraud rates are the highest in the gaming and employee background screening industries, at 18.59% and 10.62%, respectively. Sector-wise, financial institutions have consistently been the target for bad actors. 

When it comes to protecting against identity theft risks in financial institutions, there are mixed opinions among customers. For example, 49% of consumers are confident about their institution’s security in protecting their identities. However, 51% of consumers are still doubtful or unsure. 

Garry W.G. Clement, Chief Anti-Money Laundering Officer at Versa Bank, says, “Identity fraud with all of the current technology and the ability to use the dark web to create fake identities will continue to escalate and require subject matter experts and appropriate training and technology to thwart attacks.”

10. 1 in 20 identity verification attempts in 2024 involved someone pretending to be someone else.

These are attempts from people who are impersonating someone else. According to Veriff’s data, 82% of fraud attacks in 2024 were impersonation attempts, making it the most common type of fraud. 

With technology, direct impersonation has evolved into an authorized fraud scam. In an authorized fraud, a bad actor tricks a genuine user into performing an identity verification session. In 2024, these authorized fraud cases accounted for approximately 1.79% of all verification attempts. 

E-commerce had the highest authorized fraud rate in 2024, reaching 1.62%. This is 18 times higher than the global average for this type of fraud.

Managing sophistication in identity fraud with simplicity

Identity theft is no longer just a risk; it’s a constant, evolving risk growing in size and scale through AI and deepfakes. You need to protect yourself and the organization proactively against this digital threat. 

Solutions like identity and access management (IAM) software help establish the proper controls with approvals, authentication, and privileges to protect against such threats.

Explore the leading IAM software and take better control of different identities in your business.