Identity theft sounds like a crime that happens to someone else. Yet, it's ubiquitous, with the Federal Trade Commission recording 1.1 million reports of identity theft in 2022. The true number is likely higher as these are just the reported instances.

As more personal information ends up online, our identities are at greater risk of being stolen. You can take measures to reduce the risk of identity theft, such as enrolling in an identity theft protection service. You can find our guide to the best identity theft protection services here.

However, you don't necessarily need to immediately reach for the heaviest identity security you can find. Identity theft is often a crime of opportunity. Even just learning about vulnerabilities will go a long way toward protecting yourself. Here's everything you need to know about identity theft and how to report identity theft if you think you're a victim.

What is identity theft?

Identity theft occurs when someone steals another person's information for financial gain or to assume that person's identity. The Identity Theft and Assumption Deterrence Act of 1988 made identity theft a federal crime, though most cases are handled on the state level. Federal courts only get involved if a massive amount of money was stolen or if a fraudster was stealing multiple identities.

Because perpetrators of identity theft act under the victim's identity, the victim can be held responsible for anything the perpetrator does. Paige Hanson, cyber safety consultant and former chief of cyber safety education at NortonLifeLock, says that because all of the fraudster's activities were done under someone else's identity, "we think of identity theft victims as guilty, and they have to prove themselves innocent."

Types of identity theft

Identity theft can be done with several pieces of information to a number of ends.

Financial identity theft: The most common type of identity theft is when a fraudster uses your information for financial gain. This can be as simple as using your credit card information to make purchases online or in person, but it can go as far as using your social security number to open a new line of credit in your name. Not only does this hurt your finances, but this can also hurt your credit score.

Hanson recommends using a credit card to make purchases instead of a debit card because credit cards have more protections in place. "If a fraudster went on a spending spree out of your debit card account and spent whatever the balance was, you're left without any money until the bank reimburses you, which can be up to, you know, five to 10 business days," she says.

Note: Some debit card providers give you as few as two days to report a missing debit card.

Medical identity theft: In this type of debt, a fraudster uses your medical insurance information to get reimbursed for their medical expenses. Alternatively, an insurance holder can commit fraud by giving their insurance information to someone so that person doesn't have to pay for their medical expenses. Medical providers may also commit fraud by claiming they performed medical procedures that never happened to get reimbursed.

Medical identity theft can hurt your credit but can have more severe consequences if the fraudster's actions create medical records under your name. This can lead to false medical information, leading to complications during medical procedures.

Criminal identity theft: In these instances, the perpetrator committed a crime, something that can be as innocuous as a speeding ticket, and gives someone else's information instead of their own, such as a driver's license. So that person is held legally responsible for the perpetrator's actions.

Child identity theft: Children are appealing targets for fraudsters because their credit history is blank. If a person has a credit history associated with certain geographical areas, a fraudster attempting to open a new line of credit in that person's name in a completely different area will set off red flags. Yet if someone doesn't have a credit history, like a child, there's no prior activity pattern that will trigger those red flags, so the fraud goes unnoticed.

These cases are usually instances of familiar fraud, where the victim knows the fraudster personally, usually a friend or family member. "In those cases, the young adult doesn't necessarily want to press charges against their parents or aunts or uncles, somebody within their familiar circle. And so they're left with poor credit," Hanson says.

Synthetic identity fraud: Synthetic identity theft is a relatively new way to create a false identity by creating a profile using bits and pieces of other people's information, making it hard to detect since this person doesn't exist. A fraudster will start by stealing a social security number, then add false information around it, such as a fake name and address, until a whole fraudulent profile is created. Fraudsters can use this identity to build credit, take out a loan, and disappear.

Though the identity is a mix of information from different people, Hanson says that the owner of the social security number is usually held accountable. "But it's not necessarily on [their] credit report because all of the other information wasn't matching," she says.

Note: Fraudsters can steal a deceased person's identity and use it to commit fraud, also called "ghosting."

How to prevent identity theft

Hanson says that being aware that your identity can be stolen is a good starting point toward reducing identity theft risk. However, personal information leaks are often out of our control. Fraudsters can access your information through a data breach from an online retailer or insurance company that leaks their clients' personal information. Even Equifax, one of the three major credit reporting agencies, was the target of a data breach in 2017.

Yet there are ways to prevent any significant damage to you.

Keep your personal information secure: It's crucial to closely guard your personal information and accounts online and on paper. This means practicing good security habits, such as having a variety of passwords, which can prevent credential stuffing. You should also be properly disposing of documents containing sensitive or personal information by shredding them or crossing out personal details.

Sign up for ID theft protection or credit monitoring: Unfortunately, personal information leaks are often out of our control. Fraudsters can access your information through a data breach from an online retailer or insurance company that leaks their clients' personal information. Though we can maintain some security practices, the best thing to do is keep a watchful eye. An easy way to do this is by signing up for an identity theft protection service that will monitor your information to see if anyone is using it and alert you if they detect potential fraud.

Regularly check your credit report: If you don't enroll for ID theft protection, you can periodically check your credit report to see if there are any unauthorized lines of credit. You are entitled to a free credit report from each of the three credit bureaus every 12 months from AnnualCreditReport.com. You can also sign up for a credit monitoring service, which alerts you to changes on your credit report. The best credit monitoring services also have some identity theft protection features.

Note: Until the end of 2023, you can access weekly credit reports.

Preventing child identity theft: To prevent your child's identity from being stolen, you can open a line of credit in your child's name then freeze their credit as long as they're under the age of 16. Known as a security freeze, this restricts access to your child's credit history. You will have to verify both your child's identity, your identity, and that you are a parent or legal guardian to the child. You will also have to do this with all three credit bureaus.

What to do if you're the victim of identity theft

If you find that your credit score is fluctuating because of lines of credit that you didn't open or you're receiving collection notices on debt that you didn't rack up, there's a good chance that your identity has been stolen. Though it can be a harrowing experience, you have certain rights as a victim of identity theft. You need to take several steps once you realize your identity has been stolen.

Report the fraud to relevant companies: First, you should notify the companies involved in the identity theft. For most cases, such as credit card fraud, you can report the fraud, dispute the charge, and get a new credit card. You're not held responsible as long as you do that within the allotted time since the fraud occurred — usually between 60-90 days.

In most states, you are not liable for new lines of credit opened due to fraudulent activity. You also have the right to challenge debt collectors if they contact you to repay any debt you're not responsible for.

Report fraud to the FTC: After reporting to relevant companies, you'll want to file a report with the FTC. You can report identity theft over the phone at 877-438-4338, but you will only receive an identity theft report if you make a report online. An identity theft report can be useful documentation when reclaiming your identity.

Report fraud to credit bureaus: You need to call one of the three credit bureaus — Experian, Equifax, or TransUnion — that your identity has been stolen. The credit bureau you report it to is required by law to notify the other two bureaus. While contacting your credit bureaus, you're entitled to a 90-day initial fraud alert, which requires creditors to take reasonable steps to confirm the identity of the person applying for credit under your name. They must also provide you with a free credit report, a summary of your rights, and the fraud alert.

Here's how to contact the credit bureaus:

*  Equifax — Call 800-525-6285 or add a fraud alert through your online Equifax account

*  Experian — Call 888-397-3742 or add a fraud alert through Experian's Fraud Alert Hub

*  TransUnion — Add a fraud alert by calling 800-680-7289 or through TransUnion's online account

Note: If you have an identity theft report, you can extend the fraud alert to seven years. You'll need your identity theft report from the FTC to make this extension.

Even if someone has your social security number, it is difficult for them to use it. "Usually what we find is that [fraudsters] just move on to the next security number because you've made it harder for them to just easily more freely use," Hanson says.

Go to local law enforcement: There are certain instances in which you should go to your local law enforcement agent, such as if you know the person who stole your identity. You should also report the incident to law enforcement if the fraudster passed your information off as theirs to the police. Lastly, certain companies may require a police report when you're reporting fraud.

Strengthen your digital security: If you weren't signed up for identity theft protection before an incident of theft, you should sign up for one afterward, as victims are often targeted more often after the first incident.

In extenuating circumstances, such as if your life is being threatened or your social security number is constantly being used to steal your identity, you may be eligible for a new one. You can apply for a new one online through the Social Security Administration.