Your guide to the latest trends in email fraud and identity theft


Chances are you or someone you know has been the victim of email fraud or identity theft. At the very least, you’ve probably received a variety of spam and text messages asking you to provide payment or confirm your identity.

The good news is that cybersecurity protection is constantly evolving and improving, with cybersecurity education programs preparing skilled professionals to enter the front lines against cybercrime. The less good news: As cybersecurity protection evolves, so do the attack methods used to steal your personal information. Businesses and organizations often do their best to protect their customers and employees, but the threat is very real.

In fact, two-thirds of Fortune 500 companies “remain vulnerable to identity theft in phishing scams targeting their customers, partners, inventors, and the general public.”

Keep these alarming stats from PurpleSec in mind:

  • 92% of malware is delivered via email.
  • Nearly 60 million people in the United States have been affected by identity theft.

So what are some of the latest trends in online deception, and how are hackers adapting when it comes to email fraud and identity theft? Let’s find out.

Personalized email scams

Have you ever received a suspicious email from a family member, colleague or friend asking for help? Or maybe you found a note in your inbox from the United States Postal Service asking you to submit payment for a package they are holding for you. The Conversation, an independent news agency, explains that we’re more likely to respond to personal inquiries – and that social media has made it easier than ever for scammers to glean personal information that can be used to create ‘spear phishing’ ” target. attacks, which are more persuasive than general phishing emails.

In the first three months of 2022, popular job networking site LinkedIn accounted for 52% of all phishing scams globally.


This new way of stealing information is booming. According to Norton, “Formjacking is when cybercriminals inject malicious JavaScript code to hijack a website and take over the functionality of the site’s form page to collect sensitive user information. Formjacking is designed to steal credit card details and other information from payment forms that can be captured on website payment pages.

Identity theft on social networks

There is a high probability that you have an account on at least one of the popular social media platforms, which puts you at increased risk of identity theft. “Digital-connected consumers have an account on about five different platforms, which puts them at a 30% higher risk of fraud,” explains Cloudwards.

You put yourself at even greater risk by publicly sharing any type of personal information, such as your date of birth, phone number, or specific location. Weak passwords on social media sites are also a problem, as cybercriminals can easily infiltrate your platforms and either use your information or impersonate you directly through the specific platform.

Buy now, pay later

Buy now, pay later allows consumers to purchase items immediately, but pay for them later, usually on an installment plan. There are two main types of BNPL fraud:

  • Your account is being used to make unauthorized purchases.
  • Your personal information is used to create a new account.

New digital payment options offer effortless account creation and quick access to credit, opening the door to abuse by fraudsters using stolen credentials,” according to LexisNexis.

Medical identity theft

It’s often true that identity theft involves stealing personal information for profit, but there’s another type of crime on the rise: medical identity theft. This happens when someone steals your personal information in order to obtain medical care or a health-related service, submit fraudulent claims, or obtain prescription drugs.

How common is this type of crime? Cases of medical identity theft have risen from 6,800 in 2017 to nearly 43,000 in 2021.

Synthetic impersonation

Synthetic spoofing occurs when a malicious actor creates a false identity using your personal information. For example, someone could use your date of birth, social security number, and banking information to apply for a loan. Your identity could also be used to sign up for a new credit card. In some cases of synthetic spoofing, genuine and false information is combined – for example, a real Social Security number and a fabricated name and birthday.

Corporate identity theft

Have you ever received an out of the blue phone call from a company or organization wanting to verify your personal information or asking you to confirm a payment? Commercial spoofing is just that – a person (or machine) pretending to be from a legitimate business asks someone to send money or divulge personal information.

According to Kaseware, “many attackers use bots to complete this process by contacting employees or impersonating places like banks or hospitals.”

Child Identity Fraud

In 2021, 1 in 50 children was the target of identity theft and 1 in 45 was affected by a data breach. This type of fraud occurs when someone steals a child’s personal information to make purchases or open credit card accounts. According to AARP, “Such crimes can go unnoticed for years because children fail to file taxes or apply for loans, which would typically signal identity fraud.”

The rise in child identity fraud is partly due to social media, the time people spend online, and an overall increase in digital transactions.

Even though these types of email crimes and identity theft are on the rise, there are important steps people can take to protect themselves, such as using strong passwords, regularly reviewing credit card statements and banking, and vigilance and caution on social media platforms. Above all, one of the best protections is a healthy dose of skepticism and common sense. If something seems too good to be true – for example, a payout or special offer that only requires your personal information to claim – it probably is.

About the Author: Michelle Moore, Ph.D., is Academic Director and Practice Professor for the University of San Diego’s Innovative Online Master of Science in Cybersecurity Operations and Leadership Program. She is also a researcher and author with over two decades of experience in the private sector and government as a cybersecurity expert.

Editor’s note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.


Comments are closed.