Identity Theft

What is identity theft?

The preliminary stage of acquiring and collecting another person’s personal information for criminal purposes is identity theft. It is one of the fastest-growing crimes of the information age.

In 2024, U.S. consumers lost a staggering $12.5 billion to fraud—a 25% increase from the previous year. Identity fraud organizations now operate like structured tech startups with R&D, specialized roles, and even Fraud-as-a-Service offerings. They leverage AI, deepfakes, synthetic identities, and more to scale their operations and bypass defenses.

It is a dangerous type of fraud and with the help of the internet, it is easy.  Canadian companies like Equifax and Trans Union get eighteen hundred complaints a month regarding identity theft.

The different types of identity theft

The four main types are:

Identity cloning – Identity cloning occurs when a criminal assumes a completely new, fabricated identity built from stolen personal information. In the past, this often meant obtaining a forged driver’s license, passport, or health card. Today, the stakes are higher—fraudsters now combine stolen data with synthetic identities (part real, part fake) and use AI-generated photos or deepfakes to bypass verification systems. They can apply for housing, open bank accounts, or commit crimes entirely under the false identity, making it extremely difficult for authorities to trace.

Modern defenses:

• Multi-Factor Authentication (MFA) for any account that stores personal information

• Biometric verification (facial recognition, fingerprint) for sensitive services

• Regular dark web scans to detect if your identity documents are being sold

• Credit freezes to block unauthorized accounts in your name

Financial identity theft – Financial identity theft remains the most common and damaging type of identity theft. Today’s fraudsters use not only stolen personal information—like your name, date of birth, and address—but also synthetic identities that mix real and fabricated data to bypass detection. They can open credit cards, loans, or even digital wallets in your name. With the rise of online banking, mobile payment apps, and buy-now-pay-later services, unauthorized transactions can happen almost instantly, often leaving victims unaware until serious damage is done.

Modern defenses:

• Two-Factor or Multi-Factor Authentication (2FA/MFA) on all financial accounts

• Transaction alerts to detect suspicious activity immediately

• Credit monitoring services to track new accounts or inquiries

• Freezing your credit if you suspect your information has been compromised

• Secure passwords and password managers to protect online banking access

Synthetic identity theft – Synthetic identity theft occurs when a criminal constructs a completely new identity using a mix of real and fabricated information. Often, a Social Insurance Number (or Social Security Number in the U.S.) serves as the anchor, combined with invented names, addresses, and birth dates. Fraudsters can then build a “credit history” for this fake identity, gradually qualifying for loans, credit cards, or other financial services. Today, these identities can also exploit digital-only banking, mobile wallets, and fintech platforms, making detection even more challenging for both consumers and financial institutions.

Modern defenses:

• Credit monitoring and alerts for any new accounts opened in your name

• Use of identity verification services when signing up for financial products

• Regular review of credit reports to spot unusual patterns

• Secure handling of personal information online to reduce data leakage

• Multi-Factor Authentication (MFA) for digital accounts to limit unauthorized access

Criminal identity theft – Criminal identity theft occurs when a person is arrested or cited for an offense and provides someone else’s identity. The unsuspecting individual then faces the consequences, including a criminal record, fines, or legal complications. Today, with digital arrest records, online background checks, and biometric systems, fraudsters sometimes attempt to manipulate digital databases or submit false information to evade detection. Even minor online identity exposure—through data breaches or social media—can increase the risk of this type of fraud.

Modern defenses:

• Regularly monitor your personal records for unexpected legal or criminal activity

• Set up alerts with background-check services to catch unauthorized activity

• Secure personal documents and digital identifiers (SSN, driver’s license, passport)

• Report suspected identity misuse immediately to law enforcement and credit bureaus

• Consider a credit freeze or fraud alert if identity compromise is suspected

What is common about identity theft is that it can be applied to individuals and corporations.

Identity theft is an intrusion of the corporation and takes longer to catch than when done against an individual.

One common occurrence is where someone gets an email to submit their personal information to a bogus website.  A lot of seniors and those not sophisticated on the technology front fall prey to these emails.  They go to the website and submit their passwords and SIN and all kinds of information regarding their bank accounts.

How to protect yourself from identity theft?

You can protect yourself by:

Never giving your personal information to anyone. If you do ask how it will be shared.

Always check your financial statements against receipts to make sure purchases are yours.

Protect your pin number for your ATM card at all times. Do not use easy numbers as your pin number.

Guard your mail

Call the credit monitoring companies and have them monitor your credit

Id theft monitoring agencies can keep a track of your ID

Shred documents containing your personal information.  Do not put it in the garbage.

If you are leaving town for a while let Canada Post put your mail on hold.

Corporate identity theft can leave a great company completely bankrupt.  Criminals can now submit corporate documents to change addresses, titles, directors and all kinds of information at the registration office.  Hackers then go and open accounts under the company name and start cashing checks.

Most companies have risk management software and procedures to deal with the above.

Tips for fighting corporate identity theft are:

Lawyers should be asking for personal ID from clients who are signing documents

Obtain a status certificate and corporate profile

Ensure that the person signing the documents is actually a signing officer of the corporation.

All passwords to excel and other files are strict and changed regularly so hackers cannot find the permutations and combinations

Photo Credit: Dan Meyers Element5 Digital Clay Banks  Cody Board