You Won't Believe These Identity Theft Horror Stories!
It’s a fact: nearly half of all Americans experienced financial identity theft in the past few years with losses hitting a record $56 billion [*].
But while many criminals are content to break into your bank account, max out your credit card, or take out loans in your name, some want to go the extra mile.
The most unbelievable identity theft stories range from criminals writing fake cheques during a globe-trotting crime spree to pretending to be a family’s long-lost child to evade criminal charges.
Unfortunately, most victims of fraud and identity theft think it could never happen to them — until it does.
Here’s a look at 15 unbelievable scams that illustrate how creative con artists can be and how you can protect yourself and your family from the worst-case scenario of identity theft.
15 Unbelievable Identity Theft Stories
- The “Tinder Swindler” who scammed lonely lovers
- The credit check fraudster who stole 33,000 identities
- The celebrity identity thief who went after Oprah
- The mom who stole her daughter’s identity
- The stolen phone that turned a dream vacation into a nightmare
- The Australian woman framed for an assassination
- The phishing attack that took down a presidential candidate
- The basketball game burglary scam
- The fake Craigslist roommate scam that tricked a journalist
- The scammer selling stolen cars on Facebook
- The fake hostage phone call scam
- The SIM swapping scam that cost a YouTuber’s family $40,000
- The malware virus that robbed one man of almost $1,000,000
- The scammer with 500+ identities
- The EminiFX crypto scheme
Don’t want to become the next victim of one of these unbelievable identity theft stories? Here’s how you can learn to avoid the worst scams and frauds out there.
1. The “Tinder Swindler” who scammed lonely lovers out of millions
Shimon Hayut is the subject of the Netflix documentary The Tinder Swindler, and he’s one of the most brazen scammers on this list.
Hayut posed as a wealthy businessman on Tinder, and used his lavish lifestyle to impress women and build relationships. Soon after, he would tell his current target that business enemies were threatening his life and ask for credit cards and loans.
Hayut maxed out cards and didn’t repay the loans, leaving many of his victims straddled with crippling debt. The Israeli Times estimates that he defrauded his victims for a total of $10 million.
⚠️ How the Tinder Swinder’s scam worked:
While Hayut’s scam seems made for our times, it’s really just a variation of an age-old scheme: the romance scam.
In a romance scam, con artists pose as wealthy and attractive individuals to gain their victim’s trust. Once they build a relationship, they start asking for gifts, money, and favors. In 2021 alone, the Federal Trade Commission (FTC) reported that online romance scams resulted in losses of $547 million [*].
How to avoid becoming the victim of a romance scam:
There are several romance scammer red flags to watch out for. But there’s one in particular that gives them away: scammers like to move fast.
Romance scammers will often profess feelings of love quickly. They’ll pressure you to admit you feel the same way and then start asking for money or to invest in a “guaranteed” investment.
If you want to stay safe, just remember: never give money to someone you’ve only ever met online — no matter the reason.
2. The credit check fraudster who stole 33,000 identities
In 2004, Philip Cummings pleaded guilty to one of the largest identity theft cases in the United States.
Cummings worked a desk job at Teledata Communications, Inc. in Long Island, New York, where he helped companies run routine credit checks. When he left his job, he packed up his belongings — along with the confidential passwords of 33,000 of the company’s clients.
With the help of an accomplice, Cummings sold this sensitive data to criminals who used it to drain bank accounts and open new lines of credit.
The U.S. Department of Justice estimated a total loss of $50 to $100 million.
⚠️ How Philip Cummings stole thousands of passwords:
Cummings’ scam was one of the earliest examples of a data breach. This is where criminals access a company’s database and then sell stolen sensitive information for a profit.
Today, major data breaches happen nearly every single day. In 2021, the number of data compromises rose a staggering 68% [*]. Companies like Facebook, Linkedin, T-Mobile, and more have leaked billions of pieces of data.
How to protect yourself from a data breach:
Unfortunately, there’s not much you can do to protect your sensitive data once it’s stored with a company. Instead, the best approach is to limit the amount of information you provide to companies. Be especially careful with who you give sensitive data to, such as your Social Security number (SSN) or banking information.
Then, keep an eye on your credit report for suspicious activity. You’re allowed a free credit report check (from Experian, Equifax, and TransUnion) every year on AnnualCreditReport.com.
Or better yet, sign up for a credit monitoring service. These services constantly monitor your credit file, bank account, credit cards, and more for signs of fraud.
Pro tip: Sign up for credit monitoring as part of an identity theft protection service. Aura monitors all your accounts and sends notifications of suspicious activity in near real-time.
3. The celebrity identity thief who went after Oprah, Spielberg, and more
Abraham Abdallah targeted America’s richest individuals with his internet identity fraud scheme. His victims included Steven Spielberg, Oprah Winfrey, and Warren Buffet.
A restaurant worker by day, Abdallah used early web-enabled phones and library computers to find sensitive information on his targets, including home addresses, date of birth, phone numbers, and SSNs.
Then, he submitted change-of-address requests to reroute their mail. Soon, he gained even more sensitive information, such as credit cards, investment accounts, and more.
⚠️ How Abraham Abdallah stole celebrity identities:
The critical piece in Abdallah’s identity fraud scam was what’s known as a change-of-address scam.
Fraudsters use your personal information to submit a request with USPS to reroute your mail. Before you can notice that your bills have stopped arriving, they’ve collected enough sensitive data to steal your identity and worse.
How to protect yourself from a change-of-address scam:
If it can happen to celebrities and billionaires, it can happen to you.
To stay safe from scammers like Abdallah, opt for digital statements for your bank, credit, and investment accounts. You want to keep your sensitive information out of your mailbox as much as possible.
Identity theft protection services may also include address monitoring. For example, Aura monitors USPS databases and will alert you if anyone is trying to change your address without your permission.
4. The mom who stole her daughter’s identity (to become a cheerleader)
If you had the chance to redo your life, would you take it?
That’s exactly what Wendy Brown tried to do when she stole her daughter Jaimi’s identity. Brown used her daughter's identity to enroll in high school and join the cheerleading squad.
She only got caught when the school called Jaimi's "old" school and discovered she'd never left. Brown was found not guilty by reason of mental disease or defect, and was committed to a psychiatric facility for three years.
⚠️ How Wendy Brown stole her child’s identity:
Unfortunately, child identity theft has become more and more common in the past few years. In 2021 alone, one in 50 children had their identity stolen with U.S. families losing almost $1 billion to scammers [*].
Children are an attractive target for criminals as few people monitor their child’s SSN. That means you won’t find out about the crime until your child applies for a credit card, student loans, or a driver’s license.
Even worse, the majority of child identity theft is by a parent or someone the child knows [*].
How to protect your child’s identity from scammers:
All a scammer needs to steal your child’s identity is their SSN. Make sure you keep their Social Security card safe and don’t give it out unless you absolutely have to.
You can also freeze your child’s credit until they’re 16 (and can legally apply for loans themselves). This will stop criminals from being able to open new accounts in their name.
For ultimate protection, sign up for a family identity theft protection plan. Aura monitors your child’s SSN for signs of fraud and will alert you if it’s been leaked to the Dark Web.
5. The stolen phone that turned a dream vacation into a nightmare
Picture yourself lying on a beach — the sun above you, a cold drink in your hand, and the waves lapping lazily on the shore. You reach into your back pocket to take a photo to make your friends jealous. But it’s not there.
When Aura VP Gaetano DiNardi had his phone stolen while on vacation in Mexico last year, it quickly turned his dream trip into a nightmare.
Within minutes, the thieves had locked him out of his email account and stolen over $12,000.
Even worse, he had no way of getting in touch with the fraud departments at his bank and other companies.
⚠️ How phone thieves can ruin your life:
Your phone is a goldmine of personal data for fraudsters and identity thieves. If a criminal gains access to it (and it’s not locked or protected with biometric security like Fingerprint ID), they can:
- Access your email and request new passwords or steal sensitive data.
- Bypass two-factor authentication (2FA) and access your most sensitive accounts.
- Transfer money out of your mobile banking apps, investment accounts, and crypto wallets.
- Find sensitive photos and videos that they can use for extortion.
- Discover enough of your personal information — phone number, passport, SSN, tax refund information, etc. — to commit identity theft.
How to protect yourself against phone theft and hacking:
First off, keep your phone with you at all times. Make sure you enable auto-lock and protect your phone with both a unique PIN and biometric security such as facial recognition.
Make sure you don’t store your passwords in your mobile browser either, as this gives scammers easy access to all your accounts. Instead, use a secure password manager and an authenticator app like Authy.
6. The Australian woman framed for an international assassination
Most people who steal your identity are only after your money. But that wasn’t the case for 27-year-old Australian Nicole McCabe. McCabe’s identity was found on fake passports used by suspects in the assassination of a top Hamas official — in Dubai.
Luckily, McCabe was quickly able to prove her innocence. She still had her passport and the photo used in the fake documents wasn’t her. Although there were records of “her” flying to locations that she’s never been to including Dubai.
⚠️ How identity thieves turned framed an innocent woman:
You may think that your passport is a secure document, but criminals can buy stolen SSNs, driver’s licenses, and passports on the Dark Web for as little as $2.
Even if you have your physical passport, hackers can use digital scans or templates to create a clone of your identifying documents.
How to protect your identity from international assassins:
While you’re probably not the target of international killers, they could still find your sensitive information.
To see what data is vulnerable, use a free Dark Web scanner. These tools scan databases and private forums on the Dark Web for your sensitive information. If you find compromised accounts, update your passwords and change account numbers before criminals can use them.
Of course, if someone has stolen your physical passport, you should report it to the government immediately.
7. The phishing attack that took down a presidential candidate
There’s no good time to become the victim of a phishing scandal, but right in the middle of a presidential election has to be one of the worst times.
John Podesta was the chairman of Hillary Clinton’s presidential campaign when he fell for a phishing scam.
The Russian hackers sent an email posing as Google and asked Podesta to change his password due to an alleged hacking attempt. However, the link went to a malicious website that gave the hackers access to his email account. Once they got in, the hackers released thousands of private and damaging emails — right before the election.
⚠️ How hackers tricked a politician into giving them access to his inbox:
While phishing emails are often easy to spot, scammers have improved their schemes. In this case, Podesta was the victim of spear phishing. This is a type of cyber attack where criminals learn about their victim and craft a scam they’re more likely to fall for.
The hackers knew that Podesta would be nervous about a potential hack right before the election. And they used his fears against him to gain access to his account.
How to protect yourself from phishing emails:
A whopping 96% of phishing attacks happen via email [*]. So, it’s important to know the red flags that can tip you off to a potential scam. In particular, you should be on the lookout for:
- The sender’s name and “from” email address don’t match.
- The email comes from an unexpected or alternative domain (for example, “Google-support.com” instead of “Google.com”).
- It uses threatening language to create a sense of urgency and get you to act quickly.
- It includes strange or scrambled links or unexpected attachments.
- There are spelling and grammatical errors.
- The email claims to be from a government agency such as the IRS.
If you’re at all uncertain about the legitimacy of an email, contact your company’s IT team to make sure it’s safe.
8. The basketball game burglary scam
One Reddit user shared an elaborate burglary story that happened to a family in her hometown.
First, the burglars stole a grill from the family’s back patio. But then returned it a few days later with a note saying their son had a problem with stealing. To apologize, they included tickets to an NBA game as a gift.
The family used the tickets to attend the game two hours away from their hometown. Upon returning, they found their entire house was robbed while they were away. Anything of value, including cash, electronics, and jewelry, was missing.
⚠️ How the basketball game burglary scam worked:
The scammers in this story used a classic “too good to be true” offer to cloud their victim’s judgment. While the offer of NBA tickets seemed like a nice surprise, they were designed to get the victims to act without thinking properly
Many other scams use this same technique. Scammers will offer hard-to-find items for low prices and then ask you to pay them in wire transfers, gift cards, or cryptocurrencies. Or they might offer a $1000 prize for completing a survey that requires you to give them your bank information and SSN.
In both cases, you feel like you’re on the winning end of the deal, when really you’re getting scammed.
How to avoid losing every item you own to scammers:
Remember the golden rule of fraud prevention: If something seems too good to be true, it probably is.
9. The fake Craigslist roommate scam that tricked a journalist
Reporter Christopher Wheelock got scammed while looking for a temporary residence.
After replying to a Craigslist ad for a roommate, Wheelock received a response from a landlord named “Kathy Castillo.” She asked him to wire a $200 application fee through a cash app that only accepted debit payments.
After sending the $200, he received another request for the deposit and first month’s rent, totaling $1,100. Fortunately, he saw the red flags and identified the real estate firm that managed the property.
He called and discovered that no one named Kathy Castillo was associated with the property. Even worse, the real owners had not created a Craigslist post. While he could not get his initial $200 back, he did avoid sending the scammers any more money.
⚠️ How the fake Craigslist ad scam works:
Online marketplaces are easy targets for scammers. Fraudsters can create fake profiles and ask for payment using methods that can’t be traced or reversed. In the case of this scam, all the fraudster had to do was steal photos from an old (legitimate) listing and put up an ad.
How to avoid getting scammed on online marketplaces:
Whenever possible, try to meet a seller in public before sending them money. If they won’t meet up or demand payment through a wire transfer or service like Zelle or Venmo, those are huge red flags.
You can also Google their name and reverse image search their profile photos to see if they match. Scammers will often steal profile photos to create fake accounts.
10. The scammer selling stolen cars on Facebook marketplace
When Cody Kneipp needed a fuel-efficient car to make deliveries, he turned to Facebook Marketplace. There, he found a car offered for sale by a man listed as “Yoni” on Facebook — but who said that he went by another name.
Kneipp met the seller in person to purchase the car and paid $3,500 cash. The seller gave him the car’s signed title and original key, so everything seemed above board. It wasn’t until Kneipp registered the car at the DMV that he discovered it had been listed as stolen.
He brought it to the police department. They told him that the original owners had gone on vacation and left the car title and a spare key in the glove box.
⚠️ How the stolen used car scam works:
While this fraud story was simply a case of vehicle theft, scammers have found easy ways to make stolen cars look legitimate. Title washing is when scammers create a fake title for a vehicle that either changes the car’s status (for example, from salvaged to clear) or VIN.
How to safely buy a used car:
To verify ownership of a used car before you purchase, you can ask for an online VIN history and compare the car owner’s name to a valid form of ID from the seller.
If you want to be absolutely sure, ask the seller to meet you at the DMV where you can review the documents before going through with the purchase.
11. The fake hostage phone call scam
Indiana police are warning citizens of a scary new scam after a woman reported receiving a fake hostage call about her mother.
The victim, who chose to remain unnamed, received a phone call in the middle of the night that seemed to come from her mom. When she answered, a man addressed her using her name — and claimed that he was holding her mom hostage with a gun to her head. The scam victim could hear a woman in the background screaming.
The caller said he needed cash to get home and threatened to hurt her mom if the victim didn’t send money via Venmo. So she complied and sent $1,500 over Venmo.
After the thieves hung up, the victim called her mom back only to discover that she was completely fine, and there was no hostage situation.
⚠️ How the fake hostage phone call scam works:
Scammers use phone calls all the time as they’re an easy way to create urgency and trick their victims into acting. In this scam, the fraudsters “spoofed” their phone number to look like it was coming from the victim’s mother.
How to avoid being the victim of a virtual kidnapping scam:
The FBI has reported an increase in virtual kidnapping scams, and offers the following tips for protecting you and your family:
- Don’t ever make your travel plans, dates, or locations public online.
- Create a code word with your loved ones that they can use if they’re really in trouble.
- When in doubt, hang up and call bank on their number.
If you get a call like the one reported here, be aware of potential red flags. Callers who only accept wire transfers are probably scammers. If something seems off, you can keep the caller on the phone while calling or texting the person supposedly in trouble.
12. The SIM swapping scam that cost a YouTuber’s family $40,000
YouTuber Jacy Erin’s ID theft story starts with her mom’s email address.
Hackers broke into Erin’s mom’s email account and stole sensitive information like her credit card information and phone number. They then contacted her phone service provider to have all incoming calls to Erin and her parents rerouted to their phone.
Erin caught the hackers early and changed the phone service back. However, a few days later, Erin’s dad checked his credit card bill to find that scammers had spent almost $40,000 in less than a week.
The credit card company’s calls to verify the strange purchases had gone straight to the scammers.
⚠️ How scammers rerouted their victim’s phone number:
Unfortunately, SIM swapping is a common scam that’s easy for fraudsters to pull off. All they need to do is find out enough information about you to convince your phone provider to “port” your number to a different phone.
Once the swap is complete, they’ll receive all your calls and texts. This lets them bypass security features like fraud alerts and two-factor authentication codes.
How to keep your phone (and bank account) safe from scammers:
You can lock your SIM or phone number to your account with your provider. Just call them and ask to set up a secure PIN on your account.
You should also be on the lookout for signs of email hacking. For example, if your friends receive spam messages from you, you can’t access your account, or there’s login activity from suspicious locations. If any of these happen to you, change your passwords and enable 2FA immediately.
💡 Related: How To Know if Your Phone Is Hacked →
13. The malware virus that robbed one man of almost $1,000,000
Dave Crouse is one example of how identity theft can completely derail someone’s life.
Crouse noticed one of the classic signs of identity theft: unfamiliar charges on his bank statement. The charges started small; but they jumped into the hundreds, and then into the thousands six months later.
Even after he closed his bank account and opened a new one, hackers made online purchases and opened new accounts using his bank information.
Ultimately, they spent $900,000 on merchandise, phone services, and gambling sites in Crouse’s name — and new accounts in his name kept appearing.
⚠️ How scammers stole every new account that Crouse made:
According to his bank, the hackers likely got all of his information from keystroke malware. This is a type of cyber threat that infects your devices and tracks every letter you type. Hackers hide keylogging malware in free apps or trick you into installing it with phishing links.
How to avoid malware and keep your devices safe:
To reduce your chances of experiencing this kind of attack, use antivirus (AV) software to protect your devices against malware.
You can also set up two-factor authentication (2FA), making it harder for scammers to access your accounts even if they have your password.
Pro tip: Protect all your devices with antivirus software. Aura constantly scans your devices for malware and protects you against hackers.
14. The scammer with 500+ identities
In his teens, Frédéric Bourdin hitchhiked around Europe, crafting fake identities of lost teenagers to gain access to orphanages.
After the European police began to catch on, Bourdin called the police from Spain, claiming to be a lost boy from the United States. The Spanish Embassy contacted the National Center for Missing and Exploited Children. They gave him the name of a missing boy: Nicholas Barclay.
Bourdin dyed his hair and got tattoos that altered his appearance to look like Barclay before meeting the boy’s family. Surprisingly, they welcomed him with open arms. Even the FBI were tricked into believing he was the lost boy.
But eventually, blood tests proved that Bourdin wasn’t the Barclays lost child. He was arrested for passport fraud and perjury and deported to France in 2003.
⚠️ How Bourdin got away with so many impersonation scams:
Nowadays, family impersonation scams mostly happen online and target vulnerable people like grandparents. It’s as simple as calling someone under someone else’s name and pretending to have an emergency.
How to avoid being the victim of a family impersonation scam:
Don’t be tricked into believing someone is who they say they are — especially via text message, social media message, or other online formats. Scammers can hijack accounts to fool you into believing they’re someone they’re not.
Always double-check with other family members before taking action.
Pro tip: Protect your entire family against identity theft. Aura’s family plan protects your entire family against identity theft, fraud, and malware.
15. The EminiFX crypto scheme that funded its founder’s lavish lifestyle
Cryptocurrency schemes are now one of the most common types of fraud [*].
One major crypto scammer is Eddy Alexandre of New York. Alexandre has been accused of running a Ponzi scheme using his crypto platform, EminiFX.
EminiFX promised crypto investors a “guaranteed” return of 5% or more each week. Ultimately, Alexandre collected $59 million from individual “investors”. But there’s little evidence that he used the money for the advertised purposes.
According to the Justice Department, Alexandre invested $9 million in individual stocks, losing more than $6.2 million. It appears the bulk of the money he collected helped fund his luxurious lifestyle.
⚠️ How crypto investment scams work:
Scammers love cryptocurrencies due to the lack of regulation and confusion in the industry. They create a sense of FOMO (fear of missing out) by promising huge returns but then either steal any money that people “invest” or use it to pay out earlier investors to keep the scam running (i.e., a ponzi scheme).
Crypto investment scams are especially common on platforms like Telegram and in online dating scams.
How to avoid a crypto (or any other investment) scam:
High-yield virtual investment offers can seem tempting. But anyone who advertises a guaranteed return could be a scammer.
Don’t Want To Get on This List? Protect Yourself Against Identity Theft
These horror stories demonstrate the various creative ways fraudsters can steal your identity.
To protect yourself and your family from identity theft, keep your accounts and sensitive information secure, avoid risky situations, and learn the warning signs of phishing. And for ultimate protection, consider an all-in-one digital security solution.
With Aura, you get:
- Financial fraud protection. Aura monitors your credit and bank accounts in near-real time and alerts you of fraud 4X faster than the competition.
- Instant credit lock. Lock and unlock your Experian credit file with one click from your desktop or mobile app.
- Identity theft protection. Aura can alert you if an online account has been compromised, will monitor your SSN for signs of fraud, and can even reduce the amount of spam calls and emails you receive.
- Device and Wi-Fi protection for all your devices. Keep your computer, phone, and home network safe from hackers with powerful antivirus software and a military-grade Virtual Private Network (VPN).
- Family identity theft monitoring for up to five people including children and adults.
- $1,000,000 in coverage for eligible losses due to identity theft. If the worst happens, Aura will be there to walk you through the needed steps to secure your identity and get back on your feet.
Save time, avoid stress, and enjoy peace of mind by letting the pros take care of your digital safety.