8 major identity theft cases
Identity theft reaches well past your wallet — thieves can drain bank accounts, ruin credit scores, and pin crimes on innocent people. Below are some of the most famous identity theft stories, which show how diverse and damaging this crime can be.
- AI voice cloning kidnap hoax (Jennifer DeStefano’s case)
- Stolen passport used in spy operation (Nicole McCabe’s case)
- Podesta email hack (John Podesta’s case)
- Billionaire impersonation scam (Abraham Abdallah’s case)
- High school imposter scam (Wendy Brown’s case)
- Credit report data leak (Philip Cummings’ case)
- EminiFX crypto Ponzi scheme (Eddy Alexandre’s case)
- The Tinder Swindler (Shimon Hayut’s case)
1. AI voice cloning kidnap hoax (Jennifer DeStefano’s case)
Most people assume identity theft means a stolen credit card or a drained bank account. But scammers don’t always go after your money directly — sometimes they manufacture a crisis to make you hand it over yourself.
Jennifer DeStefano, an Arizona mother, picked up a call that sounded exactly like her 15-year-old daughter — sobbing, terrified, and pleading for help. A man’s voice cut in, claiming he’d kidnapped her and demanding a ransom immediately. Her daughter was safe at home the entire time.
Scammers had used AI voice cloning to replicate her daughter’s voice from social media audio. They spoofed the caller ID and gathered enough personal details to make the threat feel real. CNN reported on the identity theft case in April 2023.2
AI scams are spreading because the tools are cheap and accessible. Criminals need only a short audio clip — a public video, a voice message, or a social media story — to clone a voice. Targets often panic and send money before they stop to verify whether the person is actually in danger.
2. Stolen passport used in spy operation (Nicole McCabe’s case)
Most identity theft is driven by greed. McCabe’s case was different — her identity was stolen for a political operation.
In 2010, Nicole McCabe — an Australian woman living in Israel — learned from a radio news bulletin that her name appeared among suspects in the assassination of Mahmoud Al-Mabhouh, a Hamas leader, in Dubai. Her passport details had allegedly been stolen and used by the Israeli secret service Mossad to carry out the operation.
McCabe had done nothing wrong. She wasn’t at the scene and had no involvement. But her stolen identity placed her at the center of an international scandal. She was eventually cleared, but no one was ever publicly identified or prosecuted for the theft.3
3. Podesta email hack (John Podesta’s case)
One phishing email helped shape the outcome of the 2016 US presidential election. The target was John Podesta, Hillary Clinton’s campaign chairman.
Podesta received an email that looked like a legitimate Google security alert. The message warned him that his account had been accessed and prompted him to reset his password through a link.
The link led to a fake login page. When he entered his credentials, hackers gained full access to his email account. The hackers then leaked thousands of private emails, which shifted public perception during the campaign.
The attack didn’t require sophisticated malware or a zero-day exploit — a flaw that attackers can use before the vendor patches it. A convincing email was enough. The criminals responsible were never arrested.4,5
4. Billionaire impersonation scam (Abraham Abdallah’s case)
Abraham Abdallah had a specific type of target in mind — Forbes magazine’s list of the world’s wealthiest people. His crimes were serious enough that the judge told him he could face up to 288 years in prison.
His targets included Steven Spielberg, Oprah Winfrey, Warren Buffett, and Michael Bloomberg. Abdallah accessed these people’s personally identifiable information (PII) and stole their identities using publicly available records and social engineering tactics.
Abdallah allegedly used mobile phones and virtual voicemail services to track packages ordered in his victims’ names and to read their messages from anywhere in the US. The New York Police Department believes he cloned identities, created fake addresses for deliveries, and raided personal bank accounts.
Before authorities caught him in 2001, Abdallah had attempted to steal over $80 million. Police found nearly 21,000 fraudulent or blank credit cards at his home, along with hundreds of celebrities’ home addresses and Social Security numbers (SSNs).
He pleaded guilty to 12 charges, including wire and mail fraud, credit card fraud, conspiracy, and identity theft.6,7
5. High school imposter scam (Wendy Brown’s case)
Wendy Brown’s story is one of the strangest cases of identity theft on record — and it had nothing to do with money.
In 2010, a 33-year-old woman in Wisconsin used her 15-year-old daughter’s birth certificate and SSN to enroll in high school. She wanted to relive her teenage years, join the cheerleading squad, and experience adolescent life again.
Brown attended classes, socialized with students, and attempted to blend in until school officials uncovered the deception. A court later found her not guilty of stealing her own daughter’s identity by reason of mental illness.8
6. Credit report data leak (Philip Cummings’ case)
Philip Cummings didn’t need to hack into a financial institution — he worked for one. As a help desk employee at a company that provided software for banks and lenders to access credit reports, Cummings had legitimate access to the company’s database.
Over several years, he exploited that access to download consumer credit reports and sold them to identity thieves. The thieves used the data to open fraudulent credit card accounts and take out loans in victims’ names.
By the time authorities caught him, his scheme had affected more than 33,000 people and caused millions of dollars in financial loss. He was sentenced to 14 years in prison in 2004.9,10,11
7. EminiFX crypto Ponzi scheme (Eddy Alexandre’s case)
Eddy Alexandre presented himself as a visionary. He told thousands of investors that his platform, EminiFX, used an automated trading system to deliver at least 5% in weekly returns — virtually guaranteed with minimal risk.
In reality, EminiFX was a Ponzi scheme, a type of investment scam. Alexandre used money from new investors to pay earlier ones and redirected millions for personal use. He targeted members of the Haitian-American community with promises of financial security. He exploited the trust within that community, which made recruitment faster and harder to question.
EminiFX scammed investors out of over $240 million. In 2023, Alexandre pleaded guilty to financial identity theft and fraud charges and received a nine-year prison sentence.12,13,14
8. The Tinder Swindler (Shimon Hayut’s case)
Shimon Hayut built a fake persona and used it to drain the finances of women who trusted him. On dating apps, Hayut operated under the name Simon Leviev and posed as the son of Israeli diamond billionaire Lev Leviev.
He portrayed himself as a wealthy, globe-trotting businessman who had fallen into danger and needed urgent financial help. He promised to repay the women every cent but never did.
Instead, he used money from one victim to fund the lifestyle that helped him attract the next target. He left many women in serious debt, with some taking out large personal loans on his behalf.
Romance scams use emotional manipulation as the primary weapon, and Hayut refined that method across multiple targets and countries. Authorities caught him, but he served only five months in prison.15,16
How many identity theft cases occur each year?
Identity theft reports to the FTC have grown dramatically over the past two decades, with a sharp surge in 2020 and a peak in 2021. The table below covers four key years to show how the scale of the problem has evolved.
| Metric | 201917 | 202018 | 202119 | 202420 |
|---|---|---|---|---|
Identity theft reports received by the FTC | 650,572 | 1,388,532 | 1,434,477 | 1,135,291 |
Share of all FTC reports | 20% | 29% | 25% | 18% |
Most popular type reported | Credit card fraud | Government documents or benefits fraud | Government documents or benefits fraud | Credit card fraud |
Although the total count dropped between 2021 and 2024, it remains above one million reports per year. For comparison, in 2001, the FTC received only 86,250 reports.18 The data also covers US residents only, so the true global number of cases is higher.
How to avoid becoming a victim of identity theft
Identity fraud rarely happens at random. Thieves exploit specific habits — oversharing online, reusing passwords, and ignoring early warning signs. The steps below address those vulnerabilities.
- Protect your accounts with strong authentication. Use a unique password for every account — a password manager like NordPass can handle this job for you. Enable multi-factor authentication (MFA) on every account that supports it, especially email, banking, and social media.
- Limit what information you share publicly. Scammers mine social media profiles for the details that security questions rely on, such as your pet’s name, your hometown, and your mother’s maiden name. Audit your privacy settings on Facebook, Instagram, and LinkedIn and remove personal details that don’t need to be public.
- Know the warning signs of identity theft. These include unfamiliar charges on your bank or credit card statements, errors on your credit report, expected bills or other mail that stops arriving, notifications for accounts you didn’t create, and a sudden, unexplained drop in your credit score.
- Be cautious with unsolicited contact. Scammers impersonate banks, government agencies, and employers through phishing emails and phone calls. Never click a link in an unexpected email to reset a password — go directly to the website instead. If someone calls claiming to be from the IRS or your bank and asks for sensitive data, hang up and call the official number listed on the organization’s website.
- Freeze your credit file if you suspect fraud. A credit freeze stops anyone from opening new accounts in your name and is free to place at all three major bureaus. Contact Equifax, Experian, and TransUnion separately to place one. It won’t affect your existing accounts, and you can lift it temporarily if you need to apply for new credit.
- Use identity theft protection services. An identity theft protection service like Coveron monitors your personal information — including your SSN, email address, and bank statements — and alerts you to suspicious activity. If you do become a victim, identity theft recovery support may cover up to $1 million in recovery costs, and online fraud coverage may reimburse up to $10,000 in eligible losses from scams.
PRO TIP
If you’re ever notified that your information was exposed in a data breach, don’t wait for fraud to appear. Freeze your credit immediately, change the passwords for any accounts tied to the exposed email address, and check your credit report at annualcreditreport.com for any accounts you don’t recognize.
Get notified and act immediately.
30-day money-back guarantee
FAQ
References
1 Federal Trade Commission. (2026, April 2). Identity theft reports. Tableau Public. https://public.tableau.com/app/profile/federal.trade.commission/viz/IdentityTheftReports/TheftTypesOverTime
2 Karimi, F. (2023, April 29). ‘Mom, these bad men have me’: She believes scammers cloned her daughter’s voice in a fake kidnapping. CNN. https://edition.cnn.com/2023/04/29/us/ai-scam-calls-kidnapping-cec
3 News Wires. (2010, February 27). British police probe passports used in Hamas murder. France 24. https://www.france24.com/en/20100227-british-police-probe-passports-used-hamas-murder
4 CBS News. (2016, October 28). The phishing email that hacked the account of John Podesta. https://www.cbsnews.com/news/the-phishing-email-that-hacked-the-account-of-john-podesta/
5 BBC News. (2016, October 27). 18 revelations from Wikileaks’ hacked Clinton emails. BBC News. https://www.bbc.com/news/world-us-canada-37639370
6 Martinson, J. (2001, March 21). US hacker ‘duped the rich and famous’. The Guardian. https://www.theguardian.com/technology/2001/mar/21/hacking.security
7 Burkeman, O. (2002, October 5). New York man admits internet scam to defraud celebrities of $80m. The Guardian. https://www.theguardian.com/technology/2002/oct/05/internetnews.usnews
8 State v. Wendy A. Brown. (2010, July 7). Justia. https://law.justia.com/cases/wisconsin/court-of-appeals/2010/51759.html
9 Federal Bureau of Investigation. (2004, October 18). No Ordinary Case of Identity Theft [Archived]. https://archives.fbi.gov/archives/news/stories/2004/october/uncoveridt_101504
10 Sullivan, B. (2004, September 14). Man pleads guilty in huge ID theft case. NBC News. https://www.nbcnews.com/id/wbna6001526
11 US Department of Justice. (2002, November 25). U.S. Announces What Is Believed The Largest Identity Theft Case In American History; Losses Are In The Millions [Archived]. https://www.justice.gov/archive/criminal/cybercrime/press-releases/2002/cummingsIndict.htm
12 US Department of Justice. (2022, May 12) CEO Of Cryptocurrency And Forex Trading Platform Charged With Fraudulent Scheme Involving Over $59 Million [Press release]. https://www.justice.gov/usao-sdny/pr/ceo-cryptocurrency-and-forex-trading-platform-charged-fraudulent-scheme-involving-over
13 US Department of Justice. (2023, February 10). CEO Of Cryptocurrency And Forex Trading Platform Pleads Guilty To Over $240 Million Scheme To Defraud Investors [Press release]. https://www.justice.gov/usao-sdny/pr/ceo-cryptocurrency-and-forex-trading-platform-pleads-guilty-over-240-million-scheme
14 US Department of Justice. (2023, July 18). CEO Of Cryptocurrency And Forex Trading Platform Sentenced To Nine Years In Prison For $240 Million Scheme To Defraud Investors [Press release]. https://www.justice.gov/usao-sdny/pr/ceo-cryptocurrency-and-forex-trading-platform-sentenced-nine-years-prison-240-million
15 Peterson-Withorn, C. (2022, February 9). Tinder Swindler Simon Leviev Claimed To Be The Son Of A Diamond Billionaire. Meet The Very Real (And Very Rich) Lev Leviev. Forbes. https://www.forbes.com/sites/chasewithorn/2022/02/09/tinder-swindler-simon-leviev-claimed-to-be-the-son-of-a-diamond-billionaire-meet-the-very-real-and-very-rich-lev-leviev/
16 The Times of Israel. (2019, October 7). ‘Tinder Swindler’ extradited back to Israel to face charges. https://www.timesofisrael.com/tinder-swindler-extradited-back-to-israel-to-face-charges/
17 Federal Trade Commission. (2020, January). Consumer Sentinel Network data book 2019. https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2019/consumer_sentinel_network_data_book_2019.pdf
18 Federal Trade Commission. (2021, February). Consumer Sentinel Network data book 2020. https://www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-data-book-2020/csn_annual_data_book_2020.pdf
19 Federal Trade Commission. (2022, February). Consumer Sentinel Network Data Book 2021. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN+Annual+Data+Book+2021+Final+PDF.pdf
20 US Department of Justice. (2010, March 26) Leader of Hacking Ring Sentenced for Massive Identity Thefts from Payment Processor and U.S. Retail Networks [Press release]. https://www.justice.gov/archives/opa/pr/leader-hacking-ring-sentenced-massive-identity-thefts-payment-processor-and-us-retail