The Most Unbelievable Identity Theft Stories of All Time

You Won't Believe These Identity Theft Horror Stories

It’s a fact: 40% of Americans believe that they are a victim of identity theft [*]. But while many criminals are content to break into your bank account, max out your credit card, or take out loans in your name, some carry on with disturbing persistence.

The most unbelievable identity theft stories range from criminals writing fake cheques during a globe-trotting crime spree to pretending to be a family’s long-lost child to evade criminal charges.

Unfortunately, most victims of fraud and identity theft think it could never happen to them — until it does.

Here’s a look at nine unbelievable scams that illustrate how creative con artists can be and how you can protect yourself and your family from the worst-case scenario that is identity theft.

9 Unbelievable Identity Theft Stories

1. The “Tinder Swindler” who scammed lonely lovers
2. The credit check fraudster who stole 33,000 identities
3. The celebrity identity thief who went after Oprah
4. The mom who stole her daughter’s identity
5. The phishing attack that targeted a presidential candidate
6. The scammer selling stolen cars on Facebook
7. The fake hostage phone call scam
8. The SIM swap scam that cost a YouTuber $40,000
9. The EminiFX crypto scheme

1. The “Tinder Swindler” who scammed lonely lovers out of millions

Shimon Hayut is the subject of the Netflix documentary The Tinder Swindler, and he’s one of the most brazen scammers on this list. 

Hayut posed as a wealthy businessman on Tinder, and used his lavish lifestyle to impress women and build relationships. Soon after, he would tell his current target that business rivals were threatening his life and ask for credit cards and loans.

Hayut maxed out cards and didn’t repay the loans, leaving many of his victims straddled with crippling debt. The Israeli Times estimates that he defrauded his victims for a total of $10 million.

How the Tinder Swinder’s scam worked:

While Hayut’s scam seems made for our times, it’s really just a variation of an age-old scheme: the romance scam.

In a romance scam, con artists pose as wealthy and attractive individuals to gain their victim’s trust. Once they build rapport, they start asking for gifts, money, and favors. A total of 72,806 people were victims of romance scams in 2022 [*].

How to avoid becoming the victim of a romance scam:

There are several romance scammer red flags to watch out for. But there’s one in particular that gives them away: scammers like to move fast.

Romance scammers will often profess feelings of love quickly. They’ll pressure you to admit you feel the same way and then start asking for money or to invest in a “guaranteed” investment.

If you want to stay safe, just remember: never give money to someone you’ve only ever met online — no matter the reason.

📚 Related: New Netflix Scams: Why Someone Could Be After Your Account →

2. The credit check fraudster who stole 33,000 identities

In 2004, Philip Cummings pleaded guilty to one of the largest identity theft cases in the United States.

Cummings worked a desk job at Teledata Communications, Inc. in Long Island, New York, where he helped companies run routine credit checks. When he left his job, he packed up his belongings — along with the confidential passwords that belonged to 33,000 customers.

With the help of an accomplice, Cummings sold this sensitive data to criminals who used it to drain bank accounts and commit credit card fraud.

The U.S. Department of Justice estimated a total loss of $50 to $100 million due to this scam.

How Philip Cummings stole thousands of passwords:

Cummings’ scam was one of the earliest examples of a data breach. This is where criminals access a company’s database and then sell stolen sensitive information for a profit.

Major data breaches happen nearly every single day, especially in healthcare. Stolen personally identifiable information (PII) or a health record with the policyholder’s name and payment information could be used to commit medical identity theft.

How to protect yourself from a data breach:

The best way to prevent medical identity theft is to limit the amount of information you provide to companies. Be especially careful with where you share your Social Security number (SSN) or banking information.

Then, keep an eye on your credit report for suspicious activity. You’re allowed a free credit report check (from each of the three credit bureaus — Experian, Equifax, and TransUnion) every year on AnnualCreditReport.com.

Or better yet, sign up for a credit monitoring service. These services constantly monitor your credit file, bank account, credit cards, and more for signs of fraud.

📚 Related: Someone Stole My Tax Refund Check! What Should I Do? →

3. The celebrity identity thief who went after Oprah, Spielberg, and more

Abraham Abdallah targeted America’s richest individuals with his internet identity fraud scheme. His victims included Steven Spielberg, Oprah Winfrey, and Warren Buffet. 

A restaurant worker by day, Abdallah used early web-enabled phones and library computers to find sensitive information on his targets, including home addresses, date of birth, phone numbers, and SSNs.

Then, he submitted change-of-address requests to reroute their mail. Soon, he gained even more sensitive information, such as credit cards, investment accounts, and more.

How Abraham Abdallah stole celebrity identities:

The critical piece in Abdallah’s identity fraud scam was what’s known as a change-of-address scam.

Fraudsters use your personal information to submit a request with USPS to reroute your mail. Before you can notice that your bills have stopped arriving, they’ve collected enough sensitive data to steal your identity and worse. 

How to protect yourself from a change-of-address scam:

If it can happen to celebrities and billionaires, it can happen to you. 

To stay safe from scammers like Abdallah, opt for digital statements for your bank, credit, and investment accounts. You want to keep your sensitive information out of your mailbox as much as possible. 

Identity theft protection services may also include address monitoring. For example, Aura monitors USPS databases and will alert you if anyone is trying to change your address without your permission. 

4. The mom who stole her daughter’s identity (to become a cheerleader)

If you had the chance to redo your life, would you take it?

That’s exactly what Wendy Brown tried to do when she stole her daughter Jaimi’s identity. Brown used her daughter's identity to enroll in high school and join the cheerleading squad.

She only got caught when the school called Jaimi's "old" school and discovered she'd never left. Brown was found not guilty by reason of mental disease or defect, and was committed to a psychiatric facility for three years.

How Wendy Brown stole her child’s identity:

Unfortunately, child identity theft has become more and more common in the past few years. Just last year, 915,000 children fell victim to ID fraud [*].

Children are an attractive target for criminals as few people monitor their child’s SSN. That means you won’t find out about the crime until your child applies for credit cards, student loans, or a driver’s license.  

Even worse, the majority of child identity theft is committed by a parent or someone the child knows [*].

How to protect your child’s identity from scammers:

All a scammer needs to steal your child’s identity is their SSN. Make sure you keep their Social Security card safe and don’t give it out unless you absolutely have to.

You can also freeze your child’s credit until they’re 16 (and can legally apply for loans themselves). This will stop criminals from being able to open new accounts in their name.

For ultimate protection, sign up for a family identity theft protection plan. Aura monitors your child’s SSN for signs of fraud and will alert you if it’s been leaked to the Dark Web.

5. The phishing attack that targeted a presidential candidate

There’s no good time to become the victim of a phishing scandal, but right in the middle of a presidential election has to be one of the worst times.

John Podesta was the chairman of Hillary Clinton’s presidential campaign when he fell for a phishing scam.

Russian hackers sent an email posing as Google and asked Podesta to change his password due to an alleged hacking attempt.

However, the link went to a malicious website that gave the hackers access to his email account. Once they got in, the hackers released thousands of private and damaging emails — right before the election.

How hackers tricked a politician into giving them access to his inbox:

While phishing emails are often easy to spot, scammers have improved their schemes. In this case, Podesta was the victim of spear phishing. This is a type of cyber attack where criminals learn about their victim and craft a scam they’re more likely to fall for.

The hackers knew that Podesta would be nervous about a potential hack right before the election. And they used his fears against him to gain access to his account.

How to protect yourself from phishing emails:

Those organizations that haven’t experienced any data breaches to date invest the most in email security [*]. But as a consumer, do you know the red flags that can tip you off to a potential scam? In particular, you should be on the lookout for:

• The sender’s name and “from” email address don’t match.
• The email comes from an unexpected or alternative domain (for example, “Google-support.com” instead of “Google.com”).
• It uses threatening language to create a sense of urgency and get you to act quickly.
• It includes strange or scrambled links or unexpected attachments.
• There are spelling and grammatical errors.
• The email claims to be from a government agency such as the IRS.

If you’re at all uncertain about the legitimacy of an email, contact your company’s IT team to make sure it’s safe.

6. The scammer selling stolen cars on Facebook Marketplace

When Cody Kneipp needed a fuel-efficient car to make deliveries, he turned to Facebook Marketplace. There, he found a car offered for sale by a man listed as “Yoni” on Facebook —  but who said that he went by another name. 

Kneipp met the seller in person to purchase the car and paid $3,500 cash. The seller gave him the car’s signed title and original key, so everything seemed above board. It wasn’t until Kneipp registered the car at the DMV that he discovered it had been listed as stolen. 

He brought it to the police department. They told him that the original owners had gone on vacation and left the car title and a spare key in the glove box.

How the stolen used car scam works:

While this fraud story was simply a case of vehicle theft, scammers have found easy ways to make stolen cars look legitimate. Title washing is when scammers create a fake title for a vehicle that either changes the car’s status (for example, from salvaged to clear) or VIN. 

How to safely buy a used car:

To verify ownership of a used car before you purchase, you can ask for an online VIN history and compare the car owner’s name to a valid form of ID from the seller. 

If you want to be absolutely sure, ask the seller to meet you at the DMV where you can review the documents before going through with the purchase.

7. The fake hostage phone call scam

Indiana police are warning citizens of an unsettling new scam after a woman reported receiving a fake hostage call about her mother. 

The victim, who chose to remain unnamed, received a phone call in the middle of the night that seemed to come from her mom. When she answered, a man addressed her using her name — and claimed that he was holding her mom hostage with a gun to her head. The scam victim could hear a woman in the background screaming. 

The caller said he needed cash to get home and threatened to hurt her mom if the victim didn’t send money via Venmo. So she complied and sent $1,500 over Venmo.

After the thieves hung up, the victim called her mom back only to discover that she was unharmed, and never held hostage. 

How the fake hostage phone call scam works:

Scammers use phone calls all the time as they’re an easy way to create urgency and trick their victims into acting. In this scam, the fraudsters “spoofed” their phone number to look like it was coming from the victim’s mother. 

But how do they know who to call? There’s more than enough information in your online footprint and on social media for scammers to find a vulnerable target.

How to avoid being the victim of a virtual kidnapping scam:

The FBI has reported an increase in virtual kidnapping scams, and offers the following tips for protecting you and your family:

• Don’t ever make your travel plans, dates, or locations public online.
• Create a code word with your loved ones that they can use if they’re really in trouble.
• When in doubt, hang up and call back on their number. 

If you get a call like the one reported here, be aware of potential red flags. Callers who only accept wire transfers are probably scammers. If something seems off, you can keep the caller on the phone while calling or texting the person supposedly in trouble.

8. The SIM swapping scam that cost a YouTuber $40,000

YouTuber Jacy Erin’s ID theft story starts with her mother’s email address.

Hackers broke into Erin’s mother’s email account and stole sensitive information including her credit card information and phone number. They then contacted her phone service provider to have all incoming calls to Erin and her parents rerouted to their phone.

Erin snuffed out the hackers early and changed back their phone service. However, a few days later, Erin’s father realized that the scammers had spent almost $40,000 using his credit card.

The credit card company’s calls to verify the strange purchases had gone straight to the scammers.

How scammers rerout their victim’s phone number:

Unfortunately, SIM swapping is a common scam that’s easy to pull off for fraudsters. All they need to do is harvest enough information about you to convince your phone provider to “port” your number to a different phone.

Once the swap is complete, the scammers will receive all your calls and texts. This lets them bypass security features like fraud alerts and two-factor authentication codes.

How to keep your phone (and bank account) safe:

You can lock your SIM or phone number to your account with your provider. Just call them and ask to set up a secure PIN on your account.

You should also be on the lookout for signs of email hacking. For example, your friends receive spam messages from you, you can’t access your account, or there’s login activity from suspicious locations. If any of these happen to you, change your passwords and enable two-factor authentication (2FA) immediately.

📚Related: How To Know if Your Phone Is Hacked →

9. The EminiFX crypto scheme that funded its founder’s lavish lifestyle

According to the FBI, EminiFX chief executive officer, Eddy Alexandre ran an elaborate cryptocurrency Ponzi scheme that racked up over $6 million in losses.

EminiFX promised crypto investors a “guaranteed” return of 5% or more each week. Ultimately, Alexandre collected $59 million from individual “investors”. But there’s little evidence to show that he used the money for the advertised purposes.

According to the Justice Department, Alexandre invested $9 million in individual stocks, losing more than $6.2 million. It was also later discovered that the bulk of the money he collected helped fund his luxurious lifestyle.

How crypto investment scams work:

Scammers love cryptocurrencies due to the lack of regulation and hazy nature of the industry. They contrive a fear of losing out by promising huge returns but then either steal any money that people “invest” or use it to pay out earlier investors to keep the scam running (i.e., a Ponzi scheme).

Crypto investment scams are especially common on platforms like Telegram and in online dating scams.

How to avoid a crypto (or any other investment) scam:

High-yield virtual investment offers can seem tempting. But anyone who advertises a guaranteed return could be a scammer.

Protect Yourself Against Identity Theft With Aura

These horror stories demonstrate the various creative ways fraudsters can steal your identity. 

To protect yourself and your family from identity theft, keep your accounts and sensitive information secure, avoid risky situations, and learn the warning signs of phishing. And for ultimate protection, consider an all-in-one digital security solution.

With Aura, you get:

• Financial fraud protection. Aura monitors your credit and bank accounts in near-real time and alerts you of fraud four times faster than the competition. 
• Instant credit lock. Lock and unlock your Experian credit file with one click from your desktop or mobile app.
• Identity theft protection. Aura can alert you if an online account has been compromised, monitor your SSN for signs of fraud, and even reduce the amount of spam calls and emails you receive. 
• Device and Wi-Fi protection for all your devices. Keep your computer, phone, and home network safe from hackers with powerful antivirus software and a military-grade Virtual Private Network (VPN). 
• Family identity theft monitoring for up to five people including children and adults. 
• $1,000,000 in coverage for eligible losses due to identity theft. If the worst happens, Aura will be there to walk you through the remediation process to help secure your identity and get you back on your feet. 

Ready for ironclad identity theft protection? Try Aura free for 14 days.