Emerging ThreatsData Breaches

Identity Crimes Evolve into Multi-Layered Fraud Schemes

Analyst 207||Source: SecurityMag
Person sitting at desk with laptop and smartphone, surrounded by papers in a blurred office setting.

"Identity crimes are becoming multi-layered because one successful compromise now gives criminals reusable access across multiple systems." — Patrick Harr, CEO at DataVisor

Identity Theft Resource Center’s 2026 Trends in Identity Report: scope and headline numbers

The Identity Theft Resource Center’s 2026 Trends in Identity Report finds that identity crimes increasingly cascade into multiple, simultaneous frauds rather than remaining isolated incidents. Approximately a quarter of victims (25.6%) dealt with two or more concurrent events — a figure the report says represents a 23.5% increase from the year prior. The report also documents shifts in how victims are targeted and what happens after compromise.

Unauthorized device access and AI-enhanced outreach

The report highlights rising unauthorized access to computers and mobile devices. Patrick Harr at DataVisor explains why that matters: "The phone or laptop is now the control center for a person’s digital identity," he said, adding that if "a fraudster gets onto the device, or into the cloud account tied to it, they may gain access to logged-in apps, stored credentials, messages, MFA flows, and recovery paths." Harr warns this access is more valuable than compromising single accounts and that "AI is accelerating that trend by helping criminals create more convincing, personalized outreach at scale and by making fake identities, fake profiles, and impersonation cheaper to operate."

Financial loss changes the equation: resolution rates collapse

The report draws a stark line between incidents that result in monetary loss and those that do not. Among victims with no financial loss, 53% were able to find a resolution. That success rate falls sharply once money moves: among victims who suffered financial loss, only 9% found resolution. And for the worst-off cohort, "0% of those who experienced three or more financial repercussions found a resolution." Harr ties this to monetization: "Cases with financial loss are much harder to resolve because the crime has already moved from compromise to monetization," he said, noting that tracing funds often means following money through multiple accounts and fast payment rails across institutions.

Fraudulent employment and detection by financial institutions

The report highlights particular abuses and who is detecting them. Fraudulent employment is identified as the most common crime against minors, accounting for 40% of misuse cases involving children; the report notes minors’ clean identities and sparse credit histories make them attractive for synthetic identity fraud and employment-related misuse. On detection, financial institutions identified a larger share of attempted misuse cases, at 28.6% of incidents referenced by the report.

What this means for technologists, enterprises, and consumers

  • Technologists and security teams: The report and DataVisor’s commentary emphasize that identities — and devices tied to those identities — are the new perimeter. Defenders will be watching for vectors that convert device footholds into downstream fraud (logged-in apps, stored credentials, MFA recovery paths) and for AI-driven spoofing and synthetic profiles that lower the cost of large-scale impersonation.
  • Enterprises and procurement leaders: BeyondTrust’s James Maude cautions that organizations sometimes accept customer identity compromise as a cost of convenience: "Many customer facing organizations will quickly write off losses associated with compromised customer identities" because added friction can be seen as a competitive disadvantage. Procurement teams will need to weigh that trade-off explicitly when choosing customer authentication and anti-fraud tools.
  • Consumers and families: The report signals special risk for children’s identities. Patrick Harr notes that "children’s SSNs are especially attractive" for building synthetic profiles, and the report flags that minors are frequently targeted for fraudulent employment. At the same time, James Maude points to underreporting driven by stigma: "there is often a social stigma or element of shame that leads to reduced reporting."

Two clear threads run through the report and the experts’ comments: first, a single successful compromise is rarely a single crime any longer — it is the opening move in a chain that can end in account takeover, new-account fraud, employment misuse, and monetary loss across institutions. Second, once money has moved, victims’ chances of finding resolution drop precipitously. That combination — expanded attack surface tied to devices and identities, plus the accelerating role of AI in enabling convincing impersonation — frames the immediate challenge for defenders and for policy and consumer protections going forward.

Original story: https://www.securitymagazine.com/articles/102364-identity-crimes-have-become-multi-layered

Artificial IntelligenceEmerging ThreatsIdentity TheftFraud SchemesIdentity CrimesMulti-Layered FraudDevice CompromiseCybercrime Trends
Related Intelligence

Continue Reading

Rows of computer servers and storage equipment in a brightly-lit server room.

VRChat Breach Exposes Data of 2.4M Users

A massive data breach at VRChat has exposed the sensitive information of over 2.4 million users, leaving them vulnerable to potential cyber threats. This alarming incident highlights the importance of online security and data protection.

Analyst 207
Law enforcement officials surround computer screens displaying cryptocurrency transactions.

Europol Disrupts AudiA6 Crypto-Laundering Service Linked to $380 Million Ransomware Scheme

Europol has dismantled a massive cryptocurrency laundering operation, known as AudiA6, that handled over $380 million in illicit funds for ransomware actors and cybercriminals. The service promised anonymity, but actually took a 3-10% cut to clean and return tainted assets in just an hour.

Analyst 207
Person examines AI study guide materials with a concerned expression at home desk.

Malware Campaign Exploits AI Demand with Fake Guides and Dev Tools

Cyber attackers are now disguising malware as legitimate AI learning guides and developer tools, tricking professionals into opening malicious files that look like trusted educational content. They've been distributing booby-trapped archives labeled as AI study guides and developer tools, such as fake AI-ready PostgreSQL and agentic coding guides.

Analyst 207
Virtual reality gamers interact in a futuristic environment with a subtle hint of a server room breach in the background.

VRChat Breach Exposes 2.4M User Records

A recent data breach at VRChat has compromised 2.4 million user accounts, exposing sensitive info like usernames, email addresses, and login histories, which could be used to target users with malicious attacks. Fortunately, passwords, payment details, and government IDs appear to be safe, but users are still advised to be cautious.

Analyst 207