Employment Identity Theft: When Someone Works Under Your Name

Employment identity theft occurs when a fraudster uses another person's Social Security number, name, or other identifying credentials to obtain employment. This form of identity fraud creates cascading damage across tax records, government benefit eligibility, and criminal history files — harm that often goes undetected for months or years. The identity protection providers sector addresses this variant as a distinct category from financial identity theft, with its own recovery pathways and regulatory contacts.

Definition and scope

Employment identity theft is defined as the unauthorized use of a victim's personally identifiable information (PII) — most commonly a Social Security number (SSN) — for the purpose of gaining employment authorization or establishing a work record. The Internal Revenue Service recognizes this as a specific subcategory of tax-related identity theft, because wages earned by an impersonator are reported under the victim's SSN, generating erroneous income tax obligations (IRS, Identity Theft Central).

The scope extends beyond tax liability. When an impersonator works under a stolen identity, that work record may affect:

The Federal Trade Commission's IdentityTheft.gov platform separates employment-related identity theft from credit and financial identity theft in its recovery planning tools, reflecting the distinct agency contacts and dispute processes involved. The Fair Credit Reporting Act (15 U.S.C. § 1681) governs credit file errors but does not govern SSA earnings records or IRS wage transcripts — remediation requires parallel processes across at least 3 federal agencies in most cases.

How it works

Employment identity theft typically follows a four-phase sequence from credential acquisition through harm manifestation:

  1. Credential acquisition — The fraudster obtains a victim's SSN through a data breach, dark web purchase, phishing, or document theft. SSNs issued before 2011 followed a predictable area-number-group format, making them easier to reconstruct; the SSA moved to randomized issuance in June 2011 to reduce this vulnerability (SSA, SSN Randomization).

  2. Employment authorization fraud — The fraudster presents the victim's SSN on IRS Form W-4 and Form I-9 (Employment Eligibility Verification, required under 8 U.S.C. § 1324a). If the employer uses E-Verify, the fraudster typically pairs the SSN with a matching name to avoid a mismatch flag.

  3. Wage reporting — The employer reports wages to the IRS and SSA under the victim's SSN. This creates a discrepancy between income the victim reports on their tax return and total wages attributed to their SSN — a gap the IRS may flag as underreported income.

  4. Discovery and fallout — Victims most commonly discover employment identity theft when they receive an IRS CP2000 notice (underreporter inquiry), a Form 1099 or W-2 for an employer they never worked for, or a denial of unemployment benefits based on wages they never earned.

Common scenarios

Employment identity theft manifests across distinct operational contexts, each with different points of failure and recovery:

Unauthorized work authorization is the most prevalent scenario: a person without legal authorization to work in the United States uses a borrowed or purchased SSN to pass I-9 verification. The victim bears no immigration liability but faces IRS and SSA record corrections.

Tax fraud via false wages occurs when the impersonator earns income that generates a tax event. The IRS may send the victim a notice demanding tax on wages they never received. Resolution requires filing IRS Form 14039 (Identity Theft Affidavit) and requesting a wage and income transcript to identify the erroneous employer.

Benefits fraud through employment records involves using accumulated fake work history to fraudulently claim unemployment insurance, Social Security disability benefits, or state-administered benefits. The Social Security Administration's Office of the Inspector General (SSA OIG) investigates benefit fraud tied to misused SSNs.

Criminal identity theft at the employer level is a less common but severe variant: the fraudster uses a victim's identity when arrested or cited by law enforcement while on a job site, resulting in criminal records appearing under the victim's name in background check databases.

The contrast between passive and active discovery is operationally significant. Passive discovery — where a victim learns of the fraud through a tax notice or SSA earnings statement — typically means the fraud has been active for at least one full tax year. Active discovery — through regular review of SSA earnings records at ssa.gov/myaccount — can surface unauthorized employment within months.

Decision boundaries

Determining the appropriate remediation path requires routing across multiple agencies, and the boundaries between their jurisdictions are firm.

The IRS handles tax record correction and issues Identity Protection PINs (IP PINs) to prevent future fraudulent returns. It does not correct SSA earnings records. The SSA corrects earnings records only upon receiving documentation from employers or through its own audit process — the victim must contact SSA separately, regardless of any IRS resolution.

The Department of Homeland Security's E-Verify program (dhs.gov/e-verify) maintains its own mismatch resolution process. A fraudulent E-Verify confirmation does not automatically trigger notification to the victim.

State workforce agencies administer unemployment insurance records independently. Fraudulent unemployment claims require separate disputes with the relevant state agency, not with the IRS or SSA.

For background check errors stemming from criminal identity theft, the relevant Federal Trade Commission mechanism is a dispute under the Fair Credit Reporting Act directed at the consumer reporting agency maintaining the criminal record file. The FTC's IdentityTheft.gov generates customized recovery plans that sequence these parallel disputes — a structured starting point covered in the overview.

Employment identity theft victims who also experience credit file damage face two separate remediation tracks: the employment/tax track through IRS, SSA, and DHS; and the credit track through the three major credit bureaus and the FCRA dispute process. These tracks do not share documentation or resolution timelines. Professionals operating within the identity protection sector who specialize in employment identity theft recovery typically hold credentials or experience spanning both tracks.

 ·   · 

References

Read Next

Identity Protection Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Providers The identity... Identity Protection Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Network: Purpose and Scope... Medical Identity Theft: Risks and Recovery ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Medical Identity Theft: Risks and Recovery...