Senior Identity Theft: Targeting of Older Americans

Adults aged 60 and older represent one of the most heavily targeted demographic segments in U.S. identity fraud, combining factors of asset accumulation, fixed-income financial patterns, and historically lower exposure to digital fraud detection tools. The Federal Trade Commission's Consumer Sentinel Network and the FBI's Internet Crime Complaint Center (IC3) both track elder fraud as a distinct reporting category, reflecting the scale and structural specificity of the problem. This page covers the definition and regulatory scope of senior identity theft, the mechanisms by which it operates, the dominant fraud scenarios affecting older Americans, and the classification boundaries that distinguish senior-targeted identity crime from general identity theft.

Definition and scope

Senior identity theft is the unauthorized acquisition and fraudulent use of personally identifying information belonging to individuals aged 60 or older, a threshold used by the FBI's Elder Fraud Initiative and codified in the Elder Justice Act (42 U.S.C. § 1397j et seq.), which established elder fraud as a distinct federal enforcement priority.

The scope of regulated response spans multiple federal agencies:

• The Federal Trade Commission administers IdentityTheft.gov and maintains elder-specific fraud reporting pathways under 15 U.S.C. § 45.
• The Consumer Financial Protection Bureau (CFPB) publishes elder financial exploitation guidance and coordinates with state Adult Protective Services agencies.
• The Department of Justice operates the National Elder Fraud Hotline through the Office for Victims of Crime, which logged over 90,000 elder fraud complaints in a single fiscal year (DOJ Elder Fraud Enforcement, 2023 Annual Report).
• The Social Security Administration Office of Inspector General (SSA-OIG) investigates fraud involving Social Security numbers and benefit accounts belonging to elderly victims.

Senior identity theft intersects with, but is not equivalent to, general elder abuse. The distinction turns on whether the harmful act involves identity credential compromise — Social Security numbers, Medicare ID numbers, financial account credentials — as opposed to direct financial exploitation through coercion or manipulation without identity takeover.

How it works

Senior-targeted identity theft operates through both technical and social-engineering channels, often combining them in sequenced attack patterns. The mechanism typically follows four phases:

1. Targeting and profiling — Perpetrators identify candidates through publicly accessible data (obituaries, property records, voter rolls), data broker databases, or through pre-existing relationships. Older adults with consistent mailing addresses, established credit histories, and predictable financial schedules present lower-variance targets.

2. Credential acquisition — The Social Security number remains the primary credential at risk, often obtained through phishing calls impersonating the Social Security Administration or Medicare, mail theft from physical correspondence, or data purchases from compromised broker databases. The SSA-OIG documents impersonation fraud as the leading acquisition vector in elder cases (SSA-OIG Fraud Advisories).

3. Account takeover or new account fraud — Acquired credentials are applied either to take over existing financial or medical accounts or to open new credit lines, utility accounts, or government benefit claims. The CFPB distinguishes these as existing account fraud versus new account fraud, a classification with direct implications for remediation under the Fair Credit Reporting Act (15 U.S.C. § 1681c-2).

4. Monetization and concealment — Proceeds are extracted through wire transfers, gift card purchases, or benefit redirections. Concealment often involves structuring transactions to fall below bank reporting thresholds established by the Bank Secrecy Act (31 U.S.C. § 5313).

The social-engineering layer exploits cognitive and social factors specific to older adults: trust in institutional authority figures, unfamiliarity with caller ID spoofing, and reduced exposure to real-time fraud alerts through mobile banking applications. These are structural vulnerabilities in the fraud attack surface, not individual failures.

Common scenarios

The IC3 and FTC Consumer Sentinel Network identify the following as dominant elder identity fraud scenarios in the United States:

Medicare and health insurance fraud — Fraudsters obtain Medicare Beneficiary Identifiers (MBIs), which replaced Social Security numbers on Medicare cards under the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA), to bill for fictitious medical services or obtain prescription drugs.

SSA impersonation scams — Callers falsely identify as SSA agents and claim a Social Security number has been suspended due to criminal activity, coercing the victim into confirming their number or making payments. SSA-OIG issued a specific advisory classifying this as the most-reported government impersonation fraud type.

Deceased identity theft — Identities of recently deceased older adults are harvested from public death records and used to file fraudulent tax returns, open credit accounts, or claim benefit payments before financial institutions and credit bureaus update their records. The IRS Identity Protection Specialized Unit addresses this through the Deceased Taxpayer Program.

Romance and relationship-based identity takeover — Extended online or telephone relationships are used to gain trust, ultimately leading to voluntary disclosure of financial credentials or account access. The FBI IC3 2022 Elder Fraud Report recorded losses exceeding $3.1 billion attributed to elder fraud victims, with confidence/romance fraud accounting for a significant segment.

Tax refund fraud — Fraudulent federal and state tax returns are filed using an older adult's Social Security number before the legitimate return is submitted. The IRS issues Identity Protection PINs (IP PINs) as a mitigation tool, described in IRS Publication 5367.

Decision boundaries

Correctly classifying a senior identity theft case determines which regulatory frameworks apply, which agencies have jurisdiction, and which identity protection services are relevant for remediation.

Elder identity theft vs. general identity theft — The distinction is not purely definitional. Elder cases may activate jurisdiction for the DOJ Elder Fraud Initiative, state Adult Protective Services mandatory reporting obligations, and specialized recovery pathways at the FTC and CFPB that are not available to younger victims. Age 60 is the federal threshold in most enforcement contexts.

Elder identity theft vs. elder financial exploitation — Identity theft requires credential compromise as the mechanism of harm. Elder financial exploitation — addressed under the Elder Justice Act and state equivalents — covers direct transfers through undue influence, abuse of power of attorney, or caretaker theft without credential takeover. Overlap exists when both occur simultaneously, and resources verified in this network differ depending on which harm category predominates.

Civil vs. criminal tracks — Credit-related identity fraud remediation proceeds through consumer protection law (FCRA, CFPB channels, credit bureau disputes). Criminal referrals involve FBI, FTC, SSA-OIG, or state attorneys general depending on the fraud type. Some cases require parallel engagement with both tracks, particularly where new account fraud has created reportable credit damage alongside a criminal matter.

Proactive monitoring vs. post-incident response — Older adults who have not experienced a confirmed fraud event but are at elevated risk may use credit freezes under 15 U.S.C. § 1681c-1 and IRS IP PIN enrollment without first documenting a breach. Post-incident response requires FTC affidavit filing, credit bureau dispute procedures, and potentially SSA number replacement processes — a materially different service pathway covered in the .