Thieves Don't Want Your Money. They Want Something Worth More.
A stolen twenty spends once. Your date of birth, your Social Security number, the email you've used since 2009: those keep paying out, to a stranger, for years.
That gap sits behind a number that landed this spring. American adults lost $47 billion to identity fraud and scams in 2024, up $4 billion from the year before, according to a report from Javelin Strategy & Research, cosponsored by AARP and based on a survey of 5,023 adults. Of that, $27 billion came from identity fraud and $20 billion from scams.
But the dollar figure is only the aftermath. Jennifer Pitt, the Javelin analyst who wrote the report, names the mechanism plainly: "Information is more of a hot commodity than just money, because information can be used. You can sell information to get money, or use it to open new fraudulent accounts, or take over existing accounts."
Read that again as a thief would. Cash is a single event. Information is inventory.
Why data outvalues cash
When someone drains $500 from your checking account, that is the whole crime. When someone has your Social Security number, address, and birth date, the crime is just getting started. They can resell the package to other criminals, and they can use it themselves in two ways that are both growing fast.
The first is account takeover, where a thief talks or hacks their way into an account you already have. Those losses hit $15.6 billion in 2024, up from $12.7 billion the year before. The second is new-account fraud, where your details open accounts you've never heard of: a credit card, a loan, a phone plan in your name. That reached $6.2 billion, up from $5.3 billion.
Same leaked information. Two separate paydays. Sometimes more.
This is also why the damage often surfaces long after the breach that caused it. Stolen records sit on a list, get sold, get sold again. There were 3,158 data breaches in 2024, about the same as 2023 but nearly double the 1,801 of two years earlier. That is a growing pool of personal details in circulation, waiting to be matched to a name.
The 71 percent that changes the math
One number in the survey does the most work: 71 percent of people who lost money to a scam had also handed over personal information to the criminal.
That cuts against the usual story, where the loss is one bad click and a drained account. More often the money is one outcome and the information is another, and the information is the one that keeps costing you. It is why "I'll just watch my bank statement" is thin protection. The statement shows the accounts you already know about. The loan someone opened across the country never appears on it.
Pitt's rule for this is short: verify instead of trust. The reason is simple math: the request itself is now the most common opening move. Javelin found that 54 percent of identity-fraud victims in 2024 were first contacted by text, up from 49 percent. The inbox you check fastest is the one criminals reach for first.
Age raises the stakes. The Federal Trade Commission found that among fraud victims who gave their ages, people in their 70s reported a median loss of $1,000, against about $417 for those in their 20s, partly because older adults tend to have more to lose, and many scams are built to find them.
What actually protects the information
Because the asset is your data, the strongest moves limit what a leaked record can do. Trying to out-clever each scam in the moment is the weaker game.
- Freeze your credit. A freeze blocks new accounts from being opened in your name, which shuts down new-account fraud at its source. It is free, it does not touch your credit score, and you can lift it anytime. Set one up at each of the three credit bureaus.
- Turn on multifactor authentication. A password by itself is one breach away from useless. A second step, a code by text or, better, a code from an app, means a stolen password still is not enough to get in.
- Use a different password for every account. Reuse means one breach unlocks many doors. A password manager does the remembering for you.
- Don't act inside a text or email. If your "bank" messages you, open its app or call the number printed on your card. Verify through a channel you chose, never the one that reached you.
- Cover the basics on your devices. Use a VPN on public Wi-Fi, and lock every phone, tablet, and laptop with a PIN. Open networks can be read by strangers, and a lost phone without a passcode hands over everything on it.
A determined criminal can still buy your old data. These moves make it far harder to cash, and cashing it is the only part the thief actually cares about.
The $47 billion is real, and it is rising. The figure that should change your habits, though, is the 71 percent: proof that in most of these crimes, the money was never the prize. Your information was.
If you think you have been targeted, report fraud to the FBI's Internet Crime Complaint Center at IC3.gov and find step-by-step recovery help at the FTC's IdentityTheft.gov.