Identity thieves are favoring device takeovers over scams, according to the latest trends report released Tuesday by the Identity Theft Resource Center (ITRC).
For the first time, unauthorized device access has surpassed scams as the primary threat for adults aged 35 to 64, according to the San Diego-based nonprofit organization founded to provide identity theft victim assistance and consumer education.
Unauthorized access to computers and mobile devices increased by 78% year-over-year from 15.3% of all identity compromises to 27.2% of all compromises, noted the report, which is based on 9,253 cases from 6,188 individuals who contacted the ITRC between April 1, 2025 and March 31, 2026.
The report added that over the same period, scams involving the sharing of personal information declined from 43.1% to 36.1% of compromises.
“While consumers are becoming savvier to the growing number of scams, exploiting devices is still something that many consumers miss, given how reliant we’ve become on them,” Paige Schaffer, CEO of Iris Powered by Generali, a global cybersecurity and identity protection company, told TechNewsWorld.
“Our phones have effectively become our digital identity — and our computers by extension,” added Diana Rothfuss, director of global strategy and innovation for risk, fraud, and compliance solutions at SAS, an analytics and AI software company in Cary, N.C.
“Our devices hold our credentials, session tokens, behavioral patterns, the sites we frequent,” she told TechNewsWorld. “They’re a gateway to our financial lives, the digital services we use, our email and social media accounts, and so on.”
“Compromise your device, and unbeknownst to you, the fraudster has ongoing access to everything,” she continued, “a virtual key to your kingdom.”
High-Value Entry Point
Maanas Godugunur, senior director for fraud and identity at LexisNexis Risk Solutions, a global data analytics and services company, agreed that the rise in unauthorized device access reflects a broader shift in how people live and transact digitally.
“Today, critical aspects of everyday life within banking, payments, health care, and communication are all accessed through connected devices, making those devices a single, high-value point of entry for fraudsters,” he told TechNewsWorld.
“At the same time, phishing and social engineering attacks have become more sophisticated and convincing, making it easier for individuals, regardless of age or background, to unknowingly grant access to their devices,” he continued. “These attacks often appear to come from trusted sources, increasing the likelihood that users will engage with malicious links or applications.”
The increase in unauthorized device access is not driven by a single factor, but rather a combination of increased digital reliance, expanding attack surfaces, and more effective deception techniques, he explained.
“As a result, unauthorized device access is becoming a preferred attack vector because it provides persistent access and enables fraudsters to operate across multiple accounts and activities over time,” he said.
The industrialization of fraud is the core driver of unauthorized access, maintained Neha Narkhede, CEO of Oscilar, an AI risk decisioning company headquartered in Palo Alto, Calif. “These are no longer isolated actors improvising from a laptop,” she told TechNewsWorld. “Many operations function like corporations, with org charts, specialized teams and scripts that are continuously tested and refined. The shift to hacked devices over scams is one signal of that maturity.”
Chris Boehm, chief technology officer at Zero Networks, an automated microsegmentation, zero-trust networking, identity-based access control, and secure remote access provider in Tel Aviv, Israel, also pointed out that there’s a good reason unauthorized device access is a primary threat to the 35-to-64 demographic.
“That age band is where the money lives,” he told TechNewsWorld. “Net worth peaks there — real credit, retirement balances, home equity, accounts everywhere.”
“Younger people are still building wealth and retirees are spending it down,” he explained. “It’s also the most connected group, running personal banking and work off the same devices. So one compromised phone opens both your savings and a path into your employer.”
“Attackers aren’t stumbling into this demographic,” he added. “They picked it because it’s the best return on effort.”
One Breach, Multiple Victims
The ITRC report also revealed that identity crimes have evolved from isolated events into multi-layered crises, with 25.6% of victims now managing two or more concurrent incidents, up from 23.5% the previous year.
“Identity crimes are no longer isolated, single events,” ITRC Chief Operating & Programs Officer Mona Terry said in a statement. “They are becoming increasingly complex.”
“It is not just about the number of crimes, but also the pattern they follow,” she continued. “A single compromise can trigger a chain reaction that spreads across multiple accounts and institutions, making it much harder for people to recover.”
Identity theft is no longer a single-event crime, added Ensar Seker, CISO of SOCRadar, a threat intelligence company in Newark, Del. “A compromised identity today can trigger a cascade of secondary attacks across banking, health care, government, employment, social media, and digital services,” he told TechNewsWorld.
“The combination of large-scale data breaches, infostealer malware, credential marketplaces, and AI-powered social engineering allows criminals to continuously reuse stolen information across multiple fraud schemes,” he said. “As a result, victims are increasingly dealing with account takeovers, financial fraud, new account fraud, tax fraud, and impersonation attacks simultaneously rather than independently.”
From Hacking to Credential Abuse
Scam operations have stopped being single-channel, observed Ken Duggan, founder of Spam Detective, a scam database website. “The same operators run convergent infrastructure,” he told TechNewsWorld. “They rotate phone numbers, spin up clusters of lookalike domains, and reuse scripts across text, voice, and email.”
“A victim isn’t hit by a single scam,” he said. “They’re hit by one node in a web that also reaches their inbox, their phone, and their device.”
“That’s why an isolated identity-theft event now cascades into a multi-layered crisis,” he explained. “The infrastructure behind it was already layered.”
Marike Kuyper, manager for content marketing and education at TrendLife, the consumer business unit of Trend Micro, a global cybersecurity company, noted that one thing that stands out in the ITRC’s findings is how significantly the consumer threat model has shifted.
“The conventional advice, including watching for suspicious emails and not sharing your password, was built for a simpler era,” she told TechNewsWorld. “Today’s threats are more sophisticated, more personalized, and increasingly AI-assisted.”
AI-enabled technologies and deepfakes are making scams more realistic than ever before, added Roger Grimes, CISO advisor at KnowBe4, a security awareness training provider in Clearwater, Fla. “All an attacker needs is a picture of someone and six seconds of audio, and they can make a realistic deepfake video of them saying and doing anything,” he told TechNewsWorld.
In all the analysis of the current identity theft landscape, there’s one thing that everyone keeps missing, contended Zero Networks’ Boehm. “They’re not hacking people anymore, they’re logging in,” he declared. “It’s cheaper, it’s faster, and it works.”
“We’re still building defenses for someone breaking down the door, while the door is wide open and they’re walking in with our own credentials,” he said. “Until identity is treated as the front line instead of an afterthought, these numbers are only going to go one way.”
Read the full article here
