Senior Identity Theft: Targeting of Older Americans and Prevention

Adults aged 60 and older represent a disproportionately targeted demographic in identity theft schemes across the United States, accounting for a substantial share of reported fraud losses each year. The Federal Trade Commission's Consumer Sentinel Network documents elder fraud as one of the fastest-growing categories of financial crime, with older Americans losing over $3.4 billion to fraud in 2023 (FTC Consumer Sentinel Network Data Book 2023). This page describes the structure of senior-targeted identity theft — its defining characteristics, operational mechanics, common exploit patterns, and the boundaries that distinguish it from general identity fraud. Service seekers, elder care professionals, and researchers navigating this sector will find the landscape of threats and protective frameworks outlined here.

Definition and scope

Senior identity theft refers to the unauthorized acquisition and fraudulent use of an older adult's personally identifiable information (PII) — including Social Security numbers, Medicare or Medicaid account numbers, financial account credentials, and health insurance identifiers — for financial gain or other exploitation. The Federal Trade Commission (FTC) defines identity theft broadly as occurring when someone uses another person's information without permission to commit fraud or other crimes; elder-specific identity theft is distinguished by the targeting methods, vulnerability factors, and regulatory protections that apply specifically to this age cohort.

The scope of this crime intersects with the Elder Justice Act (42 U.S.C. § 1397j et seq.), which formally established federal definitions of elder abuse and financial exploitation. The Department of Justice's Elder Justice Initiative coordinates federal enforcement across agencies including the FBI, the Department of Health and Human Services (HHS), and the FTC. The FBI's Internet Crime Complaint Center (IC3) separately tracks elder fraud, reporting that Americans over 60 filed 101,068 complaints in 2023 with losses exceeding $3.4 billion — the highest total of any age group (FBI IC3 Elder Fraud Report 2023).

The identity theft providers maintained within this reference network categorize providers operating across elder fraud response, credit remediation, and identity restoration services for older adults.

How it works

Senior-targeted identity theft typically follows a structured exploitation sequence:

1. Reconnaissance — Perpetrators identify targets through public obituaries, social media, property records, Medicare marketing calls, or purchased data lists. Seniors who are recently widowed are particularly targeted because a spouse's Social Security number may remain active in systems for a period following death.

2. Contact and trust-building — Fraudsters establish contact by telephone, email, postal mail, or in-person visits posing as government officials, grandchildren in distress, utility companies, or financial advisors.

3. Credential harvesting — Victims are induced to disclose Social Security numbers, Medicare Beneficiary Identifiers (MBIs), bank account numbers, or login credentials. The Centers for Medicare and Medicaid Services (CMS) introduced the new MBI format in 2018 specifically to replace Social Security-based Medicare card numbers and reduce this vector.

4. Account takeover or new account fraud — Stolen credentials are used to open new lines of credit, redirect benefit payments (Social Security, pension, Veterans Administration), file fraudulent tax returns, or submit false Medicare claims.

5. Monetization and extraction — Funds are withdrawn, gift cards purchased, wire transfers executed, or credit accounts maxed before the victim detects the breach.

The financial services regulatory framework under the Gramm-Leach-Bliley Act (15 U.S.C. § 6801 et seq.) imposes data security obligations on financial institutions that, when violated, create pathways for elder credential theft. The identity-theft-provider network-purpose-and-scope page outlines how service categories in this sector are classified for provider network purposes.

Common scenarios

Four exploit patterns account for the majority of elder identity theft cases documented by the FTC and FBI:

• Medicare and health insurance fraud — Fraudsters bill Medicare for services never rendered using a beneficiary's MBI. CMS's Program Integrity unit reported Medicare fraud totaling billions in improper payments annually (CMS Medicare Program Integrity, 42 C.F.R. Part 405).
• Government impersonation scams — Callers claim to represent the Social Security Administration (SSA) or IRS, alleging the senior's number has been "suspended" and demanding identity confirmation.
• Grandparent scams — A caller impersonates a grandchild in legal or medical trouble, requesting wire transfers or gift card codes while soliciting PII to "process" bail or emergency payments.
• Romance and caregiver fraud — Long-term trust relationships are built before financial exploitation begins; in caregiver scenarios, perpetrators may have legitimate physical access to documents, mail, or financial accounts.

Contrast — opportunistic vs. organized fraud: Opportunistic elder identity theft involves individual actors exploiting a single victim, typically through one-off scams. Organized elder fraud involves criminal networks operating call centers, purchasing victim lists, and processing stolen identities at scale. The FBI distinguishes these in enforcement priority, with organized schemes prosecuted under the Racketeer Influenced and Corrupt Organizations Act (18 U.S.C. § 1961 et seq.).

Decision boundaries

Determining whether a situation constitutes elder identity theft — as opposed to elder financial abuse, elder fraud, or account error — turns on specific definitional boundaries:

• Identity theft requires identity misuse: Financial abuse by a trusted person (such as misappropriation of funds by a power-of-attorney agent) does not constitute identity theft unless the perpetrator impersonated the victim or used the victim's credentials without authorization.
• Medicare fraud vs. identity theft: Billing fraud using an MBI constitutes medical identity theft; billing errors or upcoding by providers without misuse of patient identity fall under fraud but not identity theft.
• Regulatory jurisdiction boundaries: The FTC governs commercial fraud; the SSA Office of Inspector General (SSA OIG) handles SSA impersonation; CMS handles Medicare identity misuse; state Attorneys General enforce state elder fraud statutes, which in 46 states include specific elder financial exploitation laws as of 2022 (National Conference of State Legislatures, Elder Financial Exploitation Laws).

Referral to the how-to-use-this-identity-theft-resource section assists professionals and affected individuals in navigating service provider categories relevant to elder identity theft response.