Fake Identity Monitoring Service
Fraudulent 'identity theft protection' services trick people worried about a breach into handing over their most sensitive data — the exact information real monitoring is supposed to protect — while charging a recurring fee for nothing.
Last reviewed: 5 July 2026
What this scam is
A fake identity monitoring service poses as a legitimate credit or dark-web monitoring provider, exploiting the genuine anxiety people feel after a publicized data breach or after receiving a real breach notification letter. The service offers a 'free scan' or 'free exposure check' that requires submitting the very sensitive data — Social Security number, full name, date of birth, existing account passwords — that real monitoring services only need in a hashed or partial form, if at all.
These operations often mimic the branding, layout, and language of well-known credit bureaux or monitoring companies closely enough to pass a casual glance, and they frequently advertise through search engine ads or emails timed to coincide with real breach news, so the offer feels timely and relevant rather than random.
Victims lose in two ways: their sensitive data is harvested directly by the scam operator for resale or further fraud, and they are enrolled in a recurring paid subscription that provides no actual monitoring, credit freeze, or protection — meaning the exact threat they were trying to guard against is left completely unaddressed while they pay monthly for false reassurance.
How it works
Operators time their outreach to real breach news cycles, sending emails, running search ads, or posting on social media offering a free check of whether the recipient's data was exposed. The link leads to a form requesting extensive personal details under the guise of 'verifying identity to search dark-web listings,' including data no legitimate free scan actually requires.
After submission, the site displays a generic, alarming result — often listing common breach sources that apply to nearly everyone — designed to create urgency. The victim is then directed to a paid subscription plan, sometimes with a low introductory price that increases after a trial period, positioned as the only way to get 'full protection' or 'remediation support.'
No credit monitoring, dark-web scanning, or bureau alerts are actually established. Some operations simply take the payment and vanish after a few billing cycles; others actively use the harvested Social Security number and personal details to commit further identity fraud, meaning the victim who sought protection has instead handed a criminal everything needed to attack them.
Why this scam works
The scam exploits the fact that genuine breach notifications create real, justified anxiety, and consumers who are told their data may already be exposed feel pressure to act immediately rather than research the offering carefully — the request to submit sensitive data 'to check if it matches' sounds logically consistent even though real monitoring tools never need your live password or full SSN in the clear to do their job. The polished branding borrowed from recognizable monitoring companies also lends false credibility that a hurried, worried person is unlikely to question.
A typical pattern
Shortly after a well-publicized data breach, a target receives an email claiming to be from an identity protection company stating their data was found on the dark web and offering a free scan. Following the link, the target enters their full name, date of birth, Social Security number, and current passwords 'so we can check for matches,' which is exactly the data the operators needed. The 'scan' produces an alarming list of supposed exposures and pushes the target toward a paid monthly subscription to 'fully protect' themselves. In reality, no legitimate monitoring ever occurs — the operators simply collected the victim's real credentials, which are then used or resold, and the victim continues paying a monthly fee for a service that does nothing.
Common red flags
- A 'free scan' asks for your full Social Security number or existing account passwords
- Urgent, alarming language claiming your data was 'found' with no specific verifiable detail
- Branding that closely resembles but does not exactly match a known monitoring company
- Pressure to subscribe immediately to 'stop' an ongoing threat
- No verifiable business registration, address, or customer service contact
- A low introductory price that silently increases after a trial period
- Inability to find independent, credible reviews of the service
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
URGENT: Your personal information was found on the dark web. Click here for a free scan now.
We detected your data in the recent [Company] breach. Verify your identity below to see your exposure report.
Your free trial protection period ends today — enter payment details to continue full monitoring.
[Fake Bureau Name]: Your credit file shows suspicious activity. Log in with your SSN to review.
Congratulations, you qualify for complimentary identity protection — confirm your details to activate.
Common variations
- Free dark-web scan requiring full SSN and existing passwords to 'check for matches'
- Email impersonating a known breach victim company offering 'free' monitoring enrollment
- Search ad mimicking a major credit bureau's name and branding
- Fake mobile app claiming to monitor credit and dark-web exposure
- Cold call following a real breach, offering enrollment in 'complimentary' protection that requires payment card details
How to verify before you act
Go directly to the official website of any credit bureau or monitoring company by typing the address yourself, never via a link in an email or ad, and log into or create an account there independently to check for genuine alerts. Legitimate monitoring services never ask you to submit your existing account passwords as part of a 'scan' — if a service requests this, it is not legitimate regardless of its branding. Verify any company's registration and reviews through independent consumer protection resources before subscribing to a paid plan.
Payment methods used
- Cryptocurrency
- Bank/wire transfer
- Gift cards
- Money transfer services
- Payment apps to 'friends & family'
Who is usually targeted
- Recent data breach notification recipients
- Older adults concerned about identity theft
- People searching online for 'am I in a data breach' tools
- Anyone who has previously been a fraud victim and fears recurrence
What to do immediately
- Stop all communication with the service and do not submit further information
- Contact your bank to dispute and cancel any recurring charges from the service
- Place a genuine credit freeze directly with the major credit bureaux
- Change passwords on any account whose password you submitted to the fake scan
- Monitor your bank, credit card, and credit report for unfamiliar activity
- Report the service to consumer protection and fraud reporting agencies
How to prevent it
- Navigate directly to known credit bureau or monitoring websites rather than clicking email or ad links
- Never submit an existing account password to any 'scan' or 'verification' tool
- Use free, official monitoring offered directly by the breached company, verified independently, when available
- Research any paid monitoring service's legitimacy through consumer protection review sites before subscribing
- Place your own credit freeze directly with the major bureaux rather than paying a third party to do it
- Be skeptical of urgency-driven 'your data has been found' messaging tied to news events
- Check bank and card statements for recurring charges from monitoring services you do not remember explicitly authorizing
Evidence to preserve
- The original email, ad, or message that led you to the service
- Screenshots of the 'scan results' and subscription terms
- Payment records and any recurring charge statements
- Correspondence with the service, including any refusal to cancel
- The website URL and any registration or contact details displayed
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I tell a real identity monitoring service from a fake one?
Navigate to it directly rather than through a link, check for verifiable business registration and independent reviews, and remember that a legitimate service will never ask for your existing passwords.
I already gave them my SSN and password — what should I do first?
Change the exposed password immediately, place a credit freeze with all three major bureaux, and monitor your accounts closely, since your SSN cannot be 'changed' but a freeze blocks new-account fraud using it.
Can I get a refund from a fake monitoring service?
Dispute the charge with your bank or card issuer citing the service as fraudulent or not as described; this is often more effective than requesting a refund directly from the operator.