Everyone is victimized or only the naïve? The conflicting discourses surrounding identity theft victimization

Identity theft and fraud in North America

Identity theft refers to the combined act of the theft and misuse of another person’s identity information (McNally and Newman, 2008). Technically, identity theft refers to the theft or illegal possession of the information while identity fraud refers to its misuse; nonetheless, the term identity theft is used interchangeably since the latter usually depends on the former (McNally and Newman, 2008).

Identity theft was first criminalized in the United States in the late-1990s and in Canada the following decade (Archer et al., 2012). Scholars have noted that the criminal codification of identity theft in the United States rendered a set of differing forms of fraud into a single crime category that has since been labeled the fastest growing crime (Cole and Pontell, 2006; Monahan, 2009). Although the forms of fraud included in the label have significant differences, this codification unites these crimes as a shared symbol in the view of the public (Monahan, 2009). Identity theft can originate in numerous ways. For example, victims’ information can be stolen and resold, breached through hacks of companies, or taken in phishing scams, where victims are viewed as having an active role in the incidents (Golladay, 2020). Moreover, identity theft can occur both offline or online, and following victimization, many victims are uncertain of how their information was obtained (Harrell, 2021; Turville et al., 2010).

In the United States, the National Crime Victimization Survey—Identity Theft Supplement (NCVS—ITS) collects information on victims of identity theft every 2 years. The most recent estimates from 2018 indicate that 9% of adults are victimized annually (Harrell, 2021: 1), which is a percent lower than 2016 (Harrell, 2019: 1) but an increase from 7% of adults in 2012 and 2014 (Harrell, 2017: 1; Harrell and Langton, 2013: 1). In Canada, there have been no representative surveys of identity theft victims since 2008, when Sproule and Archer (2008: 3) estimated that 1.7 million, or just under 7%, of Canadian adults were victimized in the previous year. Since then, police-reported rates of identity theft have been increasing in Canada (Moreau, 2021). The rising cases of identity theft have been attributed to the increased use of digital payment systems (Anderson et al., 2008), and most identity theft incidents in the United States involve the misuse of an existing account, including credit cards and banks (Harrell, 2021).

The consequences of identity theft vary considerably. Most victims of identity theft recuperate financial losses by contacting banks, credit card companies, or other companies (Copes et al., 2010), with only 12% of victims paying out-of-pocket costs in 2018 (Harrell, 2021: 10). However, resolving identity theft takes time, and while over half of incidents are resolved in under a day, other victims may spend months dealing with the issues (Harrell, 2021), and some are forced to miss work or cancel plans to resolve incidents (Identity Theft Resource Center, 2018). Moreover, identity theft often produces emotional consequences including anxiety, anger, and feelings of vulnerability and violation (Identity Theft Resource Center, 2018; Randa and Reyns, 2020). Some incidents can result in relational issues including familial stress (Identity Theft Resource Center, 2018), and some victims may experience physical problems such as difficulty sleeping, headaches, and pain (Identity Theft Resource Center, 2018; Randa and Reyns, 2020). Considering these consequences combined with its high prevalence, identity theft impacts millions of victims annually in various ways.

Fraud victimization: responsibility and blame

Several scholars have examined how discourses surrounding identity theft protection place responsibility on individual consumers. Discussions of identity theft prevention tend to focus on the individual’s role rather than structural, policing, or policy solutions (Cole and Pontell, 2006; Monahan, 2009). For example, Cole and Pontell (2006) observe that public messaging about identity theft tends to focus on the practices that individuals can take to protect themselves rather than some of the problematic ways that corporations and governments use identity information. Similarly, Monahan (2009) argues that the responsibility that is placed on individual consumers for self-protection against identity theft implies that citizens should not rely on the state for support, despite governments and private companies routinely using vulnerable information systems.

Whitson and Haggerty (2008) examine North American government, law enforcement, and financial sectors’ public messaging about identity theft, and they also find that the language places responsibility on individual consumers. They observe that individuals are simultaneously framed as responsible for identity theft prevention and as the actors in charge of resolving victimization if it occurs (Whitson and Haggerty, 2008). Moreover, they note that many of the practices recommended by these institutions exceed reasonable steps for one individual to manage along with the many other risks in modern life (Whitson and Haggerty, 2008).

While the self-protection discourse implies that identity theft victimization is preventable with the appropriate measures, it is simultaneously framed as inevitable (Cole and Pontell, 2006). Whitson and Haggerty (2008) find that institutions whose messaging positioned identity theft as individuals’ responsibility sometimes also framed identity theft as inevitable, even when suitable prevention measures are implemented. They argue that the messaging implies to citizens that “everyone is at risk; everyone will eventually be victimized, so here is what everyone should do to help themselves” (Whitson and Haggerty, 2008: 580). Cole and Pontell (2006) observe that although this framing may be similar to that of other emerging and technological crimes, this is not how traditional crimes are presented, “media accounts of murder and robbery, for example, are not generally followed by a set of bullet-point recommendations for how the reader or viewer can avoid becoming a victim” (p. 141).

When the discourse presents victims as those who have failed to protect themselves appropriately, it follows that victims can be blamed for their own victimization (Cole and Pontell, 2006). While victim blaming surrounds victims of gender-based violence, including intimate partner (Meyer, 2016) and sexual violence (Grubb and Turner, 2012; Randall, 2011), scholars have also found victim blaming and self-blame among victims of white-collar crimes (Shover et al., 1994). Moreover, there is evidence of victim-blaming discourses surrounding other forms of fraud, as well as embarrassment and self-blame by victims. In a study of fraud victims in the United Kingdom, Button et al. (2009) reported that some victims blamed themselves for incidents and reported embarrassment. More recently, Cross (2015) found pervasive blame among a sample of Australian seniors who received phishing, advance-fee, and romance fraud e-mails; this sample comprised both those who responded to e-mails and those who did not. Cross (2015) found that victim-blaming discourse surrounded victims of online fraud and presented victims as greedy or gullible for responding to the e-mails. Similarly, Burgard and Schlembach (2013) observed self-blame in their study identifying the stages of online fraud victimization. Many of the participants were victim to eBay scams, and some expressed anger toward themselves (Burgard and Schlembach, 2013). While victims of these types of fraud are often viewed as having an active role in their victimization since they must respond to the perpetrator, this view tends to downplay the level of sophistication involved in fraudsters’ techniques (Button and Cross, 2017; Cross, 2015; Drew and Cross, 2013).

There is evidence that these social attitudes toward victims of fraud have consequences for victim assistance. Button et al. (2009) found that some fraud victims opted not to report to police or other institutions due to feelings of shame and embarrassment, while other victims stated that law enforcement had no role in responding to their incident since it was their own fault. In the study of seniors, Cross (2015) notes that both victims and non-victims used humor to trivialize fraudulent e-mails, which can function as a barrier to help-seeking. Similarly, Burgard and Schlembach (2013) found that some victims of fraud expressed anger toward themselves, which led them to avoid reporting to police, other institutions, and even friends. Finally, in a more recent study of online fraud victims, Cross (2018) draws on Christie (1986) to argue that online fraud victims are not ideal victims, primarily because they are often framed as blameworthy. Christie’s (1986) ideal victim refers to those who are most likely to be accepted by broader society as true victims: typically, the weak, young, or old, and those who are innocent and blameless. For fraud victims, this lack of conformity to depictions of ideal victims can cause others to trivialize the harm a victim faces and can lead to difficulty accessing and receiving support (Cross, 2018). In sum, there appears to be a pervasive victim-blaming discourse surrounding certain forms of fraud, and it is expected that some identity theft victims may experience similar blame.

Current focus

The purpose of this paper is to present two main themes discovered in interviews with victims about identity theft in North America: that identity theft is understood as inevitable and that victims are often viewed as naïve or non-technologically savvy. This research stems from a broader study focusing on victims’ experiences with identity theft and their reporting decisions following victimization. During interviews, participants often referred to other victims of identity theft in stereotypical manners, yet they also often expressed that identity theft was inevitable. In the context of past research that finds that identity theft messaging from governments and financial institutions presents it as inevitable while placing responsibility for protection on individual consumers, this research is important for displaying how these discourses manifest in the everyday experiences of identity theft victims.

Inevitability

Victims of identity theft frequently addressed how the misuse of accounts and identity information were inevitable. At times, this arose when victims framed the incidents they experienced as minor inconveniences that should be expected in modern life. For example, Phoebe is a student who was victim to credit card fraud for the first time during exams. When discussing the incident, she said, ‘It was just kind of an inconvenience, right? It’s not like I lost a house or something, I just … especially if it’s during exams, it’s like, “I don’t need this” [laughs]’. Similarly, Jake is a marketing professional who had his wallet taken and his credit cards misused. Jake said,

As long as you’re not committing fraud and, you know, phoning in fake things like this then you shouldn’t have any problem, you know, recovering your money. And it’s a bit of a pain in the ass to have to replace your cards, but there’s a lot worse that can happen.

Even those victims who had more complex cases sometimes described incidents as minor inconveniences. Regan is an entrepreneur whose phone was fraudulently ported (or transferred) out to another carrier. At the same time, she had thousands of dollars in fraudulent charges made through an online payment account. Regan expressed,

Honestly, it was stressful the day of, but I had complete faith in the companies because it was clearly not my fault, the addresses didn’t match up with any of the addresses I had on file so they knew it wasn’t me. And they were able to deal with it.

In these cases, participants framed these incidents as minor inconveniences, suggesting identity theft is to be expected.

When the interviews proceeded to more general discussions, participants were more overt in describing the inevitability of identity theft. Some participants discussed inevitability due to the ubiquity of Internet databases and modern payment systems. For example, Peter is a student whose Amazon account was misused after his login information was leaked from a separate company. Peter expressed that ‘information leakage is, I think it’s a very ordinary thing nowadays’. Regan echoed the perspective that identity theft is inevitable when shopping and using personal information online: ‘there’s always some form of risk when you’re doing anything online, because … unless you’re one of the most skilled firewall builders in the world, there’s always going to be some modicum of risk for online stuff.’ Similarly, Logan had his credit card misused internationally, and although he was confused by how the incident originated, he accepted it as inevitable:

I think I kind of include it in the cost of doing business in a digital age. It’s like it’s bound to happen at some point. You know at some point, I mean, the digital currency will be hacked and the credit card account card will be compromised. And it’s, you know, I think just a fact of life.

These participants understood identity theft as inevitable because of the electronic payment systems and online databases used today.

Finally, some participants’ discussions of identity theft’s inevitability related to discourses of individual responsibility. For example, Hunter, a young professional who experienced credit card fraud, expressed, ‘you’re always aware that it could happen again, but I think just being aware and trying to reduce the circumstances that it could happen in’. Ian, who was a victim of banking fraud, also discussed the inevitability of identity theft as a reason that individuals need to be responsible. Ian first said,

We have to do this stuff in today’s day and age: we have to do online banking and transactions. But … all that information is being stored somewhere on a server, and that server is going to be cracked at some point, and we have to be at least prepared for it … that it’s going to happen. Eventually, at some point.

Later, Ian added, ‘I think it’s responsible to know, as a consumer, as a person, as a user, that your information will get used. It will get stolen, at least you have to know that it will get monitored.’ Similar to Cole and Pontell’s (2006) and Whitson and Haggerty’s (2008) discussions about institutional messaging, these examples illustrate that victims may understand identity theft as both inevitable and individuals’ responsibility for protection. Finally, Courtney, who was the victim of new account fraud and had a dozen credit products opened in her name, expressed,

I just sort of accept that it’s going to happen and there’s not much that we can do about it. Because I had thought I was pretty good, obviously I wasn’t good enough, um, and that’s pretty obvious now. But, you know, it happens to lots of different kinds of people, and you hear more about it, or I’m paying attention more, and I just am not sure that … how much can be done to prevent it.

In sum, many participants viewed identity theft as inevitable in modern life. Moreover, these final examples demonstrate how victims can perceive identity theft as both inevitable and their own responsibility for preventing.

Stereotypical victims of identity theft

Despite this widespread understanding of identity theft as inevitable, participants frequently referred to other victims of identity theft using stereotypical descriptors as old, naïve, or non-technologically savvy. These depictions imply that identity theft victims have some responsibility for their own victimization, either by falling for a scam or by not knowing how to protect oneself. The interview guide did not include questions that asked who participants viewed as typical victims of identity theft. Rather, participants often referenced these stereotypical descriptions of victims when discussing how they never thought these incidents would happen to them, when they compared themselves to other victims, and when they referenced well-known Canadian phishing scams.

A common question that elicited stereotypes of identity theft victims was ‘Prior to this incident, was this something that you gave much thought?’ In many cases, when asked whether they had previously thought about identity theft victimization, participants referred to, or implied, conceptions of typical victims as naïve or foolish. When Nolan, a university student, was asked this question, he replied,

Absolutely not. I was like, you know what, that’s never going to happen to me, like, I’m pretty good with my stuff, kind of thing, like I’m not really worried … and you’re like—honestly most people don’t think they’re like dumb, basically, you’re like, ‘Oh I would never fall for like a scheme like that, or a scam or something’, and then it happens to you, and you’re just like, ‘Oh shoot, like that really sucks’.

Similarly, Grant, whose credit card was misused through a food delivery application, expressed,

I hadn’t really like thought that I would be someone who would have their money stolen, because I kind of, incorrectly assumed that like, you need to be kind of naïve to fall victim to this sort of a scam. Like, I thought that I was very careful with my credit card information, you know the site assured me that it was secure, and that things were stored in a secure area.

The final sentence of this quote refers to Grant’s experience and recognition that all it takes to be victimized is for a trusted website or application to be compromised. Both of these quotes illustrate that prior to the incidents experienced, Nolan and Grant assumed that identity theft victims were likely naïve. Edward, who is in his late-20s and identified as technologically savvy, stated, ‘It never happened to me and I didn’t think it could ever happen to me. I’m usually very cautious. I’m usually like security-minded, like, you know, careful’. Although not as explicit as the prior examples, Edward also implied that being technologically savvy and careful should function as protective factors against victimization.

This belief that identity theft would not happen to individuals who are cautious or technologically savvy arose elsewhere in interviews. Toward the end of Jake’s interview, he was asked if there was anything else that he would like to discuss, and he responded,

I mean, the only thing that jumps to mind really is, I’m one of those people who definitely considered that I would never fall victim to, like an online fraud kind of thing. Um, like I mean, maybe it’s part of the age thing … but, the thing is that, unfortunately, a lot of stuff around this is still stuck in, you know, in real life, like, we’re not a cashless society, you need your cards, right?

Although its prevalence suggests that most individuals would be victim to some form of identity theft in their lifetime, it is unsurprising that many young victims do not give it thought before experiencing an incident. The significance of the unexpected nature of identity theft is that it is tied to assumptions about who would be an expected victim. In these cases, individuals associate risk for victimization with being naïve or reckless, while assuming that knowledge of technology and security act as protective factors against identity theft. Nonetheless, Jake’s quote illustrates that the assumption that only a certain type of person could be victimized is incompatible with the framing of these incidents as inevitable. Grant, too, alludes to this incompatibility, since he acknowledged that he ‘incorrectly assumed’ only naïve individuals are victimized, when all it took for him to be victimized was to trust a company with his credit card information.

The expectation that those who are naïve are typical victims of identity theft is also tied to the common perception of older individuals having difficulty using technology. When discussing how he resolved the issue efficiently, Grant said,

I feel like I’m educated and I’m technologically savvy, whereas I feel badly for people who are maybe like, um, older than I am and who don’t necessarily have those skills or who, you know, are more um, what’s the word I’m looking for, more um, more prone to be victimized.

In this instance, Grant suggests that age and technological skills not only play a role in resolving the incident, but also in its prevention. Titus is a software developer in his early-30s who experienced credit card fraud for the first time the day before the interview. At the conclusion of each interview, the participants were asked how they would like to be described. With Titus, this question led to an illuminating exchange about the assumptions of common victims of identity theft:

This exchange demonstrates that participants often compared their experiences to their prior conceptions of identity theft victims. In this case, Titus viewed his circumstances as a demonstration that these incidents can occur even to those who are cautious.

Finally, participants frequently referenced a common scam in Canada where perpetrators pose as the Canada Revenue Agency (CRA) on telephone calls or voicemail messages. These scams tell potential victims that they owe money to the CRA and threaten legal recourse if the victim does not reply. Several participants referred to how naïve one would have to be to fall for such a scam. Grant shared the story of an individual he knew who was victim to a CRA scam, saying that the individual:

was a victim of one of those telephone scams … where they call and they say, ‘We’re calling from the Canada Revenue Agency and you need to remain on the phone or we’re going to, you know, dispatch the police to your house’. So like, we were all kind of like, ‘You really thought that was Canada Revenue Agency, like are you serious?’ [laughs] Um, but anyway, he’s in his sixties.

Grant’s use of humor in reaction to describing someone falling for a CRA scam appears to be common (see Cross, 2015). Furthermore, immediately after the laughter, Grant justified the incident, in part, in terms of the victim’s age. While descriptions of the CRA scam can construct victims as partly responsible, participants also showed an understanding that vulnerable populations are likely targeted. Courtney discussed such scams and said,

but this is Canada and it’s not as though if I don’t press 1, somebody’s going to show up and arrest me and throw me in jail. Like, they just seem so extreme. But then, like, people fall for them, right … and the people who fall for them are usually pretty vulnerable people, like they’re older, or you know whatever … and I mean, people wouldn’t keep doing them if they didn’t work. So they must work … I just don’t have any personal experience with them myself, and it’s, you know, sometimes you hear the stories of what the message is or what the conversation is people will have with the people on the other line, and like I said, I can’t decide if it just seems so ridiculous, or if it’s, you know, I feel really bad for the people that get pulled into them.

At the opposite extreme, younger individuals can also be viewed as naïve and financially irresponsible. Peter, whose Amazon account was misused after a separate company was hacked, described that he had previously experienced an incident when he was younger. In the earlier incident, he provided information to a website that promised in-game currency for a video game. After sharing this second incident, Peter said, ‘That happened too long ago, it was not really related, but I hope it will help with your study and how young people would believe everything they see online’. Later, Peter observed,

It was kind of funny how when I was young, I didn’t know anything, my account was hacked and even when I get older and I know how to be cautious, and how to protect my information online, I still get hacked somehow.

Peter’s case echoes previous associations of naivety with identity theft while highlighting that the association is not exclusive to older individuals. Furthermore, by identifying the contrast between the two incidents he experienced, Peter suggested that these incidents are becoming increasingly inevitable.

This section demonstrates that victims often conceive of typical victims of identity theft as naïve, older, or otherwise vulnerable. Even without specifically asking how participants thought about other victims, they volunteered these depictions when describing how they never thought identity theft would happen to them, when comparing their incident to others, or when discussing scams more generally. These examples illustrate that victims are often seen as having some blame in their own victimization by failing to adequately protect themselves or by falling for an avoidable scam.

Self-blame

Tied to depictions of victims as responsible for their own self-protection, some participants blamed themselves for their role in the incidents they experienced. Participants blamed themselves for several reasons, including for trusting the perpetrator, providing information to the perpetrator, or not securing their information sufficiently.

Both Benjamin and Chandler were victimized by parents, and both expressed that they had some responsibility for the incidents. These incidents involved the perpetrator misusing the victim’s information based on knowledge they had from their pre-existing relationship. Chandler, who was victim to bank account fraud, expressed that ‘It’s both of our faults. It’s my fault for letting her know my PIN [Personal Identification Number] and it’s her fault for using it without my permission’. Despite letting her mother know her PIN, the expectations based on their relationship were that the PIN would not be misused and that Chandler’s debit card would not be taken without her permission.

Benjamin expressed similar self-blame. In his case, the misused funds were received from a student loan. During the interview, he was asked whether he thought there was more the student loan issuer could have done to prevent cases like his. Benjamin expressed that he did not know, then eventually said, ‘in a way like, I kind of almost let this happen, so … I don’t know what they could do besides telling me—like controlling my autonomy which is … I don’t know about that’. Later in the interview, Benjamin expressed that ‘It felt like a three strikes and you’re out moment for me and that was like the first strike … when, you know, one strike is enough’. Both cases illustrate that when a family member is the perpetrator, victims can blame themselves for trusting the family member or for not securing their information adequately.

In other cases, participants who did not know their perpetrators sometimes blamed themselves when they provided information to the perpetrator or allowed their information to be accessed easily. Some of these cases involved phishing scams, similar to the research by Cross (2015). Describing the incident that occurred to him at a young age, Peter said, ‘It was because of me being too naïve and young and believing those websites’. Similarly, Hunter’s most recent experience with credit card fraud was the result of a phishing scam, where someone posed as a company asking them to update their credit card information. Hunter expressed,

the second one I just felt stupid, like I was like, ‘How could this have happened?’ Like, it looked so legitimate and then, I don’t know … like, you know when you hear about people, older people and kind of like CRA things happening to them, I was like, ‘Oh my gosh, like, I feel like, I’m an old person, who’s struggling [laughs] with this’.

In this quote, Hunter compared themselves to victims of the common CRA scam discussed previously. This illustrates how victims may compare themselves and their experiences to typical conceptions of victims, which can inform self-blame. Similarly, the creation of a line of credit in Dalton’s name resulted from a phishing scam where he received a text message alleged to have been from a government agency asking him to update his information. He placed some blame on the government agency that was being personated, but also partly blamed himself. When asked whose responsibility the incident was, Dalton said, ‘To some extent, it was mine’. Dalton also expressed how the incident impacted him, stating, ‘First of all, I learned a lot of lessons, mostly about sharing my personal details’. This implies some self-blame given that Dalton felt that he could have better protected his personal details.

In this sense, one need not be fully accountable for one’s victimization to be blamed for an incident. Several participants blamed other factors for their victimization yet highlighted further protective measures that they could have pursued, thus assigning some responsibility to themselves. For instance, Nolan expressed embarrassment over having his credit card taken and misused. When asked whose responsibility these incidents were, Nolan replied,

Honestly it’s tough, because like you can’t really put it on the bank, because like, at the end of the day like, it’s the same—well it’s not the same, but like in a similar light to if I leave my wallet sitting on a bus, and someone takes 50 dollars out of my wallet, I can’t go to the bank and be like, ‘Someone took my 50 dollars’, it’d be like, ‘Well, you left it there’.

Similarly, several participants observed that they did not check their banking statements regularly, which can lead to unauthorized charges going unnoticed. Hunter expressed that they were a student when they first experienced credit card fraud:

so I wasn’t really closely paying attention to my statement at—like all the time, so I think that was part of the problem, like I wasn’t checking it every single week, being like, ‘Oh yeah, I made that purchase, I made that purchase’.

Following the incident, Hunter sought advice from their parents and stated that their parents ‘were like, “Why aren’t you paying better attention to your statements?”’ In these examples, victims may not be framed as fully responsible but may acknowledge that they could better prevent or respond to identity theft.

Moreover, others expressed actions that they could have pursued before the incident, implying some level of preventability. Amanda, who believed her login information was compromised when using a public computer, offered advice to other potential victims: ‘Maybe not use the same password for all your accounts. Because it makes you more vulnerable and … don’t leave anything unattended … like if you’re using a shared device, always sign out’. Finally, several participants referenced their own responsibility for incidents in the context of passwords. Regan, who had multiple accounts misused including her phone account, explained that it was ‘because I didn’t have a very secure PIN for my phone’. Similarly, Peter, who said the first incident was a result of his naivety, expressed that he could have secured his information better before the more recent incident: ‘The thing is, many of my accounts [were] used with the same password, so I realized that I messed up big time’.

Across these cases, participants described several protective actions that they believed they could have implemented to better prevent identity theft or to notice the incident quicker. Some victims blamed themselves for putting too much trust in a family member, for responding to a phishing scam, or for insufficiently protecting their information. The self-blame experienced relates to both common depictions of identity theft victims and to discourses of individual responsibility, since victims are often viewed as naïve for trusting someone that they should not have or as inadequately able to protect themselves.

Embarrassment, self-blame, and help-seeking

Tied to the themes of self-blame and perceptions of victims as naïve or blameworthy, several participants expressed that they were selective in disclosing incidents to family or were concerned when reporting to institutions. Amanda described that after her social media account was breached and misused, she was selective with disclosing the incident. When she was asked if she sought advice from anyone, Amanda replied, ‘I think I talked with my friends mostly because I know that, like, my mom would just not take it seriously [laughs]. So, yeah, it was like mostly my friends’.

Similarly, Hunter experienced multiple incidents of credit card fraud, the most recent of which resulted from a phishing scam. When asked about their conversation with their parents in the aftermath of the phishing scam, Hunter expressed, ‘Yeah, I mean, like, in the second incident I just kind of told them, like, what happened again … um, and then afterward they were just laughing at me about it, um [laughs] … but luckily, like in a supportive way, but … ’ Finally, Nolan’s card was misused at a bar, and he expressed embarrassment related to the incident. When discussing disclosing the incident to others, Nolan stated, ‘I didn’t want to talk to my mom, because she’d be like, “You’re an idiot”, [laughs], like she wouldn’t be like mad at me, but she’d be like, “That’s disappointing”’.

Moreover, fear over anticipated reactions also acted as a barrier for Nolan contacting his bank to recover his money. He did not reach out right away, stating, ‘I didn’t like report it right away, because I was like, “Okay like, I don’t know how it’s going to look”’. Eventually, he contacted them, but described his hesitance further:

I kind of called in feeling like a little embarrassed, like oh, this is kind of embarrassing, like I’m a student, like, ‘Oh, my money got spent at a bar, I don’t know if they’re going to take me seriously’ kind of thing.

Similarly, Phoebe, who was a university student when victimized, feared judgment when calling her credit card company to be reimbursed. Phoebe stated, ‘They didn’t like, judge me about it, like, “Oh my god, another young girl using her credit card wrongly, gets fraud on her account”’. Luckily, both Nolan and Phoebe eventually reported their incidents and recuperated their losses. Nonetheless, they both anticipated negative reactions, which demonstrates how these stereotypes of identity theft victims as naïve, along with self-blame, can function as barriers to help-seeking. Of course, had Nolan opted not to report, it is clear how embarrassment could also lead to an increased risk of paying for losses out-of-pocket.