Americans Fear Identity Theft but Overlook Daily Scam Calls Fueling It

A NordVPN survey reveals Americans obsess over identity theft while facing scam calls daily. The mismatch highlights how phishing and urgency tactics open the door to larger losses. New 2026 threat reports show AI and monoculture risks compounding the problem.
Americans Fear Identity Theft but Overlook Daily Scam Calls Fueling It
Written by Lucas Greene

A new survey shows most Americans fixate on the wrong threats. They dread stolen identities and drained accounts. Yet they brush off the scam calls and phishing messages that open the door to those losses every single day.

NordVPN commissioned the research, polling 1,200 Americans. The results, reported by CNET, paint a clear picture. Ninety-one percent express concern about cybersecurity scams. But 56 percent worry more about identity theft or fraud than about the scam calls they encounter far more often.

Forty-six percent say they field scam calls daily. Seventeen percent report they have already faced identity theft and fraud. The mismatch stands out. People picture cybercrime as the final blow to their finances. Criminals succeed long before that moment.

“People picture cybercrime as stolen accounts or drained bank balances, but criminals succeed much earlier in the process,” said Marijus Briedis, chief technology officer at NordVPN. “The real moment of attack is when someone feels rushed, scared or pressured into trusting too quickly. From that point, it takes just a few clicks to go from a phone call to a stolen identity.”

Briedis points to a shift in tactics. Cybercriminals have moved away from planting malicious files on devices. They now manipulate people directly. Pressure, urgency, fear. These become the weapons. Scam calls and phishing messages serve as the entry point for exactly the kinds of identity theft and financial fraud that keep people up at night.

“They’re the starting point for exactly the kinds of identity theft and financial fraud people are most afraid of,” Briedis added. “Modern attacks depend on people reacting faster than they can think.”

The findings arrive at a time when cybercrime losses continue to climb. The FBI’s Internet Crime Complaint Center logged $20.9 billion in reported U.S. losses for 2025, according to analysis by TheBestVPN.com. That figure marks nearly eight times the $2.7 billion recorded in 2018. Over eight years the cumulative total exceeds $77.6 billion.

Yet the human factor remains central. Verizon’s 2026 Data Breach Investigations Report highlights that social engineering, phishing and stolen credentials still drive many incidents. Credential abuse appears in 22 percent of non-error breaches. Phishing shows up in 16 percent.

NordVPN experts looked ahead to 2026 and identified five major risks that will test defenses further. They published their analysis on December 3, 2025. The first centers on the internet’s growing dependence on a handful of platforms. Amazon Web Services, Cloudflare, Microsoft 365 and Google Workspace dominate. A single outage or breach can cascade across millions of users and organizations.

“Because the digital ecosystem nowadays is largely monocultural, everyone becomes a target,” explained Adrianus Warmenhoven, cybersecurity expert at NordVPN. “Online, there is no such thing as being uninteresting. Any small piece of data, even something as simple as DNS records, can be sold, aggregated, and monetized. Simply existing online makes you a target.”

Misinformation about security habits spreads on social media, Reddit threads and comment sections. Organized groups, sometimes better funded than legitimate companies, promote poor practices. They ridicule strong passwords. They encourage turning off security features. They push insecure products through influencers. The result? A larger pool of easy victims.

Malicious AI tools accelerate the problem. Dark-web offerings such as WormGPT and Evil-GPT let even novices craft convincing phishing messages or probe networks. These tools lower the skill barrier. They let experienced operators scale attacks. “2026 will also see a dramatic escalation in AI-powered offense and defense,” Briedis said. “AI has altered the accessibility and sophistication of cybercrime, lowering barriers for less technical actors while amplifying the capabilities of experienced criminals.”

Trust in digital services erodes at the same time. Criminals combine stolen data with AI-generated deepfakes and voice clones. They create synthetic identities that bypass checks. They open accounts, request loans and linger undetected for months. Hyper-personalized scams become harder to spot.

Quantum computing adds long-term pressure. Criminals already pursue “harvest now, decrypt later” strategies. They steal encrypted data today, banking on future quantum machines to break current encryption. The quantum computing market is projected to surpass $5 billion in 2026, with cybersecurity applications a key focus, Briedis noted.

Recent reports reinforce the scale. CrowdStrike’s 2026 Global Threat Report recorded an 89 percent increase in attacks by AI-enabled adversaries. The average breakout time for eCrime incidents fell to 29 minutes. Eighty-two percent of detections were malware-free. These numbers show how automation and AI compress timelines and expand reach.

The World Economic Forum’s Global Cybersecurity Outlook 2026 found that 73 percent of respondents or their networks had been affected by cyber-enabled fraud in 2025. Sixty-four percent of organizations now account for geopolitically motivated attacks on critical infrastructure.

Quorum Cyber’s Global Cyber Risk Outlook, released in May 2026, tracked 1,100 emerging threat actors in 2025, a 23 percent rise from the prior year. Data-breach actors made up 55 percent of them, up from 49 percent. The industrialization of cybercrime shows no signs of slowing.

Group-IB’s High-Tech Crime Trends Report 2026 describes a shift to multi-victim incidents and supply-chain attacks. Identity has become the primary target surface. Oracle breaches, compromised OAuth tokens and ransomware against fintech firms illustrate the pattern.

Against this backdrop the NordVPN survey offers a practical warning. Consumers and organizations alike spend energy on device protection. They install antivirus software. They update operating systems. These steps matter. But they miss the opening act. The phone rings. The message arrives. The sense of urgency builds. A decision made in haste leads to the very losses people fear most.

Briedis and Warmenhoven both stress habits over technology alone. Pause before clicking. Verify the source through a separate channel. Use multifactor authentication that avoids SMS when possible. Avoid sharing sensitive details with generative AI tools. Treat every unknown caller or unexpected link with skepticism.

The gap between perception and reality persists. People know cybercrime costs billions. They see headlines about massive breaches. They still answer the call or click the link when it feels personal. That moment of reaction, faster than thought, gives attackers their edge.

Industry reports from Verizon, CrowdStrike and the FBI all point to the same conclusion. Human behavior remains the weakest link. AI simply makes exploitation faster, cheaper and more convincing. The threats for 2026 build on that foundation. Monoculture fragility. Misinformation campaigns. Synthetic identities. Quantum harvests. Each one exploits trust, speed and scale.

Security leaders have begun to adjust. Some train employees on urgency manipulation. Others deploy call-screening tools and link checkers. A few experiment with behavioral analytics that flag unusual pressure tactics. Yet consumer awareness lags. The daily scam calls continue. The identity theft cases mount.

The NordVPN data arrives as losses hit new records. It underscores a truth experts have repeated for years. Technical controls alone cannot solve a problem rooted in human response. Education on digital habits must match investment in software and encryption. Otherwise the cycle repeats. Fear the outcome. Ignore the trigger. Pay the price.

And the price keeps rising.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us