Protect Yourself Against Identity Theft

So you just found out that your identity has been compromised. Perhaps you have had your purse or wallet stolen and your ID and social security card was in there, or you found out someone opened a credit card in your name. Whatever the case may be, you need to take control of the situation promptly.

What to do immediately if your identity is stolen

Do these steps right now, in order, and do not wait if you even suspect that someone has stolen your identity.

 

Immediately report any stolen credit cards

Imediately report any stolen credit cards or missing checks to their respective banks or issuers. Make sure you account for each card and check, and contact every lender. Prompt reporting will limit your liability in the event of fraudulent usage.

 

Place security freezes if identity is stolen

Place security freezes with each of the following Credit Reporting Agencies:

You must file a separate report with each agency. Once you freeze your credit reports, no bank or lender will be able to pull your credit reports. This will prevent identity thieves from opening lines of credit, credit cards, or other loans in your name. This will also prevent you from taking out your own loans or credit lines, unless you either temporarily thaw your credit, or permanently unfreeze them. You will be mailed a confirmation letter with a PIN code, and you must use that PIN code to initiate any temporary or permanent unfreezing. Keep these PIN codes filed in a safe and secure place!

Depending on your state, placing a freeze may be free for everyone, or it may only be free for identity theft victims. If it’s free in your state, or if you don’t mind paying for immediate peace of mind, then place the freezes online and skip to the next step. If you can’t afford to pay, but your state makes it free for identity theft victims, first place a free fraud alert online (and unlike a freeze you only have to do it with one agency, they will report the alert to the others), then file an identity theft affidavit and police report (more info below) and then come back and file your free security freezes. You will need to mail in the requests with copies of your documentation.

 

ChexSystem Security Freeze

Place a security freeze with ChexSystems:

Eighty percent of banks and credit unions use ChexSystems to screen new customers. This step will make it harder for thieves to open a bank account, at most banks, in your name. This works the same as the above credit reporting agencies, and it is free for everyone. This is not foolproof, as some smaller banks may not use ChexSystems, but this will limit a common scam (a thief will open a new account, make a large cash ATM withdrawal to send the account negative, and then leave your credit damaged when the account gets charged off).

 

Identity theft affidavit and file a police report

4. Create an identity theft affidavit and file a police report.

  • You can file your identity theft affidavit online with the FTC. When you are finished, save your complaint reference number, and click “Click here to get your completed FTC Identity Theft Affidavit”. Make sure to save a copy and print it.
  • Then, file your police report. Bring along your filled out affidavit, a form of government issued ID, proof of address, and a copy of the FTC memo to law enforcement.
  • If you haven’t signed the affidavit yet, bring it to a notary public to have notarized. Many banks offer notary services for free. DO NOT sign the affidavit until instructed to do so by the notary public! They must witness your signature! Now you will have a notarized identity theft affidavit along with the police report. Together these two documents make up your “Identity Theft Report”, and will be the basis for any future disputes.

Identity Theft Government Resources:
FTC.gov Identity Theft Affidavit (.pdf)
If you don’t want to file online with the FTC, you can print this blank affidavit and fill it out.
FTC.gov Identity Theft Guide (.pdf)
There are sample documents at the end of the identity theft guide, including a blank identity theft affidavit, and also sample dispute letters.

Secure Your Online Presence

Make sure your online presence is secure.

  • Install anti-virus on your computer, check for malware, and remove any malware that is discovered. Use a well-regarded program such as Avira, Bitdefender, Avast, ESET, or Microsoft Security Essentials.
  • If your computer was infected, immediately change your passwords for any financial accounts, social media, and email (especially any accounts related to the ID theft). (There is more on this below.)

 

What to do within the first few days after Identity Theft

These steps are not as urgent, but are still important to do in a timely fashion.

Credit Report After Identity Theft

Pull a copy of your credit report to look for newly opened accounts. Remember to pull all three bureaus. You will need to dispute fraudulent accounts with both the credit reporting agency, and with the fraud department of the bank or lender where the accounts were opened. You should also look for recent credit inquiries that you didn’t initiate (signs of attempted fraud), and check to make sure that the only addresses being reported on your credit report are your actual address (thieves will open accounts using addresses they control, or try and change the address for your existing accounts to one they control). Dispute any fraudulent inquiries or addresses. You can get copies of your reports for free via www.annualcreditreport.com, or through a credit monitoring service (read below).

1a. (Optional) You should consider signing up for a credit monitoring service, preferably one that will let you have daily credit report pulls, and keep it signed up for at least 90 days (preferably a year).

  • If you were impacted by a large data breach such as the Anthem Health breach, the Office Of Personnel Management breach, or one of the many other breaches that have been in the news, you can typically get free credit monitoring for 2 to 3 years. Find the official web site regarding the breach and sign up (it should be linked from the company’s main web site or you can find it via Google).
  • If you can’t afford a paid service, consider signing up for Credit Karma (uses TransUnion and Equifax).
  • Since you have already frozen your credit reports, if nothing comes up in the first couple of months, itprobably never will. That being said, you may want to sign up for a paid credit monitoring service, ideally a service with “3 bureau” monitoring. American Express customers may want to consider CreditSecure Unlimited and USAA members may want to consider USAA CreditCheck Monitoring. Otherwise, compare the paid “3 bureau” credit monitoring options from Equifax, Experian, TransUnion, and MyFICO (you shouldn’t need to pay more than $15 per month).

 

Monitor Credit Accounts Online

Keep an eye on your accounts. Check your recent transactions frequently. Set up text (SMS) alerts with your bank and credit cards for things like “address changes”, “failed log-in attempts”, and/or “suspicious activity” so that you can be notified immediately. Immediately dispute fraudulent activity as soon as you learn of it. Dispute debt collection notices within 30 days (to protect your rights under FDCPA), and send all disputes via certified mail, return receipt requested. You can read more about dealing with collection agencies here: /r/personalfinance/wiki/collections

 

Notify the IRS About Recent Identity Theft

Notify the IRS if your tax information was stolen, or believe that someone has already filed (or may try to file) a fraudulent tax return in your name. File a Form 14039, Identity Theft Affidavit with the IRS. Read it, fill it out, sign and mail it. Then continue to file and pay your taxes like usual. You can contact the IRS Identity Protection Specialized Unit at 1-800-908-4490 if you need further assistance. More information is available here: http://www.irs.gov/pub/irs-pdf/p5027.pdf

 

Things you should do to protect your information in the future

1. Change your important passwords, and use two-factor authentication (2FA) for any accounts that support it. Especially consider two-factor authentication for your Email and Banking services. Gmail, Bank of America, Yahoo!, Facebook, Twitter, and many other services support two factor authentication. You can find a whole list at twofactorauth.org. Make sure to print out backup codes (if applicable), and keep the backup codes in a safe location such as a fireproof safe. Two factor authentication will keep anyone who gets your password from being able to log in, but if you don’t have your backup codes and you lose your phone or device,you’ll be locked out too! You can also use a password manager such as 1Password or LastPass to securely store passwords that are too long to remember.

2. Protect your physical information carefully. Keep important identification and sensitive documents on your person at all times when they are not in a secure place (a locked car is not a secure place, anyone can bust open a window and grab your stuff). If you don’t have a safe deposit box you should invest in a safe (preferably a fire resistant, RSC-rated safe, but any cheap locking fire safe is better than nothing) to store your documents in at home, and if possible bolt it down or keep it hidden. Only take documents out for as little time as is absolutely necessary. And don’t carry your social security card in your purse or wallet.

3. Shred documents containing personal information before disposing of them. Utilize a cross-cut or micro-cut shredder. Although it may not be likely that someone will dig through your trash, items in an unlocked garbage container are generally considered public property, so legally anyone could.

 

Things you should consider doing, to protect yourself

1. Opt-out of pre-screened credit offers from coming to you in the mail: OptOutPrescreen. This will reduce your junk mail, and reduce your risk in the event of mail theft. This is free to do, and you can opt out for five years or permanently.

2. Put all of your phone numbers on the Do Not Call Registry if they aren’t already. You can verify online if you aren’t sure. This will reduce unwanted telemarketing calls.

3. If you want to reduce the amount of personal information about you available online, use a service likeSafeShepherd to opt-out of common public data brokers. You can cancel after a few months, because once they’ve done the heavy lifting of opting you out of databases, you probably don’t need them anymore. Or if you are paranoid, you can keep your subscription. You can also opt-out individually (list) but it is more time consuming.

4. Turn on encryption on your computer (on Windows, use BitLocker, on Macs, use FileVault).

 

Important things to remember about Identity Theft

1. Stay calm. Don’t get discouraged. Take things step by step, and deal with problems as they arise.

2. Send all mail USPS Certified Mail, Return Reciept Requested, and make a note to yourself of what you sent along with the certified mailing number. It is important to have a paper trail for documents, and certified mail is the gold standard for sending legal correspondence. Send copies of original documents if possible, but if you need to send original documents you should keep copies of them for yourself. Write brief notes like the Certified Mail #’s on your copies, or on a cover sheet, so you don’t lose that information. When you get back the green signature receipt cards, attach them to your copies of what you sent as proof of receipt.

3. Keep good records of the steps you took, when you took them, who you sent things to. Take notes, record phone conversations if possible (but check the laws in your state first). If you ever have legal troubles resulting from identity theft, good documentation will make your life a lot easier.

Leave a Comment.