I started this week with some unpleasant news.
I got an alert that my login information had been found on the dark web, leaving it wide open to hackers.
That’s a scary set of alerts to face on a Monday morning. But I’m not alone.
From 2019 to 2020, the number of identity theft cases more than doubled. And the number of cases is expected to increase again in 2021.
It’s no wonder that 80 percent of US adults believe they should be doing more to protect their personal information.
Today, I’ll share the first six steps to take after your identity has been stolen.
Remember that once identity theft happens, acting quickly is your best defense. Thieves work fast, and every hour counts. The quicker you act, the better you can defend yourself and protect against further damage.
1. Understand the scope of the theft
You’re most likely to learn your identity has been stolen after some damage has been done. Perhaps the thief used your credit card or opened an account in your name.
Once you know someone has your personal information, you should check a few common places.
First, run a credit report. You’ll learn the information associated with your name, including credit accounts, addresses, and recent inquiries. Warning flags would be any unfamiliar information. If you haven’t looked at a credit report before, checking out a sample can help.
Source: Texas State University
But not all accounts show up in your credit history. You’ll also want to check messages—including mail and email—for activity notifications. Warning signs might include email notifications that your password has been changed or letters trying to collect on charges you don’t know about.
It’s also a good idea to see if any of your information has leaked online. Look into software that checks your identity against databases of known breaches. Secure any flagged accounts following the process I’ll explain in step five.
Source: Have I Been Pwned
Finally, you’ll want to review your home title. You can use a service for this or review the documents in your county’s database. Make sure the deed hasn’t been falsified in someone else’s name.
2. Call the impacted organizations
Once you know where your identity has been used, the next step is to let the affected companies know.
Make sure you call the official hotline and don’t answer an incoming call, as thieves can use caller ID spoofing to pretend to be someone they’re not. And record all communication. Note who you speak with and when for phone calls, and keep a copy of any emails or letters you send.
Fraudulent charges - Call Bank Fraud Department
One of the most common types of identity theft is when someone fraudulently charges your cards or bank accounts.
If this happens, call your credit card or bank’s fraud department and explain your identity has been stolen. Explain which charges are fraudulent, request them to be canceled, and ask for a letter confirming you aren’t responsible. The fraud department might also freeze or close your account.
New accounts - Call Company Fraud Department
If an identity thief gains access to your personal information, they may apply for credit under your name.
If someone has used your identity to open a new account at a bank or any other service provider, call the company’s fraud department. Explain your identity has been stolen, and request a letter confirming the account is fraudulent, you’re not responsible, and it won’t be on your credit report.
Tax fraud - Call IRS and Local Tax Agency
Using your social security number, a thief may apply for a tax refund in your name.
If the IRS sends a letter informing you of the fraud, follow its instructions. If you discover you’re a victim, inform your accountant. You or they should file your tax return as normal and complete Form 14039 and mail it to the IRS location in your state. If your fraudulent tax information claims you’ve worked for an employer you don’t know, contact the employer as well.
Title fraud - Call Title Insurance Company
A thief can forge a new deed to your home, claim ownership, and take out a mortgage or home equity loan they never intend on paying.
Your next steps should be to reach out to your title insurance company and county clerk and explain the situation. Unfortunately, title fraud is complex to resolve, and you will most likely need to hire a lawyer to help you resolve the case in court.
3. Request a fraud alert, freeze, or lock on your credit
After one successful instance of identity theft, there’s a good chance the thief is planning their next attack. That’s why your second step should be to set a fraud alert or freeze your credit.
You’ll need to contact one of the three credit bureaus—TransUnion, Experian, or Equifax—and request a fraud alert. By law, the bureau you contact must transmit your request to the other two.
A fraud alert works by requesting that companies confirm your identity before approving you for credit. It’s an extra step that makes it harder for a thief to take advantage of your stolen information a second time. Fraud alerts last for a year, and you may renew them.
A credit freeze is a further step you can choose to take. This restricts access to your credit report, and you must cancel the freeze to apply for credit. (By law, credit bureaus must remove a freeze within an hour.) A credit freeze takes effect in a day and does not expire. You must contact each credit bureau separately.
And finally, a credit lock is a paid service offered by the three credit bureaus. It works like a credit freeze but can be turned on and off instantly.
4. File a report with Federal Trade Commission and Police
You might be surprised to learn that getting in touch with the Federal Trade Commission (FTC) is third on this list. That’s because thieves work fast—especially after succeeding at one fraud attempt. And setting your accounts right and placing credit alerts or freezes is the best step to prevent further damage.
But once that’s finished, filing an FTC report is an important step to take. The FTC doesn’t solve identity theft cases. But it provides important documentation and helpful next steps.
To file an FTC report, go to IdentityTheft.gov and follow the onscreen instructions. You’ll never speak to an agent in most cases, as you can file the entire report online.
But don’t count on the agency to fix the problem. You’ll still need to take action to protect yourself from further identity theft.
The next step is to report the loss to local law enforcement. This is optional, but as with an FTC report, it gives you important documentation. For example, you’ll need an FTC or police report to set up an extended seven-year credit fraud alert. And some creditors will ask for a police report to process your claim.
To do this, you’ll need to go to your local police station and ask to file an identity theft report. Bring a copy of your FTC report, proof of address, a form of ID like a driver’s license, and evidence of the theft (if you have it).
Reporting to the police is especially important if you know who committed the theft. But like an FTC filing, a police report isn’t a solution by itself.
5. Check and secure other accounts
Once you’ve stopped the immediate damage and filed reports, your next step is to review and update any other accounts you have.
The information that makes up your identity is a key that opens more doors than you’d expect. And once a thief has enough to break into one account, all of them may be vulnerable—and the average consumer has around 90 internet accounts.
Start by reviewing all financial accounts, including your bank, credit card, insurance, and investments. Look out for any suspicious transactions, credit applications, or any activity you don’t remember. Suspicious transactions can include those from companies you don’t remember buying from, as well as unusually large or small transactions from merchants you do recognize.
Next, check your internet accounts, including email, social media, and subscriptions. Check recent activity, including messages you’ve sent. Look for anything out of the ordinary. An email about a failed login attempt when you haven’t tried to log in may be a sign someone is trying to hack your account.
And if you can’t log in, it could mean your account has been hacked, and you’ll need to use recovery methods to get back in.
And finally, make sure you haven’t lost any important documents or cards. While we often associate identity theft with hacking, thieves can easily steal your identity if they find your driver's license on the sidewalk.
Ensure all documents and cards are accounted for, including credit and debit cards, your Social Security card, passport, insurance card, and driver’s license. If you’re missing something, report it immediately and request a replacement.
6. Prepare for next time
The last step is to prepare yourself now to prevent theft from happening again. Around 20 percent of identity theft victims have their identities stolen again.
Some of the best ways to protect yourself include:
Verify everything
Today’s identity thieves rely more on human error than sophisticated technology. Be wary of incoming messages, especially ones that sound urgent. Look for green padlock symbols on shopping websites. Avoid giving out personal information.
Protect your computer
Install a firewall or security software on your computer. Create a backup of your documents in case your computer is hacked.
Update Passwords
Create strong, unique passwords for every account. You can also set up multi-factor authentication, which requires a cell phone code to log in. Password management software, like Passwatch, can make this easier.
Use a VPN
A virtual private network, or VPN, encrypts your internet signal and hides your computer’s address, it’s one of the best ways to secure your data online, yet most consumers simply forget to use a VPN. A recent study run in November 2021 by Pango Group, owners of HotspotShield VPN, found that only 30% of U.S adults who use a security app such as a password manager actually use a VPN.
Avoid Public WiFi
Thieves can easily steal information from public networks like those in airports or coffee shops. Cellular data is safer than public WiFi, but if you must use log on, make sure your VPN is active.
Use Identity Theft Monitoring Software
This type of app scans databases and other sources for updates and lets you know if something is wrong. IdentityDefense, Aura, or IdentityGuard are all great alternatives.
Take Action
Millions of Americans have their identities stolen every year. So even if you’ve never been a victim of identity theft, there’s a chance it could happen to you.
Being proactive is your best preparation. Keep a close eye on your accounts, understand the risks, and stay vigilant.