According to the Federal Trade Commission (FTC), there were 1.3 million cases of identity theft in the U.S. last year. That includes hundreds of thousands of instances of government-benefits fraud, credit card fraud, tax fraud, and bank fraud, among others. If you suspect that you are a victim of identity theft, fast, comprehensive action can mitigate damage and deter future attacks. Here’s what you should do.
Change all passwords
Using a password manager, create new passwords for all critical accounts and services. Password managers generate complex passwords that are difficult for cybercriminals to crack. A good password manager will store auto-generated passwords in an encrypted database, making them retrievable across devices. This saves the trouble of remembering your complex passwords, or writing them down, which increases the risk of identity theft. We recommend 1Password or LastPass.
Update passwords for all email accounts, bank and investment accounts, cryptocurrency exchanges and wallets, health insurance, and life insurance. Passwords for government accounts, including federal and local offices, should also be updated as they often become avenues of attack for benefits fraud. Also, change passwords for any frequently used retail services, such as Amazon, social media accounts, and internet/telephone service providers.
While updating your passwords, enable multifactor authentication. Pair one-time-passcodes (OTPs) with trusted authenticator apps, such as Microsoft Authenticator. Avoid using phone- and SMS-based authentication, which are easily breached. If a service only supports phone- or SMS-based authentication, consider using a service like efani, which can protect phone numbers and prevent SIM-swapping attacks.
Tell the authorities
Each type of identity theft has a corresponding law-enforcement agency.
Here’s where and how to report it.
- Identity theft: Federal Trade Commission
- Social Security number theft:
- Social Security scams: Office of the Inspector General, Social Security Administration
- Medical identity theft (including fraudulent Medicare, Medicaid, or health insurance claims): Office of the Inspector General, Health and Human Services
- Local authorities: Inform your local police department. Bring a copy of your FTC identity theft report, a government-issued photo ID, proof of address (a mortgage statement, rental agreement, or utility bill), and any evidence, including bills or IRS notices
Monitor and freeze your credit
Changes in your credit reports are often among the earliest indicators of identity theft. Add fraud alerts to each of the major agencies, which include Equifax, TransUnion, and Experian. Consider freezing your credit with the same agencies. A credit freeze will bar anybody (including you) from opening additional lines of credit.
LifeLock Ultimate Plus is another service worth considering. Identity thieves will often sell stolen information on the dark web. This Norton product monitors credit reports and the dark web for relevant information. Additionally, data brokers will often sell personal information that’s legally and illegally acquired. A service such as DeleteMe can help remove identifying information.
Finally, fraudulent purchases made in your name may have attracted the attention of debt collectors. Notify any that contact you about the incident. They may ask to see a police report and FTC affidavit to clear the incident from your credit history.
Consider home title insurance
Home equity theft is an emerging cyberthreat. In home title fraud, cybercriminals use your stolen identity to strip your name from your home’s title. For any pending or future home purchase, consider purchasing home title insurance. Depending on where you live, you may be eligible for a free title-monitoring service, which will notify you of any changes via text. Contact your county government to find out. If a free service is unavailable where you live, consider purchasing Home Title Lock.
Protect your debit and credit cards
Online purchases using debit and credit cards can leave you susceptible to identity theft. Privacy.com, a free service, provides merchant-specific card numbers, limiting exposure of your primary cards. You can even set spending limits for each merchant.
Consider obtaining a new social security number (SSN)
This is a last resort. People often use stolen SSNs to gain employment, which usually doesn’t affect the legitimate holder. However, identity thieves also use stolen SSNs to defraud banks, retailers, the IRS, and other government agencies—all of which can damage your credit.
To obtain a new SSN, you must prove that your old number was stolen and that the theft has caused you severe hardship, which may include denial of mortgages, law-enforcement issues, problems with the IRS, or irreparable harm to your credit.
Furthermore, a new SSN may not end your identity theft problems. Your old number remains valid. You must monitor your new number and the old one for future incidents—all of which will be linked to you.
Finally, a new SSN means you no longer have a credit history. On one hand, this theoretically wipes out any of the damage done by cybercriminals. On the other, it means you must begin the decades-long process of building credit all over again.
With Cybersecurity for organizations, proactivity is preferable to reactivity. This maxim also applies to personal cybersecurity elements like identity theft. You can use many of the steps described in this post proactively as well as after identity theft occurs. If peace of mind is an insufficient incentive to act, how about economic incentive? One recent report estimated that identity theft cost U.S. consumers $43 billion in 2020. Fail to act, and you may find yourself among the estimated 7-10% of Americans who become identity-theft victims each year.