Identity Theft

Q&A: How to protect your identity beyond a credit freeze

March 14, 2022 By Liz Weston

Dear Liz: I volunteer for an organization that does background checks every two years. A recent check found my name and Social Security number was used in Texas from 2019 to 2021. I have never been to Texas. What can I do to find out how this happened, and how to protect my Social Security number? I have already frozen my account with the three main credit bureaus.

Answer: You may never know exactly how this happened, but you can make an educated guess.

Most Americans’ Social Security numbers have been exposed in one database breach or another, including the massive Equifax breach in 2017 that exposed the personal information of nearly 150 million people. As a result, Social Security numbers are sold by criminals on the dark web for just a few dollars.

Because Social Security numbers have become all-purpose identifiers — something they were never intended to be, by the way — criminals can use a purloined number to get jobs, steal your tax refunds, receive medical care and apply for credit, among other misuses. They also could pretend to be you if they’re ever arrested, something known as criminal identity theft.

Freezing your credit reports will help prevent someone from opening new credit accounts. Credit freezes typically won’t help with the many other types of identity theft, however.

If you haven’t already done so, create a personal account on Social Security’s site to check your earnings record. If what you see doesn’t match your own records, contact the Social Security Administration by calling (800) 772-1213. If someone used your Social Security number to work or get your text refund, contact the IRS at irs.gov/identity-theft-central or by calling (800) 908-4490.

You also can report the fraud to the Federal Trade Commission at IdentityTheft.gov, a site that will create a recovery plan to help you navigate the next steps.

Q&A: Worried about identity theft? Here are some things you can do

February 28, 2022 By Liz Weston

Dear Liz: Last week I received my annual mortgage interest report. The envelope was not sealed and my full Social Security number was exposed. Two days later, I received an e-mail from PayPal for a purchase made online in my name with a different address. What do I need to do to protect myself from identity theft and are there any penalties my mortgage company could face?

Answer: The penalties for exposing your information depend on your state’s laws. You can contact your state attorney general’s office for more information.

At the very least, consider reporting the issue to the mortgage company and demanding that your Social Security number be redacted in future mailings. Better yet, see if you can go paperless and download your tax documents, a process that is typically more secure than having your private financial information sent through the mail.

It’s entirely possible the fraudulent purchase was unrelated to your mortgage company’s sloppy practices, but you should still take steps to reduce your odds of being victimized again. Obviously, you need to change your PayPal password but you should also make sure all your accounts — especially your financial and email accounts — have unique, complex passwords. A password manager such as LastPass or 1Password can help you keep track.

Good computer hygiene also can help reduce your risk. That means turning on your computer’s firewall, using a secure browser and keeping that browser up to date. Update and frequently run antivirus software as well.

Another important step in reducing identity theft risk is freezing your credit reports at all three major bureaus: Equifax, Experian and TransUnion. This should prevent someone from opening a new fraudulent credit account in your name but won’t prevent account takeovers, such as what may have happened with your PayPal account.

Detect account problems as quickly as possible by regularly reviewing bank, payment and credit card transactions. Consider putting alerts on your accounts for foreign transactions or transactions over a certain size or signing up with a credit- or identity-monitoring service.

Q&A: An emergency kit document hack

February 24, 2020 By Liz Weston

Dear Liz: Thanks for answering my question about storing hard copies of financial services records for emergency preparedness. My wife and I finally reached a compromise: We printed out our account numbers, but we attached code names to them that only we would recognize. Now both of us are comfortable that even though someone might have our account numbers, they’ll never know which financial institution to contact.

Answer: That’s a terrific compromise that keeps your important financial information accessible to you but not to an identity thief.

Q&A: Credit freeze may be inconvenient, but it’s effective

July 9, 2018 By Liz Weston

Dear Liz: Is freezing one’s credit reports the safest bet even though it’s inconvenient to get it temporarily unfrozen? Plus you have to pay a fee. At my son’s urging, I had my credit reports frozen since the Equifax incident but I find it very inconvenient whenever some financial firms need to look into my credit score.

Answer: Credit freezes remain the best way to prevent new account fraud, which is when criminals open up bogus credit accounts in your name.

It is somewhat inconvenient to have to remember to thaw the freezes when you apply for credit or other services, and you have to keep track of the personal identification numbers (PINs) that allow you to do so.

The good news is that the fees for instituting and thawing freezes will go away as of Sept. 21. The Dodd-Frank reform that Congress passed this spring included a clause requiring credit bureaus to waive those fees.

Q&A: Credit alert or phishing scam?

May 22, 2018 By Liz Weston

Dear Liz: I received a notice from one of my credit card companies stating that they had noticed something amiss in my credit, though not related to their card. The notice suggested I check my credit reports, which I did. Nothing showed up on the reports that was of concern. What else should I do to ensure my credit stays secure?

Answer: Vague “alerts” are a hallmark of phishing emails that are trying to get you to reveal personal information.

If you followed a link in an email to view your credit reports or accessed them on any site other than www.annualcreditreport.com, you may well have handed your Social Security number and other vital data to an identity thief.

If that’s the case, you should freeze your credit reports to prevent the thief from opening new accounts in your name. You might want to do that anyway, given the prevalence and severity of recent database breaches.

Q&A: Ease identity theft fear by checking your credit report

January 22, 2018 By Liz Weston

Dear Liz: I am suddenly receiving junk mail addressed to my estranged brother at my house. I’ve been in this house for 15 years and have never before gotten mail addressed to him. Is it possible he applied for credit or something similar using my address? He has always had money issues.

Answer: It’s more typical for an identity thief to divert a victim’s mail to his own address than to cause junk mail to be sent the victim’s way. Still, it can’t hurt to check your credit reports via www.annualcreditreport.com to see if there are any accounts or activity you don’t recognize.