Bass and I recently discovered that we were the victims of identity theft. Grr.
I received a letter from a bank saying they were so glad I was now a customer. Hmm...I didn't remember opening any accounts with a bank from three states away, so red flags went up immediately. We called to check into the situation and pretty quickly realized that it was fraudulent. (If you want to count how many times I use the word fraudulent in this post, we're now up to 2.) ;)
We told this bank that it wasn't us opening the account, and they marked it as fraud and said they'd look into it.
As we waited to hear back, we didn't really think too much about it, until another bank called. This is where the whole can o' worms was opened and got dumped on our heads. Bank #2 was going to open an account but said not all of the info was lining up, so they tracked down our phone number to call to confirm.
To sum up: someone/someones had gotten our names, birth dates, and Social Security numbers and had been opening or trying to open accounts online at various banks all across the country. They were using false addresses (except bank #1 since that letter got mailed to our home) and other false info. At some of the banks, they only created online profiles and never actually opened any accounts. A few banks, they actually got checking accounts set up.
When I asked one of the customer service reps to help fill in the blanks, she explained that these folks don't want the checks or the debit cards... what they want are the bank account numbers. They then use those numbers to hack into the system and start shuffling money around to various accounts before finally getting it into "their" account and withdrawing it. I also asked how on earth they got our info since we're pretty picky about privacy, especially our SSNs. She said a company or institution probably got hacked at some point which is how they got our SSNs. These scammers then try to piece together as much info as they can to create a profile that they then start using.
Fortunately (the silver lining and God's hand of protection), they don't have any of our passwords or personal banking info, so we haven't experienced any financial loss at this point. I think we caught it soon enough that, hopefully, our info won't be used to cause anyone else financial harm either. It's just lots and lots of hours of time and lots and lots of paperwork to sort through and resolve it.
I hope and pray none of you ever have to go through this, but I did want to write a post with all the info I have come across to prevent and respond to identity theft in case someone out there needs it and feels as overwhelmed as we did.
(This is just me, friend to friend, sharing with you. This post is for informational purposes only and not for the purpose of providing legal advice. You should consult with your own lawyer if you need legal advice or services and follow up with the proper authorities if you suspect you are a victim of identity theft or fraud.)
How to avoid identity theft and fraud in the first place:
I thought we were good about protecting our identity and never thought we'd be victims in this type of crime. We're internet savvy.... Bass is an IT guy, for Pete's sake. I have tape over my webcam and hate even taping mailing envelopes shut because I'm afraid my fingerprints will transfer. lol (Paranoid much, right??) :) Honestly though, we shred our stuff, we pay cash for most of our expenses, we don't open email links, etc. Here are other things we were doing or could have done (from this site):
- Don't leave mail in your mailbox overnight or on weekends
- Deposit outgoing mail in U.S.P.S. collection boxes
- Don't leave your purse and/or wallets in unattended vehicles
- Shred unwanted documents that contain personal information
- Put your trash out on the day that it is collected
- Report lost or stolen credit cards to the issuer immediately
- Destroy expired/old credit cards and drivers licenses
- Memorize your Social Security number and passwords.
- Don't list your Social Security number on your checks
- Check your financial statements for accuracy
- Match credit card receipts against monthly bills
- Review your consumer credit report annually
- ALWAYS safeguard birth certificates, credit history reports, and any statements that contain personal information
* Consider subscribing to an online identity protection services (like LifeLock or Experian's option)
* Install firewalls (anti-spyware) and virus-protection software on your computer
* Don't respond to unsolicited requests for personal information
* Watch your wallet and purse when in public
* Don't give out passwords or pin numbers
* Cancel and then destroy unused credit cards
* Only shop on secure websites (https://___)
* Don't use personal info on public computers
* Use complex passwords with a combination of letters (lower & upper case, numbers, and symbols)
* Preemptively put a freeze on your ChexSystems profile and/or credit reports
And the biggest one... don't use your Social Security number unless you absolutely have to (ie employment, taxes, credit). Just write "refused" on the forms. If the company/institution tries to identify you in their system using your SSN, even the last four digits, take your business elsewhere. Legally, they're not allowed to use your full SSN as account/profile identification anyway.
A few other sites I found with helpful info:
It's a toss-up as to what to do first, honestly. It kind of depends on how you first discover the issue. The first 3 things on this list could be done in any order.
How to recover from and resolve identity theft or fraud:
#1 and so, so important...start keeping track of everything you do. Dates of when you discover the fraud, from where, who you call, who you talk to, what steps you're taking. Get as much info from each place as you possibly can. (But be warned that banks probably will tell you zippo even though it's your info on the account. lol) A detailed, itemized, every single thing, with the date type of list.
* Order your credit report (from Experian (currently under the reports & scores tab), TransUnion (currently under the credit report assistance tab) or Equifax (under the credit report assistance tab). You get one copy free per year from each of them. So you could stagger the orders and get a different one every four months, thereby getting three per year. But we found out that not every institution reports to all three companies so our reports were not consistent between the three reporting agencies. So you might just want to get a copy from each if you discover fraudulent activity.
* Order your consumer score report from ChexSystems (under "reports" choose "request your consumer score"). While the big three above deal with credit items (credit cards, loans, mortgages, etc), ChexSystems is a similar type reporting agency for your consumer items (checking accounts, savings accounts, deposit products). A lot of banks now use this to help prevent fraudulent accounts being opened. A lot, not 'all' as we discovered. :(
* Once you have your reports in-hand, hopefully they're in perfect shape with zero fraud! Hopefully. :) If not, your next step is to file a police report with your local police department. Carefully make note of any information that is incorrect or wasn't initiated by you. (Addresses, employment info, open accounts, closed accounts, inquiries (hard or soft).) If the fraud didn't occur in the state in which you live, the police report is more of a formality for the other reports you will need to file. Their hands are kind of tied if it's an out-of-state crime. Your local police might have a specific form for you to fill out, or you can just type up a timeline of what happened and give it them. Get the police report number, the officer's name, and a copy of the actual report (or a verification of it if they won't give you the actual report.) You'll need multiple copies.
The next big thing to do will be to place fraud alerts and security freezes on your credit and consumer profiles. Make sure you have a copy (either via postal mail or printed from online) of your credit and consumer reports before you place the alerts. (Fraud or security alerts require fraudulent activity to have occurred. A freeze does not necessarily require fraud to have happened for you to use it. Review each site's info to understand the difference. Keep in mind, too, that freezes lock your own self out too. So no applying for that Kohl's card to "save 15% today". You will have the option to unfreeze your credit or consumer profiles at any time, but there is a delay between unfreezing and using.)
* File an identity theft report with the FTC
* Place a security freeze at Experian, TransUnion, and Equifax.
* Place an initial 90-day fraud alert at Experian, TransUnion, and Equifax.
* Place a security freeze at ChexSystems.
* Place an initial 90-day fraud alert at ChexSystems.
Once you have your initial alerts and freezes placed, be sure to continue to answer phone calls from unknown numbers (it might be a bank confirming the freeze or alert with you) and open and check all of your mail. Even if it looks like junk. :)
The initial alerts and freezes should help stem the tide of fraudulent activity. But you're not done quite yet. After you get the police report and finalize your FTC report, you need to go back to the credit agencies and ChexSystems to dispute any fraudulent items. You want to dispute anything that shouldn't be there, because it can affect your credit score negatively.
* Dispute credit report items at Experian
* Dispute credit report items at TransUnion
* Dispute credit report items at Equifax
* Dispute consumer score items at ChexSystems
Resolved disputes should be acknowledged by mail. (We heard back from Experian within days.)
Then you can get an extended 7-year security alert placed on your profile.
You will need copies of all sorts of stuff (photo ID, utility bill with current address, Social Security card, FTC report, police report, notarized affidavit, etc.) Check each agencies requirements for what to include and mail in.
* Extended alert form for Experian
* Extended alert form for TransUnion
* Extended alert form for Equifax
* Extended alert form for ChexSystems
You'll also want to utilize identitytheft.gov's plan to help you draft letters and print items to send to any affected banks/institutions/agencies. Other than maybe contacting the SSA if your situation warrants it, I think that's about it. Easy peasy lemon squeezy, right?
I hope that helps someone out there....well, actually I hope this was a big waste of time because no one else ever has to deal with something like this. :D
Be safe, y'all!