This, dear readers, is how to prepare for, and deal with, identity theft.
Someone, persons unknown to me, pretended to be me in order to attain credit at department stores and buy things. Expensive things. Really expensive things.
How'd they do this, JRub?
They had my name, my SSN, my phone number, and a driver's license with my current address. They walked into a few really swish department stores and, pretending to be me, tried to buy designer-label goods. Little do they know I'm an Armani or a Zegna kind of man, and clearly not a Ferragamo or a Paul Smith dude. Pfft. Idiots.
How'd they get that info!?
I haven't a clue. I have some guesses, all semi-educated, as to how they might fish up my personal info. But lets leave it at that - they got it, and they used it.
Very little. Most credit for this schmuck was denied. And I found about it out so quickly that the door of felonius opportunity slammed shut so fast that the dumb bastard couldn't get away with very much.
How'd you find out?
- I subscribe to a credit-monitoring service (see below) and received an alert of several credit inquiries against my report.
- One of the retail stores called me to ask ..."if I still wanted the Ferragamo". I did not; That was not me; I was not in the store that day (or week, or month). This confirmed the credit-monitoring alert that someone was pretending to be me. I got as much information as I could from the store clerk who called me.
- I received a letter from another retail credit company asking for verification of identity. Again, it wasn't me.
- Once I knew there was fraud going on, I called each and every credit fraud dept at each business for each incident of which I was made aware by the credit monitoring service. I asked for as much information from them as possible and answered all of their questions.
How to protect yourself before any fraud occurs. Or: the paranoid, proactive part of the story
Years ago I purchased a subscription to one of those credit-monitoring services. Whenever there is a change of any kind to my credit on any or all of Experian, Equifax, or Trans-Union reports, I receive an email indicating the change and the approximate date of activity.
This, it turns out, was a wise move:
- Good: I received an email within days of several credit inquiries against my credit history.
- Bad: Some (but not all) of the reporting was up to 4 days behind the actual credit inquiry event, and two days behind a fraudulent credit event. I'd have liked the notification to have been within hours of every, and not just some, activity, but: a few days at most is better than nothing, or than a month.
- Summary: GOOD, because I found out that something fishy and illegal was going in within days, and not weeks, of the event(s). I was able to respond very quickly and shut the door of criminal opportunity.
What happens when someone steals your identity (Or: the reactive part of the story):
- As soon as you get notice from your credit-monitoring service (usually via email, but you can get notices via SMS) that funny business is going on with your credit history, read:
What to do if your identity is stolen
- Place a fraud alert on your credit reports at all three agencies.
- Place a security freeze on your credit reports at all three agencies.
- Immediately, and I do mean immediately, contact the creditors' credit-fraud departments and get the credit lines canceled (or suspended).
Get as much information as you can from them as possible as to what information the thief had, what they purchased, when, and where. Get the mailing address and email (or fax number) of the credit fraud department, and if they have their own fraud claim form, have them send one to you. You'll need the information you receive from them in later steps, below.
- File a police report with your local police. (I walked to my local police station with all the paperwork I needed, organized, and prepared. The officer was very helpful: I made his job easy and he went the extra mile for me).
- File an FTC Identity-theft complaint form. You can use this to help get the fraudulent credit canceled by the creditors as well as removed from the credit agencies' reports. This is where you'll need the information you asked for from the credit fraud department (above).
- Send a copy of the FTC form, and any police reports if available (you should at least have the report or case number) to the creditors' fraud claims department. Send it via fax, email, and regular mail. If the fraud department(s) have their own form, of course fill that out and return it as well.
- Contest any fraudulent credit reporting with each credit bureau. You may need to send them copies of the reports as well.
- Don't let up until the fraud has been removed from your credit reports, and you're not responsible for paying anything. Not one thin dime. Keep contesting the credit report, and keep at it.
- Watch your mail over the coming months. You may receive a bill for credit you've never asked for, or a letter requesting clarification of identity, or a bill for some new service, or a collections notice. This is indication of additional fraud the credit monitor may not have picked up or been alerted to, and you'll need to act.
In summary: Do not fuck around. Act, and act immediately. Show the world (and the would-be creditors, and the credit bureaus) that you are like-a-goddam-heart-attack serious.
Can't I get a free copy of my credit report?
Why yes; yes, you can. Read here for more info:
What else can I do to prevent loss, web identity theft, hacking, or other financial damage?
Here are some general tips that can help you reduce the probability of significant financial loss.
- Register with a credit-monitoring service that covers all three major bureaus, or with the credit-monitoring service of one (or all) of the credit bureaus.
- If the monitoring service alerts you to activity that you did not initiate, act immediately. (see above)
- Use complex passwords for every website you use.
- a simple password is one that reads like a real language or sequence: examples are "fluffy", "fido", "123 Main Street", "123456789", "1020304050" or even keyboard patterns that are easily guessed like "1q2w3e", "qwerty", "asdfgh", and so on. Also, any proper name like "Chicago", "Dixon", "Sacramento", "OMalley", "Goldberg", "Lee", "Twilight", "Harry Potter", "Serenity". Do Not Use These.
- a complex password is a password made up of a wild mix of UPPERCASE letters, lowercase letters, digits, and if possible symbols ("@#$%&_."). A great example of a complex password looks nothing like a real language: for example "nj2.TXd5", "A7&M20vkL", or "788$jK6b00Y4H!".
There are probably more things you can do to protect your credit and your assets. This is a good start.
There is no such thing as perfect security. But remember: "Perfect is the enemy of Good". These steps should reduce the probability that your online identity will be compromised.