Step-by-Step Process for Identity Theft Recovery
You are at risk of identity theft if you have lost your wallet, if you or someone else has misplaced important documents with your personal data, if your email or online account has been hacked.
Identity theft may affect you in various ways – from getting a nasty status on your social media to heavy financial consequences for you and/or your friends and relatives.
According to Javelin in 2018 there have been 16.7 million victims of identity fraud in the USA alone, resulting in a total loss of $16.8 billion for the consumers.
As can be said for most risks for your wellbeing, the best measure you can take to fight identity theft is prevention.
This article goes through the possible emotional, institutional and financial results of identity theft. Read on to learn how to prevent it or to mitigate its consequences so you can continue on with your life.
Step 0. IDENTITY THEFT PREVENTION
Once identity theft has occurred, you are likely to suffer some financial consequences. You need to make sure you take all preventative measures to avoid it from happening in the first place.
Did you know the word ‘Password’ was among the five most popular passwords of 2014? Thankfully, since then most software and online platforms have been banned from accepting weak passwords.
A sequence of numbers only, a readable word, your birth date are all very bad ideas.
Why do you need to use characters, capital letters and numbers in your password and make it at least 15 symbols long?
Because there is software which has the only purpose to test your account with every single password out there, starting from the word ‘password’, and continuing through all simple combinations.
Making your password longer and more complex assures that software will take unreasonably long time and resource and makes breaking in your accounts not worth it.
Multi factor authentication
Another trend in recent years from software providers is to offer two-factor authentication. With some, it is advisory, with some it is required.
Our advice – always look for two factor authentication option. In fact, if the software you are using is not offering TFA, avoid using it, if you can find an alternative.
Why use two-factor authentication? Well, it often happens that identity theft happens in the domino effect. Once a fraudster gets access to your email, they immediately can take over your social media, your online banking and your other accounts, via the ‘forgotten password’ functionality.
That is, unless you use two factor authentication. It will be a little more difficult to gain access to your email account AND your smartphone, let alone your fingerprint.
Go for as many protection levels as you can.
Secure your devices
When you think of security you are probably mostly thinking about your laptop or desktop computer and you more rarely think about your smartphone or tablet.
With people using smart devices more and more often to log into social media, for online purchasing and online banking, as well as for two factor authentication, you need to make sure you are using as many safeguards as possible.
Install multiple locks, use complex patterns, passwords and fingerprints whenever possible. Encrypt your data if your device allows it. Avoid using public Wi-Fi, especially from questionable sources.
Sign up for account alerts everywhere
Make it a habit to be careful about suspicious activities. Your bank, your browser and your social media will have mechanisms to detect patterns of questionable behavior of your account.
Whenever they ask you if you are interested they get in touch to make sure you approve of a certain activity, take it. Via a phone call, a text, or an email, whatever they offer. Better safe than sorry.
If you provider does not offer such alerts, check the logs for yourself. Look for suspicious patterns, unknown counteragents, physical addresses, IP addresses.
Freeze accounts you are not using
In some countries you can freeze your credit so no one can apply for funds on your name. It is always a good idea to explore this option, especially if you have been notified by any of your providers your personal data has been involved in a data breach.
This is not only applicable to your financial credit status. Most of us have their credit card information saved with a provider they no longer do purchases with. Weather it is a popular e-commerce place, a smart phone application store, or your local pizzeria, if you are not ordering, remove your credit card info.
Avoid popular fraud techniques
Never give your credit card information over the phone, especially if it was not you who made the call. You have an outstanding bill? Your service will be cancelled? If you receive such a call, politely decline to give your information over the phone.
Get out of the phone call, check for yourself, then, if you have to, doublecheck the official phone number of the company and call yourself.
Avoid phishing. Whenever you receive an email that you need to update your password, never click on the link to get to the site. It could be forged. Make it a habit, if you see such a letter, to log into your account separately – surely you have other access to your login URL?
You have bookmarked it or written it down. Check if you have any issues in your backend. Make a call if you have to. If the email proves to be false, report it.
Step 1. QUELL THE FIRE
Whenever you find a fire burning, the first thing to do is sound the alarm.
Your first contact should be to the company where you have noticed the damage is being done. Let’s say your Facebook account has been hacked and you are seeing foreign activity occurring on your behalf, messages are being sent to your friends, pages open on your name etc. Contact facebook first.
If you are not recognizing activity from your bank account, contact your bank.
If it is possible, try to talk to the fraud department directly. You want to avoid to be given the runaround, to ‘try and make sure’ fraud is occurring. The specialists will recognize the signs right away.
Try and identify how the unauthorized access turned out to be successful. Did someone learn about your password? Was it a brute-force attack? Did someone hack into your email and change your password? Did someone get into your phone?
Look for replaced contact information.
If you cannot recognize what is causing the issue, change:
- all your passwords,
- safety questions,
- the phone number and email, associated with the account,
- your PIN
- redo your fingerprint settings
Learn about your national anti-fraud database
If you are located in the USA, you can contact a credit bureau to place a free 90-day credit report freeze. Before anyone applies for credit on your name, your credit report will pop up, with the fraud alert on it. Not only does freezing the report prevent anyone from creating new accounts on your name, it may ultimately help solve the crime altogether.
You can contact ANY of the three credit bureaus: Experian, TransUnion or Equifax. When they are contacted about a fraud alert, they are obliged to forward the information to the other two. Just watch for that confirmation letter. If anyone tries to open a new account on your name, businesses will be forced to make a very thorough identity identification and you will be contacted.
The greatest risk for your financial wellbeing is in the first month after the identity theft has occurred. Make sure you obtain your credit report and check your financial score. Since the freeze only takes place for 3 months, it is a good idea to make a habit of regularly reviewing your report and making note of any unrecognized transaction.
In the UK, there is a fraud prevention service, called CIFAS. It operates a database, referred to by most financial institutions and business in the country – telecommunications, insurance and others.
If you have become a victim of identity theft, you need to report to your bank or any other member of CIFAS. They will report the crime to the police and enter the information in the database. If anyone tries to open an account in your name the Database will give information for the prior infraction.
In the Netherlands, applicants for financial aid, and, in fact, many other financial transactions, have to have their identity verified against the WID, which involves referring to a database of lost and stolen documents.
In France, all applicants for bank account must provide a photo ID and proof of their residential address.
In Belgium, the national identity card bears an electronic signature, and bank account application can only happen via the chip in the card – face to face, or remotely, the applicant must submit an electronic proof of their identity and address of residence.
Learn the procedure in your country and make sure you, via your financial institution of choice, enter information about your identity theft in the national database.
Report to the police
In most other cases contacting the police will have absolute priority. Contacting your financial institution before the police, only takes that priority because of its preventative nature. In most cases, defrauders will be in a hurry to reap the benefits of their new identity.
However, contacting the police is still a very important step. In fact, it is your ultimate proof a crime has been committed against you, and therefore you must take it seriously.
Make sure you create a thorough account of the accident for the authorities. Report the issue immediately, and then offer the police to provide additional evidence.
Get your timeline straight.
- What made you suspicious in the first place?
- When did you know for sure?
- What proof do you have?
- Make a list of your financial accounts you believe are at risk.
- Make a list of the financial and non-financial institutions you informed.
- Make a list of the preventative measures you had taken to secure your identity.
- Make a list of all measures you have taken after you have discovered the breach.
After you have submitted your full police report take a copy and any proof of it being filed in. A number, a note, a document. You will need your receipt for future fraud recovery procedures.
Step 2. DEAL WITH THE DAMAGES
Once you have taken all emergency measures it is time for recovery. Take a deep breath, you will be dealing with this for a while
You have entered the database for fraud alert and reported the identity theft to the police. Ask and try and find proof yourself of the accounts that were opened in your name.
Give priority to financial institutions. Don’t shy away from any sort of precautions. If you feel your free credit report is not giving you enough information, it did not get to you in time, or you did not manage to get your hands on one, just call most financial institutions you can think about and ask them if they have accounts on your name.
More often than not, institutions will not have the right to decline you that information.
If you are being given the runaround, put your police report into force. Provide copies and ask for cooperation.
For all bank accounts that you do find, make sure:
- You are not liable for the account
- All fraudulent activities are recognized as such and no legitimate activities you might have with the same institution are recognized as valid
- None of the received funds are left at your credit
- None of the financial consequences of creating the fake accounts can affect your credit rating currently or in the future.
All of those confirmations you must have in written form.
It is not only your financial accounts that are at risk. Make sure you contact telecommunication companies, providers of health insurance, including medical insurance, and social media.
Check your online accounts for new pages, websites or other similar digital accounts opened in your name. Close any accounts you do not recognize.
Keep track of all affirmative and negative responses of the question: ‘Do I have any account open on my name?’
Follow the same procedure of all accounts you do use. Make sure all contact information is correct – the physical residential address, the phone number, the email address.
Make sure no alternatives are added. Something as simple as an added alternative email address will leave the fraudster an open door to hack your account all over again – they just need to declare they no longer have access to the primary email and request a ‘lost password’ URL.
And if you have been so careless as to leave your account without two factor authentication, it is a perfect storm. And you are asking for it.
Refuse debt association
Debt can be bought and sold and resold and re-resold. Your fraudulent debt might end up in the hands of debt collectors that are not completely educated on how to handle it.
Worse, they might be ill-intended. As it often happens, dept collectors often insist on collecting non-legitimate dept for example debt for medical expenses, the rights for which have expired.
You are at risk of being asked for debt collection any time the collective debt changes hands. Make sure you keep your police reports and proof long-term to avoid unpleasant phone calls with insistent agents.
Replace your ID
If a photo ID of yours has been used to perform the fraudulent actions, make sure you replace said ID.
Replacing your ID card will ultimately give you some peace of mind you are relatively safe from future consequences
Prevent criminal charges
Make sure you are completely freed of all criminal charges. Find the right time to ask the police about their opinion. If you sense the slightest hint they could believe you are behind the entire financial or insurance fraud strategy, hire a lawyer.
If the fraudster has been caught, arrested and/or convicted, ask the authorities for copy of the official documents stating their involvement in your case. You might need this in the future.
Take care of your mental health
Becoming the victim of identity theft is usually perceived to ‘come out of nowhere’ and then has long term consequences for those affected.
One day you are living your life, the next day you are being defrauded of your personality, your money, and your basic rights. You are forced to spend time and money to prove you are indeed yourself to the same authorities who issued your ID in the first place.
You find yourself digging in old papers for your birth certificate, tracking registers of financial institutions, drinking coffee behind your computer screen, endlessly checking all sorts of online accounts for any pattern that might tell you it has been compromised.
For the longest time afterwards you are experiencing paranoia, getting close to a panic attack any time you hear your phone beeping: ‘Is it a debt collector?’, ‘Is it an unauthorized access alert?’, ‘Is it the police?’, ‘How much more time and money should I spend?’.
You are catching yourself lecturing your friends they are being too careless with their security. You feel like you are losing your mind.
It is not just in your head. You are have become the victim of a crime, and you are at long term risk of financial and legal consequences. Do not hesitate to ask for help. You need to restore normality.
Becoming the victim of identity theft is indeed hard on your wallet, your calendar and your soul.
It is important to remember that you are not alone. You owe yourself and all other victims worldwide to fight back and report diligently.
According to a report of IdentityForce, about 1 in 15 people from the worldwide population of consumers has become a victim of identity theft, only in 2017. It is an increase of the previous 2016 with one million people.
Children are particularly at risk because of their easy access to online services and lack of foresight for the consequences of oversharing information. Over 1 million children have become the victim of identity theft in 2017 in the US alone, costing their parents more the 500 million dollars of consequences.
Every 2 seconds another person is victimized by identity theft. It is the most common result of data breaches – more than 30% of those affected later ended up reporting ID theft.
In most cases, it takes up to 3 months for the victims to realize the crime has occurred, but for as many as 16% of the occurred ID theft has not been discovered before the 3rd year of the offence.
Identity theft is becoming more common by the day. The main reason is becoming progressively more invested in our digital lives – online shopping, online banking, using online government.
The classic methods are difficult to carry out and benefit from – mail theft, impersonation and getting personal information from the source, document theft, wallet theft, purse theft or the so-called shoulder surfing.
Most of those no longer lead to significant consequences for various reasons including your data is being protected in many modern ways (such as two factor authentication).
However, it looks like we are enjoying our digital freedom more than we care to secure our access to the various services the online world provides us.
And it is not just the users. Security technologies, guidelines, codes of conduct and, most importantly, laws are more often than not applicable to the world wide web.
Governments and authorities are finding it difficult to keep up with the digital criminals Before they can study, categorize, ban or control such techniques as social engineering, key logging, spoofing, phishing, pharming or phreaking, allowing crimes to happen before users could even recognize the threat.
The only possible solution at this point is to try and stay on top of your game. Be curious, be educated, and know the large threat is worth your time. Leave those notifications on, use your strong passwords, and keep your eyes open.
In Redwood City (CA), we met with Rajeev Goel, Co-Founder and CEO of PubMatic, a leading marketing …
Etsy is a popular ecommerce platform that serves a niche market of sellers. In this article we …
Would you deny yourself a chance to take a winning lottery ticket if someone handed it to …