Controlling your online identity is important but it’s also a lot of work. Between managing your social media, personal websites, business identity and all of your online finances, it can be exhausting; and sometimes, things slip through the cracks. Occasionally, a slip leads to having your identity stolen. I know, because it happened to me…twice.
Having your identity stolen is both completely horrifying and a total pain to deal with. It happens a lot, not just to me personally, but according to USA Today, 15.4 million other people were the victims of identity theft in 2016 alone.
All 15.4 million of those people, myself included, can tell you that there are many paths to becoming the victim of identity theft. En masse, we regularly engage in careless online behavior that can lead to identity theft. It can be something as simple as setting weak passwords or your credit card number given to a website that might not be quite so legit when you scratch the surface. Maybe you’ve been a careless shopper or clicked a link in a dubious email. Or as is the case in staggeringly increasing incidents, through no fault of your own, your info was exposed in a data breach and sold.
For those of us who do make mistakes or are simply unlucky and find ourselves on the receiving end of such an incredibly personal cyber crime, it is important to demystify the steps to cleaning up the problem once our information is out in the world. Below is an account of one of my identity thefts, a step-by-step guide to undoing the damage and tips on prevention.
The following is a personal example of how identity theft can happen and what you can do to act quickly and effectively to fix it.
The first occurrence was a combination of the credit card; Amazon and eBay fraud that I still to this day cannot wrap my head around. The person impersonating me bought a near lifetime supply of MMA brand shorts on eBay and Amazon.com and had them shipped to a receiving service that operates locally in the US which ships internationally to send them off to their new mixed-martial arts-loving-life.
I discovered the breach via several email notifications of purchases that all happened within a minute of each other. My eBay and Amazon accounts had been breached and the credit card I had on file was used. I was lucky that the purchases were so uncharacteristic that I never doubted that I hadn’t just bought a lot of gym shorts I’d forgotten about and was able to move quickly.
What I did
Having your identity stolen makes you feel helpless and I wanted to regain a sense of control as quickly as possible so I did the two things I could do to stop the bleed as quickly as possible: reinforce security and contact everyone who was affected.
Cancel, update, and increase security
Once I determined that it was definitely identity theft and the scope there of, I immediately changed the password and login for the affected sites and studied my entire financial paper trail to see what had happened, where and which cards and accounts were affected. I enabled multifactor authentication on every account that offered it. Then, I called the credit card company to close the card that was being used and requested that a new card be shipped overnight.
Next, I wrote a form email to the sellers and proprietors from whom I had received notification emails. It said, “Dear Seller, My name is Kelly and my identity has been fraudulently used to purchase your MMA Shorts, please cancel this purchase, law enforcement will be notified shortly. I appreciate your time and cooperation. Thanks.” And I sent it to every single seller. Please feel free to use this template. The majority of the people I contacted wrote back immediately, confirming that the orders had been canceled and that they were happy to assist me further if needed. One seller was able to offer the little information they had about the buyer. A few never responded. Overall, I found that communicating quickly with everyone affected made the entire clean up process very smooth.
I knew that I had to involve law enforcement but wasn’t sure whom I should notify or to what extent. After a shockingly effective if not embarrassingly basic Google search “What do you do when your identity has been stolen?” I found a great article written by Maryalene LaPonsie for US News that walked me through the basic steps of how to deal with this day ruiner. I had already completed a few of LaPonsie’s recommended steps (canceling cards and changing passwords) but she also includes contacting local police and filing a report online with the Federal Trade Commission. The latter step may vary from country to country, but in the United States, filing an FTC report is key.
The FTC report is extensive and I recommend printing or downloading a copy to take with you to file your police report. Also, when filling the FTC report, providing as much detail as possible is key as it may prevent this same crime from happening to others.
After you have completed the FTC report, contact your local police division to file a report in person or online. You will need to provide a copy of the FTC report while filing the local police report.
Lock your credit down
The last step was to set up a credit freeze so that no one could open a new line of credit, apply for a loan or in any other way destroy my financial life. The freeze works by shutting off any information on or access to new lines of credit or new accounts linked to your social security number. The freeze is available for one or more years and most services allow you to lift it at any time. I also recommend setting up a credit monitoring service as a basic precaution.
The Steps Review
- Determine all affected accounts and cards. Go through every single piece of financial information to compile a history of the offense.
- Close any accounts and cards as necessary. Request new cards.
- Update and strengthen all passwords, logins and select multi-factor authentication.
- If possible, directly contact the affected merchants. This can help stop the problem, and make it easier to clean up.
- File a report with the FTC (if in the US) or relevant regulatory body in your region
- File a police report
- Freeze your credit
- Select and activate a credit monitoring service
The best way to prevent most identity theft is to be prepared for the possibility that it could happen by being mindful of these six tips:
- Cultivate good personal security. Multiple, strong passwords and multifactor authentication are a must.
- Do not provide any sensitive financial information via email – especially not to a service or financial institution, which will never ask for this information in such an insecure format. If you receive an email making that request, it is very likely a scam.
- Be careful what emails you open. Often, bad actors will mimic the email addresses of companies you have accounts with fairly convincingly. If you get an email asking you to click a link to correct a financial or identity issue, don’t click. Instead visit the website directly and check in there.
- When shopping online with unfamiliar vendors, take a moment to run a search on the shop before entering personal information. If it has a bad reputation or has a history of involvement in identity scams, you will likely see it on the first search page.
- Be aware that your card and account numbers can be stolen offline as well, via card skimmers fitted onto atm machines or mishandled receipts and personal mail.
- If possible, have a single card that you use for online purchases or anywhere that you might consider high risk.
At the end of the day, regardless of how big or small the crime, having your identity stolen is frustrating and more than a little scary. Maintaining control of your online identity, regularly updating passwords and generally being mindful of whom you give your personal information to online and off will go a long way toward protecting you from identity theft.