Skip to comments.What to do in case of identity theft? (Vanity)
Posted on 01/11/2013 10:15:07 AM PST by CowboyJay
Over the past month or so, a couple strange things have happened.
First, somebody attempted to hack into my facebook account from somewhere in Arizona.
Then a couple weeks later, I got a call from an Arizona number, but when I attempted to call it back 15 seconds later I got a disconnect message. I then attempted to call my voicemail, but get this, the pin on my voicemail had been changed.
It appears somebody may be trying to steal my identity. Why, I'm not sure, as I don't even want to be me half the time. But I'm still concerned. They're sophisticated enough to hack my FB account and my Verizon account.
Any FReepers out there who've gone through similar issues care to share what I can/should do to protect myself? Is there a law enforcement agency I should contact that deals specifically with this kind of thing?
“Try” is not yet “Done”! You’re lucky thus far. ASAP change all your passwords to strong ones (there is plenty of info out there about what constitutes a strong password.) Check the status of your credit card accounts.
Second, change all of the passwords.
Third call the three credit bureaus, tell them you are a fraud target and ask for free copies of your credit report and a fraud watch. They may require a police report. If they do it might be easier to do LifeLock or some other fraud protection service.
Call your banking institutions on the phone and tell them you are a fraud target. They often have special password procedures or policies to protect you and them. If this person gets access to your banking info the only thing you are liable for is usually your debit card and pin. Stolen credit card info, withdrawls through third parties like Well's Fargo, etc. are the bank's problem.
Funny you should mention this. Several days ago both my wife and I received letters allegedly from Experian on official-looking stationary regarding our credit scores. The letters asked us to supply to a certain address our social security numbers, two credit card numbers, dates of birth, and several other things. Why would Experian want this if they already have my credit record? I smelled a rat and tossed them.
I agree with Red Badger — just give a call to your identity theft protection agency. If you don’t have one, get one now. I use both LifeLock and Discover, since I’m on the internet so much.
Kaspersky Internet Security helps too.
More. I had my identity stolen twice via malware. Didn’t cost me anything (the credit card covered the loss), but it got my e-mail address on the mailing list of the computer company from which the thief bought $200 worth of equipment. Nowadays I use Avast and Chrome, which protect me pretty well live, and frequently run Malware Fighter, Malwarebytes and Spybot on demand (all of the above free.)
Any stalking victim will tell you that the first and best thing to do is go to the police as soon as you can and develop a timeline. That “someone” may be someone who has it in for you, and this may be only the beginning. If problems escalate along the lines of stalking, Freepmail me.
1. Set a fraud alert with the major credit bureaus. This is free to do. All you have to do is call one of the bureaus or visit their website and answer the questions. You dont even have to speak to a person. The alert is then passed from the bureau you contacted to the other two you dont even have to contact the other two, its done for you. The alert is good for 90 days and lets credit issuers know that you may have been the victim of fraud and that they should request additional information or documentation before issuing credit. It doesnt stop the issuance of credit but it does, if followed correctly by the issuer, cut down on incidents of identity theft. You can renew the alert every 90 days.
2. Remove your name from pre-approved credit card offers and other junk mailings. Contact Opt-Out PrescreenDirect Marketers Association to be removed from many junk mailing lists. The DMA is the largest database used by solicitors, so opting out with the DMA greatly reduces junk mail. Read the privacy policies of companies you do business with and find out how to let them know that you dont want your information shared. If you get junk mail with a prepaid mailer, you can stuff their materials into the envelope and write, Remove me from your list on the material. This usually works, although it may take awhile. Make certain when doing business online that you uncheck any boxes that say, Contact me with future offers, or similar. Many websites pre-check these for you in the hopes you wont notice, leaving it to you to opt out of their crap.
3. Order your free credit reports and set up a monitoring cycle. You are entitled to one free credit report per year from each of the three major credit reporting agencies, Experian, TransUnion, and Equifax. You get these reports through AnnualCreditReport.com. Only use this site. Others that sound similar require you to pay. But dont request them all at once. Since you can get one per year from each service, you can request one every four months to keep a constant eye on your credit. So, for example, if you request from Equifax in January, wait until May to request one from TransUnion. Then request one from Experian in September. Then, when January rolls around, you request from Equifax again and keep the cycle going. This means youre seeing your credit report once every four months which lets you catch potential problems quicker than if you look at it only once a year or less often.
4. Keep records of your credit card numbers, bank accounts, insurance cards, and drivers license information (and contact information for each agency) separate from your wallet or purse. Make photocopies of sensitive items that you carry and keep them in a secure location separate from your wallet. If your wallet or purse is stolen, you can quickly contact each bank and card issuer and notify them of the theft so they can shut down your accounts and open new ones.
Freeze your credit. This isnt free, but the peace of mind is worth it. It is similar to a fraud alert except that it cannot be ignored by a lender. A fraud alert merely tells a lender that you may have been a victim of fraud and that they should request proper identification and verification before issuing credit. However, a freeze locks your credit file so that it cannot be viewed at all unless you unfreeze it. There is a fee to freeze your credit and another fee when you want to unfreeze it, so if youre actively pursuing loans this option isnt for you. Freezing your credit also means that you cant be spontaneous about getting credit. If youre shopping and see a great same as cash deal or want a store credit card, youll have to wait because youll have to unfreeze your credit before you can apply. Freezing and unfreezing arent instant there are a few days of processing time so be prepared to wait if you need credit in a hurry.
Thanks for the replies and advice. I’ll call my banks and the credit bureaus.
Any specific law enforcement agency I should contact beyond the local police?
“Any stalking victim will tell you that the first and best thing to do is go to the police as soon as you can and develop a timeline. “
Agreed. And whether stalking or just old-fashioned identity theft or other mischievous behavior, create a record. Report the hacking attempt to Facebook, your voicemail account, and other service provider where you had an account that was effected, and be as detailed as possible.
Also, you can make a complaint online with the Internet Crime Complaint Center (federal agency) known as IC3 which will provide you with a reference number, and forward your complaint to the appropriate authorities if warranted.
I would go a step further and have the credit bureaus freeze your credit file. See the Clark Howard page on credit freezes. You have to unfreeze the credit file to get any credit, but it keeps anyone from borrowing from a bank which checks the credit reports. A fraud watch does just about nothing unless the bank is really paying attention, and so many transactions are automated that a person might not even give an application a cursory glance.
Any specific law enforcement agency I should contact beyond the local police?
Yes, Internet Crime Complaint Center (IC3)
My credit card company required a police report which I obtained by calling the local cops, who readily admitted that they get a couple of hundred such calls a month and don’t follow up on any of them.
“by calling the local cops, who readily admitted that they get a couple of hundred such calls a month and dont follow up on any of them”
Unfortunately, these cases rarely become high priority — or even any priority at all — as a general rule among law enforcement; however, it’s still important to make the record. For example, some credit cards or insurance companies may not provide reimbursement without a police complaint. Moreover, the federal agencies like IC3 or FTC use reports made in their online databases in order to determine which complaints to investigate. For example, if some telemarketer number or spammer IP or email address is reported in large numbers and is associated with egregious complaints, then it will likely become an eventual enforcement target. So it’s still important to report the matter.
My credit card company had me do the same.
Poor cop tried to hand write all of the fraudulent charges. There were 5 or 6 pages worth of transactions. I gave him the bank statement :)
Keep a very close watch on all charges to the card no matter how small.
Protect yourself, mitigate damages as best you can, jump thru untold hoops, then................ Find the bastard who stole your identity, then torture him.
“Keep a very close watch on all charges to the card no matter how small.”
Excellent advice (same with the telephone bill on which unauthorized charges can get placed) . . . a lot of times fraudsters will test run their schemes with a test involving a small transaction to see if it gets noticed by the victim.
I guess I was fortunate. $200 one time, one thousand the other time, both times to the same bank’s credit card (which was changed by the bank after each occurrence.) Still, I didn’t panic, didn’t contact the credit rating bureaus, have never worried about my credit rating number, which is another product invented in recent years to sell to you, and have been getting new credit card offers weekly since then (5-7 years ago) without interruption.
I think mine was being used by several individuals at the same time. There were charges from many western European countries. itunes, games, hotel rooms, rental cars even dating services. I forgot the exact amount but it was well over $2K and it happened very quickly. A matter of days.
The Arizona number wasn’t really disconnected; that was just an outgoing voicemail. The phone company will have a record of who owns it, but good luck getting that information.
Bump for later.
“The phone company will have a record of who owns it, but good luck getting that information.”
Right. The phone company will only release the info in response to a subpoena from law enforcement or pursuant to civil litigation.
If you want, you can bring a John Doe action against the hacker and the voice mail number, and then serve a non-party subpoena against the internet service provider associated with the hacker’s IP address and the voice mail provider to get the info. Sometimes your local court clerk can be helpful in pointing you in the right direction to get all the filings together but it will cost perhaps a grand or two with the filings and to pay for someone to provide service of the non-party subpoenas particularly if they are out of state and are challenged. I’d recommend at this point just providing all the data you have to IC3, and hope for the best while keeping an eye out for the worst.
Read recently that Identity Guard is much better.
Anything is better than nothing.......
My son recently had a break in and lost about $500 in property. He had an iron clad way of tracking one of the electronic items, but the cops said it wasn't worth their time.
They only act if: there is a possibility of a fine (or other $$ windfall for the PD); there is a chance at positive publicity; or a cop is the victim.
Yep. Mine had a few fishing transactions then they tried to run a hotel bill and other stuff in Lisbon Spain. My bank quickly nipped it in the bud.
Accelerate to a speed that allows you to go back in time to 48 hours before the theft occurred. (The acceleration works, I’ve seen superman do it - though on his own power)
Then hire LifeLock.com to prevent problems.
This is the fastest way (no pun intended).
Most virus checkers won't stop a keylogger. My daughter's laptop was showing problems. I started my search. In reviewing text (*.txt) files by date and size, I found a text file full of all her recent keystrokes. Spooky!
Any in your house that had physical access?
I do IT security work so i seen lots of this. You’ve probably been infected with keylogging malware (computer viruses) and your information you use in online banking and purchasing has been stolen. Sometimes malware is not that easy to remove even with decent tools but, you should definitely make sure you’re running a traditional antivirus like program. I prefer “Norton Internet Security” but, it’s only one layer. You need more. You should also consider installing Spybot (http://www.safer-networking.org/) and MalwareBytes free version(http://www.malwarebytes.org/ and scan your computer with them asap. Another thing i’d advise but, it really requires someone familiar with malware remediation is to run a program like “Autoruns” (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) to inspect the startup environment (registry, services, scheduled tasks, etc..) for lingering malware execution paths. If you can’t get the malware removed then you’d have to seek a technicians help or restore your computer from the restore disks.
After you get it cleaned consider running your web browser(s) “Sandboxed” in an install of Sandboxie (http://www.sandboxie.com/) with it set to discard the contents of the sandbox on browser close. Browsing the internet from an un-sandboxed web browser has become too dangerous IMHO.
Here's the logic I used to find the file on my daughter's PC. After a couple minutes of keyboard use, the file created or updated by a key logger would display a real recent 'Date modified' in Windows Explorer. I did a search in Windows Explorer for *.txt, using the search entry box in the upper right hand corner. After several minutes, the list was compiled.
Click on the 'Date Modified' column to sort the list by newest first. Then open up the top 10 to see what's in the files. If you a key logging file, it should be easily recognizable.
Hey I got Sued (3 different Law Firms, 3 different States, GA, TN and TX) and didn’t have a clue about what the hell they were talking about.
Some Clown pretending to be me and also pretending to be some Company in Corpus Christi generated humungous unpaid bills ... they went as far as sending the Law Firms their 10% Collection Fee in advance... I spent a day getting grilled by a team of ASSHOLES (they had reams of Invoices) when they get a call from the Bank that “The Check” (Their Collection Fee) bounced... non-existing account. It took the Bank 4 days to figure out the check was bogus.
I ate Prime Rib that evening.
The attempt to hack your Facebook was an attempt to get more personal info to continue their rampage.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.