Identity theft occurs when someone uses your personal information such as your name, social security number, credit card number or other identifying information without your permission to commit fraud or other crimes. If you have become a victim of identity theft you should:
Report the theft to the three major credit reporting agencies-Experian, Equifax and TransUnion Corporation, and do the following:
- Request that they place a fraud alert and a victim’s statement in your file.
- Request a FREE copy of your credit report to check whether any accounts were opened without your consent. You can find information about obtaining free credit reports on the Federal Trade Commission’s website at: http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml
- Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft.
Major Credit Bureaus
Equifax – www.equifax.com
To order your report, call 800-685-1111 or write P.O. Box 740241, Atlanta, GA 30374-0241
To report fraud, call 800-525-6285 and write P.O. Box 740241, Atlanta, GA 30374-0241
Experian – www.experian.com
To order your report, call 888-397-3742 or write P.O. Box 2002, Allen, TX 75013
To report fraud, call 888-397-3742 and write P.O. Box 9530, Allen, TX 75013
TransUnion – www.transunion.com
To order your report, call 800-888-4213 or write P.O. Box 1000, Chester, PA 19022
To report fraud, call 800-680-7289 and write Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634
- Notify your financial institution(s) and ask them to flag your account and contact you regarding any unusual activity.
- If bank accounts were set up without your consent, close them.
- If your ATM card was stolen, get a new card, account number and PIN.
- Contact your local police department to file a criminal report.
- Contact the Social Security Administration’s Fraud Hotline to report the unauthorized use of your personal identification information.
- Notify the Department of Motor Vehicles of your identity theft.
- Check to see whether an unauthorized license number has been issued in your name.
- Notify the passport office to watch out for anyone ordering a passport in your name.
- File a complaint with the Federal Trade Commission:
- https://www.ftccomplaintassistant.gov/ or call 1-877-IDTHEFT
- File a complaint with the Internet Fraud Complaint Center (IFCC)
The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.
- Document the names and phone number of everyone you speak to regarding the incident.
- Follow-up your phone calls with letters. Keep copies of all correspondence.
Beware! Thieves may be “phishing” (pronounced ‘fishing’) for your personal financial information. Account numbers, passwords, social security numbers, and other financial information are all vehicles crooks use to invade your checking account or charge their purchases to your credit cards. In the event crooks do get your personal information, you could become a victim of identity theft.
How phishing works
Typically, you’ll receive an email that appears to come from a reputable source that you know and trust such as your credit union. Or, the email may appear to come from a government agency that may or may not be associated with your credit union. Likely, the email will advise you of a serious problem affecting your account and ask for your immediate reply to rectify the situation by clicking on a link provided in the email.
In a phishing scam, the result of your clicking on that link will take you to either a site that looks just like the authentic site, or it may actually be the real site where a pop-up window will appear to secretly gather your personal information. You likely will be asked to verify or update your personal and/or account information. As you enter this information, you are giving thieves everything they need to steal your identity and your money.
If you’ve been “phished”, forward the phish email to:
- firstname.lastname@example.org (Federal Trade Commission)
- the company who has been “spoofed”
When forwarding spoofed messages, always include the entire original email with its original header information intact and notify the Internet Fraud Compliance Center of the FBI by filing a complaint on their website: www.ic3.gov.
Some phishing attacks use viruses and/or Trojans to install programs called “key loggers” on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, user names, passwords, social security numbers, etc. If you’ve fallen victim to this you should:
- Install and/or update anti-virus and personal firewall software.
- Update all virus definitions and run a full scan.
- Confirm every connection your firewall allows.
- If your system appears to have been compromised, fix it and then change your password again, since you may well have transmitted the new one to the hacker.
- Check your other accounts! The hackers may have helped themselves to many different accounts: eBay account, Pay Pal, your email ISP, online bank accounts, online trading accounts, e-commerce accounts, and everything else for which you use online passwords.
Vishing is a threat where would-be criminals use the phone line to obtain your private information for their personal gain. Vishing is similar to phishing scams that rely on email to steal consumers’ identities; vishing uses Internet telephone calls. Criminals use the information obtained to steal money from accounts, rack up charges on credit cards and commit identity theft.
How vishing works
Phone calls are made using a random dialer. The recording states the call is being made by a local bank or credit union notifying the account holder their card has been deactivated and they will need to input the card information in order to have it reactivated. The fraudsters do not know if the household they are calling is an account holder of the bank or credit union targeted, they are counting on the volume of calls being placed to produce the desired results. They assume the odds are that they will contact some of the account holders of the targeted company, and some will enter their card information.
What you should do
If you are contacted by a company you do business with and are asked for your personal information, thank them for alerting you to the problem, hang up immediately, then call the customer service number listed on the back of your credit/debit card or an account statement. If there actually is a problem, then the issue can easily be resolved and you’ll have peace of mind knowing that your personal information has not been compromised.
If you’ve been “vished” you should report the information directly to the Federal Bureau of Investigations (FBI) at www.ic3.gov for investigation. If you’ve provided your personal information to the fraudsters, go immediately to the Federal Trade Commission (FTC) website at www.ftc.gov/idtheft and follow the steps provided to minimize your losses and protect your credit. You should also notify the credit union as soon as possible to take the necessary steps to protect your credit union account.
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a Website, a text message is sent to the user’s cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.
Secret Shopper Schemes
Many retail and service companies often hire individuals to evaluate or perform secret checks on themselves or their competitors. Fraudsters are now capitalizing on this employment opportunity and stealing consumers’ money and in many cases, their identity.
The first step in this scheme occurs when an individual is contacted by e-mail or U.S. mail with an urgent request to apply as a mystery shopper. The individual is instructed to send a resume and is notified that he or she is subject to an extensive background check as a condition of employment. The second step in this scheme occurs when the applicant becomes “hired” and receives a check and instructions from the new employer to perform the job. The check received is used to cover purchases while shopping at a certain retail store for a designated length of time and spending a certain amount on merchandise as the instructions indicate. Instructions also may include additional directions to observe other specific details about the store.
The next step in this scheme occurs when the individual is instructed to evaluate the accuracy and ease of using the wire services at a retail location. Since the individual has already deposited the check into his or her account at the credit union, a withdrawal of the cash is made to complete this part of the assignment. The individual takes the cash to the retailer and completes the wire as instructed. As payment for the job performed, the individual gets to keep the money that’s left after paying for the purchases and wiring the funds.
Sounds like easy work, right? The only problem is that the check the employer sent to pay the individual has been returned to the credit union as counterfeit or fraudulent and now that amount has been deducted from the individual’s account. The individual is responsible for the entire amount of the check and any fees charged to the account as a result of the check being returned.
Another version of this scheme requests applicants to provide account information to have money directly deposited to their account. Once this information is obtained, the fraudster will have access to the individual’s account and can withdraw money electronically. The individual then becomes a victim of identity theft.
Here are some tips you can use to avoid becoming a victim of employment schemes associated with mystery/secret shopping:
- Do not respond to unsolicited (spam) e-mail.
- Do not click on links contained within an unsolicited e-mail.
- Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Virus scan all attachments, if possible.
- Avoid filling out forms contained in e-mail messages that ask for personal information.
- Always compare the link in the e-mail to the link you are actually directed to and determine if they match and will lead you to a legitimate site.
There are legitimate mystery/secret shopper programs available. Research the legitimacy on companies hiring mystery shoppers. Legitimate companies will not charge an application fee and will accept applications on-line. No legitimate mystery/secret shopper program will send payment in advance and ask the employee to send a portion of it back.
Individuals who believe they have information pertaining to mystery/secret shopper schemes are encouraged to file a complaint at www.ic3.gov.