Every once in awhile, someone would gain access to our credit card or Amazon account or whatever. So I thought I had dealt with identity theft before, however, in retrospect it turns out that’s not really identity theft.

Now that I’ve been dealing with this for several months, I feel like I am gaining a lot of skills, but I will HOPEFULLY never have a need for those skills again. So I thought I’d post them here in case anybody else ever has to deal with this, so they can maybe don’t have to go through the learning curve that I went through.

1) Put a fraud hold on your credit immediately

This was my first mistake. The first thing I did after my mugging was to cancel my credit cards. However, it didn’t even occur to me to do anything with the credit reporting agencies, and nobody mentioned this as a good thing to do.

A fraud hold costs you nothing and could prevent what happened to me next.

All you need to do is contact one of the “big three” credit reporting agencies, listed below. The system is entirely automated. If you contact one they are supposed to notify the other two, but it wasn’t too much hassle, so I went ahead and contacted all three:

TransUnion
1-800-680-7289
Experian
1-888-397-3742
Equifax
1-888-766-0008

2) Get copies of your credit reports

Strangely, the official place to go for this is annualcreditreport.com. You are entitled to a free credit report once a year, but you are entitled to an extra one when you experience identity fraud. Go ahead and get your copies right away, but I’ll talk about what to do with them in a separate step. Make sure you save or print each of your 3 credit reports, you will need them all.

I was unable to get one of the three online; I learned later this is because the thieves had already requested my credit report from one of the agencies (presumably to “pre-vet” my credit and make sure I hadn’t already put a fraud hold on). So for the third I had to request it be mailed to me. It was worth the wait, however, as I found several credit accounts from that third credit report that I would not have found otherwise.

3) File a police report

The police report is an important piece of documentation to get companies to take you seriously. Most people require this in order to open up a fraud investigation.

Here in Chicago you can file a police report by calling 311. Also note that I needed to file a separate police report for the identity theft, independent of my police report for the mugging.

When I filed my police report they asked me a lot of questions like “Where have they opened accounts?” and I was unable to answer those questions. Later I had a lot of information on that subject, but it’s a chicken and egg problem: you need the police report to even talk to the companies and find out if there are accounts!

4) Verify the info on your credit reports

The credit reports are very long and scary looking, but there’s nothing for it but to dig in and start reading. For this part just verify things like your name, address, and open accounts; we will get to the inquiries in the next step. Companies will sometimes compare the address on the application against the one in your credit report, so someone might theoretically try to change that information for their nefarious purposes. In my case, all of this information was okay.

I caught my identity theft quick enough that there were no actual accounts listed in the reports – this does not mean you are safe!! At first I thought this meant I had caught it before they were able to open any accounts, but unfortunately that proved untrue. I suppose it takes a while for the open accounts to start showing up on your credit report proper.

I presume any open accounts you do find listed here need to be handled the same as the inquiries, but I’m not sure since I didn’t have to deal with any of these.

5) Start digging into the inquiries

This is where the real detective work comes in.

Inquiries are various companies pinging your credit as a normal part of verifying you for an account. There is nothing wrong with inquiries in and of themselves, however, the inquiries themselves do impact your credit. So even if the thieves were ultimately unable to open an account, you should still dispute the inquiry.

In my case it was easy to find the fraudulent ones, because all of the accounts were opened on the same day. You need to check every single one of these.

So how do you check them?

Well, some of them are easy. Something like “Verizon” is pretty obvious, but a lot of smaller stores have their credit cards serviced by a larger bank. So, for example, it’s not so obvious that COMENITYCAPITAL/MPRCC is actually “The Children’s Place”. All you can do is google it, but luckily there are a lot of people out there asking things like, “Why is there an inquiry from COMENITYCAPITAL/MPRCC on my credit report?” (For the record, MPRCC stands for “My Place Rewards Credit Card”)

Once you figure out the name of the creditor, you need to find a phone number and give them a call. Sometimes this requires a LOT of effort! Usually you can find a phone number on their web page, but even if you get the right phone number it sometimes takes a couple of tries to get through the automated system. Most places want your account number up front, which of course you don’t have, and then they need to transfer you two or three times, or else give you a different phone number to call.

If you do get through to someone, ask to speak to the fraud department (which may be a different phone number). In my experience the fraud department is VERY, VERY helpful, more so than the average customer service rep. I can’t help but notice that the people who got taken for $$$ also happened to be the places without good fraud departments. I doubt this is a coincidence.

At some point they will try to locate your account, which usually means giving out your social security number. It is one of the great ironies here that to recover from someone stealing your SSN you have to hand your SSN out to everybody on the face of the planet.

This is probably a good time to just leave a reminder about good identity safety. There’s no avoiding the fact that you’re going to have to give out a lot of personal info to people you don’t really know. At the very least, if someone contacts you and asks you for personal information, you need to do a little leg work first. Don’t take their word for it; find the number for the fraud department on your own and verify it against the number they gave you. Verify they are who they say they are.

Anyway, the company should be able to either A) find an account in your name, or B) find a record showing that an account was attempted, but denied. There were a few where they were unable to find any record of an account, which means there are probably a few out there I wasn’t able to close. 😦 But you can only do your best.

The company should do two things, 1) dispute the inquiry on your credit report with the credit agency so it gets removed, and 2) send you a letter confirming that you are not liable for any charges in your name. They may require additional information from you first; usually, at the very least, a copy of your police report.

6) Other miscellaneous things you should do

Many sites recommend filling out a formal complaint with the Federal Trade Commision at identitytheft.gov. I’m not sure what that buys you, but leave no stone unturned as far as I’m concerned.

Apparently one of the biggest forms of identity theft is to file a bogus tax return on your behalf. For example, I could file a tax return in your name claiming a bunch of deductions and basically get all of the money you’ve paid in so far this year, leaving you in the lurch when you went to file your actual return. Therefore, it is probably a good idea to file an Identity Theft Affidavit with the IRS.

Another thing an identity thief might do is change your address, so that any credit cards or notices get sent somewhere else, potentially delaying you from noticing the theft. If you are receiving mail at your current address, you’re probably fine, but my case had the extra wrinkle of just having moved. So I gave the post office a call just to make sure my original mail redirect was still in place. You can find phone numbers for the USPS here.

Finally, because the thieves were operating in Indiana, I filed an identity theft complaint with the Indiana Attorney General’s Office. Again, I’m not sure this was all that useful, but it certainly can’t hurt, and they seemed to take it more seriously than the Chicago PD had taken it.

7) Be watchful

Even after all of the above, I received some things in the mail asking me to opt out of sharing my personal information. Of course, that led to additional accounts that had to be shut down. Just watch out for anything that seems out of the ordinary, or anything that sounds like someone you don’t know has recently done business with you. Worst case you spend some additional time on the phone to find out it is legitimate!

I think that’s it. Hopefully this post will be useful to someone. My fondest desire would be that nobody would ever need to use this information, but that seems hopelessly idealistic.

I will try to update this page if anything else comes up, so if anybody has anything to add, please leave a comment.