ID Theft & Privacy Checklists

Here are U.S. PIRG's identity theft and privacy tips, including descriptions of different types of ID theft; checklists for preventing, detecting, and resolving ID theft; a checklist for protecting your online privacy; and links to additional resources. These documents can also be downloaded here.

Types of Identity Theft

There are a variety of ways stolen data can be used, depending on what was taken. Different types of ID theft and fraud include:

Financial Identity Theft  

Existing Account Fraud

If a thief obtains a credit or debit card number, the thief can access existing bank and credit accounts for in-person transactions.

New Account Identity Theft

With a full name and Social Security number (SSN), a thief can open new credit accounts.

Health Care/Medical Fraud

With a full name, birthdate, SSN (and sometimes an existing health insurance account number), a thief can attempt to receive benefits and services in your name.

Social Security Benefits Fraud

With a full name, birthdate, and SSN, a thief can try to open a “my Social Security” (MySSA) account in your name and change your direct deposit information to his or her own checking account. Coupled with other information that can easily be found online, such as place of birth, a thief can also try to claim your benefits over the phone.  

Tax Refund Fraud

With a full name, birthdate, and SSN a thief can attempt to file your taxes and claim your refund.

Other Fraud

With a full name, birthdate, SSN, and driver’s license number (which can be turned into a fake license card), a thief can attempt numerous types of fraud, such as applying for a job, getting insurance, renting a home, or even committing crimes in your name.

Reputational & Physical Harm

Some breaches involve personal information that can be used to blackmail, stalk, or otherwise inflict reputational or physical harm against data breach victims.

Phishing

With just a phone number or email address, a thief can use “phishing” scams to attempt to collect more information needed to commit any of the above more severe crimes.

Protect Yourself from Identity Theft

Use these checklists to help you prevent, detect, and resolve identity theft.

Preventing Identity Theft

The first key to protecting yourself from ID theft is prevention.

ID Theft Prevention for Online & Electronic Activity

  • Consider locking your laptop at your work desk or when you’re in a public place.

  • Set passwords for your computer, smartphone, and tablet. Use six digits instead of four for your smartphone password.

  • Set online account passwords that include at least 10 characters and a combination of capital letters, numbers, and symbols in the middle of the password, not the beginning or end.

  • Avoid using the same password for different accounts. Consider using a password manager.

  • Turn on two-factor authentication for your online accounts if available. You will receive additional codes for accessing your online accounts, in addition to your passwords.

  • Keep all software updated. Turn on automatic updates for all software, including antivirus programs.

  • Don’t show information on social networking sites that is commonly used to verify your identity, such as date of birth, city of birth, mother’s maiden name, name of high school, etc. If you do, don't use that information to verify your identity.

  • Turn on your laptop’s firewall and turn off file sharing and “network discovery” for public Wi-Fi connections.

  • Turn off automatic connections to Wi-Fi networks on your electronic devices.

  • Send personal information online through fully encrypted websites or apps. Encrypted websites start with https. The non-profit Electronic Frontier Foundation has the HTTPS Everywhere extension for your web browser that will make sure you’re using encrypted communications on websites that support encryption. In addition to using encrypted websites, online transactions are best conducted over secure encrypted Wi-Fi connections or your phone’s data network, versus an unsecure Wi-Fi connection.

  • Consider using a Virtual Private Network (VPN) when in public.

  • Secure your home router. Steps for doing so are available on the Federal Trade Commission’s website.

  • Disable Bluetooth connections on devices when not in use.

  • Watch out for “phishing” scams where identity thieves request personal information by pretending to be a legitimate entity, such as a bank or the IRS. Ignore unsolicited requests for personal information by email, links, pop-up windows, texts, or over the phone - and only contact entities by means you know to be legitimate. For example, if you receive a call purportedly from your bank’s security department, don’t give out information. Instead, call the number on your bank card and ask for the security department.

  • Use credit cards instead of debit cards for all online and in-person purchases if possible. Consumers have more legal protections against fraud with credit cards and can also avoid having to wait for stolen funds from checking accounts to be replenished. Consider only carrying debit cards for trips to the ATM or cash-back transactions.

  • Sign up for your “my Social Security” (MySSA) account. This will help prevent a scammer from opening an account in your name and changing your direct deposit information to his or her own checking account. A credit freeze on your Equifax credit report will also block the creation of a MySSA account because the Social Security Administration uses Equifax credit reports for identity verification.

  • Dispose of your old computers and mobile devices safely to keep data out of the wrong hands. You’ll want to look up steps for your specific device, but below are basic steps.

For computers: Save data you want to keep and transfer, “wipe” or overwrite your hard drive many times, and keep it out of the landfill by recycling, donating, or reselling it. (Deleted files can still be recovered if you don’t wipe your hard drive clean many times.)

For mobile devices: Backup your phone, reset your device, remove or erase SD & SIM cards, and keep it out of the landfill by recycling, donating, reselling, or trading it.

ID Theft Prevention for Offline Activity

  • Do not disclose your full nine-digit Social Security number unless absolutely necessary, and never use it as an identifier or password. Question those who ask for it. If someone calls claiming to be from your bank security department, it’s best to hang up and call the number on your card.

  • Lock your records and financial documents at home.

  • Lock your mailbox if it is lockable.

  • Shred documents containing personal information (name, account numbers, any part of your social security number, and birthdate) before throwing them away.

  • Opt-out of pre-approved (pre-screened) credit & insurance offers. Credit and insurance companies buy “prescreened” lists from the credit bureaus to make pre-approved offers to prospective customers. While such offers provide consumers with information about possible credit options, identity thieves may steal these pre-approved offers and apply for them with your personal information. Optoutprescreen.com is the official website where by law you can opt out of receiving these offers for five years or permanently. You can also opt back in any time. Note that this action only slows credit card and loan offers as only credit bureaus are subject to this rule. Airlines or retailers or others you do business with are not.

  • Use the chip side of chip enabled cards, instead of the magnetic strip side, for in-person purchases whenever possible. Beware devices called skimmers and shimmers that criminals install on ATMs and card readers at checkout lines or gas pumps to steal your credit card information. When using ATMs and card readers, look and touch for signs of tampering, such as mismatched colors or loose parts. Always cover your hand while hand typing a PIN, and avoid using ATMs in secluded locations. ATMs at banks are the least likely to have skimmers.

  • Use credit cards instead of debit cards for online and in-person purchases if possible. Consumers have more legal protections against fraud with credit cards and can also avoid waiting for stolen funds from checking accounts to be restored.

  • Watch out for “phishing” scams where identity thieves request personal information by pretending to be a legitimate entity, such as a bank or the IRS. Ignore unsolicited requests for personal information by email, links, pop-up windows, texts, or over the phone - and only contact entities by means you know to be legitimate. For example, if you receive a call purportedly from your bank’s security department, don’t give out information. Instead, call the number on your bank card and ask for the security department.

  • Place credit freezes on your credit reports. The “Credit Freezes: How to Prevent New Account Identity Theft” section of this report explains how to freeze your credit reports.

  • File your taxes as soon as possible to help prevent tax refund fraud. A fraudster can still file taxes in your name even if you’re not required to file taxes or aren’t eligible for a refund. Also, some people qualify for an Identity Protection (IP) PIN that must be entered before a tax filing can be submitted. The IP PIN is available to identity theft victims and is also currently offered to all taxpayers in Florida, Georgia, and Washington, D.C., as part of a pilot program.

  • Protect your deceased loved ones from identity theft by notifying appropriate institutions of their deaths.

Detecting Identity Theft

  • Check your monthly statements for unauthorized charges. Be suspicious of phone calls about surprise debts.

  • Sign up to receive email and/or text notifications of account activity and changes to account information.

  • Instead of paying for over-priced subscription credit monitoring, use your free annual credit reports as your own credit monitoring service. Every 12 months, federal law gives you the right to receive one free credit report from each of the three main credit bureaus, Equifax, Experian and TransUnion. Instead of requesting three at the same time, request one credit report from one of the bureaus every four months. Verify that the information is correct and that accounts have not been opened without your knowledge. Free credit reports are available online at AnnualCreditReport.com, by phone at 1-877-322-8228, or by mail. There are other non-official sites that offer free reports too. Beware of sites that promise free reports and credit scores but may use trial-offer gimmicks to urge you to switch to paid credit monitoring or other services. There are some sites that offer no strings attached, free services - just expect to see ads. And know that the credit scores on those sites are most likely not FICO scores as used by most creditors.

  • There are many other consumer reporting companies besides the three big nationwide credit bureaus that specialize in collecting other types of information about you, including bounced check activity, criminal and other public records, employment information, insurance claims, and tenant history. Requesting free reports with these specialty bureaus every year could help you spot various fraudulent activities done in your name. Note that many of these companies will not have files on you at all. For example, if you’ve never had a bank account closed for “bounced check activity,” it is likely that you won’t have files at bounced check specialty bureaus.

  • Sign up for your “my Social Security” (MySSA) account. Even if you don’t receive social security benefits yet, checking your MySSA account can help you spot changes to your personal information that might indicate thieves trying to claim your benefits over the phone.

  • Request your driving record to help spot traffic violations committed in your name.

  • Sign up for online accounts with your health care and insurance providers to monitor any fraudulent services on your statements.

  • Be alert to notices about a tax return already filed, additional taxes you owe, refund offsets, collection for a year you didn't file, or records showing income from an employer for whom you did not work.

  • Check if your online accounts have been hacked. Have I Been Pwned is a free tool you can use to check whether your online accounts may have been compromised in data breaches.

Resolving Identity Theft

  • Take the following steps to resolve new account identity theft:

Step 1: Notify your financial institutions. If you discover that your wallet, checkbook, credit card, or other sensitive information has been lost or stolen, immediately notify the issuing bank, credit card issuer, or relevant institution to close all existing accounts.

Step 2: Get copies of your credit reports and place fraud alerts on them. If you haven’t already, it’s time to get freezes.

Step 3: File an Identity Theft Report. If you suspect identity theft, report it to the Federal Trade Commission using the online complaint form at identitytheft.gov or by calling 1-877-ID-THEFT.

Step 4: You might decide to file a police report.

  • Visit Identitytheft.gov, the government’s official website that will walk you through clear checklists of actions you can take to recover from new account identity theft and other types of fraud.

Credit Freezes: How to Prevent New Account Identity Theft

Defense against any kind of identity theft starts with vigilance about protecting your personal information by taking steps such as creating secure passwords, keeping your social security number private, and shredding personal documents.

However, if and when someone does steal your information, there are a variety of ways it can be used, depending on what was taken. One of those uses is known as new account identity theft, where someone opens a new account in your name and then proceeds to rack up a ton of debt. New account identity theft can be prevented by getting security freezes, also known as credit freezes.

What Are Credit Freezes & Why Should I Get Them?

A credit freeze blocks potential creditors such as a credit card company, a cell phone company, or a lender from viewing your credit report, which shows your credit history. Most creditors will not issue new credit to a customer if they cannot see that customer’s credit report or the credit score derived from it from at least one of the three big nationwide consumer reporting agencies - Equifax, Experian, and TransUnion. (Consumer reporting agencies are also known as credit bureaus.) By blocking creditors from accessing your credit report, you’re stopping identity thieves who apply for new accounts in your name with your stolen Social Security number.

Credit freezes do not affect your ability to use existing credit you already have, such as a credit card or loan. Nor do freezes affect your credit score. In fact, freezes help protect your score by preventing your credit from being negatively scored if someone racks up debt in your name.

You can easily remove a freeze or “thaw” your credit report when you want to apply for new credit. Freezes can be temporarily or permanently removed when you want.

Because creditors run credit checks with any one or a combination of the three big credit bureaus, you need to block access to your reports with all three.

What Are the Differences Between Credit Freezes, Credit Locks, Credit Monitoring, and Fraud Alerts?

Credit locks offered by the credit bureaus appear to block access to credit reports the same way that credit freezes do. Therefore, freezes and locks both deny thieves the ability to open fake accounts in your name.

However, freezes are a right mandated by law, while locks are conditional on terms of use agreements that are set by the credit bureaus and could change at any time. Your rights as a consumer are on stronger ground with freezes. Whether you chose to get freezes or locks, remember you’ll need to get them at all three national credit bureaus.

Fraud alerts don’t block access to your credit reports, but they do notify creditors that they should try to verify your identity before opening a new account in your name. If you choose not to block access to your reports at the three main credit bureaus, you should at least place fraud alerts on your reports.

Credit monitoring alerts you to changes to your credit reports, which can help you spot unauthorized credit accounts opened in your name. Credit monitoring can only help detect new account identity theft after it has already occurred, not prevent it.

How Much Do Freezes Cost And When Do They Become Free Nationwide?

A new federal law eliminated fees for getting and removing credit freezes across the country at all big three credit bureaus on September 21st, 2018.

Do I Need to Freeze My Report with Other Credit Reporting Agencies?

As the Consumer Financial Protection Bureau lists, there are many other consumer reporting companies besides the three big nationwide providers of consumer reports. Some websites have recommended getting freezes with Innovis and ChexSystems, but as far as we know, their reports are not used by creditors for credit approvals.  

However, some news outlets have reported fraudulent accounts being opened by cell phone companies using credit reports provided by the National Consumer Telecommunications & Utilities Exchange (NCTUE). We therefore also recommend freezing your credit report at NCTUE, in addition to at the big three credit bureaus.

How to Freeze (and Unfreeze) Your Credit Reports

  • You can place freezes online, over the phone, or in writing (info provided below)

  • You will receive a PIN for your credit freeze with each bureau. You will use this PIN when you want to unfreeze your credit report to apply for new credit.

  • If you want to temporarily lift a freeze because you are applying for credit, try to find out which credit bureau the business uses to check credit reports. You can save some money and time by only lifting your freeze for that credit bureau.

  • You can temporarily lift a freeze for a particular creditor or for a specific period of time, from one day to one year.

  • Make sure to account for the time it can take to thaw your report. In most cases if you request a thaw online or over the phone, your report can be unfrozen within 15 minutes. However, it can take longer if you don’t have your PIN that was assigned to you when you froze your report, so make sure to keep your PIN in a safe, memorable place where you can quickly retrieve it when needed. It can also take up to three days of receipt of your request if you make it via postal mail.

Equifax

Online: https://www.equifax.com/personal/credit-report-services/

Phone: 1-800-349-9960 (automated), 1-888-298-0045 (live operator)

Mail: Equifax Security Freeze, P.O. Box 105788, Atlanta, Georgia 30348

Experian

Online: https://www.experian.com/freeze/center.html

Phone: 1‑888‑397‑3742

Mail: Experian Security Freeze, P.O. Box 9554, Allen, Texas 75013

Experian includes a potentially confusing three paragraph “Security Freeze Warning.” They are just explaining that you will need to unfreeze your credit report before applying for credit if you ever wish to do so in the future.

TransUnion

Online: https://www.transunion.com/credit-freeze/place-credit-freeze

Phone: 888-909-8872

Mail: TransUnion LLC, P.O. Box 2000, Chester, PA 19016

National Consumer Telecommunications & Utilities Exchange

Online: https://www.exchangeservicecenter.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Phone: 1-866-349-5355

Mail: NCTUE Security Freeze P.O. Box 105561 Atlanta, GA 30348

Protect Your Online Privacy

Although protection from identity theft is largely about data security, privacy also plays an important role. Data security and privacy often go hand-in-hand with each other. Privacy generally refers to the control or choice you have over how your personal information is used or shared. Data security refers to the measures put in place to protect that control and make sure data is used as intended.

Use this checklist to help you control how your personal information is used or shared online.

  • Cover the camera on your laptop to prevent hackers from watching and recording you.

  • Consider your options for blocking websites, advertisers, and others from tracking your online activity on your computer, including: adjusting your cookies settings on your browser, installing a tracking blocker for your web browser, or opting out of targeted advertising. Note that “private browsing” settings by themselves still allow your activity to be communicated to third-parties during a browsing session.

  • Consider your options for blocking advertisers from tracking your online activity on your mobile device, including turning off ad tracking and resetting “device identifiers.” You can also research ways of controlling ad tracking on your other smart devices, such as internet connected entertainment systems.

  • Check the privacy settings on your mobile device to control the access that different apps have to your personal information, including location, personal contacts, photos, calendar, and health data. Many apps have the ability to track your location even when you’re not using them.

  • Check your privacy and other settings in your Facebook account to control tools such as face recognition, location history, and ad preferences.

  • Check your privacy settings in your Google account to control tools such as the collection of your web searches and other activity and the ads you see.

  • Check your privacy settings in your other apps and social media accounts.

Identity Theft & Privacy Resources


Issue updates

News Release | MASSPIRG Education Fund | Consumer Protection

Popular toys contain toxics and other hazards

This holiday season, watch out for dangerous and toxic toys. MASSPIRG’s 33rd annual Trouble in Toyland report found toxic amounts of boron in slime products and a failure by Amazon to appropriately label choking hazards. Boron can cause nausea, vomiting and other health issues.

> Keep Reading
Report | MASSPIRG Education Fund | Consumer Protection

Trouble in Toyland

MASSPIRG releases 33rd anual toy safety report at the Floating Hospital for Children at Tufts Medical Center. This holiday season, watch out for dangerous and toxic toys. MASSPIRG’s 33rd annual Trouble in Toyland report found toxic amounts of boron in slime products and a failure by Amazon to appropriately label choking hazards. Boron can cause nausea, vomiting and other health issues.

> Keep Reading
Blog Post | Consumer Protection

1 Year After Equifax Data Breach, Here's Everything You Need To Know

One year after announcing the biggest data breach in history, Equifax still hasn’t been held accountable or provided the information and tools consumers need to protect themselves. Since Equifax won’t help protect consumers, MASSPIRG is stepping in.

> Keep Reading
News Release | U.S. PIRG | Consumer Protection

U.S. PIRG response to reports of Facebook security breach

Facebook announced today that earlier this week, "attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts."

> Keep Reading
Blog Post | Consumer Protection

USPIRG Offers Consumer Tips in Wake of Hurricane Florence | Deirdre Cummings

Consumer tips offered to those impacted by Hurricane Florence

 

> Keep Reading

Pages

News Release | masspirg | Consumer Protection

MA House Passes Important Consumer Protection Bill

MA House passes bill to protect consumers from ID theft. Includes free credit freeze and thaw.

> Keep Reading

CHAIRS UNABLE TO AGREE ON POPULAR EQUIFAX BILL

Committee drops the ball on key consumer issue.

> Keep Reading
News Release | MASSPIRG | Consumer Protection

State House Committee Sides with Credit Bureaus over Consumers

Legislature fails to pass key consumer protection bill in wake of Equifax breach.

> Keep Reading
News Release | MASSPIRG | Consumer Protection

MASSPIRG Urges Consumers to Get Free Credit Freeze by January 31st Deadline

Ahead of three changes to what Equifax is offering consumers following its breach of 145 million consumer records, MASSPIRG is urging Baystaters to get free credit freezes with Equifax by January 31st if they haven’t already.   

> Keep Reading

MULVANEY SAYS HE'LL "FIX" CFPB, WARREN TO JOIN PROTEST TUESDAY

Mick Mulvaney has  "inherent conflicts"  in running the CFPB. First, he runs the White House budget office, and the CFPB was designed to be an independent agency, and second, he has nothing but disdain for the agency's work  in protecting consumers, saying the office was "sad, sick and a joke".

> Keep Reading

Pages

Report | MASSPIRG Education Fund | Consumer Protection, Financial Reform

Big Banks, Big Complaints

New report by MASSPIRG Education Fund highlights banks that generated the most complaints through their various banking services in each state. Data from new CFPB consumer complaint data base.

> Keep Reading
Report | MASSPIRG and Community Catalyst | Public Health, Consumer Protection, Health Care

Top Twenty Pay-for-Delay Drugs

Too often, consumers are forced to shoulder a heavy financial burden, or even go without needed medicine, due to the high cost of brand-name drugs. Our research indicates that one significant cause is the practice called “pay for delay,” which inflates the drug prices paid by tens of millions of Americans.

> Keep Reading
Report | MASSPIRG Education Fund | Consumer Protection

Trouble in Toyland

The 2012 Trouble in Toyland report is the 27th annual Massachusetts Public Interest Research Group (MASSPIRG) survey of toy safety. In this report, MASSPIRG provides safety guidelines for consumers when purchasing toys for small children and provides examples of toys currently on store shelves that may pose potential safety hazards.

> Keep Reading
Report | MASSPIRG | Consumer Protection

Big Banks Bigger Fees, 2012

 

A new survey shows free checking widely available at small banks but banks still hiding fees from consumers.



> Keep Reading
Report | MASSPIRG | Consumer Protection, Food

Total Food Recall

No Progress in Reducing Foodborne Illness

Over the past few years, Americans have grown accustomed to seeing headlines about tainted food being recalled and pulled off of store shelves.  These high-profile recalls leave many Americans wondering whether enough is being done to reduce the risk of contaminated food and foodborne illness. 

> Keep Reading

Pages

Blog Post | Public Health, Consumer Protection

#KickTheCan: BPA still found in many grocery stores’ canned foods | Dev Gowda

We’re all told to watch out for BPA in drinking bottles and baby products. But how about BPA in the cans that contain our food? A recent study by Center for Environmental Health (CEH) reveals that the toxic chemical BPA is readily found in canned foods. BPAs are often used in the liners of canned food to keep the aluminum from interacting with the food.

> Keep Reading
Blog Post | Consumer Protection

Financial Choice Act: A Cruel Choice for the CFPB & Consumers | Deirdre Cummings

This week, on Wednesday 4/26, the House FInancial Services Committee holds a hearing on Chairman Jeb Hensarling's Financial Choice Act 2.0. It's a brutal un-do of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act that forgets, or ignores, the historical fact that reckless bank practices abetted by loose regulators wrecked our economy in 2008. A key goal of the proposal is to weaken the successful CFPB into an unrecognizable husk incapable of protecting consumers.

> Keep Reading
Blog Post | Consumer Protection

Have A Consumer Problem? | Jeanne Foy

Need Help in Resolving a Consumer Problem?

> Keep Reading
Blog Post | Consumer Protection

MASSPIRG urges committee to protect consumers from unfair credit reports | Deirdre Cummings

MASSPIRG urged the Joint Committee on Labor and Workforce Development to support S.985/H.3153, An act regulating use of credit reports by employers. 

> Keep Reading

Pages

Blog Post

Were you affected by the Capital One breach, one of the largest thefts of data from any bank to date?

News Release | U.S. PIRG

Everyone should assume that their social security number has been exposed between this breach and breaches of other major companies’ databases, such as Equifax’s. With that in mind, U.S. PIRG recommends all Americans should use their right by law to freeze their credit reports for free

News Release | U.S. PIRG Education Fund

Our response to Equifax paying a $650 million penalty for exposing the social security numbers of 148 million Americans to identity theft.

News Release | MASSPIRG

Leading consumer advocates testified before the State House Joint Committee on Consumer Protection today against a bill that would drastically weaken state consumer protection laws by allowing car dealers to sell dangerous used cars with unrepaired safety recalls. The bill, which is part of a nationwide push by car dealers and their trade associations, allows car dealers to sell recalled used cars if they merely provide a “written disclosure” (in English only) “at the time of sale” that the vehicles have an unrepaired safety recall.

Blog Post

I was joined today by Ryan Powell, a UMASS Boston student and chapter chair of Mass Student PIRG to urge a State House Committee to pass S.160, An Act Establishing a Student Loan Bill of Rights, filed by Senator Lesser.  The bill will protect student loan borrowers from unfair, predatory, and deceptive practices of student lending and loan servicing companies. Read our testimony below.

Consumer Protection | U.S. PIRG

Campus debit cards cost students over $24 million in fees

Report shows how campus debit cards — along with how they are marketed — are putting students' financial well-being at risk across the country.

 

Consumer Protection | U.S. PIRG

The real price of medications

The results of our investigation of variations in prescription drug prices may surprise you.

 

Consumer Protection | U.S. PIRG

Driving into debt

The hidden costs of risky auto loans to consumers and our communities

 

Consumer Protection

Congressional investigation concludes that Equifax breach was entirely preventable

The worst data breach in history could have been prevented with some basic security measures.

 
View AllRSS Feed

Support Us

Your donation supports MASSPIRG's work to stand up for consumers on the issues that matter, especially when powerful interests are blocking progress.

Consumer Alerts

Join our network and stay up to date on our campaigns, get important consumer updates and take action on critical issues.
Optional Member Code