Friday, April 25, 2014

Steps You Can Take If You've Been Identity Thefted

If you find yourself the victim of identity theft, here are the standard steps the police or any financial services company will ask you to take:

1. Notify your local police. Filing a police report may seem silly, since almost never is an identity thief someone who lives in your local community. However, as I was told by the officer who took my report, "It is done to give your case credibility. After all, no one is supposed to lie to the police, right?"

2. Fill out an FTC affidavit of theft. Honestly, this seems to be as futile as the local police report. But it is one of the required pathways for making a report. What I found most foolish about the form was on the one hand it asked you for very confidential information like social security number, driver's license number and date of birth....And then it sent up a warning saying this kind of information makes you vulnerable to fraudulent activity, so it is advised NOT to include it! Go figure! I chose to leave those vulnerable spaces blank for my own security!

3. Report your theft(s) to the credit monitoring bureaus: Equifax, Transunion and Experian. You may want a fraud alert put on all your accounts. And you may want to check your credit reports to make sure nothing is on them that you didn't authorize.

4. If you have an accountant, notify them. This is particularly important if you have tax identity theft or having retirement funds tampered with. The accountant can help run interference with the IRS and can help solve problems resulting from fraudulent use of your social security number of early withdrawal penalties for retirement money not withdrawn by YOU.

5. Hire a good computer security consultant. Whether s/he can find malware or spyware on your computer or even the smoking gun of the thief's attack, a good computer security consultant will provide you an eye opening education both about how thieves get into your on-line accounts, and what you can do to protect yourself.

6. Get yourself emotional support as well as practical support. Having your personal information stolen or tampered with and having hard-earned funds stolen is an assault. It can feel like a rape, a burglary or an attack. Your sense of safety in the larger world might be in question. Make sure you don't have to navigate what can be an overwhelming experience all alone.

Identity Theft For Real

You read about it in the paper all the time. You and most people you know have probably received lots of the spam e-mails about people who lost all their money in foreign countries asking for financial help or the members of European or African elite whose close relatives have just died. And most often it is just an annoyance of modern day life. But what happens when identity theft gets a lot more close, and invasively personal? Have you had your credit cards received charges you did not make? Or even more intrusive, have you ever filed your federal taxes only to be told someone has used your social security number before you did? Or most violating of all, have you ever discovered that someone broke into your financial accounts--be it retirement accounts, college funds for your kids or any other accounts, and actually stolen your funds? Over the past couple of years, I have experienced all of the forms of identity theft listed above. And most recently, someone broke into my retirement accounts and stole $13K in 5 transactions by opening up a bank account in Virginia in the name of an entirely different identity theft victim. Because my retirement account firm put up a red flag to have 5 transactions made the very morning a new bank account was attached to my account with them, the stolen funds were put on hold, and a week later, recovered. However, the experience of first having my AOL account hacked three times, and then having money stolen from what was thought to be a totally secure, professionally managed retirement account, felt like the modern day version of having someone break into your home in spite of a burglar alarm and no key. I was given a long list of steps I needed to take, from reporting the incidents to the local police, to contacting the FTC, to contacting credit agencies, to hiring a computer security consult to be sure that my computers had not been invaded with spyware or malware. Taking all the steps required countless hours and a chunk of money. And there is no guarantee any of these steps can help identify the thief or prevent this kind of occurrence from happening again. When I first learned that someone had stolen my social security number when I went to file my 2012 taxes, my accountant and I filled out all the paperwork and went through all the added steps necessary for an identity theft victim to first of all file their legitimate taxes and then attempt to make sure it did not happen again. When I went to my file 2013 taxes, voila. Same problem. And this time, after a 45 minute wait for an IRS agent, I learned there is no way to stop it from happening again. I was advised. "Just try to get your taxes in FIRST." I was ready to scream. I filed them in February, as soon as my accountant could provide them given all the paperwork a self-employed person needs to have in place to file taxes! In the case of the stolen retirement funds, my computer consultant was able to find the smoking gun. No malware or spyware on either my MacBook Air or old HP. Instead, having broken into my AOL account using my security question--the one you are asked to answer when someone has "forgotten" their password. I had used my mother's maiden name, and learned from the consultant that most of the security questions--like town you were born in, where you went to high school or college and mother's maiden name--are all very easy to research on the internet. So, for an identity thief, there is no security in answering these questions for real. I was advised to answer these questions with made up answers or complicated algorithms like we are now advised to use for our passwords: the kinds of answers that a regular person could never remember, and end up being locked out of their own account with unless they have a clear system for recording them and accessing them. So, I followed that model, changed my security answers. And voila, this very morning, someone broke into my AOL again twice as I was trying to send an e-mail to a friend! While I am going back to my computer security consultant to ask if any true firewall can be built to keep someone out entirely, I have a suspicion that there really is no way to keep these things from happening again. And yes, people say it is done on AOL, but I have had friends come forward and tell stories of having it done on gmail, yahoo and most every mail service. Cyberspace is a free for all for the most personal and intrusive of crimes in our overly cyber-world. When I went to my financial advisor to set up new retirement accounts (and to learn that not only were funds stolen, but there were early withdrawal penalties for retirement money to contend with as well), both my advisor's right hand man and secretary were horrified, because I was the very first client of theirs who this had happened to. While there are things I am proud to have pioneered, I assure you, this is NOT one of them! Both of them learned from all the steps I have had to take, and took steps to make their own accounts more secure! Long and short, identity theft is real and insidious. You may be able to find the smoking gun of a thief, but their identity is most often invisible. Who they are, where they live and their ultimate motives are beyond discovery. Perhaps a whole new kind of support group is needed for identity theft victims. And honestly, I advocate for the real time, face to face kind of group. For all you know, your on-line group might turn into yet another playground for cyberthieves!