I never worry about action, only about inaction. Churchill’s context wasn’t identity theft or cybersecurity, but it applies nevertheless.
If you’ve already been the victim of identity theft, it’s critically important to take action immediately.
And if you haven’t had your identity stolen — yet — you’re one of the fortunate ones. Take the basic steps to protect yourself now, as prevention is always best.
Identity Theft, Defined
Let’s start with the definition.
Identity theft occurs when someone uses your personal information — such as your name, Social Security number or other identifying information — without your permission to commit fraud or other crimes.
In the context of taxes, for example, an identity thief might use your identity to fraudulently file a tax return in your name and claim your refund.
Responding to Identity Theft
When you learn that you’ve been the victim of identity theft, it’s important to act quickly.
Toward that end, the FTC’s website identitytheft.gov outlines the steps you should take right away and those to take next, as well as other possible actions. It also provides additional steps for certain types of accounts and for special forms of identity theft, including tax, child and medical.
This comprehensive and easy-to-use site consolidates all of the information you need to take critical actions, including detailed descriptions, the web links and phone numbers of organizations to contact, and various forms and sample letters.
The same site provides an optional, online assistant to gather information describing your situation and helping you to develop a recovery plan.
Preventing Identity Theft
If you haven’t had your identity stolen, what can you do to protect yourself?
The single most important thing you can do to protect yourself from this type of fraud is to safeguard your Social Security number, date of birth, bank and investment account numbers and other personal information. That means securing or shredding documents that include such information, as well as ensuring that mail containing personal information is not left in an unsecured mailbox.
Make sure you’re using strong passwords or passphrases, and not commonly used passwords such as password or 123456. To learn more about best practices for creating and managing passwords, check out our blog post Need Better, Safer Passwords or Passphrases? How to Protect Yourself.
It’s also a best practice to monitor your credit reports. You can consider requesting a free fraud alert and even freezing access to your credit. For the details, refer to our post Data Breaches and Cybercriminals Have You Worried? What You Can Do.
Finally, stay informed about phishing and other identity theft schemes.
Preventing Tax-Related Identity Theft
A thief can’t file a fraudulent tax return in your name without knowing your name and Social Security number, so all of the general actions outlined above still apply.
It’s critical that you know the IRS never uses an email message or a phone call to initiate a communication with you. It never asks for personal information from you via email or over the internet. And it never demands immediate payment from you over the phone.
Before you respond to any communication that appears to be from the IRS and that asks for information you’re uncomfortable providing, check it out. We can help you to determine its legitimacy, or you can report it directly to the IRS.
Scammers are becoming increasingly sophisticated, so not all tax scams involve a call or an email or letter.
The IRS.gov website includes an identity protection page devoted to recognizing and reporting identity tax-related theft. The site also explains the IRS’ identity theft process and what you can expect.
Concerned about a communication that appears to be