To the Researchmobile! : Identity theft

So, here I was, planning to do another installment in the Personal Libraries series. And then last Friday happened.

To be precise, I got a call from our head of HR, saying she’d gotten an unemployment request from me, and thought I should know about that. Someone had gotten hold of my social security number and name and used it to file a fraudulent claim.

So, for today’s post, here’s a guide to what I did to check that I was doing all the necessary things.

Quick! Research Needed! (gold exclamation point on a dark background)

Background is useful

One thing that makes for really excellent research is having something of a background in the topic.

Obviously, we’re not going to be experts in all the things, all the time – no one can do that. But we can help ourselves out by taking in a steady stream of information that makes it easy to get ourselves up to speed on specifics quickly if we have to.

For me, this means reading or skimming a couple of general purpose sources of news and information. I subscribe to online editions of two newspapers and support one of my local NPR stations (and they send a summary of current major stories daily), plus I read several general purpose sites that cover a wide range of topics (Metafilter, in my case), plus a couple of general financial and lifehack sites.

I specifically wasn’t trying to build expert knowledge in what to do if I got hit with identity theft (because the specifics on what to do change periodically, as services and government resources change), but all of this meant I was well aware it happens sometimes, that it’s not always easy to figure out where the breech happened, and that there are in fact steps in what to do about it.

That meant that when I got that call from HR, I didn’t have a tidy list of what to do. But I knew they were out there, that ‘identity theft’ was the term I wanted to work with, and that I’d just need a little time to do those searches and check my information.

Oh, and a bit of background:

If you’re outside the US and trying to figure out what this means: in the United States, the social security number is the closest thing we have to a personal identification number.

It’s technically only supposed to be asked for in a limited number of situations (like taxes, or some kinds of financial accounts) but it’s often asked for in a bunch of other places – everything from college applications to rental applications to medical records.

This makes it rather easy to abuse, unfortunately.

(For those curious about the history of the number designations, here’s a page from the Social Security Administration.)

Habits are also useful

Fortunately, I already have a routine for keeping an eye on financial accounts (more on that in a few steps).

So I knew right where everything was for the different accounts, and could check quickly to see that there were no unexpected charges, and that no one had opened up accounts in my name recently.

First steps

The first step here is to take a deep breath. Panicking isn’t going to make this go better, and it won’t solve the problem (no matter how tempting it is.)

I was at work when I got that call. I did a little quick searching that made it clear that yes, I was going to want to make half a dozen phone calls, and a couple of them probably needed to be during business hours, which helped.

I’d been out sick for two days on Wednesday and Thursday, and had already been considering going home early, so I arranged to do that (because making the calls from home would be a lot easier.) Fortunately, I’d already done the things that I really needed to be in the office to do.

The drive home was fast (no traffic!) but it gave me about fifteen minutes to process through things and sort out what I wanted to do in my head, so it would be easier to take steps in a useful order when I got home.

Initial searches

I started by doing a search on “identity theft social security number” because that was the thing I knew had been compromised – and it’s a slightly different kind of issue than someone who potentially has your credit card info.

I browsed through the results, looking for highly reliable sources – for example, there’s this PDF guide direct from the Social Security Administration. I also found less official guides like this one, that still had a useful set of tasks and suggestions.

I focused on recent pages, written in the last year, since advice changes as people try new scams, and technology has new options. I also looked at my state attorney general’s site for information.

(If you search in Google, you can use the “Tools” option and select “Past year” instead of “Any time” in the option that will pop up below the main search tabs.)

I didn’t take the advice from any one source (even the Social Security folks!) Instead, I looked at about 20 sources and combined them into a list of things to do. (That’s also why I’m not giving you a ton of links here: the best resources will change over time.)

Here comes the spreadsheet

You knew there was going to be one, right, if you’ve been reading this blog.

I set up a spreadsheet with multiple sheets in it.

The first sheet has conversations I’ve had or steps I’ve taken (like online reports). It has columns for date, time, who I talked to, what the general topic was, how (phone, online, etc.), and then notes for the conversation and any follow up I need to do or pay attention to.

The second sheet has links of things I still need to do.

The third sheet has specific contact information for people I may need to get in touch with again, so I don’t have to hunt up the numbers or web addresses.

What did I do?

1) Put a fraud alert on my credit account.

This is a 90-day alert, and if you call one of the three agencies in the United States, they will pass the alert on to the other two. The call was entirely automated and very straightforward for being an automated call.

I got a reference number and asked for my rights to come in the mail, rather than hearing them over the phone, so I’ll have a confirmation of what they are. It’s possible to extend these alerts or put a credit freeze on for longer, but it’s easier to do that once I have a completed police report.

2) Put in a police report with my local police department

This produces a temporary report (the instructions say very clearly not to use the confirmation number until they’ve followed up) but a police report opens up some additional options for later (and if there ever is a problem down the road, being able to demonstrate that I reported it is helpful.)

My police department has an online form that you fill in, or I could have called the non-emergency line. This was the second step because I wanted to be able to say I’d made the report to any later calls.

3) Called the Massachusetts Unemployment Fraud line.

I found them by looking at the Unemployment Office site. Since this is the place where the actual identity theft happened, it was high on the list. I spoke to a really pleasant man who was glad to confirm they’d already flagged it as a problem in their system, and that the address they had wasn’t the one I gave them.

The big issue is that if I ever do need to file for unemployment in Massachusetts, as long as that claim is on file, I’ll need to have additional identification and documentation. (This means that police report is important! But also things like a photocopy of my ID, and current mail to demonstrate my address, etc.)

4) My bank

I bank with a small local independent bank who have the best customer service (Thanks, Leader Bank!)

I got a real person right away, no phone tree, and he was great about checking and making notes in my file that if there are any inquiries about my account, to ask for an agreed on passcode, or call me for verification.

5) Credit cards

I didn’t put a freeze on my credit accounts just yet (it will take a little more paperwork and I want to have the police report to reference before I do).

I did turn on alerts on all of them to let me know if there are more than very minimal charges on any of them. I already check my accounts manually twice a week. (I will be bumping that to three times a week.)

6) Reporting to the FTC

Many of my sources (including the SSA) encouraged me to report it to the FTC’s Identity Theft site. They ask you a series of questions about what happened and advise what steps you should take. You can also get a confirmation number saying you filed a report with them, which helps demonstrate that you took action on the problem.

7) Social Security Administration

I was able to lock access to my account online but will need to do a more elaborate process to sort out some of it. Again, some of that will be much easier with the police report.

Things I need to do in the future

Once I have the police report, then I’ll do additional paperwork for a credit freeze and to clear up documentation with the social security offices.

It’ll be important to keep that documentation somewhere easy to access if I need it (i.e. all in one place) so that if I do need it, I can grab it quickly. I’ve been a little unhappy with my current ‘important papers’ filing for a while, so this is a good time to rework that system into something a bit easier to use.

I live by myself, so one of the things I’m thinking about here is if something happens where friends need to help me with filing for disability or other benefits, what I need to document now to make that easier. My ideal is to be able to identify a folder that has a summary of everything.

Along the way, I also read a bunch of advice – for example, I may get scam calls with threats if I don’t make payments, pretending to be from the IRS, etc. The sites I looked at had advice on ignoring those and explained how the IRS actually contacts you.

I’ll also just need to keep an eye out for weird stuff, in case something else crops up. Some of the things I found suggest people try the unemployment scam first and then move on to other things if it works. On the other hand, this might not be the only person who has my information, depending on how they got it, so it could be an issue for credit, leases, etc.

Bookmark the permalink.

Leave a Reply