🔐 Identity Theft & Recovery

Protect your identity and know exactly what to do if it’s misused.

Identity theft is a gateway crime behind many scams (account takeovers, tax fraud, loan fraud). In 2023, the FTC’s systems logged over 1 million identity theft reports nationwide, and older adults reported $3.4 billion in cybercrime losses (across all types) to the FBI’s IC3 that same year. These steps help you prevent, detect, and recover — without paying third-party “protection” services.

Sources: FTC Consumer Sentinel (2023 Data Book & press release) and FBI IC3 Elder Fraud Report (2023).

🔗 Resources

IdentityTheft.gov (FTC) — Official federal one-stop site: file a report and get a step-by-step recovery plan tailored to your situation.
🌐 https://www.identitytheft.gov ↗️

FTC — Consumer Sentinel Data (Stats) — Annual data on fraud & identity theft reports; 2023 featured over 5.4M total consumer reports, with 1M+ identity theft reports.
🌐 https://www.ftc.gov/reports/consumer-sentinel-network-data-book-2023 ↗️

FTC — Nationwide Fraud Losses Top $10B (2023) — Overview press release noting 1M+ identity theft reports in 2023.
🌐 https://www.ftc.gov/news-events/news/press-releases/2024/02/nationwide-fraud-losses-top-10-billion-2023-ftc-steps-efforts-protect-public ↗️

FBI — IC3 Elder Fraud Reports — Annual stats and reporting portal for online crime affecting older adults.
🌐 https://www.ic3.gov ↗️

AnnualCreditReport.com — Access your credit reports from all three bureaus; detect new accounts or changes quickly.
🌐 https://www.annualcreditreport.com/index.action ↗️

IRS — Get an IP PIN — Prevents someone else from filing a tax return using your SSN; free six-digit PIN the IRS requires on your return.
🌐 https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin ↗️

🧭 Preventing Identity Theft (Do-It-Yourself)

Freeze your credit with all three bureaus (free, reversible). A freeze blocks new credit lines in your name. Unfreeze temporarily when you need to apply.

Turn on 2-Factor Authentication (2FA) for email, bank, and payment apps. Prefer an authenticator app or hardware key where possible.

Use a password manager and make each password unique and long (passphrases). Reused passwords = chain-reaction takeovers.

Secure your mailbox & documents (lockable mailbox; shred sensitive mail). Sign up for USPS Informed Delivery to watch what’s coming.

Review your credit reports at least quarterly (all three bureaus). Dispute any account you didn’t open.

🚨 If You Suspect Identity Theft

Go to IdentityTheft.gov and generate your recovery plan and FTC report number. Follow the specific steps provided.

Place a 1-year fraud alert (free) at any one bureau — they’ll notify the others. Consider an extended alert (7 years) after filing a police report.

Change passwords & 2FA starting with email, bank, and payment apps. Remove unfamiliar recovery phones/emails from those accounts.

Contact impacted companies (banks, card issuers, utilities) and ask for their fraud team. Close or freeze affected accounts; get letters confirming actions.

File a police report if instructed by your plan (often required for extended alerts and certain disputes).

📌 Sam’s Tips

Freeze beats “monitoring.” A credit freeze blocks new accounts; monitoring only alerts you after something has already happened.

Your email is the master key. Protect it with a strong, unique password and 2FA — most recovery links flow through email.

Document everything. Keep a folder with your FTC report number, dispute letters, and call notes. Paper trails speed recovery.

Act fast, then follow through. Early steps (freeze, alerts, password changes) limit damage — and finishing the checklist closes back doors.

🔐 Quick example

You receive an email that appears to be from your bank saying: “Unusual activity detected — your account will be locked in 24 hours unless you verify now.”

Stop — countdown timers and threats of account lockout are common identity-theft triggers.
Investigate — the sender address has extra numbers and a misspelled bank name.
Find better coverage — checking the bank’s official site shows no alerts, and the security page warns about similar phishing emails.
Trace — hovering over the “Verify now” button reveals a non-bank URL that redirects through multiple unfamiliar domains.

Conclusion

This message fails verification. The urgent deadline, spoofed sender address, and off-brand URL all signal an identity-theft attempt.

Why

• Real banks do not threaten account closure by email — they notify you through secure messages or apps.
• Misspelled sender domains and unusual numbers often indicate spoofing.
• Fraudsters rely on urgency to bypass critical thinking.
• Redirect chains are used to harvest login credentials and personal information.

Bottom line:
If a security alert arrives by email or text, never click the link. Go directly to your bank’s official website or app and check for messages there.