
🔐 Identity Theft & Recovery
Protect your identity and know exactly what to do if it’s misused.
Identity theft fuels many scams, including account takeovers, tax fraud, and loan fraud.
These steps help you prevent, detect, and recover — without paying for unnecessary “protection” services.
🔗 Resources
IdentityTheft.gov (FTC) — Official federal one-stop site: file a report and get a step-by-step recovery plan tailored to your situation.
🌐 https://www.identitytheft.gov ↗️FTC — Consumer Sentinel Data (Stats) — Annual data on fraud & identity theft reports; 2023 featured over 5.4M total consumer reports, with 1M+ identity theft reports.
🌐 https://www.ftc.gov/reports/consumer-sentinel-network-data-book-2023 ↗️FTC — Nationwide Fraud Losses Top $10B (2023) — Overview press release noting 1M+ identity theft reports in 2023.
🌐 https://www.ftc.gov/news-events/news/press-releases/2024/02/nationwide-fraud-losses-top-10-billion-2023-ftc-steps-efforts-protect-public ↗️FBI — IC3 Elder Fraud Reports — Annual stats and reporting portal for online crime affecting older adults.
🌐 https://www.ic3.gov ↗️AnnualCreditReport.com — Access your credit reports from all three bureaus; detect new accounts or changes quickly.
🌐 https://www.annualcreditreport.com/index.action ↗️IRS — Get an IP PIN — Prevents someone else from filing a tax return using your SSN; free six-digit PIN the IRS requires on your return.
🌐 https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin ↗️🧭 Preventing Identity Theft (Do-It-Yourself)
Freeze your credit with all three bureaus (free, reversible). A freeze blocks new credit lines in your name. Unfreeze temporarily when you need to apply.
Turn on 2-Factor Authentication (2FA) for email, bank, and payment apps. Prefer an authenticator app or hardware key where possible.
Use a password manager and make each password unique and long (passphrases). Reused passwords = chain-reaction takeovers.
Secure your mailbox & documents (lockable mailbox; shred sensitive mail). Sign up for USPS Informed Delivery to watch what’s coming.
Review your credit reports at least quarterly (all three bureaus). Dispute any account you didn’t open.
🚨 If You Suspect Identity Theft
Go to IdentityTheft.gov and generate your recovery plan and FTC report number. Follow the specific steps provided.
Place a 1-year fraud alert (free) at any one bureau — they’ll notify the others. Consider an extended alert (7 years) after filing a police report.
Change passwords & 2FA starting with email, bank, and payment apps. Remove unfamiliar recovery phones/emails from those accounts.
Contact impacted companies (banks, card issuers, utilities) and ask for their fraud team. Close or freeze affected accounts; get letters confirming actions.
File a police report if instructed by your plan (often required for extended alerts and certain disputes).
📌 Sam’s Tips
Freeze beats “monitoring.” A credit freeze blocks new accounts; monitoring only alerts you after something has already happened.
Your email is the master key. Protect it with a strong, unique password and 2FA — most recovery links flow through email.
Document everything. Keep a folder with your FTC report number, dispute letters, and call notes. Paper trails speed recovery.
Act fast, then follow through. Early steps (freeze, alerts, password changes) limit damage — and finishing the checklist closes back doors.
🔐 Quick example
You receive an email that appears to be from your bank saying: “Unusual activity detected — your account will be locked in 24 hours unless you verify now.”
Stop — countdown timers and threats of account lockout are common identity-theft triggers.
Investigate — the sender address has extra numbers and a misspelled bank name.
Find better coverage — checking the bank’s official site shows no alerts, and the security page warns about similar phishing emails.
Trace — hovering over the “Verify now” button reveals a non-bank URL that redirects through multiple unfamiliar domains.This message fails verification. The urgent deadline, spoofed sender address, and off-brand URL all signal an identity-theft attempt.
Why
Real banks do not threaten account closure by email — they notify you through secure messages or apps.
Misspelled sender domains and unusual numbers often indicate spoofing.
Fraudsters rely on urgency to bypass critical thinking.
Redirect chains are used to harvest login credentials and personal information.
Bottom line:
If a security alert arrives by email or text, never click the link. Go directly to your bank’s official website or app and check for messages there.📄Open This Resource List
A compact, 1-Page PDF is available now. Large-print versions are being added and will be available in a future update.
Printing tip: Set the print scale to 100% for proper sizing. Blue, underlined URLs are clickable links.
The Compact PDF opens in a new tab or window (depending on your browser settings) so you won’t lose your place.
To print, open the PDF and press Ctrl + P (Windows) or Command + P (Mac).
When you’re done, simply close the tab or window to return here.
Coming Soon: Large-Print PDF (This Page's Resources).
Don’t Get Bunked! provides education and links to third-party resources. Don’t Get Bunked! does not perform fact-checking, issue ratings, or endorse any party, candidate, or position. Use multiple sources and original data where possible.
© 2025–2026 Simple Virtues LLC d/b/a Don’t Get Bunked!
Smarter choices. Safer browsing. Stronger you. ™

