Maybe your first clue is in some unauthorized charges on your credit card statement. Or perhaps you get a call from a card's fraud department asking if you just tried to open an account—10 states away.
This sort of thing can happen all too easily. Recently, for example, we saw news stories about how quickly criminals can figure out your credit card number and security code (about 6 seconds, in case you were curious).
And regardless of how you get the news, finding out you've been hacked is a terrifying experience. It's normal to feel a sense of panic, to feel violated. Those feelings may intensify if you confirm the hackers got your Social Security number and your birthday; armed with those bits of trivia and your name, hackers essentially have a Golden Ticket for trying to open credit accounts in your name.
But all hope isn't lost. Here are seven steps to regain control of your accounts and keep the bad guys at bay.
1. Change your passwords
If any of your email or social media accounts were compromised, change your password immediately. And if you re-used those passwords on other accounts (Something you should never do, by the way), change those, too.
It's one of the biggest bugaboos in cybersecurity: According to Mobile identity company TeleSign, which conducted a survey of consumers in the US and UK in 2015, nearly 3 out of 4 consumers use the same password across accounts. The upshot is change passwords, and change often. If you can't remember your passwords, consider one of the many password managers offered by reputable security software makers.
Video of the Day
Recently, Techwalla's One Cool Thing podcast recommended password managers, and if you don't have time to listen, we'll just tell you: Rick recommends LastPass and Dave prefers Dashlane. Pick one and use it to ensure you never repeat passwords between different sites and services.
And if your sites or services support two-factor authentication, use it: It supplies an extra layer of security to keep your info safe.
2. Freeze your credit
If your information has been compromised, consider locking down your credit to keep anything else from happening. Known as a security freeze, this can make it more difficult for thieves to use your stolen identity to fraudulently open new accounts in your name. With a credit freeze, you can still open new accounts or apply for a mortgage, but you'll have to do a temporary lift on the freeze (depending upon the agency). You should contact each of the nationwide credit reporting companies--just talking to one of them is not sufficient:
3. Initiate a fraud alert
Be absolutely certain to set up a fraud alert. Fraud alerts are useful stopping identity thieves from opening new accounts, because you'll get contacted if anyone tries to open a new account in your name. You can still have access to your credit, but you'll have to go through additional checks to confirm your identity. A typical fraud alert lasts 90 days, while an extended fraud alert—for victims of identity theft—lasts seven years.
4. File a police report and be your own sleuth
If you are the victim of identity theft and you've had fraudulent accounts opened in your name, file a police report. This probably won't help catch the bad guys, but it will help you when you contact the banks that opened fraudulent accounts, as they will generally ask if you filed a police report.
And when you're shutting down the fraudulent accounts, turn the tables and ask them for information on where the account was opened and what information was used. This, in turn, might help you find out if your Social Security number was compromised, or what phone number was used to commit the fraud.
5. Lie about your secret questions
Reach out to your credit card companies and banks to inform them about your hack, and update your passwords and security words while you're there. But take the opportunity to change security words to something criminals can't guess or find out on their own. For example, you may want to consider changing your mother's maiden name to something only you know.
6. Get a free credit report
There are a lot of ways to do this. The Fair Credit Reporting Act requires credit agencies to provide a free report once every 12 months, as requested. The FTC, which enforces the FCRA, points consumers to AnnualCreditReport for access to free credit reports, but there are other ways to get free credit reports if you prefer.
Check your report carefully, and do what you can to clean up errors. If accounts were opened fraudulently, the banks behind those accounts should be able to remove both the fraudulent credit inquiry and the fraudulent account from your records.
7. Get a monitoring service
Credit monitoring services may cost you, but they can be easy way for busy people to stay on top of changes—especially if you have lots of accounts. There are lots of services out there—pick one that offers the right balance of value and information. Options include LifeLock, IdentityGuard, and Experian.