From Leo Notenboom’s newsletter Ask Leo
Consider just the first four items in the list above: names, Social Security numbers, birthdates, and addresses. That’s generally enough to open a credit card account in your name — a credit card account hackers could use and that the credit card company will think is your responsibility.
There are more scenarios beyond just credit cards. Most probably involve getting credit or loans in your name without your consent or knowledge. You are then faced with having to contest those charges, and may have trouble using your credit legitimately, since the hackers will have tarnished your good reputation in the eyes of banks and creditors.
Equifax’s handling of that breach has since been termed a “dumpster fire” by noted journalist Brian Krebs. Their instructions, website, and tools to help you determine if you’ve been impacted have been nothing short of a total mess. The term I’d use instead of dumpster fire isn’t appropriate for a family publication.
What you can do next
The single most important thing you can do is simply pay attention. Pay attention to your bills, credit cards, paper junk mail, and to what looks like spam that lands in your inbox.
Watch all your monthly bills for unexpected charges. This isn’t limited to credit cards, but any charge for which you are notified via paper or electronic mail. If they’re not legitimate, contact the company immediately.
Monitor your credit cards closely. In my opinion, simply reviewing the paper statement once a month isn’t enough. I enable online access and check more frequently — every few days or at least once a week. In addition, I use credit card services that notify me by text or email each time a charge over a certain amount is made. If I can, I set it to any charge over $1, so I know exactly what’s happening. If you see something suspicious, contact the credit card company immediately.
Open the junk mail in your physical mailbox. Often the first notification that something is amiss is a statement or welcome letter from an account you’ve never heard of. You’ve never heard of it because you didn’t open it — the identity thief did. If it looks like someone opened an account in your name you did not authorize, contact the company immediately.
Watch the spam that lands in your inbox (#1). What you think is spam, because it’s about a company or an account you don’t have, could potentially be “legitimate” in that it’s actually from the company mentioned, and you do have an account with them … an account opened by an identity thief. If you suspect that’s the case then contact the company immediately.
Watch the spam that lands in your inbox (#2). Phishing attempts are likely to be on the rise. Using the stolen information, hackers craft even more convincing (yet fake) emails trying to get you to fall for their schemes. Pay extra close attention to all email that leads you to log into your bank, credit card company, or any other website that deals with your personal information. Never click on the link to those sites in email, but instead go to those sites using your own links and bookmarks.
If you find you are the victim of identity theft, even for just a single account, it’s important to contact law enforcement as well. Many of the remedies and mitigations rely on police or other formal report being filed.