Why Merely Freezing and Monitoring your Credit is *Not Even NEARLY Enough* to Stop Debilitating Identity Theft
Last week, 78% of U.S. citizens were exposed to identity theft from a jaw-dropping data breech at National Public Data. And the conventional advice of merely freezing and monitoring credit reports doesn't stop a thief from sticking consumers with bogus utility bills, fraudulent pay-day loans, fake bank and brokerage accounts, stealing their tax refunds, and more. Here are real life examples from people who learned the hard way... and here's what to do to avoid being victimized.
(Usual disclaimer: I'm just an investor expressing my personal opinion and am not an attorney, accountant nor your financial advisor. Consult your own financial professionals before making any financial decisions. Code of Ethics: To remove conflicts of interest that are rife on other sites, I/we do not accept ANY money from outside sponsors or platforms for ANYTHING. This includes but is not limited to: no money for postings, nor reviews, nor advertising, nor affiliate leads etc. Nor do I/we negotiate special terms for ourselves in the club above what we negotiate for the benefit of members. Info may contains errors so use at your own risk. See Code of Ethics for more info.) In the last week, many were stunned to learn that hackers have stolen a jaw-dropping 272 million U.S. social security numbers, 161 million U.S. phone numbers and more highly sensitive historic data from National Public Data.
This unprecedented breech directly exposes 78% of U.S. citizens to the harrowing risks of identity theft. And those risks include: having their credit hijacked and ruined, racking up fraudulent utility bills, the opening of fake bank accounts, brokerage accounts and loans in their names, having their tax refunds stolen, and more.
Many consumer advocacy groups, financial websites, legal firms and pundits (including the National Cybersecurity Alliance , as an example) are telling people to deal with this by:
Freezing their credit with the three major credit agencies: TransUnion, Experian, and Equifax.
Monitoring their credit reports.
These steps prevent a thief from sticking the consumer with a bill for a fraudulent new credit card, a newly rented house, etc.
And while that's a prudent FIRST step, it's not even close to what's fully required to seriously mitigate the risk of debilitating identity theft.
Why the advice falls so far short
First, there are actually four main credit agencies. Somehow, most advice completely forgets about Innovis (which is a smaller credit agency and is definitely used by some financial firms).
Second, merely freezing and monitoring your credit doesn't stop a thief from sticking you with bogus utility bills, fraudulent pay-day loans, fake bank and brokerage accounts, stealing your tax refunds, and more.
The school of hard knocks teaches an important lesson
Peter Jones (not his real name) is a member of the Private Investor Club, the sister organization to this site. And he discovered that his Social Security number and other personal information was exposed a few years ago in the T-Mobile security breach. So he was very conscientious and followed the conventional advice of freezing his credit with the three agencies and closely monitoring his credit reports. And he shares how this didn't stop a thief from opening up a fraudulent brokerage account:
"Even with those measures in place, someone was able to open a Schwab brokerage account in my name a few weeks ago. Their goal was to use this new account as a backdoor into my actual Schwab 401(k) account. Luckily, I noticed an email notification that a new phone number had been added to my Schwab account, called them immediately, and they were able to shut down the fraudulent account right away."
Many people would not have been as fortunate. And the thief was sophisticated and almost got away with it by using an "email bomb" technique. Peter shared:
"I woke up one morning and my inbox had a couple of thousand emails with a few hundred more coming in every hour for the next ~24 hrs (those emails were mostly newsletter subscriptions to legitimate websites so Gmail spam filter could not handle them). Fortunately, I knew something a little about email bombs so that gave me a clue that one of my accounts had been compromised. And instead of simply deleting all those emails [like most people would do,] I went through them one by one and found the email from Schwab telling me that a new phone number was added to my account. It would have been very easy to miss that one important email among the thousands of others or to find it too late to fix the problem.
"Welcome to your 60th fraudulent bank account!"
John Bathis (not his real name), is another Private Investor Club member who shared a similar real-world experience of how the conventional advice can be dead wrong. Like Peter, he also conscientiously followed the typical advice of freezing his three credit reports and monitoring his credit.
He relayed:
"Unfortunately, I was the victim of a scam where they opened up over 60 bank accounts in my name. I only figured it out when one of the banks mailed me a welcome letter. There is a company called ChexSystems that is used by 80% of banks to screen applicants for checking and saving accounts. Since then I have had a freeze put on by ChexSystems and it has caught multiple bad actors trying to do the same."
Stolen tax refunds
Another common scheme is that a thief will use a stolen social security number to steal a victim's tax refunds. As an example, this one group alone stole $111 million in refunds.
Per this NY Times article:
Here’s how tax identity fraud works: Criminals use tax filers’ personal information, including their Social Security number, to file a fraudulent return and then ask that it be sent to their own bank account. The thieves usually file early in the tax season, often before the legitimate filer has submitted a return.
and...
About half a million tax returns are in limbo at the I.R.S. because of identity theft fraud, a spokesman for the Taxpayer Advocate Service said. ... In an emailed statement, the I.R.S. said that “although taxpayers continued to see major improvements from the I.R.S. during the 2024 tax season, the I.R.S. recognizes that the backlog of identity theft cases remains one of the most significant ongoing service gaps.”
Hank Andrews (not his real name) is another Private Investor Club member who shared his experience of tax return theft.
"Years ago my identity was partially stolen. Someone filed a 1040EZ form with a $9K refund. I hadn’t filed a 1040EZ since I was a kid. The IRS flagged the return and later didn't accept my return for that year. It took 3 years to clear it up. By that time the interest and penalties were $23K. The IRS finally cleared all the issues up [and] waived all the interest and penalties."
What to do about it?
First, there's unfortunately no way to 100% prevent identity theft. The existing system is just too much of a mess. It's complicated, antiquated and distributed among too many companies. And most firms have no real financial or legal incentive to improve it (and actually benefit from the status quo).
And in my opinion, regulators clearly need to step in and protect consumers. And maybe this recent, massive breech will be the kick in-the-pants required for long-needed reforms. In the meantime, here is a list of steps to mitigate the risk of identity theft.
These are admittedly an enormous pain to do. Yet, in my opinion, that pain is far less than the excruciating pain of identity theft. IMPORTANT: This is personal opinion only and it could contain errors and mistakes, so please note that you use it at your own risk. If you see something that was missed or wrong, please tell me ... and if verified, then this list will be updated. And I am neither an attorney, accountant, nor your financial advisor. So always consult with your own before using any financial related info (including all of the information in this article) and making any financial related decisions.
Freeze on all four national credit agencies:
Why? Lenders, credit card companies, landlords, employers, and insurance companies use information from these firms to make decisions like opening new accounts. Freeze these reports and then unlock only when you are actually wanting to open up a new account.
Who?
Equifax
Experian
TransUnion
Innovis (fourth bureau that many forget about)
Freeze on check and bank account screening agencies:
Why? These report data to banks and financials companies when processing new checking account openings, closures, and check screening services like check verification.
Who?
Advanced Resolution Services
ChexSystems, Inc.
Freeze on LexisNexis:
Why? Many financial institutions use this info to verify identity when opening new accounts.
Note: Freezing LexisNexis only restricts the sharing of FCRA (Fair Credit and Reporting ACT) information and they will still share non-FCRA info for verifying identity!
Some people are eligible to opt out of LexisNexis. If so, then this (only) restricts the sharing of non-FCRA information.
So in other words... to restrict both FCRA and non-FCRA info, you'd need to both freeze and opt out (if you're eligible). In my opinion, this is ridiculously complicated... and I believe is also clearly intentional.
SageStream (mentioned below) is now part of LexisNexis, and freezing LexisNexis will also freeze it as well.
ChexSystems sometimes pulls from LexisNexis, so when you unfreeze ChexSystems for a new bank account, you should unfreeze LexisNexis too.
Who?
LexisNexis (now linked to SageStream)
Register/Require a secure PIN # on tax-returns (with the IRS):
Why? A thief with your stolen social security number can use it it to file a return and steal a refund. When you require a PIN#, your return won't be processed without it. So it's like two-factor authentication for a tax return.
How?
Freeze on low Income/subprime agencies (including payday loans)
Why? These firms provide info to companies that provide new loans and other financial services to low-income and poor-credit customers. Identity thieves often like to target these financial services because they are often easier to obtain than others.
Who?
Clarity Services (related to Experian)
DataX (related to Equifax)
FactorTrust (related to Transunion)
MicroBilt
Teletrack (related to Equifax)
Freeze on supplementary reporting agencies
Why? These firms provide credit data to financial firms opening new accounts, including info from the nationwide consumer reporting companies, public records, and ID verification data.
Who?
Innovis
SageStream, LLC (now linked to LexisNexis)
Freeze on utility agencies
Why? These firms are used by utilities (such as electric, gas, water, phone, cell-phone, pay TV ,etc) to open new accounts.
Who?
National Consumer Telecom & Utilities Exchange
Other:
More info from Reddit (including other tips like adding verbal passwords to your banking profiles, enabling two-factor authentication on your online accounts, securing your cell phone carrier account to prevent takeover, etc.) https://www.reddit.com/r/IdentityTheft/comments/uvv3ij/psa_freezing_your_three_main_credit_reports_is/
Comentários