Advertiser Disclosure

Identity Theft Protection, News

No, Equifax Is Not Calling You. Watch Out for Scam Phone Calls After the Data Breach

Editorial Note: The editorial content on this page is not provided or commissioned by any financial institution. Any opinions, analyses, reviews, statements or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by any of these entities prior to publication.

Source: iStock

Less than a week after the Equifax data breach was made public, it seems scammers are already looking for opportunities to prey on concerned consumers.

The Federal Trade Commission posted a scam alert Thursday warning consumers to not give their personal information to anyone who calls and claims to be an Equifax representative. Over the summer, hackers breached the Atlanta-based credit bureau’s database and accessed the personal information of about 143 million consumers, including sensitive information like Social Security numbers.

But Equifax is not calling those affected by the breach, so if you get a phone call from someone saying they represent Equifax and want to verify your account information, the FTC advises you hang up. It’s ironic, in a way, to target victims by posing as a concerned Equifax representative. The company has been criticized widely for its sluggish response to the breach, which occurred sometime between mid-May and July but wasn’t discovered until July 29 and wasn’t announced until more than a month later.

In response to the security failure, the House Committee on Energy and Commerce has demanded Equifax answer several questions about the breach, including why the company put off announcing the breach for so long. Equifax has until Sept. 22 to respond to the committee’s questions, and the committee plans to hold hearings on the breach in September or October.

In a company statement, Equifax CEO Richard Smith said the breach was a “disappointing event.”

“Confronting cybersecurity risks is a daily fight,” he added. “While we’ve made significant investments in data security, we recognize we must do more. And we will.”

In the breach, people’s Social Security numbers, dates of birth, addresses, and other personally identifiable information (PII) were compromised, so it’s understandable you’d be worried and are looking for help.

Here’s what you can do to take control of protecting your identity.

Assume you’re affected

While you can go to Equifax’s website and go through a multistep process to see if your information has been compromised, you can also just assume someone has their hands on your personal information. (It’s also worth noting the Equifax site reportedly isn’t reliable for telling you if you’re affected, and many consumers have reported the site is slow to load or doesn’t load at all.) Even if you weren’t among the 143 million whose personal information was compromised in this breach (and the odds aren’t in your favor), chances are it has been or will be in a breach at a different company or organization. With that in mind, you’ll want to focus on how to detect signs of identity theft and how to respond to them.

Monitor your credit

Equifax responded to the breach by offering free credit and identity monitoring to everyone — not just those affected — for a year through TrustedID Premier. You must go to equifaxsecurity2017.com to enroll, which requires entering your last name and the last six digits of your Social Security number. You’ll then be given an enrollment date, which may be several days after you start the enrollment process, at which point you can return to the site to continue enrollment. You’ll need to set a reminder to continue the process, as Equifax won’t send you a notification when it’s time.

You have many other ways to find out if someone has misused your personal information. Several companies offer free credit scores — Credit Karma, Discover, Capital One, Mint, LendingTree (our parent company), etc. — either to everyone or to their customers. To help you choose, we put together this guide to getting your free credit score. Credit Karma also offers a free credit monitoring service, and Discover cardmembers can sign up for alerts when their Social Security numbers are detected on suspicious websites. You can also pay for credit monitoring services from a number of providers, including the three major credit bureaus Equifax, Experian and TransUnion , as well as credit scoring giant FICO.

Consider a credit freeze

You can also freeze your credit so no one, not even you, can apply for new credit using your information. If you do this, you have to initiate a freeze with each of three major credit bureaus, as well as “thaw” each report when you want to apply for a new credit account. Every time you freeze and thaw your credit you may be charged a fee, which varies by state. This only protects you from credit fraud and does not prevent things like taxpayer identity theft, criminal identity theft, medical identity theft, and insurance identity theft.

On Sept. 15, Equifax announced it is waiving the fee for removing and placing credit freezes on Equifax credit reports through Nov. 21, 2017. Anyone who paid for an Equifax freeze at or after 5 p.m. EDT on Sept. 7 will receive a refund, the company said.

Have a plan for responding to identity theft

One of the best ways you can prepare for identity theft is to detect it early. After that, you need to know how to resolve it. You can do this yourself by filing a police report, disputing fraudulent accounts on your credit reports, and making the phone calls necessary to correct any problems stemming from the fraud. Or you could pay someone to help you with this time-consuming task. Check with your employer to see if they offer identity theft insurance or identity theft resolution services as an employee benefit, and if not, consider paying for it.

We’ve rounded up the best identity theft resolution services here.

More than anything, remain calm as you sort through the fallout of this breach. Focus on making a plan for protecting yourself from and responding to identity theft and making sure you only deal with trustworthy service providers.

Advertiser Disclosure: The products that appear on this site may be from companies from which MagnifyMoney receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). MagnifyMoney does not include all financial institutions or all products offered available in the marketplace.

Christine DiGangi
Christine DiGangi |

Christine DiGangi is a writer at MagnifyMoney. You can email Christine at christine@magnifymoney.com

TAGS: , , ,

Advertiser Disclosure

Identity Theft Protection

What to Do If You Think Your Mortgage Data Was Breached

Editorial Note: The editorial content on this page is not provided or commissioned by any financial institution. Any opinions, analyses, reviews, statements or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by any of these entities prior to publication.

iStock

This week, the online technology publication TechCrunch reported that millions of pages of mortgage loan documents were leaked online. More than a decade’s worth of data may have been affected, giving identity thieves access to financially sensitive documentation about every aspect of a consumer’s income, credit and assets.

The incident makes clear one potential downside of the industry’s inexorable move online. Mortgage companies have been scrambling to keep up with consumer demand for a fully digital mortgage experience. The convenience of allowing lenders access to bank records, employment and income history, and credit information electronically may save time and stress in the mortgage approval process.

However, one of the downsides to all of this digital simplicity is the risk a cybersecurity breach could give a hacker access to all of your financial data in one place.

Knowing what to do and what not to do are essential in preventing identity thieves from using any of your personal information to obtain new credit. You also need to know how to spot scammers that will try to take advantage of consumer fear and confusion to promote bogus services.

The first thing to do if your data was compromised

Beware of incoming phone calls

Do not provide any sensitive information over the phone to anyone who calls regarding your credit card or loan accounts, or anything having to do with your bank. Insist on getting a call back number and call them back — if they aren’t for real, they will probably hang up as soon as you ask for their contact information.

The FTC suggests you “don’t believe your caller ID.” Sophisticated scammers can create a “spoof” phone number that shows up on your caller ID in the name of your bank or credit card company, but is really a con artist trying to take advantage of you.

Do not open emails or answer texts from anyone claiming to be related to the recent data breach. If you receive such electronic communication, contact the creditor or bank immediately and ask for their security department to confirm if the correspondence is legitimate.

The IRS will not call you to confirm your personal information. The IRS recommends that companies experiencing a data breach send you a letter explaining what happened, what you can do to safeguard your credit and identity and how to follow up with them.

Any conversations that you have with creditors or banks should be initiated by you, using contact information you have on credit card and bank statements that you already have on file.

How to protect your accounts

Change your passwords on any account that has online access

There is information suggesting the most recent mortgage data breach may have included public access to passwords and user IDs for a variety of different financial accounts. Change your user ID and passwords to your online bank accounts and any credit accounts that you access online.

Track your bank and credit card balances, and notify your bank or credit card company immediately if you see any unusual charges or withdrawals.

Subscribe to a credit monitoring service

Your bank or an online credit monitoring service will provide up-to-date information about any new inquiries made. If you see unusual activity, then you may want to follow one of the steps below to activate a credit freeze with all of the credit bureaus so no new credit can be opened without direct contact with you.

What to do if you see signs of identity theft

If you have evidence that new credit accounts are being opened, or if someone has accessed your bank account, there are several steps you need to take to notify authorities and fraud departments at your bank and creditors.

Call your bank first, brokerage accounts second

You need to make sure that your assets are not liquidated, so contact your bank immediately. Most banks have fraud protection measures in place to replace any stolen money quickly. The sooner you contact the bank, preferably in person, the quicker a report can be filed, your old account can be closed and a new one is opened.

Brokerage accounts don’t have the same identity-theft protections that bank accounts do. If you have mutual funds, IRAs or 401ks, you should contact the brokerage. If you do see any suspicious activity, you’ll also want to contact the Securities and Exchange Commission.

Contact your creditors next

Credit card companies have fraud and identity-theft departments. This information is often on the back of your credit cards so contact them immediately to let them know your information has been used without your authorization. They may need you to fill out police reports, and provide additional follow-up as the fraud department investigates your claim.

Make sure you contact the IRS

It may not be top of mind, but come tax time, you may get an unpleasant surprise if you learn someone filed a tax return on your behalf. This happened during the 2017 Equifax breach — because returns are filed electronically now, it’s much easier for an identity thief to try to get a tax refund using your identification information.

Consider putting a fraud alert on your credit

The Federal Trade Commission recommends putting a credit freeze on your credit if you suspect or are in the process of an investigation into identity theft of your personal information. You will need to validate any new credit requests that you make and some lenders, especially mortgage companies, will need you to release the freeze if you try to apply for a home loan in the future.

If you haven’t actually experienced any fraud but have been notified by a company that you did business with that they experienced a breach of data, then you might want to start with a fraud alert. Unlike a credit freeze, a fraud alert allows your credit information to be accessed, but it lets any creditors know that you suspect or are concerned that your information may have been compromised.

Put everything in writing

You’ll want to have a date-stamped written record of all communications, in case you up needing to take legal action to recover your losses. Police and federal investigators may need this correspondence to pursue investigations against identity-theft criminals.

The FTC also has an identity-theft affidavit that can be completed and provided to law enforcement.

Watch out for signs of breach scams

Impostor scammers

Impostor scammers will try to play on fear and confusion by creating schemes to defraud you out of money for extra security services or even lawsuits representing your interests and promising large payouts if you’ll just join their list. They may call, email, send letters or even knock on your door claiming to be law enforcement or an agent of a federal agency.

If anyone tries to charge you an upfront fee of any kind to protect you from further breaches, or to include you in any kind of legal action, hang up the phone and contact the authorities. Given the size of this mortgage breach, you’ll want to sign up for the Federal Trade Commission’s scam alert service to find out if there is a pattern of new scams related to this leak.

Bogus mortgage servicing transfer letters or phone calls

Because data was accessed from companies that service mortgage loans, hackers may send you notices of a transfer of servicing and tell you to make your payments to a new mortgage company or location. Use your recent mortgage statement to contact your current mortgage company if you get any notices.

Also, be sure to file a complaint and provide a copy of the email or mail correspondence to the authorities if they request it.

Be prepared to monitor your credit and assets frequently

The FTC provides excellent resources regarding what to do if you are a victim of identity theft.

Identity thieves may wait a while to use your data. The info you provided to get your mortgage provides a great deal of detail about your financial profile, which means a scammer can impersonate you for many types of online credit and financial transactions.

By giving notice to your creditors, banks and the IRS, they will at least be on notice to watch for activity. Their correspondence should be in writing and provide you with verifiable contact numbers for any information requests.

Advertiser Disclosure: The products that appear on this site may be from companies from which MagnifyMoney receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). MagnifyMoney does not include all financial institutions or all products offered available in the marketplace.

Denny Ceizyk
Denny Ceizyk |

Denny Ceizyk is a writer at MagnifyMoney. You can email Denny here

TAGS:

Advertiser Disclosure

Identity Theft Protection

How to Freeze a Credit Report After Someone Dies 

Editorial Note: The editorial content on this page is not provided or commissioned by any financial institution. Any opinions, analyses, reviews, statements or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by any of these entities prior to publication.

iStock

Dealing with the death of a loved one is never easy. While loss is a natural part of life and we may expect it, death often overwhelms us with shock, depression and confusion. Sadly, when you’re in this vulnerable state, there are identity thieves looking to prey on your dulled awareness. They do so by stealing the identity of the deceased and fraudulently opening credit card accounts, applying for loans and obtaining service contracts.

This concept, called “ghosting,” is a widespread problem. There hasn’t been a lot of research on the issue, but one study estimates that, the identities of approximately 2.5 million deceased Americans are used fraudulently each year. Of those, almost 800,000 are deliberately targeted cases.

Why it’s important to freeze someone’s credit after they die

Many identity thieves are practiced in using the dead’s information for their own financial gain. Coping with the loss of a family member is difficult, but it can be exacerbated by dealing with the fallout of identity fraud.

Criminals who deliberately target the departed know that it takes time for financial organizations and credit reporting agencies to process death notices and update their records, leaving open a window of opportunity for fraud.

With the recent Equifax breach, people may be more aware of their credit situation than in the past. However, a survey taken shortly after the Equifax breach by CompareCards.com (which, like MagnifyMoney, is a subsidiary of LendingTree) shows that approximately 78 percent of people did not freeze their credit after the breach. People are largely aware of the negative impact that identity theft can have, but a large portion of the American population neglects to take the next steps necessary to protect themselves.

Luckily, the steps to take to protect your loved one’s identity are clear and relatively simple to follow.

How to report a death to the credit bureaus

The Social Security Administration (SSA) states that, in most cases, the funeral director will notify the administration of a person’s death. To ensure this, you must give the deceased’s Social Security number to the funeral director. From there, credit reporting agencies and lenders will be informed of the person’s passing, and they’ll automatically put a death notice or alert on their credit.

To expedite the process, it is suggested that loved ones who are close to the deceased (typically a spouse or child) take matters into their own hands to get a death notice placed on their departed family member’s credit reports at the three major credit bureaus — Equifax, Experian and TransUnion. This will involve submitting a death certificate, and the Identity Theft Resource center recommends requesting 12 copies of the certificate for such purposes (some institutions may require an original, rather than a photocopy).

Carrie Kerskie, an identity theft expert and director of the Identity Fraud Institute at Hodges University says you should contact the credit bureaus, but knowing the right verbiage is key. “Instead of requesting a freeze, one would request a death alert,” she said. “It is similar to a freeze, except a freeze could be lifted with a PIN. A death alert cannot.”

The easiest way to update that person’s credit account is to have a relative or executor send letters to each of the three credit national reporting agencies, according to Equifax.

The writer should include the following information about the deceased in their letter:

  • Legal name
  • Social Security number
  • Date of birth
  • Date of death
  • Copy of death certificate or letters testamentary

They’ll also want to include:

  • The letter-writer or executor’s full name
  • Their address for sending final confirmation
  • Proof you’re the executor, if applicable

David Blumberg, director of public relations for TransUnion, added, “Our industry policy is that the receiving credit reporting company will notify the other two so they can update their records as well.”

Still, to be safe, mail this information to each of the three credit reporting agencies. Their mailing addresses are:

TransUnion
P.O. Box 2000
Chester, PA 19016

Experian
P.O. Box 2002
Allen, TX 75013

Equifax
P.O. Box 105139
Atlanta, GA 30348-5139

Kerskie advises that people going through this process prepare to provide proof of relationship along with the death certificate they’re submitting. “This could be a marriage license or court papers,” she said.

What’s the fastest option?

When speed is of the essence in beating potential fraudsters, mailing is certainly not your fastest option. Experian offers a solution: Submit the death certificate and death notice request online by uploading the documents directly to its system. Once it receives the information, Experian will add the deceased indicator and permanently remove the person’s name from any future mailing lists for preapproved offers.

Equifax also offers two speedier options – email a copy of the death certificate to customer.care@equifax.com or fax your records to (888) 826-0727. It should be noted that email isn’t a secure way to submit this personal information (especially in light of the fact that you’re working to prevent identity theft).

While TransUnion doesn’t have a streamlined online tool or fax offering, they do advise family members or executors to call (800) 680-7289 for more assistance. If you need any help requesting that a death alert be placed on a deceased’s account, your first action should be to contact the bureaus directly.

Other things to do besides reporting the death

Although going through the process of contacting credit reporting agencies may seem like a hassle, your to-do list doesn’t end here. In addition to notifying the credit bureaus of the death, you should also request a copy of the person’s credit report. The Identity Theft Resource Center provides a form you can use to request the reports.This will help you to better understand what accounts are open, and it can help you spot suspicious activity. Should you face the worst-case scenario and your loved one’s identity is stolen, this will also help you to prove what charges the thieves have incurred.

Additionally, while it’s common for funeral directors to assist you in reporting a loved one’s death to the Social Security Administration, it behooves you to ensure this has been done. The easiest way to contact the SSA is online, but you can also call them toll-free at 1-800-772-1213 or at their TTY number, 1-800-325-0778.

Other items for your list:

  • Be proactive and let the deceased’s various financial institutions and account holders know about their death. Reach out to banks, insurers, brokerages, lenders, mortgage companies and credit card companies by mailing them copies of the death certificate. Kerskie recommends sending these things by certified mail and request a return receipt to ensure the safety of the personal information you’re sending.
  • Limit the amount of personal information that’s released to the public. Identity thieves often gain access through obituaries that list dates of birth, death, full legal names and addresses.
  • Consider changing the deceased’s address to forward to a loved one’s home or an executor’s place of business. Identity thieves sometimes steal personal information out of a deceased person’s mail box.
  • Don’t forget to file the deceased’s final tax return.

How to resolve identity theft of a deceased person

Resolving identity theft of a deceased person follows many of the same steps you would proactively take to prevent it: Request a copy of the credit reports from the three major credit bureaus, request a death notice on that person’s credit and notify creditors of the person’s death. If fraud has occurred, there’s an extra step: The Identity Theft Resource Center advises you to contact the police in the jurisdiction of the deceased with evidence of fraud. This might be a collection notice you’ve received on the deceased’s behalf, or a credit report showing fraudulent activity.

It’s important to remember that you should not be held accountable for fraudulent debt that’s racked up in the name of your deceased relative. While this may not provide any emotional consolation as you’re going through this process, it should help to relieve some of the money-related stress you’re experiencing.

Advertiser Disclosure: The products that appear on this site may be from companies from which MagnifyMoney receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). MagnifyMoney does not include all financial institutions or all products offered available in the marketplace.

Dave Grant
Dave Grant |

Dave Grant is a writer at MagnifyMoney. You can email Dave at dave@magnifymoney.com

TAGS: ,