Your worst suspicions have been realized. Perhaps there were unauthorized charges to your credit card, or a loan opened in your name. Maybe your computer is working more slowly, or a strange code flashes onscreen momentarily when you attempt to reach certain websites. Are you not receiving important text messages or 2 step verification codes? Ponder your fate no longer. You have been hacked; you are a victim of identity theft.
What you do next is important. Here is a quick initial guide.
Assume All Your Devices & Systems Are Compromised
Do not use networks (wifi, or even cell phone hotspots), phones, computers, and other smart devices (tablets . . .) until they have been properly cleaned, secured, or replaced. And remember that factory resets (or “hard resets”) do not necessarily remove all malware and infections. So, shut down your laptops, turn off and remove the SIM cards from your phones, and reset the router password on your home network. To the extent possible, start afresh. Assume everything is compromised. To do otherwise is to compound the problem, something I learned the hard way.
Follow Standard Advice First
There are any number of lists to follow, like this one from the Commonwealth of Massachusetts. Report the theft(s) to the police. Freeze your credit files. Freeze your credit cards and bank accounts. To the extent possible, speak with an agent or use voice commands on these customer service systems. Do not key-in your credit card numbers, social security numbers or other key details (passwords) unless you are sure that your devices and networks are secure. Consider using LastPass, Keeper Security, Norton360 or some other password vault that will automatically log you in.
Establish New Email Accounts
While you may be able to recover your old email accounts (gmail, icloud, outlook . . . ), that will take time. You will be well served by establishing new ones as needed and, beware, hackers may have anticipated your new account names. So, do NOT use obvious variations of your old email address, such as adding a number 2 to its end. Do not play with initials instead of first names either. If you make these mistakes, as I did, you may soon find that the hackers have anticipated these moves and are able to sync with your new accounts (which were opened with your name and birthday). More to this point, set up these new emails without syncing to old phones, contact lists, OneDrive, iCloud, or other potentially compromised files or databases. There will be plenty of time to add back your contacts and other files. For now, proceed with the utmost caution.
Share New Contact Details Sparingly
When you finally have new emails (and phone numbers), be sparing in how you share that information. There will be ample time to inform everyone who needs to know. I found that my hackers knew my new email address when my recovered Amazon account continued to be locked each time I tried to use it. Too many failed login attempts. The hackers were using my new email as my user name and were attempting to login with captured passwords. I also found that they had established Amazon accounts that used my new phone numbers, but that’s another story.
Park or Suspend Phone Numbers
To the extent possible do not cancel your phone numbers, as they may be useful when attempting to recover your various accounts later. If you think your phones have been compromised, park or suspend your numbers instead. How do you know if your phone has been compromised? In my case, I found that I was not receiving critical 2-step verification text messages. Later that phone synced with compromised email accounts and began downloading unwanted apps. My wife’s iPhone showed more subtle initial signs, like requiring a second “click” when calling or sending texts. Not long thereafter, her PIN code no longer worked.
A platitude, yes, but sound advice, nonetheless. Dealing with identity theft can be nerve wracking. I made more mistakes working late on sleepless nights, using compromised devices and/or changing passwords without keeping proper notes. Actions taken in haste early in the recovery process may undermine your ability to make necessary changes later. Keep clear notes (dates, names, case numbers . . . ) when you speak with customer service agents. When you call these same customer service numbers again you may be asked for these details in order to verify your identity/veracity. Remember, once your credit reports, bank accounts and credit cards are frozen, you’ll have time to plan your next steps.
Subscribe to this blog to see my next postings on this important subject. I will also keep you up to date regarding my upcoming webinars, during which I will answer your identity theft questions.
Peter has spent the past twenty-plus years as an acting/consulting CFO for a number of small businesses in a wide range of industries. Peter’s prior experience is that of a serial entrepreneur, managing various start-up and turnaround projects. He is a co-founder of Keurig.