Identity (ID) theft is a crime where a thief steals your personal information, such as your full name or social security number, to commit fraud. The identity thief can use your information to fraudulently apply for credit, file taxes, or get medical services. These acts can damage your credit status, and cost you time and money to restore your good name. You may not know that you are the victim of ID theft until you experience a financial consequence (mystery bills, credit collections, denied loans) down the road from actions that the thief has taken with your stolen identity.
There are several common types of identity theft that can affect you:
Prevent Identity Theft
Take steps to protect yourself from identity theft:
Report Identity Theft
Report identity theft to the Federal Trade Commission (FTC) to get an identity theft report and recovery plan. Create an account using FTC's website IdentityTheft.gov, you can update your recovery plan, track your progress, and receive prefilled form letters to send to creditors. If you report it online, but don't create an account, remember to print or save your identity theft report and recovery plan, because you won't be able to access them again. Download the FTC's publication, "Taking Charge-What to do If Your Identity is Stolen" for detailed tips, checklists, and sample letters.
You can report identity theft to the FTC by phone at 1-877-438-4338. The FTC will collect the details of your situation, but won't provide you with an ID theft report or recovery plan. You may also choose to report your identity theft to your local police station. It could be necessary if:
Report Specific Types of Identity Theft
You may also report specific types of identity theft to other agencies.
Report Identity Theft to Other Organizations
In addition to federal government agencies, you should also report the theft to other organizations, such as:
Thieves are hunting down your medical ID. They’re after your health-insurance number, Social Security number and other sensitive personal information. Scammers take over your medical ID. They line their pockets with false claims against your health policy.
Your medical information can be stolen anytime in our wired world. It happens almost every day. Malware, hacks, phishing, smishing, vishing, spoofs and other digital tactics are doubling your danger. Defend your medical identity every way you can.
Illegal and bogus treatment. Medical ID thieves bill your health plan for fake or inflated treatment claims. They can be doctors and other medical staff. Organized theft rings also steal your information — they sell it to crime rings on the Dark Web.
Buy addictive drugs. Medical staff steal painkillers and other prescription drugs in your name — to feed their addictions or sell for big profits. Pharmacists bill your health policy for narcotics. Nurses call in prescriptions using a patient’s name, but pick it up themselves.
Steal free treatment. People receive free medical treatment if they’re uninsured … courtesy of your health policy. Often they’re trusted friends or relatives; they took your information when you weren’t looking. They pretend they’re you at a hospital or clinic. So you’re billed for their surgery.
Credit ruined. Thieves disappear without paying medical bills charged to you. Your credit can be wrecked. Regaining your good credit rating can take months or years. You could be hounded by bill collectors, turned down for loans or mortgages, or pay higher lending costs.
Health coverage lost. Bogus claims can max out your health policy. You’ll have no coverage when you need expensive surgery. Your premiums also can rise.
Records inaccurate. Medical ID theft can threaten your health or life. A thief’s treatment history can end up on your medical records. This could be your wrong blood type, or medicine to which you’re allergic.
Legal troubles. True story: A pregnant woman stole the medical ID of a mother. The woman delivered a baby who tested positive for illegal drugs. Social workers tried to take away the real mother’s four children. They falsely thought she was the addict.
Check your EOBs. Review the explanation of benefits form your insurer sends. If you see treatments you never received, tell your insurer right away.
Defend your credit. Review your credit reports with Equifax, Experian and TransUnion at least twice a year. Was your credit damaged by unpaid medical bills? Place a fraud alert and credit freeze.
File a police report. Filing a police report notifies law enforcement that your medical identity was stolen. Send the report to your insurer, medical providers and the three credit bureaus.
Correct medical records. If you suspect an ID theft, obtain your records from your doctor, hospital, pharmacy or laboratory. Have errors corrected, and appeal if you’re refused.
Avoid wi-fi. Don’t log into health accounts on public wi-fi — or access or send health info on public networks. Thieves troll coffee shops and other public wifi sites.
Careful of email. Never send sensitive medical info to your health provider via email — it’s not secure. Use the provider’s secure portal — and shred outdated medical info.
Stay private on social. Avoid talking about your medical conditions on social media. Medical thieves troll social-media accounts to compile a digital identity of your health. This helps thieves make realistic claims against your health policy.
Careful when email, texting. Never email or text sensitive medical info to your medical provider. They aren’t secure. Only use a secure medical portal.
Gone phishing. Unexpected emails from your medical provider or health insurer could be traps to install data-stealing malware. Does the message ask you to open a link? Is the domain the same as the presumed medical provider? Delete if in doubt and call your provider to confirm.
Phony phone caller? Your phone says the unknown caller is from Medicare, with an 800 number. Yet the caller asks for your Medicare number and credit card information so you can “buy” a new Medicare card. Just hang up.
Support group supportive? Online support communities for people with specific conditions are common targets of thieves. Avoid posting sensitive info unless it’s a secure site.
What is tax-related identity theft?
Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.
You may be unaware that this has happened until you efile your return and discover that a return already has been filed using your SSN. Or, the IRS may send you a letter saying we have identified a suspicious return using your SSN.
Be alert to possible tax-related identity theft if you are contacted by the IRS or your tax professional/provider about:
If you suspect you are a victim of identity theft, continue to pay your taxes and file your tax return, even if you must do so by paper.
If you are a victim of identity theft, the Federal Trade Commission recommends these steps:
If your SSN is compromised and you know or suspect you are a victim of tax-related identity theft, the IRS recommends these additional steps:
If you previously contacted the IRS and did not have a resolution, contact us for specialized assistance at 1-800-908-4490. We have teams available to assist.
Not all data breaches or computer hacks result in tax-related identity theft. It’s important to know what type of personal information was stolen.
If you’ve been a victim of data breach, keep in touch with the company to learn what it is doing to protect you and follow the “Steps for victims of identity theft.” Data breach victims should submit a Form 14039, Identity Theft Affidavit, only if your Social Security number has been compromised and your efile return was rejected as a duplicate or IRS has informed you that you may be a victim of tax-related identity theft.
Join efforts by the IRS, states and tax industry to protect your data. We all have a role to play. Here's how you can help:
See Publication 4524, Security Awareness for Taxpayers, to learn more.
The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.
Identity thieves who go through social media to get to their targets have plenty of methods to choose from. Here are a few of their main tactics:
There are many ways you can counteract the efforts of identity thieves on social media. Overall, use your common sense. If something doesn’t seem right, it probably isn’t. Here are some specific ways you can protect yourself:
First, how do you know that you’re a victim? If an identity thief has figured out how to access your Social Security number, credit card number, or other info through your social media account, you can check for signs of identity theft.
If you are worried about impersonation, you can Google your own name or search for your name on social media sites to see if there are other profiles posing as you. You could also find out about an online impersonator if a friend tells you they got a strange message or friend request from an account with your name. Once you are certain you are being impersonated, you can report your identity thief.
In general, you should follow the same procedures you would for other forms of identity theft, including reporting it to the Federal Trade Commission. If that seems like overkill — or not enough — you can also report the problem to the social network itself.
Here are the current steps to report impersonation on Facebook:
If you don’t have a Facebook account but know someone is impersonating you, use this form to report it.
Facebook routinely changes its layout, so you should always look for the latest instructions on the website itself. Go to http://www.facebook.com/help and click on Report an Issue for guidance.
Twitter policy allows for “parody, commentary, or fan accounts,” but will remove accounts it agrees portray another person in a “confusing or deceptive manner.” To report an account:
LinkedIn does not have a specialized channel for reporting impersonation accounts. To report an account:
In addition to the potential for thieves to impersonate you, there are other ways social networks can provide them with your personal information. Follow these tips to minimize your risk:
Most victims of unemployment identity theft are unaware that claims have been filed and/or that benefits have been collected using their identities. Many people only find out unemployment identity theft occurred when they receive something in the mail, such as a payment or state issued 1099-G tax form that’s incorrect or for benefits not received.
Sample form from the IRS.gov website: IRS form Certain Government Payments 1099-G
The Department of Justice recently warned that fraudsters are creating websites mimicking unemployment benefit websites, including state workforce agency (SWA) websites, for the purpose of unlawfully capturing consumers’ personal information.
To lure consumers to these fake websites, fraudsters send spam text messages and emails purporting to be from an SWA and containing a link. The fake websites are designed to trick consumers into thinking they are applying for unemployment benefits and disclosing personally identifiable information and other sensitive data. That information can then be used by fraudsters to commit identity theft.
Help stop these scams by reporting them and using the list of state contacts at DOL.gov/fraud.