Solution 38
Ordering Credit Reports from Outside the United States

It can sometimes be difficult to obtain your credit reports while living outside of the country. If you have family or friends back in the states who are taking care of your affairs, you may consider asking them to write to the Credit Reporting Agencies (CRAs) for you, utilizing the information in Letter Form 124C. Activity duty military living on base in a foreign country may use this same form as well.

If you are an American citizen not in the military, and you would like to request your credit reports, you will need to write to the three CRAs and send them a package of information proving your identity. If the country you are in has an equivalent of Certified Mail and/or Return Receipts, make sure you send your package that way so that you can track it.

  • Equifax P.O. Box 105139 Atlanta, GA 30348-5139
  • Experian P.O. Box 2002 Allen, TX 75013
  • TransUnion P.O. Box 2000 Chester, PA 19016

Your cover letter should include:

  • Your full legal name or the name that is on your passport or other identification papers
  • Your date of birth
  • Your Social Security number
  • Your current or previous U.S. address

Include in your package:

  • Two proofs of your current mailing address (such as a copy of your driver’s license, utility bill, insurance statement, bank statement or telephone bill that shows your name at your current mailing address)
  • Copy of a government-issued ID card such as your state ID or driver’s license
  • Copy of your passport and the visa stamp
  • Copy of your Social Security card

Related Resources:

LF 124C - Request a 90-Day Fraud Alert

FS 100 - Financial Identity Theft: The Beginning Steps

FS 124 - Fraud Alerts and Credit Freezes

This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to This email address is being protected from spambots. You need JavaScript enabled to view it.


ITRC Solution 35
Identity Theft Protection Tips

Identity theft is a crime in which an impostor obtains key pieces of personal identifying information (PII) such as Social Security numbers and driver's license numbers and uses them for their own personal gain. It can start with lost or stolen wallets, stolen mail, a data breach, computer virus, “phishing” scams, or paper documents thrown out by you or a business (dumpster).

How can I minimize my risk of becoming an identity theft victim?
As consumers, you have little ability to stop or prevent identity theft. However, there are some positive steps to take which will decrease your risk.

  • Don’t give out your SSN unnecessarily (only for tax reasons, credit or verified employment.) Before providing personal identifiers, know how it will be used and if it will be shared.
  • Use a cross-cut shredder to dispose of documents with personal information. Also, use a specialized gel pen when writing out checks.
  • Place outgoing mail in collection boxes or the U.S. Post Office.
  • Know your billing cycles and contact creditors when bills fail to show up. Review bank and credit card statements carefully.
  • Password protect your financial accounts. A strong password should be more than eight characters in length, and contain both capital letters and at least one numeric or other non- alphabetical character. Use of non-dictionary words is also recommended.
  • Don’t give out personal information on the phone, through the mail or over the Internet unless you initiated the contact.
  • Use firewall software to protect computer information. Keep virus and spyware software programs updated - See Protecting Home Wireless Networks
  • Reduce the number of preapproved credit card offers you receive: 888-5OPT-OUT
  • Order your free annual credit reports on-line at: or by calling (877) 322-8228
  • You may also “freeze” your credit report. For more information on this, go to: State Resources

This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to This email address is being protected from spambots. You need JavaScript enabled to view it..

IRS / ITRC Solution 34
Top 13 Things Every Taxpayer Should Know about Identity Theft

The following information has been provided to the ITRC by the Internal Revenue Service (IRS) Office of Identity Protection.   This solution sheet gives the consumer or victim a comprehensive look at the efforts of the IRS to address IRS issues caused by identity theft.

As a proactive measure, the IRS shares the top things every taxpayer should know about identity theft with taxpayers every year. It is good guidance on how taxpayers can protect themselves and their tax information, especially during the filing season. The following is the top thirteen list:

 If you receive a scam e-mail claiming to be from the IRS, forward it to the IRS at This email address is being protected from spambots. You need JavaScript enabled to view it..

  1. Identity thieves get your personal information by many different means, including:
    • Stealing your wallet or purse
    • Posing as someone who needs information about you through a phone call or e-mail
    • Looking through your trash for personal information
    • Accessing information you provide to an unsecured internet site
  1. If you discover a website that claims to be the IRS but does not begin with ‘,’ forward that link to the IRS at This email address is being protected from spambots. You need JavaScript enabled to view it..
  1. To learn how to identify a secure website, visit the Federal Trade Commission at
  1. If your Social Security number is stolen, another individual may use it to get a job. That person’s employer may report income earned by them to the IRS using your Social Security number, thus making it appear that you did not report all of your income on your tax return.
  1. Your identity may have been stolen if a letter from the IRS indicates more than one tax return was filed for you or the letter states you received wages from an employer you don’t know. If you receive such a letter from the IRS, leading you to believe your identity has been stolen, respond immediately to the name, address or phone number on the IRS notice.
  1. If your tax records are not currently affected by identity theft, but you believe you may be at risk due to a lost wallet, questionable credit card activity, or credit report, you need to provide the IRS with proof of your identity. You should submit a copy of your valid government-issued identification – such as a Social Security card, driver’s license, or passport – along with a copy of a police report and/or a completed Form 14039, Identity Theft Affidavit. As an option, you can also contact the IRS Identity Protection Specialized Unit, toll-free at 800-908-4490. You should also follow FTC guidance for reporting identity theft at .
  1. Show your Social Security card to your employer when you start a job or to your financial institution for tax reporting purposes. Do not routinely carry your card or other documents that display your Social Security number.
  1. For more information about identity theft – including information about how to report identity theft, phishing and related fraudulent activity – visit the IRS Identity Theft and Your Tax Records Page, which you can find by searching “Identity Theft” on the home page.
  1. IRS impersonation schemes flourish during tax season and can take the form of e-mail, phone websites, even tweets.   Scammers may also use a phone or fax to reach their victims.   If you receive a paper letter or notice via mail claiming to be the IRS but you suspect it is a scam, contact the IRS at to determine if it is a legitimate IRS notice or letter.   If it is a legitimate IRS notice or letter, reply if needed.   If the caller or party that sent the paper letter is not legitimate, contact the Treasury Inspector General for Tax Administration at 1-800-366-4484.   You may also fax the notice/letter you received plus any related or supporting information to TIGTA at 1-202-927-7018.   Note: This is not a toll-free FAX number.
  1. While preparing your tax return for electronic filing, make sure to use a strong password to protect the data file. Once your return has been e-filed, burn the file to a CD or flash drive and remove the personal information from your hard drive. Store the CD or flash drive in a safe place, such as a lock box or safe.   If working with an accountant, you should query them on what measures they take to protect your information.
  1. If you have information about the identity thief that impacted your personal information negatively, file an online complaint with the Internet Crime Complaint Center (IC3) at . The IC3 gives victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations. IC3 sends every complaint to one or more law enforcement or regulatory agencies that have jurisdiction over the matter.


This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to This email address is being protected from spambots. You need JavaScript enabled to view it..

ITRC Solution 33
Protecting Home Wireless Networks

Wireless networks have attained a de facto presence in home and small business environments during the past few years. The ever increasing ability (digital phones, personal handheld devices, gaming consoles, etc.) to connect to the Internet via a wireless node has propelled the wireless network router to a place of common acceptance in the home. Small businesses often reduce costs by using wireless laptop computers in place of (or in addition to) standard desktop computers. More recently, printers have included wireless connectivity, allowing the user to place the printer in a convenient location and still make it available to a network or single user. The convenience brought to users by the wireless connection is often significant. Unfortunately, so is the increased risk of hacking if the wireless network is not secured properly. Below are some considerations to improve your security when operating a wireless network:

  • Wireless Setup: Wireless routers are often supplied with default settings that allow a user to quickly create an operating wireless network. However, until recently, these default settings did not adequately address security issues. This has changed with some manufacturers, so that the setup utility provides instructions to secure the network. It is still an excellent idea for the user to become familiar with the router setup, and verify that the settings are applied for appropriate security, especially if the user did not do the initial installation setup.
  • Important Default Settings: The factory default user name and password for access to most routers is well known publicly, and can easily be found by doing a web search. So is the default SSID, the name that is publicly broadcast by the wireless transmitter to identify your network to any client computer that wishes to connect to your network. Resetting a router to the factory default settings is usually no more than depressing a back panel switch with a paper clip and rebooting the router. Here are some points that should always be checked:
    - Always reset the administrator password (and the administrator user name, if possible).
    - Use a strong password for the administrator password (8+ characters, mixed text, numerals, and special characters).
    - Do not use a password that is related in any way to the wireless connection password, which must be given to each client user to gain wireless access.
    - Always reset the SSID to a new name. It is also smart to pick a name that does not identify your family or business, since the SSID will (unless you make other changes) be visible to any wireless unit within range. A default SSID, like “Linksys” begs hackers to test your network, to see if any of the default login information is also being used for administrator access.
    - Disable remote management of the router, unless you really do need to change router settings from a remote location.
    - Ensure that the router firewall is enabled.
    - Ensure that wireless encryption is enabled. All wireless devices that connect to your network must use the same type of encryption, such as WPA, WPA2, WEP, etc. If at all possible, use one of the newer standards, such as WPA2, or WPA, which are much harder to decrypt/hack than the earlier WEP standard.
    - After setting a wireless “key” for the router, protect it. It is the password that will allow anyone in range of your wireless transmitter to easily join your network. A wireless client is “inside” the protection of your router’s firewall in most cases.
    -See that a software firewall is running on each computer in your network, both those with wired and wireless access to the network. Windows firewall is available to most users, and most good antivirus packages include such a firewall (which replaces the Windows Firewall).
  • Additional Security Measures: The measures above should be done in all wireless network installations. Below are some actions that can be done if you have a more serious need for securing your wireless network:
    - Use a MAC address access list. All wireless clients have a unique “MAC” address number, which is specific to that particular unit. Many routers have the ability to restrict access to a list of known MAC addresses. This restriction is not a “save all” method, since MAC addresses can be faked by some types of hacking software.
    - If possible, locate the router in a central part of the home or business. In addition to providing the best average coverage for your intended client wireless devices, this also limits the exterior coverage of the wireless transmitter. This decreases the possibility that an unauthorized user will be physically near enough to query your wireless network. A wireless router in a second story window can be accessible from several hundred feet away, or even further if a directional antenna is being used by the interloper.
    - Instead of letting the router assign IP addresses automatically to the intended clients (DHCP), set the router to accept a small range of static IP addresses. Then configure each intended wireless client with a fixed (static) IP within the range you chose. You can also choose an IP range that is private, such as or, to further prevent direct connections to the client machines from the Internet.
    - Turn the router off when you will be away for an extended time. Most routers will reboot in a minute or two. Most wireless clients that were previously connected to the wireless network will reconnect automatically when the router becomes available again.
  • Choose a qualified supplier: There are many companies that build or rebrand wireless routers. ITRC believes it is worth your time to check online to see if the router model you are considering provides a thorough user manual. You should be able to download a PDF user manual that is thorough in explaining the setup and operation of your intended purchase, especially the security, encryption, and firewall settings available to you to protect your network. If you cannot find a thorough user manual which explains the router security settings in plain English, you would be better served to look for a different manufacturer. Ultimately, your network security will depend upon both the features available in your wireless router and clients, and the choice of appropriate settings to secure the network.
  • Defend your computers: A secure wireless network will do little good if your client computers are open to viruses, malware, pop-ups, and other threats that can be imported through your firewall by ordinary web browsing and email. Antivirus and personal firewalls must be enabled. Operating system and antivirus programs must be updated automatically with patches and new virus definitions. An infected computer can allow system takeover, keystroke logging, and other hacking from within your network.

Related links:

ITRC Fact Sheet FS 119 – Direct Connections to the Internet

ITRC Fact Sheet FS 118 - PC Perfect: A computer IQ test


This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to This email address is being protected from spambots. You need JavaScript enabled to view it..


ITRC Sponsors and Supporters 







Go to top