ITRC Fact Sheet 123

Some of the ways that scam artists are tricking people into giving information is either via the Internet through an Account Verification or “phishing” scam or by using a telemarketer. Before you have time to think, you give them your Social Security Number (SSN), name, address and may even divulge bank account or credit card information.

Now what? Unfortunately, the damage has been done. It would be unusual for a person or criminal organization to go through this much effort if they did not intend to use the information to their advantage. You are a victim of a scam at this moment and not identity theft. Perspective is critical to maintaining your emotional well-being.

This guide will serve as a starting point of what to do and whom to call. If the situation evolves into identity theft, please refer to our other self-help guides and/or contact our office. If you did not provide information to the thieves, you should be safe.

Before you start, you may wish to verify if you are a potential victim of a scam. If you did not initiate the call, it is almost always a scam. But you can check it out by contacting the company involved directly. Use a customer service number you find in the phone book or one you find online. You can also contact the ITRC to find out if we have seen this scam before (Refer to ITRC Solution 25 – How can I tell if it is a scam?)

Tips for Dealing with the Authorities and Financial Institutions

  • Keep a log of all conversations, including dates, names and phone numbers (see ITRC Fact Sheet FS 106). Start with the initial police report. Be sure to note the time spent and keep receipts for any expenses in­curred in the event the thief is caught and the case goes to trial.
  • Confirm conversations in writing. Request a written verification that accounts have been closed (including time and date), and/or a confirmation number.
  • Send correspondence by certified mail, return receipt requested.
  • Keep copies of all letters and documents that you send and receive.
  • Whenever possible, speak with a fraud investigator and not a customer service representative. If you are not satisfied with the answers given, request to speak with a supervisor. Keep going up the chain of command until you reach a decision-maker.
  • Add passwords to bank, utility and credit accounts. A strong password should be more than eight characters in length and contain both capital letters and at least one numeric or another non-alphabetical character.  Use of non-dictionary words is also advised.

Priority Items – Do Immediately

  • Internet Scams – Print a copy of the page you sent them if you are able, or print a copy of the information they requested if you can get back into the site.
    • Phone Scams – Write down all the information you might remember including the name of a company, person, telephone number, etc. Check the company out via the Better Business Bureau and find out if they have telemarketers calling.
  • File a police report but don’t expect the thief to be caught. This report will simply document that you are reporting a problem. Give them a list of the items the request contained and that you provided. Request a copy of the report. ITRC also recommends getting the business card or name of the officer who took the report, the report number and a phone number to call if you have additional questions.
  • Fraud Alerts: Place a Fraud Alert by contacting the three major credit reporting agencies (CRAs) (ITRC Solution SN 03). You will not reach a “live” person on this first call. Once you get a report, you will have a different number to call to reach a fraud specialist. It takes about 10-14 days to get your reports via mail.
  • Credit cards: Contact all credit issuers whose information you provided. Cancel the card immediately and request replacement cards with new account numbers. Ask the credit grantors to furnish copies of any fraudulent transactions that occurred after the card was stolen or lost. Monitor your mail for collection notices, missing statements or bills. Check bills for evidence of new fraudulent activity. Report problems immediately to credit grantors.
  • Debit cards: Cancel the card immediately and request new bank account numbers for any account (checking or savings) that was linked to that card. Add a strong password which should be more than 8 characters in length, and contain both capital letters and at least one numeric or another non-alphabetical character.  Use of non-dictionary words is also advised. Remember, ITRC does not recommend using debit cards to start with. It is better to have a separate ATM card and credit card for better protection and control.
  • Checking account or savings account numbers, checks, ATM, debit cards used without pin numbers: Close the account. Open a new account with a new number. Add a password to the account. It sometimes helps to go directly to the local branch and speak face-to-face with a bank administrator or fraud investigator. Many victims report that this was a good relationship to establish, especially when it came to frequently required notary signatures.

While placing the fraud alerts with the CRAs, also order a copy of your credit reports (free as a victim of potential identity theft). This allows you to check for any pending applications and verify that all the current information is correct. It becomes an accurate baseline for the fraud alert. For example, imposters might try to change your address. They can do so by applying for credit listing an address different than your current one. Differences in addresses are a warning flag for possible fraudulent activity.

Once you get your report, check with the fraud investigator to inquire if any new accounts have been opened recently or are pending. If so, get contact information for those creditors and contact them immediately.

All citizens in the US now qualify for free credit reports. By using this annual credit report system, refer to ITRC Fact Sheet FS 125, you can keep track of your reports. Instead of ordering them all at once, ITRC recommends ordering one of the credit reports every 3-4 months. In 2 to 3 months after you see the first report, order only one of the company’s reports through the annual free report program. Four months later get a different one and four months after that get the third company’s report. This staggering report system is a good habit to continue.

Please be aware that fraud alerts are advisory in nature only and that credit issuers are not required to honor them. Fraud alerts are in place for 90 days. You can renew them every 90 days if you wish. You can cancel fraud alerts at any time. (Please refer to ITRC Fact Sheet FS 124– Fraud Alerts and Credit Freezes.)

You may also place a credit freeze on your report. This is a higher level of protection. Credit freezes are preventive and the best solution to date for avoiding fraudulent applications for credit under your name. Check our State Resources Map for the most up to date state information.


Credit Reporting Agencies Fraud Contact:

  • Equifax/Report fraud: (800) 525-6285.
  • Experian/Report fraud: (888-397-3742)
  • TransUnion/Report fraud: (800) 680‑7289

To report fraudulent use of your checks

  • Chexsystems: (800) 428-9623
  • TeleCheck: (800) 710‑9898
  • CPRS/Certegy: (800) 437‑5120
  • Checkrite/Global Payments: (800) 638-4600

 To report possible IRS scams


This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to

ITRC Solution 25

Today, thieves are coming up with more and more devious ways to try and trick you into giving them your personal information. A criminal can open up a new line of credit in your name, rent an apartment, purchase cars, homes, and other goods, get a job, get out of criminal acts, or take over your bank account. In other words, the instant you give up certain personal information to a thief, you are in jeopardy.

What information do thieves want?

  • Social Security Numbers
  • Bank account or credit card numbers
  • Driver’s license number
  • Insurance policy numbers (medical and auto)
  • Date of birth
  • State or employee identification number.

Here are some basic things to look out for when trying to determine if something is a scam or not.


  • If it’s too good to be true, it probably is.
  • When in doubt, check it out.
  • A bank, credit card company or utility company will never ask for your personal information by email, whether you have an account or not, period.

Companies you may already be doing business with

  • Banks will always conduct all business conversations with you either in writing via postal mail or over the phone. In both instances, they will identify you by name and already have your account information in hand.  They have no need to request your account information.
  • Companies that do business strictly online (such as PayPal or Amazon) will address you by name. Never by “Dear Customer” or “Dear”
  • When in doubt, access your account directly with the company. Do not click on any links in any emails. Do not go to any websites they ask you to view. Always go directly to that company’s homepage and access your account. If there is a legitimate problem, the company will tell you when you access your account.

I want to get a line of credit with this company, is it legitimate?

  • Does the company advertise anyone can get credit – even without a Social Security Number? If so, it’s not likely legitimate.
  • Check with the Better Business Bureau. See if this company is registered with them.
  • Do an online search. See if you come up with any articles that state that this company is a scam.
  • Is this company based in another country? If so, do they have a license to operate in the United States? If not, it is most likely a scam.
  • Does this company have a website? If so, is this website secure? Look to see if the website address includes https:// and has the picture of the lock. If not, it is not a secure website and could be open to fraud. If you are required to post personal or account information on the website, you must ensure that the page is presented by a secure link.
  • Does this company use a free email service or do they use an email address connected to their website. Use of free email services could be an indication of fraud.

I just got a notice that I won a prize/lotto. Is it legitimate?

  • Did you enter this contest or buy a ticket? You cannot win if you did not enter.
  • If it appears to be from a known company, contact the company and see if they legitimately have funded this contest.
  • Is this contest/lotto in the United States? If not, then it is most likely a scam.
  • England, Canada, Spain and the Netherlands (to name a few of the most popular variations) do not have a national lottery.
  • If the conditions of receiving your prize include sending money to “pay for taxes and fees” then it is a scam. Most legitimate prize-giving institutions take the tax fees out of the winnings so you don’t have to deal with it. If not, you will be asked to pay the taxes after you receive the prize money as part of your regularly scheduled yearly tax period. If there are “up front” costs before the prize is awarded, it is most certainly a scam.
  • A common scam trick is to send a check to the victim, requesting the victim to keep some of the money and send the balance back. This is always an indication of a scam.

Some rich person in another country or some US soldier stationed in another country wants to share their fortune with me or needs help moving their fortune to the United States. Is this for real?

  • This is a scam. Any checks they send you will likely bounce and you will be responsible for any and all money you have withdrawn from the bank.
  • It is illegal. You could be charged with money laundering, which is a federal offense.

For more information on scams, please visit the ITRC website section on Scams & Alerts.


This solution sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to