Lessons Learned: My Experience with Identity Theft

In my post, I share my story of becoming a victim of identity theft & the importance of being cautious with personal details. Learn from my experience.

In mid-June 2016 I learned that my naive attitude of “it won’t happen to me” around identity theft was stupid as I became yet another statistic. I thought being careful with your personal details was enough… but all it takes is an inside job by someone where you got a loan for a house, car or a credit account you’ve opened. I’m sharing my story of what happened, what I did and what I wish I had done to avoid it from happening in the first place. Do with it what you will, but at a minimum I hope I serve as an example to others…

Mistakes

Mistakes

Credit to Despair.com, specifically this product. I love their stuff!

A word of caution: I’m not expert at this, and while I’ve learned a bunch, I’m sure there’s more to learn. If you have advice on things you can do, leave a comment below.

This is a story about identity theft… this is not a story of losing my wallet or having an account / card compromised. None of that happened.

Feel free to skip down to what I did to mitigate it from happening in the future.

In retrospect, I’m lucky. I didn’t lose any money, nothing that was done can’t be undone & the only thing I really lost was about 20hours of my time & about $350 in new services & fees I bought to help stop the bleeding.

What Happened

Everything happened about 1-2 weeks before I found out about it… putting me in 100% reactionary mode. I HATE being reactionary… I prefer being proactive. I apologized numerous times to people I was on the phone with for dropping the f-bomb.

June 16, 2016: Best Buy - The Hint

On Thursday, June 16, I got a voicemail from Best Buy about increasing the limit on an account I had with them. I called back saying it wasn’t me and to close the account. I actually thought I had closed it as it was one of those classic 6mo same as cash deals when we bought a new refridgerator for our new house in 2009. I thought that was odd, but assumed it was an isolated thing… ends up it didn’t matter as the damage was already done as I found out about a week later.

June 24th, 2016: Sams Club - The Wakeup Call

On the afternoon of Friday, June 24th, as I walked back from the mailbox, I noticed two letters from Sams Club. One was a new credit card & one was a statement. Usually I rip up & cut up those cards as a marketing ploy, but the statement caught my attention. It showed that about two weeks prior, over the course of 48 hours (June 13-14), someone opened an account & ran up a $6,000 bill.

Rant: Answer me this… in this world of machine learning, how can the banks not have something in their system’s that don’t recognize this: some one uses my identity to apply for, and get approved, for a Sams Club card with a $9,000 limit & $2,000 cash advance limit. Then, within 15 minutes of opening it, bought a ton of high-end athletic clothes purchased, followed 30 minutes later by a ~$900 Apple iPad at the same store.

Then, not two hours later, the exact same purchases & purchase pattern at another Sams Club, followed two more times at two more stores. All told, about $6,000 spent in multiple stores in and around Atlanta, Georgia over 9 hours.

Stupid freaking banks…

I called immediately and declared it as fraud. They closed tha account, opened an investigation and started giving me some advice. I started the process of running my credit report on all three agencies (Equifax, Experian & TransUnion). In the process of doing this I noticed my credit score had fallen from the high 800’s to 700 in just two weeks. That’s when the pissed off feelings kicked in…

When reviewing my reports, I saw multiple inquiries on June 13 & 14, 2016 that were not familiar, including Best Buy, Sams, BJ’s Club, a few banks and Macy’s. I logged disputes with each of these on all the credit agencies and submitted fraud alerts. These are free but only last for 90 days.

So I think I’ve done what I need to do to stop the bleeding. Nope…

June 25th, 2016: Macy’s - Now I’m Getting Annoyed

The next day, Saturday, my kids had a swim meet. After the meet, I check the mail and notice I’m lucky to be the proud new holder of a sparkling new Macy’s credit card. Apologies to my kids for the expletives that came streaming from the kitchen.

Back on the phone, I called and closed the account, but not before they apparently ran up the bill by $2000. I still don’t know when these purchases happened as I’ve never received a bill. During the call with Macy’s, the lady asked if I had filed a police report. “I need a police report?” Oh joy… something else to do.

Rant: While they said, like Sams, they would alert the credit agencies that it was fraud and to remove the account from my report, “healing” my credit score, they said it might take up to 60 days for it to take effect. WTF… it takes 10 minutes to open an account in my name, but 60 days to fix errors?

June 26th, 2016: Explaining To My Neighbors Why there’s a Police Car at My House

St Johns County Sheriff Deputy

St Johns County Sheriff Deputy

The first, and hopefully only time, I’ll ever have the Police at my house.

On Sunday morning I called the non-emergency number who dispatched a PSA office to my house (to save money, our police department uses “cops in training” to handle stuff like this). I told him everything that I had learned over the last two days, showed him all the statements, explained what I had done and then provided a written & sworn affidavit. He gave left me a case number but explained that since nothing happened in their jurisdiction there was nothing they could investigate. But at least I had an official record of it.

June 29th, 2016: The Straw that Broke the Camel’s Back

A few days letter, while working in my home office, my wife came in carrying another letter with an annoyed look on her face. It was a letter from BJ’s club explaining that they needed more information before opening a new credit account in my name. I called, explained it was fraud and thanked them for not opening the account.

I remembered there was another strange entry when I ran my credit report. I called that bank and found that a credit line for $15,000 had been opened in my name. They hadn’t received the checks associated with the account so nothing had been spent, but the account was closed. They did have an address though and advised me to notify the police to investigate. My response: “that sounds like your problem, not mine.”

While I had now addressed all four inquiries that showed up on my report & I thought I had stopped the bleeding, at this point, I had enough. I started looking into what else I could do and asked the question: “how could I have avoided this in the first place?

What I Did [and Wish I had Done to Avoid This]

After getting tons of unsolicited input from tons of people once I started ranting about this on Facebook and from research I did on my own, what follows are the actions I’ve taken.

Set Security Freezes on All Three Credit Agencies

First, I went to each of the three credit agencies and submitted a security freeze on my credit. Most of the time this costs $10, but if you have a police report & case number, you can usually get this waived. Once you set a security freeze, this blocks anyone from pulling your credit report. If I had done this previously, whomever stole my identity would not have been able to open credit accounts with Sams or Macy’s or the others because the requests would have been blocked.

In the future, if I ever want to open a new credit account or loan, I need to manually remove this freeze from the credit agency they are using to run my credit, let them pull my credit and re-add the security freeze. Yup, it’s an annoyance, but just like complex passwords & multi-factor authentication, it works. Plus, it’s not like I’m opening up credit all that often.

I’m Now a LifeLock Customer

I also looked at different services… plenty out there but I went with LifeLock. They offer a ton of different products under three different plans ranging from $10/month to $30/month. In addition to the security freeze, they will also monitor where my personal details are sold on the black market (of which they found 6 instances), accounts opened in my name, crimes committed in my name (they found 2 instances where my identity was possibly used due to two criminal cases) a lost wallet service and many others. I also have a single consolidated view across all my accounts for all transactions. I have it configured to notify me immediately for any charges over $500 & new accounts that are opened. I encourage you to check them out, or at least one of the other services.

Sure… could you do this yourself? Could you run your credit reports monthly (you get to do this once per year for free, then the agencies charge you) and watch for accounts opened in your name? Can you monitor your bank accounts? Of course you can! There’s a convenience factor having everything consolidated in one place. “Yeah, but there’s now one place that if hacked, they have everything.” You’re correct.

Personally I went with the $30/month plan and but might back down after my first year is up. I rationalize it like this: “would I have paid $350 to avoid everything that’s happened over the last few weeks?” The answer is an emphatic yes! In fact we’re also signing my wife up as well.

Conclusion

Don’t be a statistic and use my painful experience as a lesson or wakeup call. At a bare minimum, just use my experience for awareness. Maybe you don’t want to signup for the services I signed up for, maybe you don’t think it can happen to you. I’m just of the mindset that it can happen to anyone, no matter how careful you are.

Andrew Connell
Developer & Chief Course Artisan, Voitanos LLC. | Microsoft MVP
Written by Andrew Connell

Andrew Connell is a full stack developer who focuses on Microsoft Azure & Microsoft 365. He’s a 20+ year recipient of Microsoft’s MVP award and has helped thousands of developers through the various courses he’s authored & taught. Andrew’s mission is to help web developers become experts in the Microsoft 365 ecosystem, so they can become irreplaceable in their organization.

Share & Comment