Protect Yourself – A Public Service Announcement

What thieves know about you – Tips to protect yourself

Data Breaches have leaked your private information to the underworld.

Odds are you have received a letter in the last year that your information has been stolen in a data breach.  Those criminals put that information up for sale on the dark web – to multiple bidders – your name, address, social security number, medical records, medical billing records, payment history, a copy of your drivers license, birthdate, prior addresses,  closest relatives are just examples of what can be purchased.

What can they do with that information?

Criminals can use this information to steal your identity and commit fraud.  This recent example will show you how resourceful they are to achieve their goal of making money from you.

This really happened to one of our members:

In January of 2025 a woman walks into a downstate Illinois equipment dealership and asks about purchasing a $91,000 skid loader.  She asks questions about delivery and financing.  After little discussion, a price is reached and she signs a sales contract and applies for financing with $0 down payment.   The implement owner makes a copy of her drivers license and takes information needed for a credit application.  The finance company, which works with many implement dealerships runs a credit check and finds the credit is frozen.  No problem our crook/buyer says, offering to leave for a couple of hours to get the credit freeze lifted.

A couple hours later she returns and the freeze is lifted and the deal is concluded with the finance company wiring $91,000+ to the implement dealer.  The thieves have a tow company haul off the new skid loader and trailer.

The thieves drive off and the implement dealer is happy, the financing company is happy, and the thieves are very happy.  The unhappy person is the woman whose driver license and credit was used to buy the machine.  The victim will get a letter in about 5 days from the financing company with her new payment book for 60 months of payments, the victim of identity theft.

What can you do to protect yourself?  

1. Freeze your credit at all three credit bureaus and place a fraud alert at one of them. 

As Americans, we do not have a choice on the three credit reporting companies having our payment and banking history.  Anytime a transaction involves credit, the merchant (or credit extender) generally runs a credit report on the buyer from one of these three agencies.  You have the right to have your credit frozen and you have the right to place a fraud alert on your report.  You may freeze your credit with a phone call or establishing an online account and freezing it online.  After you have frozen your credit at each of the three, you should place a fraud alert on on the accounts.  By law that agency will report it to the other two.  The initial fraud alert is only good for one year.  If you have a police report documenting your identity theft, you can place a fraud alert on your accounts for seven years.

The three credit bureaus are:

Equifax                     1-888-766-0008                        www.equifax.com

Experian                  1-888-397-3742                          www.experian.com

TransUnion            1-800-680-7289                         www.transunion.com     

      You will create an account at each of the above agencies.  Each of the three agencies will try to sell you their credit monitoring service, but the freeze and fraud alert are free.  Experian and Equifax will allow you to put two factor verification (recommended) on the accounts.  TransUnion will not – THIS IS IMPORTANT.  TransUnion was the credit agency used by the implement credit company – who initially found the victim had frozen their credit.  SO HOW DID THE THIEVES LIFT THE FREEZE?   The thieves left the dealership and called then went to the TransUnion website posing as the victim,  claiming to have lost their password.  The hacker had to answer some basic questions about the victim (Birthdate, SSN, Prior Addresses, and family members) that could be ascertained from a Google search to get access to the account.  Once in, the thieves changed the account email address, password, and cell phone number for the account.  THESE CHANGES WERE ALL DONE WITHOUT TRANSUNION NOTIFYING THE VICTIM AT THE OLD EMAIL OR PHONE !    The crooks then lifted the freeze and ran a full credit report on the victim obtaining every credit account and banking transaction.  TransUnion is terrible, but if more people are victimized, TransUnion sells more monthly monitoring plans.  They have no financial incentive to care about your data.

The crooks had an Illinois License that appears genuine – it includes the Hologram and bar code on the back – professionally made.  It is suspected they obtained a scan of the original license from the medical billing data breach last year.    With the credit report, they have a listing all the victims banks, credit cards (including the first 12 of 16 digits), loan history, and other information.  

Every credit card was reported stolen and new ones issued. 

Every bank was contacted. The banks confessed that a crook who showed up with a valid license and a credit card in the same name could cash a counter check to clean out the victims accounts.  BUT THIS IS IMPORTANT – each bank had in place the ability to require a passcode or phrase to be put on all of the victim’s accounts.  The passcode would be required before any cash is dispersed.  Deposits can be made, but cash withdrawals would require the passcode !  Heartland Bank in Bloomington now has the victim’s photo pop up on the screen for every transaction to prevent the fraudsters from taking money.  It is easier to made credit cards than drivers licenses.

If a fraud alert was on the account, the loan company would have taken extra steps to protect the victim, but since only a freeze was in place and then it was lifted, credit was granted. 

Freezing your credit and placing a fraud alert will take some time, but it is worth it. 

CONTACT YOUR BANKS AND PLACE A PASSCODE on all CASH transactions. 

2. Protect Yourself at IRS.GOV

Real Life:  Imagine you finally get your income tax return filed and you really are looking forward to a refund.  BUT you are informed that your return was already filed and a refund issued.  The crooks beat you by filing early and having the refund directed to their bank and they are now long gone.

The IRS is sympathetic, but tells you that your return cannot be filed until this is cleared up – and it may take a year to clear it up.  Identity theft strikes again.  BUT YOU CAN STOP IT!

Goto IRS.gov and set up an online account – If you do not, the thieves may do it for you !

Once your account is established, request an IRS PIN number to be mailed to you each January.  This PIN number will be required for any tax return to be accepted.  Use it if you file your own taxes, or give it to your tax professional.

3. Protect Yourself at SSA.GOV

Real Life:  You are a busy person – too busy to set up an online account at Social Security.  The crooks have all kinds of time, so they set one up for you – using their email and password.

The crooks now have the ability to divert your social security checks to their bank (usually they get two months of checks before the fraud stopped)  Or if you are still working, the crooks now have your entire work history of employers and how much you make.  With that information they can file fraudulent tax returns for you using W-2’s from your actual employer!   

Stop the crooks now by setting up your account at SSA.GOV.

4. Stay alert – These are only tips based on first hand experience, but the criminals are clever

This page is not a once and done guide.  You should continue to be alert and on the look out.  Never take a phone call or an email at face value.  A elderly woman got a notice from a “Collection Agency” demanding payment for $686.43 for an overdue bill from her healthcare provider – threatening a lawsuit in 5 days.  With the healthcare data breach, the crooks had set up a fake collection agency and generated fake bills with threats so victims would call in and settle.  She was scared, so she called and paid it immediately.  The crooks now had her checking account information !

Never CLICK on an email attachment or link unless you know 100% who it is from.  ANYONE can make an email look like it is from CAPITAL ONE or DISCOVER.

Never give any information over the phone.  ANY CROOK can make the Caller ID look like whoever they want.   ALWAYS call the number on the back of your credit card if you receive a call about anything rather than assuming the person you are speaking with is legitimate.

Always log into the website of your vendor rather than clicking on a link to do so.  ALL WEBSITES can be counterfeited including the .GOV sites. 

You are entitled free copies of your credit report at each of the three agencies.  Get a copy at each and review them for errors.