THE SHORT ANSWER

If someone has used your identity, contact the affected company’s fraud department immediately, secure compromised accounts, place a credit freeze with each nationwide credit bureau, consider a fraud alert, review all three credit reports, and create a recovery plan at IdentityTheft.gov. Document calls and letters, dispute fraudulent accounts in writing, replace compromised identification through the issuing authority, and watch for follow-up scams. The exact sequence depends on what was stolen, but speed and a written record reduce further damage.

What to remember

  1. Contact the companies where fraud occurred before arguing with a caller or collector.
  2. A credit freeze and a fraud alert are different tools; many victims use both.
  3. IdentityTheft.gov provides an FTC Identity Theft Report and a personalized recovery plan.
  4. Review reports from all three nationwide credit bureaus because information may differ.
  5. Recovery services can help monitor, but they do not replace freezes, disputes, and direct account security.

The first hour: contain active misuse

Start with the account or institution showing suspicious activity. Use the phone number on a statement, card, or official website—not a number in an alert message. Ask for the fraud department, explain which transactions or accounts are unauthorized, request that access be blocked, and ask what written documentation is required.

If email or a primary phone account may be compromised, secure those first because they can reset other accounts. Change passwords from a trusted device, sign out unknown sessions, review recovery addresses and forwarding rules, enable multi-factor authentication, and protect the mobile account with a carrier PIN. Do not approve login prompts you did not initiate.

Keep a recovery log from the beginning. Record dates, numbers called, representative names or reference numbers, actions promised, letters sent, and deadlines. Identity theft can involve several institutions; a clear record prevents repetition and supports later disputes.

  • Call affected companies through official numbers.
  • Lock or replace compromised cards.
  • Secure email and mobile accounts.
  • Change reused passwords.
  • Begin a dated incident log.

Credit freeze versus fraud alert

A credit freeze restricts access to your credit report, making it harder for a thief to open new credit in your name. In the United States, freezes are free to place and lift. You must contact Equifax, Experian, and TransUnion separately. Keep the credentials or PINs needed to manage each freeze in a secure place.

A fraud alert tells businesses that they should verify identity before issuing new credit. An initial alert generally lasts one year and can be placed by contacting one nationwide bureau, which must notify the others. An extended alert may be available to confirmed identity-theft victims who provide an identity theft report.

A freeze and alert do not correct existing fraudulent accounts, protect bank balances, stop tax or medical identity theft, or secure compromised passwords. They are important layers within a broader recovery plan.

Create an official recovery plan

IdentityTheft.gov is the U.S. federal government’s recovery resource. The service asks what happened, creates an FTC Identity Theft Report, and provides steps and letters tailored to the reported misuse. An account can be used to track progress and update the plan.

Provide accurate information and preserve the completed report. A false report can have legal consequences. Depending on the crime, company, or local requirements, a police report may also be useful. IdentityTheft.gov explains when additional reporting is relevant.

The report is not the end of recovery. Use it to support requests that businesses close fraudulent accounts, remove unauthorized charges, and provide records connected with the theft.

Review all three credit reports line by line

Use AnnualCreditReport.com, the federally authorized source, to obtain reports. Review names, addresses, employers, inquiries, accounts, balances, payment histories, and collections. Information can differ among bureaus, so checking one report is not enough.

Mark every item you do not recognize, but remember that legitimate lenders and collectors can appear under unfamiliar corporate names. Verify before disputing. For fraudulent items, follow the bureau’s identity-theft blocking or dispute process and notify the business that supplied the information.

Keep copies of reports and disputes. Use certified mail when appropriate, preserve delivery records, and note response deadlines. Do not send original identity documents unless an official process specifically requires them.

The 10-step identity theft recovery checklist

The correct order may change if a bank account is actively draining or a passport is missing. Use this list as a framework, then follow the tailored instructions from official agencies and affected institutions.

  • Contact every company where fraud occurred and close or restrict the affected account.
  • Secure email, phone, financial, shopping, and social accounts.
  • Place free credit freezes with Equifax, Experian, and TransUnion.
  • Place an initial or extended fraud alert when appropriate.
  • Report identity theft at IdentityTheft.gov and save the FTC report.
  • Obtain and review all three credit reports.
  • Dispute and block fraudulent accounts, inquiries, addresses, and debts.
  • Replace compromised government identification through the issuing agency.
  • Monitor financial, credit, tax, insurance, and medical records.
  • Maintain a recovery file and watch for impersonation or recovery scams.

Different forms of identity theft require different responses

New-account credit fraud is only one form. A thief may take over an existing account, file a tax return, use health insurance, obtain utilities, create a phone account, rent property, or use a child’s identity. A stolen Social Security number can create risks even when no credit-card charge appears.

Tax-related identity theft should be handled through the tax authority’s official process. Medical identity theft may require contacting providers and insurers to correct records while preserving legitimate health information. Driver’s-license or passport misuse should be reported to the issuing agency. Child identity theft may require creating and freezing a minor’s credit file.

Do not assume a paid monitoring product covers every category. Monitoring can alert you to some credit-file changes, but it may not detect withdrawals, tax filings, medical records, criminal impersonation, or account takeover.

How to dispute fraudulent accounts without losing your paper trail

Write clearly and specifically. Identify each account or item, state that it resulted from identity theft, attach the documentation requested by the official process, and state the correction you want. Send only necessary personal information and use secure channels.

Contact both the credit bureau and the company that furnished the information. Ask the company to stop reporting the fraudulent debt and provide written confirmation. Debt collectors should be told in writing that the debt results from identity theft; follow the legal notices and deadlines in your jurisdiction.

Track every response. If an item returns, compare the new report with earlier copies and ask how it was verified. Complex or unresolved cases may justify assistance from a qualified consumer-law attorney or nonprofit service.

Prevent a second wave of misuse

Criminals may reuse stolen information or sell it. Maintain freezes until you need to apply for credit, monitor account alerts, review credit reports regularly, and reduce password reuse. Consider a password manager and phishing-resistant authentication where available, but evaluate products on their actual features rather than fear-based marketing.

Be suspicious of calls claiming to be the FTC, a bureau, a bank, or a recovery specialist. An official-looking caller ID is not proof. Navigate to the agency or company independently. Never give a one-time security code to an incoming caller.

A data breach notice does not always mean your identity was misused, but it should prompt targeted action based on the information exposed. IdentityTheft.gov provides breach-specific guidance. Recovery is a process; periodic review is part of closing the incident.

Child, deceased-person, and family identity theft

A child can have a credit file created by fraud long before applying for credit. Parents and guardians can check for a file and request a protected freeze through each bureau’s process. Documents proving identity and authority should be sent only through the official secure route.

Identity misuse after a death can target credit, tax, benefits, property, or accounts. The executor or authorized representative should notify relevant institutions and credit bureaus using required documentation while limiting unnecessary distribution of the death certificate and personal identifiers.

Family identity theft is emotionally difficult because the person responsible may have legitimate access to mail, devices, or records. The recovery process remains evidence-based: close unauthorized accounts, freeze credit, create the FTC report, and obtain legal advice. Family pressure should not force the victim to accept fraudulent debt.

Older adults and people receiving care may need supported decision-making that preserves autonomy. Helpers should not take unrestricted control of accounts merely because a scam occurred. Define roles, monitor transactions transparently, and use powers granted by law.

For every special case, document who has authority to act. Companies may refuse requests without proper proof, and repeated sending of sensitive documents creates risk. A single organized package tailored to the official requirements is safer than emailing records widely.

Account takeover requires a different emergency response

When a thief already controls email, phone, banking, or social accounts, credit freezes alone do not solve the immediate problem. Contact the provider’s fraud or account-recovery team through an official route. Ask that unauthorized recovery methods, devices, forwarding rules, and linked accounts be removed.

Email is often the master key. Review sent mail, deleted mail, filters, auto-forwarding, application passwords, connected apps, and recent sessions. A thief may leave a hidden forwarding rule even after the visible password changes.

Mobile-number takeover can intercept calls and codes. Contact the carrier, restore the number, add an account PIN, and ask what changes were made. Move important accounts away from SMS authentication where stronger methods are available.

Tax, employment, and medical identity theft

Tax identity theft may become visible when a return is rejected or a notice reports income or filing you do not recognize. Use the tax authority’s official identity-theft process. Do not call a number from an unexpected text or email claiming that arrest is imminent.

Medical identity theft can mix another person’s treatment, prescriptions, claims, or diagnoses with your record. Contact the provider and insurer, request an accounting or copy where available, and dispute inaccurate information carefully so legitimate medical history is not lost.

Employment identity theft may create unfamiliar wages or tax records. Government identification, benefits, and professional licenses can also be misused. IdentityTheft.gov builds different steps for different categories; there is no universal letter that fixes every system.

Create a recovery record another person can understand

A recovery file should contain the FTC report, police report if any, credit reports, disputes, delivery confirmations, statements, provider letters, case numbers, and a chronology. Store copies securely and separate from compromised accounts.

Use a simple status table: institution, problem, date reported, representative, requested action, response deadline, and resolution. This structure reduces cognitive load when several organizations ask for similar information.

If a trusted person assists, define authority clearly. Do not share passwords casually. A power of attorney, guardian, executor, or advocate may need specific documentation. Recovery should not create a second uncontrolled copy of every sensitive record.

The first 90 days of identity theft recovery

The first day is containment; the next weeks are verification and correction. Schedule weekly reviews of bank activity, card alerts, email sessions, mobile-account changes, and credit reports. Keep freezes active except when temporarily lifted for a specific application. Record every lift and restore it immediately afterward.

Expect letters and calls from unfamiliar companies. Do not assume they are either legitimate or fraudulent. Locate each company independently, compare account numbers only through secure channels, and ask for written validation. A collector’s call may be the first sign of a fraudulent account, but it can also be an impersonation attempt.

Check government and benefits systems relevant to you. Tax, unemployment, health, retirement, and licensing misuse may not appear on a credit report. Follow only the issuing agency’s official identity-theft process and preserve confirmation numbers.

Review the security event that enabled the theft. Reused passwords, compromised email, stolen mail, a data breach, phishing, malware, document loss, or insider access require different prevention. Avoid certainty when the source is unknown; fix the most plausible weaknesses without delaying recovery.

At the end of each month, create a one-page status: resolved items, disputed items, pending deadlines, accounts still at risk, and documents received. Recovery fatigue is real. A structured review turns an open-ended crisis into a finite set of next actions.

Questions people ask

Should I freeze my credit if only a card number was stolen?

A replacement card may solve isolated card fraud, but a freeze can be prudent if broader identifying information was exposed. Ask the issuer what data was compromised.

Does placing a fraud alert freeze my credit?

No. An alert asks creditors to verify identity; a freeze restricts access to the report. They are separate tools.

Will a credit freeze lower my score?

A security freeze does not affect your credit score. It may need to be lifted temporarily when you apply for new credit.

Is IdentityTheft.gov legitimate?

Yes. It is the Federal Trade Commission’s official identity-theft reporting and recovery service.

Do I need to pay for identity monitoring?

Not necessarily. Freezes, fraud alerts, reports, and disputes are available without a subscription. Monitoring may add convenience but has limits.

PRIMARY & OFFICIAL SOURCESFTC — IdentityTheft.gov recovery planFTC — How to recover from identity theftFTC — Credit freezes and fraud alertsCFPB — What to do after identity theftAnnualCreditReport.com — Official credit reports

Research note: TruthTube prioritizes government publications, primary records, scientific standards, and official reporting channels. This article is educational and does not replace legal, financial, medical, or psychological advice.

HOW THIS ARTICLE WAS PRODUCED

This article was researched using official records, regulator notices, court documents, law-enforcement releases, provider documentation and reputable reporting. Material claims were checked against the cited sources.

AI tools may have assisted with research organization, language refinement, transcription or illustration, but factual claims were reviewed by Lavi, Founder & Editorial Lead.

UPDATE & CORRECTIONS

Published July 11, 2026. This page is scheduled for review when official guidance, reporting channels, scientific standards, or relevant laws change.