Last week, I woke up to a curious email. It was titled, “Your Case File AN16883.” A close reading, followed by 30 seconds on Google, proved it was an obvious scam.
- was from the “State Investigation Department” — which doesn’t exist in any state. But it shows up on ripoffreport.com.
- was addressed to “Mr./Mrs. Angela Colley.”
- insisted I’d taken out a payday loan from US Cash Advance — which also doesn’t exist, according to the Better Business Bureau — which was suing me “to the fullest extend permissible by current Federal Banking Law.”
The weirdest part was this: I’d be “legally prosecuted in the Court House within a couple of days” if I didn’t “take a piece of paper and write down the case file.”
But as luck would have it, the email said “Senior Affidavit Processor Officer Andrea Johnson” had found me to be a “genuine person” when she was investigating my account. She’d help if she got the “right answers from my side.”
“Andrea” gave me a few options…
So do you want to resolve this issue outside the court house, or you want to go to the court house with legal proceedings? This was a final notification Email to you as we found you to be genuine person as told you before. You can resolve the issue by paying out of Court Restitution Amount or the Settlement Amount as decide by the Court House? You have to give me a flat answer without any excuse.
At first, I laughed it off, until I saw this: My address from college, a cellphone number from five years ago, my full name – and my Social Security Number.
WTF? How does Senior Affidavit Processor Officer Andrea Johnson have my SSN?
I’ve never taken out a payday loan, but somehow, this scammer got a hold of my Social Security Number. Suddenly, all I can picture is Andrea Johnson opening a credit card under my name and hosting the largest company party in the State Investigation Department’s history.
Sadly, I’m not alone. According to the Federal Trade Commission, between 2006 and 2008, 11.7 million Americans were victims of identity theft. I knew I’d have to act quickly to minimize any potential damage (and lower my blood pressure).
Here’s what I did…
My first move was an Internet search for the scammer’s name and email. I immediately learned this isn’t a new scam. Dozens of people have reported hearing the same speech over the phone. A few even reported getting an email from the same account.
If you ever get a suspicious email, run a quick Internet search before you do anything else. Odds are, you’ll figure out if it’s a scam.
2. Observe, don’t engage
My second move was to file the email away without replying to it. I stored the email as a document and printed a copy, just in case I accidentally deleted the email.
While you’ll want to keep a record of the incident, ignore the urge to respond and see what they want. Odds are, they want to grill you for more information or verify your active email account — then try to steal your password.
3. Check your credit reports
Next, I used AnnualCreditReport.com to order free copies of my credit reports (the law allows one copy per year per credit bureau) to see if anything looked suspicious. Luckily, everything on my credit report belonged to me, so my identity hasn’t been used yet.
Alternatively, you can also get free copies of your credit reports after you complete the next step.
4. File an initial fraud alert
An initial fraud alert lets the three credit bureaus know you’ve been a victim of identity theft – or even that you might be, because a scammer has your SSN.
To place one, I called one of the credit bureaus, confirmed my identity, and explained the situation. By law, the credit bureau I contacted has to let the other credit bureaus know, which saved me a lot of time and aggravation.
The initial fraud alert will stay on my credit files for 90 days. During that time, I must be notified and give permission before any new credit or loan accounts can be opened in my name.
Here’s how to place an alert with any of the three credit bureaus. Remember, you only have to do it with one, and the others will find out…
By law, you’re entitled to a free copy of your credit reports after placing an initial fraud alert — even if you’ve used up your three free ones earlier in the year.
5. Report a phishing attempt
Since I was contacted via email, I reported the phishing attempt to something called the United States Computer Emergency Readiness Team. (I emailed them, just scroll down to the bottom right of the page.) Reporting the attempt might stop future attacks from happening, but it also proves I knew this was an ID thief, not a legitimate debt.
You can also report phishing directly through your email from some providers like Gmail.
6. Monitor your credit
Now that I know my SSN is floating around out there, I’m keeping a close eye on my credit. I’ve signed up for a credit monitoring service. It has a small monthly fee, but I’m notified immediately if there are any changes to my credit report.
Since I’ve placed an initial fraud alert on my credit profiles, I won’t be liable for any identity theft if it does sneak through the cracks.
So take that, Senior Affidavit Processor Officer Andrea Johnson of the State Investigation Department.