Here's How To Know If Your Identity Has Been Stolen

Is Someone Using Your Identity? Here’s How To Find Out

Identity theft has become one of the fastest growing crimes in America. According to the latest report from the Federal Trade Commission (FTC) [*]:

More than 5.2 million Americans were victims of identity theft and fraud in 2022 alone — not including the millions more who didn’t report it.

What makes identity theft such a dangerous crime is that there are so many different types of identity theft that it’s often hard to know if you’re a victim. Fraudsters and hackers can slowly gather or steal your sensitive personal information over time — waiting for the perfect moment to strike.

That’s why it’s so important to recognize the early warning signs of identity theft.

In this guide, we’ll explain how to know if your identity has been stolen, how fraudsters steal your identity in the first place, and what you can do to protect yourself and your loved ones.

With so many people affected, you're probably wondering if someone has stolen your identity.

{{show-toc}}

How To Know If Your Identity Has Been Stolen

Identity thieves have numerous tactics they use to target you and steal your identity. While this isn’t an exhaustive list of warning signs and red flags, it covers the most common ways you’ll be able to tell that your identity has been stolen:

1. Mistakes or strange accounts on your credit report

Identity thieves are almost always financially motivated. If your identity has been stolen, one of the first places you could see warning signs is on your credit report.

For example, if fraudsters use your stolen information to open new accounts or take out loans lines of credit in your name.

Here’s how to check your credit report:

Until the end of 2023, every American can get a free credit report from each of the three major credit bureaus — Experian, Equifax, and TransUnion — each week at AnnualCreditReport.com.

Check each copy of your credit report for:

• Fraudulent accounts. Check for any accounts you don’t recognize or that have co-signers you didn’t authorize.
• Hard inquiries you didn’t request. Lenders make hard inquiries before extending you credit. If there are any inquiries you don’t recognize, it could be a scammer using your identity.
• Inaccurate personal information. Identity thieves may change the contact information on your credit file so that you don’t get warned of their actions. Check the address and phone number listed to make sure it’s still accurate.
• Incorrect employment history. If your credit report includes employment information, make sure you recognize everything listed. Some fraudsters use stolen identities to work illegally (i.e. employment identity theft).

Note: It’s important to check your credit file with all three of the credit reporting agencies as some lenders only report to one or two of them. Alternatively, a three-bureau credit monitoring service can automatically monitor all of your credit reports and alert you to suspicious or fraudulent activity.

2. Suspicious activity on your credit card and bank statements

Credit card and bank fraud were two of the top three types of identity theft in 2022, with a record 751,468 victims [*]. Regularly monitoring your bank and credit card accounts can help you spot the early warning signs of fraud.

Here’s what to do:

• Check your account statements as soon as they’re available. The sooner you spot signs of fraud, the better chance you’ll have of reversing charges or getting your money back. Don’t wait to check your statements for unauthorized charges or withdrawal.
• Don’t ignore unrecognized small charges. Fraudsters often start with small transactions to test if stolen bank or credit card information works (before moving on to larger fraud).
• Set up a transaction threshold alert. Aura can monitor your bank, credit card, and investment accounts and warn you of suspicious or over-limit transactions. This is a good failsafe in case your bank misses signs of fraud.

📌 Related: What Can Scammers Do With Your Bank Account Number? →

3. Unexpected (or missing) physical mail

Your mail box can be a great warning system for ID theft. One of the ways that identity theft happens is by scammers stealing your mail. Thieves look for official documents, credit card statements, or other mail that includes your sensitive personal and financial information.

In 2022, 49 million Americans has at least one package stolen from them [*].

It's especially important to monitor your physical mail when you're expecting sensitive deliveries, like a new credit card or a replacement Social Security card.

Unexpected bills or letters from a collection agency in the mail could also be a red flag. If scammers use your stolen personal information to open new accounts or take out loans, you may get communication about it in the mail.

Even an increase in junk mail and credit card offers can be a sign that someone stole your identity.

The bottom line: Keep close tabs on your mailbox and consider using a more secure option (like a locked box).

4. Lost or stolen documents and ID

It's critical that you know where all of your identifying documents and debit/credit cards are at all times. If any of the following items are lost or stolen, you may be at risk for identity theft:

• Personal electronic devices (like your phone)
• Wallets
• Passport (or passport number)
• Driver's license
• Social Security card
• Debit card or debit card number
• Credit card or credit card number
• Insurance card

While you're at it, remove any extra credit cards from your purse or wallet. It's best to travel with just one or two credit cards, along with one form of ID, like your driver's license.

Never store your Social Security card in your wallet. Your Social Security number is at the top of every identity thief's wish list, and you can't afford to let it fall into the wrong hands.

Make sure you report any lost IDs to the right authorities to prevent fraudsters from using them — for example, the Department of Motor Vehicles, Social Security Administration, or your health insurance company.

📌 Related: Stolen or Lost Phone? Don’t Panic! Follow These 11 Steps Now →

5. Unexpected phone calls or visits from debt collectors

Any unfamiliar communication from a debt collector is a cause for concern. While it could be a mistake or error caused by a lender not reporting your payments, it could also be a red flag that someone has used your identity to take out loans.

To ensure you’re not dealing with a legitimate debt, you can ask for a debt validation letter. By federal law, these letters should include an itemized list of debts owed, along with past payment history, fees, and interest that you can corroborate with your records. A real debt collector will also include a “tear-off” form to dispute your debt or take other legal action.

Pro tip: Make sure you’re dealing with a legitimate debt collector. Scammers sometimes pose as fake debt collectors to try to pressure you into paying old or fraudulent debts or giving them your sensitive information.

📌 Related: Is Aura Worth It? Here's How To Know →

6. Your tax return is way off or is rejected by the IRS

Tax identity theft occurs when scammers use your SSN and other personal information to file a fraudulent tax return in your name — and steal the refund. If you try to submit your taxes and are rejected by the IRS, it could mean that someone has already put in a tax return under your name.

Here’s what you can do:

• Follow up on strange tax documents. Beware of notifications that a tax return has been filed on your behalf, or if you receive a W-2 (or other tax forms) from a company you never worked for.
• Review your tax return status online. If you’ve submitted your return (or want to see if someone else has), you can review your tax return status on the official IRS website.
• Notify the IRS of any suspected fraud. Include Form 14039 (Identity Theft Affidavit) with your paper return and mail it to the IRS address in your state. This form lets the IRS know that your previous return is fraudulent. If the IRS catches the fraud first, you’ll receive a a 4883C letter, which asks you to verify your identity.

📌 Related: Stolen Tax Refund Check? Here's How To Get Your Money Back →

7. You’re denied a loan due to a change in your credit score

A sudden change in your credit score is a clear warning sign that your identity has been stolen (or you need to deal with other issues impacting your financial health). Different lenders use different credit score formulas, so it’s common to have slightly different scores. However, if you see a sudden drop, it’s something to follow up on.

Aura monitors your credit at all three credit bureaus and can alert you to any suspicious activity as well as changes to your score.

📌 Related: How To Avoid the Financial Hardship Department Scam →

8. Suspicious phone calls and voicemails

We've all seen the "Scam Likely" caller ID label before. Sure, it's easy to ignore robocalls, telemarketers, and automated voicemails. But it could be a sign of a deeper problem.

Beware of unsolicited calls from debt collectors, credit card companies, and utility companies. If you receive a suspicious call from a financial institution, it may indicate that an identity thief is applying for credit cards or attempting to open bank accounts in your name.

9. Strange emails and text messages

A flurry of strange emails doesn't necessarily mean your inbox has been hacked. But it's still a cause for concern. Your email address and phone number are often compromised whenever data breaches occur. Leaked email addresses further compound phishing — social engineering was implicated in 20% of all data breaches in 2022 [*].

Given how widespread this problem has become, you might get notifications about new accounts created in your name, or flagged transactions from your bank or credit card.

📌 Related: The Best Identity Theft Protection Services in 2023 →

10. Unfamiliar SMS verification codes

Two-Factor Authentication (2FA) is a popular method of limiting access to your online accounts by requiring two methods of identity verification.

When you enable 2FA on services like Gmail, PayPal, Amazon, Facebook and others, you'll be asked to verify your identity with a one-time code.

But what happens if you receive an SMS containing a verification code that you never requested? It means an identity thief has successfully decoded your password, and if not for 2FA, your account would have been compromised.

Unfortunately, 2FA via SMS creates security vulnerabilities due to a new type of scam called SIM swapping.

Therefore, instead of receiving 2FA codes via SMS, use an authentication app such as Google Authenticator, Microsoft Authenticator, or Okta.

📌 Related: What Is Criminal Identity Theft? Should You Be Worried? →

11. Unknown devices are logged into your online accounts

More than ever, scammers want access to your online accounts — social media, email, banking, etc. If they get in, they might try to keep their hack a secret for as long as possible. In these cases, you’ll see unfamiliar devices logged in to your accounts.

For example, you can check what devices have access to your Gmail account by following these steps:

1. Sign in to your Google Account.
2. Select “Security” from the left-hand panel.
3. Under “Your devices,” select “Manage all devices.”
4. Check for unrecognized devices and strange device activity. If you see any, click on the device and then select, “Don’t recognize something?”

You can follow similar steps on all of your accounts.

Along with regularly checking what devices are logged in to your accounts, you should periodically update your passwords and make sure that 2FA is still enabled.

12. Notifications that your personal info is on the Dark Web

There were more data breaches in 2022 than any previous year [*]. If a service or company you use gets breached, it could mean that hackers have access to your information on the Dark Web.

The Dark Web is a part of the internet that requires a special browser to access. Hackers use the Dark Web as it allows them to anonymously buy, sell, and trade stolen information, illegal goods, or even viruses.

While it’s pretty much impossible to remove your data from the Dark Web, it’s important to know what accounts or info is available — and protect yourself.

A free Dark Web scanner can quickly tell you if your online accounts have been accessed. But for comprehensive protection, you’ll want to opt for 24/7 Dark Web monitoring to search for more sensitive information, such as your credit card number, SSN, or even passport. Identity theft protection services like Aura include Dark Web scanning as part of their offering.

13. You’re locked out of your email and other accounts

If you try to log in to an account and your password doesn’t work, it could mean that you’ve been hacked. The severity of the hack depends on what account hackers have gained access to. For example, many scammers break in to social media accounts to scam your followers. Whereas, if they access your bank account, they could drain your savings.  

Here’s what to do if you’re locked out of an account:

• First, regain access to your hacked account. Follow the service’s steps on how to recover your account or request a password reset.
• Then, use strong passwords and enable 2FA. Once you’re back in, change your password to something more secure. A long, complex, and unique passphrase is always a good call — for example, “L0rD0fth3R1ng$". If you haven’t already, make sure you’ve enabled two-factor authentication.
• Finally, make sure that your backup email address and phone number are correct. Most accounts will let you add backup options for if you get locked out. Hackers will often change these so you can’t get back into your account. Make sure that they haven’t been tampered with.

📌 Related: What Is a Data Breach? How To Protect Your Data →

14. Unfamiliar income on your Social Security statement

Occasionally, identity thieves will use your information to gain employment or pass background checks they wouldn’t otherwise be able to pass. If someone is using your name and PII to gain work, it will show up on your Social Security statement.

Here’s how to check if you’re the victim of employment identity theft:

• Check if your Social Security Statement is accurate. Sign in to the SSA website (or create an account) and review your statement. Make sure that your income history and predicted benefits are accurate. If any information is incorrect, you need to contact the SSA to correct your Social Security earnings record.
• Be on the lookout for unfamiliar W-2s or 1099s. Any documents about a job you don’t recognize are a huge warning sign that your identity has been stolen. If you receive anything suspicious, call the listed employer and explain the situation.

📌 Related: 9 Critical Resources To Use If You're the Victim of Identity Theft →

15. Your health insurance coverage is suddenly used up

Health insurance information has become some of the most valuable data on the Dark Web. With your health data, scammers can get medical care using your insurance or purchase prescription drugs or medical equipment that they can sell for a profit.

Even worse, their medical history will get mixed up with yours — meaning that you could get incorrect or potentially dangerous health care.

If you’re notified that your health insurance benefits are used up and you know they shouldn’t be, contact your insurance provider and request an account statement.

How Does Identity Theft Happen?

To steal your identity, con artists need your personal information. Here are some of the most common identity theft techniques.

• ‍Phishing attacks. Identity thieves will send spam emails, texts, or even call you pretending to be a representative from Facebook, a government agency, or law enforcement. They'll use social engineering attacks to pressure you to "confirm your identity" by asking for personal information such as your Social Security number, and then use that information to scam you online and commit crimes.‍
• Physical theft. If a thief comes across your driver's license or Social Security card, they can use that information to commit identity fraud. You probably didn't know this, but criminals don't need much to steal your identity. Your ID alone provides enough information that can be used for identity theft.‍
• Data breaches. Modern day scammers use emerging cyber threats to hack a company's database or obtain hacked information from the Dark Web. Stolen data can include any personal information you've saved on a shopping website, from passwords to credit card details.‍
• Shoulder surfing. Believe it or not, identity thieves with shifty eyes can steal your identity by lurking over your shoulder while you're entering login details to important online accounts on your mobile device. Another classic shoulder surfing move also happens at the ATM while you're entering your debit card pin number to withdraw cash.

📌 Related: How to Protect Yourself from Identity Theft (11 Steps) →

Was Your Identity Stolen? Follow This Recovery Plan

Identity theft can go unnoticed for months or even years. As soon as you realize you could be a victim, you need to act quickly. Here’s what to do:

1. Secure your online accounts

Preventing identity theft starts with having strong and unique passwords. Most people know they need to routinely change all their passwords, but often put off doing it.

Change your usernames and easily guessable passwords to avoid unauthorized access. Also, use a secure password manager like Aura.

2. Freeze your credit

A credit freeze (or credit lock) can help stop scammers from taking out loans or opening new accounts in your name. Contact each of the three credit bureaus individually — Experian, Equifax, and TransUnion — and ask for a credit freeze. Or, use Aura’s app to lock your Experian credit file with a single click.

3. Force all unfamiliar devices to sign out

There's a good chance your accounts were accessed by foreign devices from unfamiliar locations. You'll need to make sure they're logged out.

4. Notify your bank, cancel your accounts, and enable fraud alerts

When identity theft occurs, you'll need to contact your bank. They'll assist you through the process of canceling your checking account, savings account, and obtaining new credit cards.

Consider enabling a fraud alert or freezing (or locking) your credit.

5. Notify the FTC and file a police report

Submit an identity theft report to the FTC at IdentityTheft.gov if your identity has been compromised. The FTC handles fraud cases and can provide assistance.

For more information, follow this fraud victim's checklist for step-by-step instructions on how to recover from fraud. In addition to that, you should contact local law enforcement and file a police report.

6. Check your credit report and bank statements

Scammers are almost always after your financial accounts. Check for the warning signs of identity theft — such as strange charges on your bank statement or accounts you don’t recognize. An identity theft protection service like Aura can monitor your credit and statements for you and alert you to any signs of fraud.

7. Consider signing up for identity theft protection

Dealing with identity theft can be a nightmare. You’ll need to cancel bank accounts and credit cards and may even need to change your SSN.

But you don’t have to go through it alone.

Aura’s award-winning identity theft protection solution helps proactively protect you against identity theft and offers invaluable support if the worst should happen.

Here’s what you get with Aura:

• Award-winning identity theft protection. Aura monitors your SSN, name, financial information and hundreds of other data points across the internet, Dark Web, and public records. If it finds anything suspicious, you’ll receive a notification and get help shutting the scammers down.
• Three-bureau credit monitoring with the industry’s fastest fraud alerts. Aura directly monitors your credit report for changes or suspicious behavior. A 2022 mystery shopper study found that Aura caught changes to consumers’ credit reports more often and delivered fraud alerts up to 250x faster than other services [*].
• AI-powered digital security tools including spam call and text blocking. Aura proactively protects your devices and data with a military-grade VPN, antivirus software, Safe Browsing tools, a secure password manager and more. Aura is also one of the first services to offer an AI-powered Call Assistant that can block spam and scam calls or texts.
• 24/7 access to a team of Fraud Resolution Specialists. When you need help, Aura’s trained team of specialists is available 24/7 — whether you have questions about your credit report or want them on a three-way call with your bank or a government agency.
• Up to $5 million in identity theft insurance (on family plans). If the worst should happen, Aura has you covered. Each adult member on an Aura plan is covered for up to $1,000,000 in eligible losses due to identity theft.

Shut down identity thieves. Try Aura free for 14 days.