Well, I’m about to turn 50 this weekend.

It’s a big birthday.

One where folk often find themselves wondering who they really are, and where they are going in life. It’s a half-point, if you’re lucky; a place to stop, look back over where you’ve been and then turn around to look toward what’s ahead.

I’m a lucky and fortunate girl, I know it. I’m also very grateful, and I hope The Universe believes me when I say thank you for these 50 years.

So, who am I? Or rather, who do I want to be next?

Well, it’s funny, but just as I was starting to ponder this ginormous question, I was given the rare opportunity to re-establish my identity in a way that no one ever expects to.

My identity was stolen.

This week I learned that someone out there in the world is pretending to be me online by using my name, phone number, birthdate, social security number, and who knows what else. They’ve gotten into my credit cards, my computer, and my head.

The irony of this coinciding with my 50^th birthday is not lost on me.

Don’t worry. I’m not so introspective that I’m going to change somehow… I’ll always be dorky old me who loves chocolate chip cookies, iced coffee, nail polish, stupid jokes, anything sci-fi or fantasy, and my vaporizer. But, because I AM dorky old me, I thought I’d share what I’ve learned/done with the hope that you can take the information and prevent this from ever happening to you. Consider it a birthday present of sorts, but without the wrapping and cake.

Melissa’s “Hindsight is 20/20” list of things she wishes she would’ve done before she had to for online security and identity reestablishment.

1) Turn on two factor authentication for all of your online apps like Facebook, Instagram, Twitter, email, PayPal, and Amazon… basically anything online that someone impersonating you could use to make your life a mess. Most folk log into sites with their username and password, and figure that’s enough security. It’s not. Two factor authentication adds an extra layer by sending a special one-time access code to your phone whenever a log in request comes from an unrecognized device. If it’s you, no big deal. But if it isn’t you, the evildoer can’t log in. It’s simple to turn on, easy to use, and available pretty much everywhere online. So do it. Now.

2a) Put a fraud alert on your account with the three main credit bureaus: Equifax, Experian, and TransUnion. This may seem silly to do if you aren’t actively being attacked, but again, it’s prevention. When a fraud alert is in place, extra questions are asked to verify identity any time a new line of credit is requested. While it won’t stop a crook who might know your credit history from opening a new line of credit in your name, it could slow down someone who only has a few pieces of personal information. Fraud alerts have to be renewed annually.

2b) If you wanted to take this step a little farther than just an alert, you could request that a freeze be placed on your accounts. This will stop anyone new from accessing your credit history without your consent, and stays in place for up to seven years before you have to renew it. Once frozen, you can temporarily lift the restriction for specific individuals by using a PIN that you must never, EVER, lose. You’ll have to lift a freeze to get a loan, mortgage, car, or anything else with credit. It’s a hassle, but worth it if you want to lock everything down now. One bonus to freezing your accounts is that you will get fewer “preapproved” offers for credit cards in the mail; no one can preapprove a person they can’t investigate. (If you want to get rid of these pesky offers entirely, call 1-888-567-8688 (1-888-5OPTOUT).) Placing a fraud alert or a full freeze with the credit bureaus will not affect your credit score.

Protip #1: Do NOT lose your PINs. If you do, you will be in a world of hurt. You can’t prove that you are YOU without it. Also, do NOT keep it on your phone as “PIN”. That’s just… not smart. This may be something that still has to be on paper in a safe place. Or two safe places if you are worried one of them will go up in flames or something.

Protip #2: Freezes do NOT mean you are safe. It’s still important to monitor your existing accounts for fraudulent activity, as well as your medical bills (see #2 and #3 in this article from Forbes).

3) Request a free credit report from each of the three credit agencies in a rolling manner. You are allowed one free credit report from each site annually. Ideally, the info on these reports should match, but not all lenders necessarily use all three agencies when they check your credit. Because each of the three credit bureaus allow for one free report a year, a possible request timeline could be: Equifax in January, Experian in May, and TransUnion in September. Doing it this way would allow closer monitoring of your history without spending extra money in the process. Any false entries or discrepancies should be addressed as soon as you find them.

4) Get thee a security program for your computer, pronto, and use it regularly. Doesn’t matter what kind of computer you have; the myth that Apple is less vulnerable is exactly that.

5) Change your passwords regularly and do not use the same one for frequently used sites. I know, I know, we ALL know this, but we’re not good at it. Passwords are like flossing your teeth. You know you SHOULD do it regularly, but sometimes it feels like such a hassle when you just want to go to bed. Seriously though, make unique passwords for your email accounts, payment accounts, investment accounts, and any big sites you buy lots of stuff from. Why? Because if you DO end up getting hacked, it’ll be easier for you to re-secure your account quickly, and the evil-doer won’t be able to go farther than one place on your dime.

6) Review your credit card inventory and cancel ones you haven’t used for at least a year. How many do you really need? For those cards that you do choose to keep, turn on the two factor authentication for any online presence (see #1 above) and check to see if you can put any other special alerts on your account. Some sites offer monthly balance emails, others will give notifications for charges over a certain limit. Anything you can do to keep track of accounts you don’t use very often is good practice. Remember, bad stuff can happen when you aren’t looking. 

If you do these things, and you STILL get to be one of the chosen few to lose their identity, here’s a quick list of everything else you’ll have to do:

– Make a police report with your local precinct.

– Call the credit agencies and freeze your credit accounts (if you didn’t already do this just because you felt like it after reading #2 above).

– Call all of your credit card companies and let them know what is going on… although, to be honest, they are likely the ones who will contact you because of caught fraudulent activity.

– Call your financial advisors (if you have them) to lock down your investment/retirement accounts. Did you know that you can transfer your accounts to a new broker without notifying the old one first? You can. Which means that someone pretending to be you can walk into a new financial advisor’s office, fill out some forms, and move everything to a new advisor without your knowing what happened!

– Call your bank to put alerts on your accounts and change out your cash/debit cards.

– Call your utilities and put passwords on your accounts so that no one can modify your services without your consent.

– Call your state title department to make sure no one is trying to put a line of credit on your home.

– If you don’t have security programs running regularly on your computer, TURN YOUR COMPUTER OFF and bring it in to Geek Squad or someplace where they can look for spyware and malware. Do NOT do any password changing/government notifying/credit checking online on a computer you do not know to be secure. One might think this would be intuitive, but I can assure you… it’s not. Trying to shut everything down before more money is lost often requires a keyboard, and … well… you don’t necessarily think about the fact that the one closest to you is likely part of the whole problem. Shut it down and start making actual phone calls.

– Make a report with the FTC at identitytheft.gov. This is a site where you can update information as you learn it, creating a record that can be used if you ever have to prove a discrepancy on your credit report.

I’m sure there are other things to do, and if you have other tips, please share. I was aided by friends who have gone through all of this before, and their experiences helped me navigate through my own. My sincere hope is that you will never be a victim of identity theft, and if you follow my 20/20 Hindsight list, you’ll be a less likely target.

THE TAKEAWAY

1) No one is safe from identity theft, even if it’s their birthday. However, being vulnerable is not the same as being ignorant, and any day is a good day to learn new preventative steps for your future health and well-being.

2) I’m FIFTY!