Identity theft countermeasures: How to freeze your credit, opt-out of unsolicited pre-approved offers, and secure your cell phone number
In September of 2018, credit freezes became free in the United States for Equifax, Experian, and Transunion. Credit locks often are not. The reasons why credit report reviews and freezes are a good idea are explained well by the FTC and Consumer Reports, with key excerpts below. The credit bureaus sell your data for marketing purposes, but by law they have to allow you to view your credit report and lock it from viewing by others. After that massive Equifax data breach in 2017, and the very recent T-Mobile data breach, it should be clear that there's no better time to take care of your identity than now.
- STEP 1) Free Credit Report
- STEP 2) Free Credit Freeze/Unfreeze
- STEP 3) Opt-out of Pre-approved Offers
- STEP 4) Lock your cell number portability
- STEP 5) Lock your cell number account with two-factor authentication
- See also at TinkerTry
- See also
This article is intended to help provide you with convenient links to lock your identity down, greatly reducing the likelihood of somebody being able to easily steal it.
DISCLAIMER - If you run into issues, please reach out to the problematic bureau directly. Your security is your responsibility. I make no claims of being a security expert, this article is merely a collection of links and resources that I originally pulled together to help my family.
After receiving yet another letter about a potential breach of a family member's data, I set out to renew my family's efforts to lock things down. While the URLs below may change over time, the basic process will likely stay the same for years to come. As an IT worker, also spurring me to write this article was WSJ's recent story about T-Mobile Hacker Who Stole Data on 50 Million Customers: ‘Their Security Is Awful’. At this point, I think most everybody in the US needs to assume they'll be breached, which greatly increases the odds of an identity theft.
For me to take care of these credit reviews and credit freezes with my wife, we spent about two hours in all. Part of that time was spent very carefully keep everything carefully organized in a trust-no-one encrypted password manager, and making sure I could log off and log back into each account without issue. Given it takes less than 5 minutes to actually make the request to unfreeze/thaw each of these 4 bureaus reports, and under an hour for those requests to take effect, I feel it's well worth the minor inconvenience of having to temporarily unfreeze/thaw do this when financing something or asking for credit will outweigh the horrors of a identity theft clean-up. In most cases, the duration of the unfreeze/thaw can be specfied, so I generally won't have to remember to log back in to re-freeze these.
Fraud alerts, credit monitoring, and credit repair are topics that are out of scope for this article. The focus here is on reducing the chance of a breach in the first place, without incurring monthly fees. As a reminder, you should also set a yearly calendar alert now, to remind you to check on your credit report on all 4 bureaus once a year, for free.
This is something you should do annually, and it can be done even if a credit freeze is in place. Be sure to review all of the information, to look for any inaccuracies that could very well affect your ability to receive credit that you apply for in the future.
If you're not able to remember to review your credit reports annually, you may want to instead sign up for a paid credit monitoring service.
Transunion free credit report requests link to the valid https://www.annualcreditreport.com/index.action site for pulling your free credit reports from Equifax, Experian, and Transunion, but I got errors when trying to pull my Experian reports this way. I suspect that was just a temporary issue, but just in case it's not, I've listed all 4 direct links separately.
Whether it's freezing or locking your credit that you choose, it's widely recommended that you do this at all four credit bureaus. Each of the first three have these basic steps in common:
- Create an account using an email address and password
- Create some security questions and answers
- Verify the account using an SMS message
(while this method is far less secure than App based multi-factor authentication, it's all they offer)
- Answer a barrage of financial and personal questions that only you would be likely to know, to help establish your identity
- Now that you're identified and logged in, create a PIN number that only you know and make the freeze or lock request which only takes seconds.
- Once you've created these accounts at each of these bureaus, you'll be getting several emails per week, so go ahead and unsubscribe to avoid most of the clutter in your inbox
The fourth up-and-comer bureau that you should include is Innovis, and they require a request form be filled out, then you get a confirmation email that simply states
Thank you for ordering your Innovis Credit Report. You can expect to receive your credit report in the mail within 7-10 business days.
Once frozen, unfreezing(thawing) will require you to provide your email, password, and lock/unlock PIN, and typically takes under 5 minutes to do, using these same links above.
This topic is related in that it's the credit bureaus that sell your information to allow for those unsolicited credit card and insurance offers. These pose a risk if intercepted in the mail, such as when you change addresses and the new tenant or owner gets some of your old mail. I've seen a family member affected by this sort of theft, and the clean-up wasn't exactly fun or easy.
How about avoiding the sale of your data, along with the wasteful junkmail along with it? This FTC article has all the details on how to go about doing this.
Since SMS is often your second factor in two-factor (MFA) logins for banking for example, you really don't want somebody to take your cell number from you. Locking your cell number's portability lower the chances of unauthorized callers from impersonating you and requesting your number be migrated to another carrier. If you do this lock from these web pages below, you won't need to install the respective carrier's app.
- AT&T -
- T-Mobile -
- Verizon -
This adds an extra layer of protection from somebody logging in to your cell carrier's website.
- AT&T -
- T-Mobile -
- Verizon -
- AT&T -
- T-Mobile -
- Verizon -
A fifth credit bureau called ChexSystems exists, and you might consider doing Report Request and Security Freeze there too. I'm not really sure how much value there is on concerning yourself with smaller bureaus like these.
If you are in the US and are in the iPhone Upgrade Program, each time you go to upgrade your iPhone such as today's iPhone 13 / iPhone 13 Pro / iPhone 13 Pro Max, you'll see an email from "Welcome to Your iPhone Loan" from email@example.com after you request your upgrade. This worked for me just fine today without thawing any of my security freezes, as I had an existing financial connection with this lending institution, and this credit inquiry was approved instantly, with issue, details on the type of credit inquiry (soft or hard) here and here, and by Apple here.
Added cell carrier PIN section above.
- Once I signed up for credit freezes, all the of the major bureaus are sending me a lot of email hoping to up-sell me on paid for offerings. Not all of them can be unsubscribed from. One way to counter this is to create email filters to push such emails into an email folder, such as [this method](https://support.microsoft.com/en-us/office/use-inbox-rules-in-outlook-com-4b094371-a5d7-49bd-8b1b-4e4896a7cc5d#:~:text=To%20quickly%20create%20a%20rule,moved%2C%20and%20then%20select%20OK.) that works with outlook.com email.
- Free credit freezes are here
Sep 21 2018 by Andrew Smith and Gail Hillebrand at FTC
Free credit freezes and year-long fraud alerts are here, starting September 21st, thanks to a new federal law. Here’s what you should know:
Free credit freezes
Security freezes, also known as credit freezes, restrict access to your credit file, making it harder for identity thieves to open new accounts in your name. Starting September 21, 2018, you can freeze and unfreeze your credit file for free. You also can get a free freeze for your children who are under 16. And if you are someone’s guardian, conservator or have a valid power of attorney, you can get a free freeze for that person, too.
How will these freezes work? Contact all three of the nationwide credit reporting agencies – Equifax, Experian, and TransUnion. If you request a freeze online or by phone, the agency must place the freeze within one business day. If you request a lift of the freeze, the agency must lift it within one hour. If you make your request by mail, the agency must place or lift the freeze within three business days after it gets your request. You also can lift the freeze temporarily without a fee.
Don’t confuse freezes with locks. They work in a similar way, but locks may have monthly fees. If you want a free freeze guaranteed by federal law, then opt for a freeze, not a lock.
- Why a Free Credit Freeze Is Better Than a Credit Lock
Even though all freezes are now free, credit bureaus are pushing consumers to lock their credit instead. But be wary.
Sep 21 2018 by Octavio Blanco at Consumer Reports
Credit locks and freezes are similar. They both prevent others from accessing your credit information, eliminating the possibility that a fraudster could open a new credit account in your name...
However, there are some important differences to keep in mind when deciding which tool to use. A credit freeze offers more stringent legal protections, making it the better option for consumers, according to Christina Tetreault, a staff attorney on the financial services team at Consumers Union, the advocacy division of Consumer Reports.
How to Freeze Your Credit for Free
- Security Now! #834 - 08-31-24 - Life hanging by a PIN
Aug 31 2021 by Steve Gibson on Security Now
That PIN was effectively my entire proof of identity. They didn’t need eMail, nor for me to first respond through the previous phone (which I had already decommissioned) and if the phone was claimed to be dead, lost or stolen they still need to be able to move forward. So everything boils down to your account PIN. I simply provided the few digits of my PIN, which they confirmed matched the one they had on file, then I read off long strings of numbers (my new phone’s ICCID and IMEI) and just like that, my new phone was live — with my phone number.
Once a bad guy has taken over your phone number, your actual phone will lose service. That’s
your first clue that life is about to become much more complicated... and not in a good way.