How to Report Identity Theft and Create a Recovery Checklist

Overview

Identity theft recovery is easier to manage when you break it into stages. Your goals are usually simple: stop further damage, preserve evidence, notify the right institutions, correct false information, and monitor for repeat activity. You do not have to solve everything in one day.

A good recovery plan usually follows this order:

1. Secure what is still open: change passwords, sign out of devices, and protect financial accounts.
2. Limit new fraud: place a fraud alert or freeze your credit, depending on the situation.
3. Report identity theft: create a record with the relevant organizations and keep copies.
4. Dispute fraudulent activity: challenge unauthorized charges, accounts, address changes, or applications.
5. Replace compromised documents: cards, IDs, account access, and login credentials.
6. Track follow-up: note deadlines, confirmation numbers, and letters sent.

If you are overwhelmed, start with the items that can lead to immediate loss: bank access, credit cards, email accounts, and mobile phone access. A compromised email account can let a thief reset passwords elsewhere. A compromised phone number can let them intercept verification codes. In many cases, recovering those two access points is as important as contacting your bank.

Before you begin, create a simple recovery file with:

• A list of affected accounts and institutions
• Dates and times of calls or online reports
• Names of representatives, if provided
• Case numbers, dispute IDs, and complaint confirmations
• Copies of letters, screenshots, billing statements, and fraud notices

This record becomes your working checklist and can make later complaint escalation much easier if a company fails to correct the problem.

Checklist by scenario

This section helps you match your next steps to the kind of identity theft you are facing. You may need more than one checklist if the theft affected multiple areas.

If your bank account or debit card was used

Your priority is to stop withdrawals and preserve the transaction trail.

• Contact the bank or credit union immediately through its official channel.
• Report the transactions as unauthorized and ask what documentation is needed.
• Request a new debit card and, if necessary, a new account number.
• Change your online banking password and review linked devices or alerts.
• Check whether your email, phone number, or mailing address was changed on file.
• Review recent transfers, bill-pay activity, external linked accounts, and cardless wallet connections.
• Ask for written confirmation of your report or dispute.

If the problem involves card charges rather than a drained account, you may also want to read How to Dispute Unauthorized Charges and When to File a Complaint Instead.

If your credit card was opened or used fraudulently

Credit-based fraud often requires both account-level disputes and credit report review.

• Call the card issuer using the number from its official website or app.
• Dispute unauthorized charges or report an account you did not open.
• Ask the issuer to block further use and send written confirmation.
• Pull your credit reports and look for other unfamiliar accounts, addresses, or inquiries.
• Place a fraud alert or freeze your credit if new-account fraud is possible.
• Keep copies of statements showing the disputed activity.

If a company is slow to fix billing problems, you may eventually need a consumer complaint or complaint escalation path in addition to the card dispute.

If someone opened new accounts in your name

This is where an identity theft recovery checklist becomes especially useful, because you may be contacting several businesses at once.

• Freeze your credit with the major credit bureaus if you believe your personal information can be used again.
• Place a fraud alert if that is the better fit for your situation or if you need an additional warning layer.
• Review your credit reports line by line for unfamiliar accounts, hard inquiries, addresses, names, employers, or phone numbers.
• Contact each creditor and report the account as fraudulent.
• Ask each company what proof it needs to investigate and remove the account.
• Request written confirmation when the account is closed or flagged as fraud.
• Dispute the account information with the credit bureaus if it appears on your reports.

If a lender, financial company, or credit reporting issue becomes difficult to resolve, you may later consider broader complaint routes such as agency complaints. For comparison help, see BBB vs Attorney General vs FTC: Which Complaint Route Makes Sense for Your Case?.

If your email account or phone number was taken over

Account takeover can spread quickly because it gives the thief access to password resets and verification codes.

• Recover the email account or mobile account first, if possible.
• Change the password to a new, unique one not used elsewhere.
• Review recovery email addresses, phone numbers, forwarding rules, filters, and connected devices.
• Sign out of all sessions where that option exists.
• Change passwords on your banking, shopping, tax, and payment accounts next.
• Turn on multi-factor authentication using a secure method available to you.
• Contact your mobile carrier if you suspect a SIM swap or unauthorized number transfer.

If subscriptions, shopping accounts, or recurring charges were affected, these guides may help with the next layer of cleanup: How to Complain About a Subscription You Can’t Cancel and Refund Denied? A Step-by-Step Escalation Guide for Consumers.

If your Social Security number or personal data was exposed

You may not see immediate fraud, but you should act as though your information could be used later.

• Freeze your credit if there is a realistic risk of new-account fraud.
• Place a fraud alert if appropriate for your situation.
• Monitor your credit reports for new applications, unknown addresses, or unfamiliar accounts.
• Watch mail and email for bills, collections notices, benefits letters, or account approvals you did not request.
• Review tax, employment, and benefits notices carefully for signs that your identity was used elsewhere.
• Keep a dated record of when you learned about the exposure and what steps you took.

If the exposure came from a scam website, fake merchant, or phishing page, you may also need to report a scam website and try to recover your money.

If your driver’s license or government ID was stolen

A stolen ID can be used both for impersonation and to support other fraud attempts.

• Report the theft or loss to the relevant issuing agency according to your local process.
• Ask about replacement options and whether a flag can be added to your record.
• Review recent traffic, rental, banking, or verification activity connected to your identity.
• Watch for mail about citations, benefits, or applications you do not recognize.
• If the theft happened with a stolen wallet, treat payment cards and personal documents as compromised too.

If your mail was redirected or your address was changed without permission

An address change can hide fraud by rerouting statements and notices away from you.

• Check banks, card issuers, lenders, insurance providers, and shopping accounts for recent address changes.
• Restore your correct mailing address on each account.
• Review recent statements for unauthorized activity you may have missed.
• Monitor your credit reports for unfamiliar addresses.
• Keep copies of any notices showing the date the address changed.

If your child’s identity may have been used

Child identity theft is easy to miss because parents may not expect a credit file or account activity.

• Check whether a credit file exists in the child’s name where one should not.
• Look for bills, collection notices, benefit statements, or account mail tied to the child.
• Keep birth certificate, guardianship, and identity documents ready if institutions ask for proof.
• Request corrections and maintain a separate file for the child’s case.

Your universal recovery checklist

No matter the scenario, these steps are broadly useful:

• Document everything in one place.
• Use official websites and phone numbers only.
• Keep screenshots before account data changes.
• Save PDFs or printed copies of disputes and complaints.
• Follow up if promised actions do not happen.
• Escalate when a company ignores clear fraud evidence.

What to double-check

Many identity theft cases drag on because one small issue is missed early. Before you assume the problem is contained, go through this list carefully.

Check for hidden access points

• Recovery email addresses you do not recognize
• Unknown phone numbers on accounts
• Device sessions still logged in
• Email forwarding rules sending copies elsewhere
• Saved payment methods in shopping apps or browser wallets

Check your credit file beyond the obvious account names

• Hard inquiries from lenders you never contacted
• Aliases, misspellings, or alternate names
• Unknown current or previous addresses
• Employers you never worked for
• Collection accounts tied to unfamiliar services

Check account profile changes

• Mailing address updates
• Password reset emails
• New authorized users
• Changed statement delivery preferences
• New linked bank accounts or transfer destinations

Double-check your reporting trail

If you plan to file a complaint, dispute an account, or escalate later, your paperwork matters. Make sure you have:

• The date you discovered the theft
• The date you contacted each company
• Confirmation or case numbers
• Copies of fraud claims and disputes
• Names of departments or agents, when available
• Deadlines the company gave you

This is especially important if you later need to show that you acted promptly or that a company failed to respond. If your case expands into a broader consumer complaint, these records will also support any report to a regulator or state attorney general. For that path, see State Attorney General Complaint Guide: When to File and How to Find Your State Form.

Common mistakes

Most people are not careless when identity theft happens. Still, a few predictable mistakes can slow recovery or create gaps that a thief exploits again.

Waiting for the full picture before acting

You do not need perfect information to secure accounts and freeze credit. If there is credible evidence of misuse, start with containment. You can refine the timeline later.

Using contact information from suspicious messages

If an email or text tells you to “verify” fraud, do not click through casually. Find the company’s official website yourself and use confirmed contact information. Thieves often follow one scam with another.

Changing only one password

If your email was compromised, changing one financial password is not enough. Work outward from the email account, phone account, and password manager, then update critical accounts with unique passwords.

Not reviewing credit reports line by line

People often focus on one obvious fraudulent account and miss a small inquiry, an address change, or a second account opened days later.

Failing to save proof before systems update

Some account details vanish after a company closes a fraudulent account or replaces a card. Take screenshots and download statements before information changes.

Assuming one report fixes every problem

Reporting identity theft creates a record, but it usually does not replace the need to contact banks, card issuers, lenders, mobile carriers, merchants, or credit bureaus directly. Think of reporting as one part of the recovery process, not the whole process.

Ignoring smaller related fraud

Subscription charges, package orders, account profile changes, and shopping account misuse may seem secondary next to a bank loss, but they can reveal how the thief got in or what else was compromised. If packages were involved, see Package Marked Delivered but Not Received: Complaint and Refund Options.

Stopping too soon

Even after refunds are issued or an account is closed, watch for repeat attempts. Identity theft can reappear weeks or months later if the underlying data remains exposed.

When to revisit

This checklist is most useful when you return to it at the right moments. Identity theft recovery is rarely a one-time task. Set reminders and revisit your plan whenever one of these triggers applies.

Revisit within the first week

• Confirm freezes or alerts are in place.
• Check whether companies acknowledged your reports.
• Review accounts again for new fraudulent activity.
• Make sure replacement cards, IDs, or login credentials are active.

Revisit after any new letter, bill, or denial notice

• Add the new item to your timeline.
• Compare it to known fraud events.
• Contact the company named in the notice quickly.
• Escalate if the issue repeats or spreads.

Revisit before seasonal planning cycles

High-activity periods such as travel, tax preparation, moving, back-to-school spending, and holiday shopping are good times to review your protections. If your personal information was previously exposed, those periods can bring more account activity and more opportunities for fraud to go unnoticed.

Revisit when workflows or tools change

If a bank changes its fraud reporting process, a bureau updates its freeze workflow, or you switch phone numbers, email providers, or devices, review your recovery file and make sure your protections still work as expected.

Revisit every time you spot one of these warning signs

• A new hard inquiry you do not recognize
• A password reset you did not request
• A missing statement or change-of-address confirmation
• A denial of credit, service, or benefits you did not apply for
• Collections notices for unknown accounts
• A mobile service interruption suggesting possible number takeover

Use this action plan next

If you need a simple final sequence, use this:

1. Secure email, phone, and financial access.
2. Freeze credit or place a fraud alert based on the risk.
3. Report identity theft through the appropriate official channels and save every confirmation.
4. Dispute each fraudulent account or charge directly with the company involved.
5. Review credit reports and account profiles for hidden changes.
6. Replace compromised cards, IDs, and login credentials.
7. Track follow-up deadlines and escalate ignored cases.
8. Recheck everything after new mail, alerts, or account activity.

If the identity theft began with a fake seller, deceptive checkout page, or scam merchant, pair this checklist with How to Report a Scam Website and Try to Recover Your Money. If the main issue is unauthorized billing rather than full identity misuse, start with How to Dispute Unauthorized Charges and When to File a Complaint Instead.

The main goal is not to complete a perfect set of forms. It is to reduce harm, create a clean paper trail, and make it harder for the same information to be used against you again. Keep this checklist updated with your own dates, account names, and next actions so it remains useful if the case changes later.