緣生術數研究社

以純文字方式查看主題

- 緣生術數研究社 (http://leold.yuensang.com/cgi-bin/leobbs.cgi)
-- 【潮流特區】 (http://leold.yuensang.com/cgi-bin/forums.cgi?forum=26)
--- 電子資訊版 (http://leold.yuensang.com/cgi-bin/forums.cgi?forum=29)
---- [轉貼]竊賊們正在用電子郵件騙取你的密碼和PIN 號，別成為下一個受害者。 (http://leold.yuensang.com/cgi-bin/topic.cgi?forum=29&topic=132)

-- 作者： rainbow
-- 發表時間： 2005/04/10 11:55pm
[這篇文章最後由rainbow在 2005/04/10 11:57pm 第 1 次編輯]

fate0816 的 "809 騙人電話" 讓我聯想起另一騙案.

竊賊們正在用電子郵件騙取你的密碼和PIN 號，別成為下一個受害者。

一個好朋友告訴我說，他幹了件蠢事。他是名律師，應該算高智商人士，所以我猜事情不會太壞。他說：“我收到了一封AOL 的電郵，要求驗證我的密碼，我就回信告訴他們了。”唉，確實弱智。

竊賊們正在用電子郵件騙取你的密碼和PIN 號，別成為下一個受害者。

有些很聰明的人也掉進了這一詐騙陷阱，所以我想應該給大家提出一個警示。我見過兩個針對eBay和Citibank帳號所有者的資訊，有一個 eBay資訊是這樣的：

“我們注意到您最近在三個地方使用過eBay帳號。[ 這是第一號警告] 請在48小時內更新您的個人資料。否則您的帳號將被暫時中止使用。”

除有點語法錯誤外，這一警告看來沒有什麼不恰當的。而更新資料的鏈結頁看起來也同真正的eBay網頁沒什麼兩樣。

Citibank的消息讓我更擔心些，因為以前我的帳號就被停過，那是因為銀行過於小心防範身份竊賊。(那次我用自己的卡付Cooperstown 的旅館住宿費，我從沒有作過這類支付，但那次是給我丈夫的生日禮物。代理人後來告訴我如果下次再計劃外出時，應該先告訴Citibank. 真是笑話。)下面就是那條資訊：

“最近有大量計算機恐怖分子[ 又是一個警告] 襲擊我們的數據庫伺服器。為保護您帳號的安全，我們需要您更新自己Citibank ATM/Debit 卡的PIN.

這次更新是防備詐騙的預防性措施。請注意我們並沒有以任何方式錶示您的資料有泄漏的跡象。

這一過程是強制性的，如果您沒有儘快完成這一過程，則您的帳號可能會被暫時中止使用。

請現在就確認您的Citibank ATM/Debit卡和登錄內容。“

信件中有一個客戶驗證表單鏈結，可以“安全地更新您的Citibank ATM/Debit卡PIN ”，點擊鏈結進入一個非常像Citibank的網頁。當然，此時眼見可不為實。

別上當！

讓我們先看看eBay的Email.我右擊Email 中的“登錄”URL ，選擇“查看源代碼”，發現實際的地址是81.196.189.1，這並非真正eBay登錄頁的地址。透過Network Solutions 的Whois 查詢後(www.networksolutions.com/en_US/whois)，發現這個接收登錄資訊的地址位於阿姆斯特丹。我用同樣方式查看了Citibank的Email ，發現那個IP地址在澳大利亞的米爾頓。

這些騙子們在互聯網上採用地毯式轟炸策略，希望能有一些人中招。他們的目標是竊取你的帳號資訊和PIN ，他們的理由通常很有說服力。最好的辦法就是：任何情況下也不要透過電子郵件的鏈結去更新自己的帳號資訊。更進一步，決不要點擊電子郵件中的任何鏈結，因為那樣可能會秘密調入一個程式，偷竊安全方面的資訊。

在Citibank的網站上提供了一個警告：小心欺詐郵件！其中提供了一些判斷欺詐郵件的線索，如某種警告(您的帳號會被關閉或暫停)，連到騙人網站的鏈結，以及拼寫錯誤(這是為了騙過垃圾郵件過濾器)。蹩腳的語法是另一個提示。如果你有所懷疑，Citibank建議到它的網站上查看是否可以得到郵件中的鏈結，並且銀行明確聲明，決不會發送急迫的或有時間限制的電子郵件，或者要求你提供、更新或確認一些敏感資訊。這樣，下次再有企圖偷取個人資訊的騙子，大家就知道該怎麼辦了。

-- 作者： wingwing
-- 發表時間： 2005/04/11 02:55am
很有用的資訊。謝彩虹。:)

-- 作者： rainbow
-- 發表時間： 2005/04/15 09:16pm
[這篇文章最後由rainbow在 2005/04/15 09:20pm 第 2 次編輯]

Wingwing, you're welcome.
最近的新間, 原來一些零售商收信用卡的機器留下客户的敏感資料. 如果在 Polo Ralph Lauren 商店用滙豐 HSBC 信用卡大有可能收到滙豐信件通知他們的個人資料有可能被偷取了.
看來是𣲙山一角, 零售商不像金融業那麼注重privacy. 此新間公開後, Polo Ralph Lauren 的股票下挫.

-- 作者： wingwing
-- 發表時間： 2005/04/16 00:05am
一般盡量少在不熟悉的小型商鋪飯店之類的地方使用信用卡呢。

-- 作者： nana
-- 發表時間： 2005/04/16 00:11am
[quote][b]下面引用由[u]wingwing[/u]在 [i]2005/04/16 12:05pm[/i] 發表的內容：[/b]
一般盡量少在不熟悉的小型商鋪飯店之類的地方使用信用卡呢。
[/quote]
茶樓也危險, 因為夥計會把信用卡拿走一段時間!

-- 作者： rainbow
-- 發表時間： 2005/04/16 08:38am
[這篇文章最後由rainbow在 2005/04/16 08:40am 第 1 次編輯]

[quote][b]下面引用由[u]wingwing[/u]在 [i]2005/04/16 12:05pm[/i] 發表的內容：[/b]
一般盡量少在不熟悉的小型商鋪飯店之類的地方使用信用卡呢。
[/quote]
Polo Ralph Lauren 不算是小型商鋪呀! 它是上市公司, 賣的衣服標榜美國preppy文化.

我的家人申請了那類信用防備的東西, 每次想開新信用卡或新手機之前, 我或家人要在家(home telephone number) 接聽信用中心打來的電話証明是本人開戶口, 不是偷竊騙子開的.

成功的騙子多數IQ高, 經常要留意有什麼新的騙人新招數 - 求自保.

-- 作者： rainbow
-- 發表時間： 2005/04/16 10:49am
[這篇文章最後由rainbow在 2005/04/16 10:57am 第 2 次編輯]

Too bad. I have the news article but the entire article looks like a mess, no spacing between paragraphs when I copied & pasted to this board. There must be an easier way to post this other than putting <br/> after each paragraph.

-- 作者： rainbow
-- 發表時間： 2005/04/17 08:40pm
<pre> 華爾街日報原文, 另有新聞說 Lexis-Nexis 資訊公司和美國麻省的大學 Tufts University 分別失去部份美國普羅大眾和舊校友的個人資料.

Security Breach Hits Credit Cards
By Robin Sidel and Christopher Conkey
Wall Street Journal , April 14, 2005
HSBC Notifies 180,000 People Who Shopped At Ralph Lauren; Other Banks May Be Affected
British financial giant HSBC PLC is notifying at least 180,000 people who used MasterCard credit cards to make purchases at Polo Ralph Lauren Corp. that criminals may have obtained access to their credit-card information, and that they should replace their cards.
The situation -- which involves a General Motors-branded MasterCard that is one of the most widely held credit cards in the U.S. -- is the latest in a string of high-profile incidents in which personal data were stolen from retailers or financial institutions. Although HSBC and MasterCard declined to discuss when or how the apparent theft occurred, people with knowledge of the matter identified the retailer as Polo Ralph Lauren. A Polo spokeswoman declined to comment.
The incident, which is thought to have taken place more than a month ago, is likely to further highlight the issue among regulators and politicians who are considering new rules to deal with identity theft.
Although HSBC so far appears to be the only financial institution to disclose that it is alerting cardholders of the incident, credit cards issued by other banks also could be vulnerable. Under current rules, however, banks aren't necessarily required to alert their cardholders to the potential fraud.
In a statement, Visa USA Inc. said it was aware of a "data security breach" and is "working with the merchant, law enforcement and the affected member financial institutions to monitor and prevent card-related fraud."
HSBC said it was sending letters to 180,000 holders of cards branded by MasterCard and GM. The British bank manages six million GM-MasterCard branded cards in circulation. GM referred calls to HSBC.
Stephen Cohen, an HSBC spokesman in New York, said the bank is "alerting cardholders as quickly as possible because we take the security of their accounts very seriously." He also said the bank is continuing to evaluate its other cards to determine if they may have been affected.
The HSBC letter, which was sent to cardholders last week, reads in part: "A national retailer's computer system has had a security breach and your credit card account number may be among those that were compromised." It was signed by "GM Cardmember Services" and noted that HSBC issues the card and provides administrative and processing services for it. The letter went on to say that "we are unaware of any fraudulent activity on your account."
A spokeswoman for MasterCard, an association that has thousands of banks as members, said it has "taken the necessary steps to inform all the [credt-card] issuers that could possibly be impacted by the potential database compromise." MasterCard and Visa both said U.S. cardholders are protected from liability for unauthorized transactions.
Identity theft is a growing problem. Typically, criminals use stolen information to then fraudulently obtain credit cards, mortgage loans and auto loans, or simply to charge purchases to existing accounts. The Federal Trade Commission says 10 million people -- nearly 5% of the adult population -- discovered they were victims of identity theft in 2003. Other studies put the cost to consumers, banks and credit-card companies at more than $11 billion a year.
Currently, only two laws mandate consumer notification when a breach occurs. The first is a two-year-old California statute requiring notification whenever electronic personal data are stolen. The second, a federal regulation requiring banks to inform consumers of breaches if it is "reasonably possible" that identity theft will result, took effect last month.
While banks also are required to report breaches that occur in-house or at financial-service providers with whom they do business, HSBC technically wasn't required to notify GM MasterCard holders because the breach in question occurred at a separate retailer, not within the bank or the credit-card company.
More than 20 states are considering legislation similar to the California law, which this year exposed a scandal involving ChoicePoint Inc., an Alpharetta, Ga., company that collects consumer data, and which said thieves had obtained information on about 145,000 people by posing as legitimate customers. This week, LexisNexis said 310,000 Americans, nearly 10 times its original estimate, had their personal and financial data accessed by unauthorized individuals via its computer systems.
Sensitive data also have been compromised at some banks, mutual funds and universities. Last month, DSW Shoe Warehouse reported the theft of credit-card information from a database for 103 of the chain's 175 stores.
Congress seems likely to put data brokers like LexisNexis and ChoicePoint under greater scrutiny this year, but debate is heating up over whether to impose a broader notification requirement on any business or government agency that handles personal information.
At a Senate Judiciary Committee hearing yesterday, one frequent topic of discussion was a bill put forward by Democratic Sen. Dianne Feinstein of California that goes even further than the California law by expanding the definition of a breach to include encrypted data and paper records. Business groups are resigned to some kind of notification standard, but they are pushing hard for something along the lines of the banking regulations, which preserve some latitude for a bank to decide when a breach poses a threat to consumers.
---
--Robin Sidel and Christopher Conkey
Ellen Byron and Teri Agins contributed to this report.
---
Foiling the Thieves
Here are some steps to take if you learn that someone may have gotten access to your personal data:
-- Contact the three major credit bureaus to place a fraud alert on your file.
-- Check the compromised account to look for signs of fraudulent activity (and if you see any, call the company involved for help).
-- Check your credit report frequently after the breach occurs in case thieves manage to open new accounts in your name.

<pre>

-- 作者： rainbow
-- 發表時間： 2005/04/17 08:42pm
[這篇文章最後由rainbow在 2005/04/17 08:47pm 第 3 次編輯]

<pre> 這篇提及 Tufts University 舊校友也受害.

LexisNexis Reveals Further Breaches of Database
By David Pringle and Rachel Zimmerman
Wall Street Journal , April 13, 2005
LexisNexis said 310,000 Americans, nearly 10 times its
original estimate, have had their personal data
accessed by unauthorized individuals via its computer
systems, raising fresh concerns about the
data-collection industry's ability to guard against
hackers amid a surge in identity-theft crimes.
Separately, Tufts University sent a "precautionary"
letter to alumni last week warning them that personal
information may have been stolen from a computer
database used for fund raising. The letter, sent to
about 106,000 graduates and other donors, says Tufts
"detected abnormal activity" on a computer that
included names, addresses, Social Security and
credit-card numbers.
The latest revelations are likely to give new urgency
to the clamor for laws to prevent data brokers from
amassing sensitive personal information without
consent and for better safeguards of other databases.
Recently, data broker ChoicePoint Inc. of Alpharetta,
Ga., said identity thieves had obtained information on
about 145,000 people by posing as legitimate
customers. Sensitive data also have been compromised
at some banks, mutual funds and other universities.
LexisNexis, a legal- and business-information provider
owned by Reed Elsevier PLC of the United Kingdom, said
it has identified 59 security breaches over two years
-- a rate of about one every two weeks -- making the
problem far more pervasive than it had previously
realized. The accessed information included Social
Security, driver's license numbers and other personal
information.
U.S. law-enforcement agencies are investigating the
breach, and Reed said it is offering fraud insurance
and other services such as credit checks, free of
charge, to individuals whose data were accessed by
unauthorized people. Reed's latest announcement comes
five weeks after its initial disclosure that breaches
had affected about 30,000 people.
Once individual information has been purloined, it can
be used by identity thieves to fraudulently obtain
credit cards, mortgage loans and car loans, among
other things. The Federal Trade Commission estimates
27.3 million Americans were affected by identity theft
in the five years through 2003, with the pace of theft
quickening toward the end of that period.
Data brokers, which collect and sell personal
information, represent a new and still largely
unregulated industry -- but virtually every state is
considering some kind of privacy legislation. In at
least 20 states, the law would require companies to
notify individuals when their personal information is
compromised, according to the Electronic Privacy
Information Center, a public-interest research group
in Washington, D.C. Congress is also considering a
federal notification standard, based on a California
law that exposed the ChoicePoint breach.
The Senate Judiciary Committee plans to hold a hearing
today on the recent wave of data breaches and on the
proposed legislation.
Laws governing the collection and movement of personal
data are much stricter in Europe and the region hasn't
had the spate of security breaches experienced in the
U.S.
Data brokers such as LexisNexis promote their
"risk-management" services to banks, insurance
companies, law-enforcement agencies and other
legitimate organizations that need to guard against
financial fraud. Banks, for instance, buy the data so
they can run checks when deciding whether to approve a
mortgage application. Reed executives say the
data-brokering business is an important tool in
preventing fraud.
LexisNexis said it began investigating thousands of
customers' accounts last month, after announcing that
information on 30,000 people held by its Seisint
data-brokering division may have been accessed by
criminals. Yesterday Reed said that it had uncovered
dozens of Seisint security breaches that predated its
acquisition of the company late last year, as well as
a handful of incidents in other parts of LexisNexis.
Kurt Sanford, head of U.S. corporate and federal
markets for LexisNexis, said the company didn't have
any idea of the extent of the problem before the
investigation.
The security breaches typically took one of three
forms, Mr. Sanford said, all related to
misappropriation of passwords. In some cases, an
unauthorized individual was able to access LexisNexis
databases after figuring out a legitimate customer's
too-obvious password. In others, a former employee of
a legitimate customer was able to continue accessing
the LexisNexis databases because the customer didn't
change the account details after the employee left. In
still others, criminals obtained an account
administrator's identification details, allowing them
to create unauthorized accounts.
LexisNexis executives say they are now monitoring
customers' usage patterns closely to spot any
irregular activity. They say they are also trying to
force customers to beef up their security by reviewing
passwords monthly and requiring authorizations from
two managers for each new account.
LexisNexis said that so far none of the 30,000 people
notified of a breach in December and January have come
back to report instances of identity theft. Privacy
advocates, however, say criminals don't always
immediately use data they obtain, preferring sometimes
to sell them on the Internet. Or, they say, a criminal
may open a credit card in an individual's name, but
use a different address, so the individual doesn't see
the credit-card statements and isn't aware of the
fraud.
Reed's LexisNexis unit pushed deeply into data
brokering when it purchased Seisint Inc. of Boca
Raton, Fla., for $775 million late last year. Seisint
was known for having some of the top software for
searching databases. It also sold data searches for as
little as 25 cents apiece.
Reed said the financial cost of the breaches will be
manageable and didn't change its earnings forecasts.
At Tufts, Betsey Jay, director of advancement
communications and donor relations, said there is "no
evidence that any data is being misused." Still, the
letter urged alumni to contact their banks and check
credit reports for any signs of unauthorized activity.
Ms. Jay said analysts detected "unusual activity,"
during routine checks on a server used for telephone
fund raising that is owned by Tufts but managed by an
outside vendor. The suspicious activity --
specifically, large amounts of data moving through the
machine -- occurred Oct. 31 and Dec. 19, she said. One
theory was that someone was using the computer as a
distribution point for movies and other entertainment
media, Ms. Jay said. At the time, Tufts decided there
wasn't enough evidence to notify alumni about the
unusual activity. But, she said, after recent
revelations about security breaches at financial and
educational institutions, Tufts decided to alert its
donors. She said there is no evidence that the
break-in was carried out by students, faculty members
or employees.
---
--David Pringle and Rachel Zimmerman
Christopher Conkey contributed to this article.
</pre>

-- 作者： rainbow
-- 發表時間： 2005/05/20 08:10pm
[Hidden Post: Rating 0]

（您沒有權限看這篇文章，您的威望至少需要 0）

-- 作者： rainbow
-- 發表時間： 2005/06/07 09:28pm
Citigroup, Time Warner, Polo Ralph Lauren, Bank of America, Wachovia Bank, AmeriTrade, Tuft University, Lexis-Nexis 丟失客戶資訊.
:em03: 哇, 我不知道是否美國公司是更誠實承認錯失, 或只是太粗心的. 一系列丟失客戶資訊的新聞使人失去信心.

花旗丟失390萬客戶資訊
包括社會安全號碼及付款紀錄尚未發現所失資訊遭盜用
2005-06-07
世界新聞網
【本報綜合六日電訊報導】有關企業丟失消費者個人資訊的案例6日再添一樁，而且是著名的花旗集團（Citigroup）麾下的消費金融部門。所幸該公司表示，目前並沒有發現其丟失的資訊被不當使用。
花旗金融公司（Citi Financial）6日說，該公司已經開始給大約390萬在美國的客戶寄出通知，通報有關丟失資訊情況。該公司表示，丟失的資訊包括客戶的社會安全號碼與付款紀錄等。
這家總部設在紐約的金融業者稱，這些資訊原本包含在電腦磁帶當中，但在運輸業者優比速（UPS）運送給一家信用局的過程中丟失。總部設在亞特蘭大的優比速發言人布萊克（Norman Black）證實有關電腦磁帶失蹤的消息。
花旗表示，失蹤的數據包括花旗金融分行各現在與已關閉的帳戶資訊，但不包括花旗金融汽車（CitiFinancial Auto），花旗金融房屋貸款（CitiFinancial Mortgage）與其他部門的資訊。
該公司發表的聲明說，他們「沒有理由認為這些資訊已被不當使用，而且也沒有收到有關資訊未經授權被使用的報告。」花旗金融說，這些資訊5月2日送出公司後，於20日發現丟失。
花旗丟失客戶資訊為最近一系列消費者資訊被丟失或者被擊破的最新案例。上個月全美最大的媒體業者時代華納公司（Time Warner）也表示，包括有該公司60萬客戶資訊的電腦備份磁帶也被一家外部的數據儲存公司丟失。時代華納公司丟失的數據包括自從1986年以來現職與離職員工、他們的一些家人與受益人等的資訊，但不包括該公司客戶的個人資訊。
此外同樣也是在5月份，華克維（Wachovia）與美國商業銀行（Bank of America）大約10萬以上的客戶資訊可能被其員工盜竊之後出售給其他機構。而此前一月，從事網路股票交易的美國交易公司（Ameritrade Holding）也表示，儲存有該公司大約20萬客戶個人資訊的電腦備份磁帶也被丟失。

-- 作者： rainbow
-- 發表時間： 2005/06/18 02:37pm
[Hidden Post: Rating 0]

（您沒有權限看這篇文章，您的威望至少需要 0）

-- 作者： rainbow
-- 發表時間： 2005/06/18 02:42pm
[Hidden Post: Rating 0]

（您沒有權限看這篇文章，您的威望至少需要 0）

-- 作者： vegi
-- 發表時間： 2005/07/22 06:49pm
原來查看URL可以看出端倪，感謝rainbow不厭其煩講得那麼仔細。

-- 作者： rainbow
-- 發表時間： 2005/10/26 00:44pm
<pre>我的家人啟動那種「詐欺警訊」。儘管每次開新的信用卡或新的手機不方便，必須呆在家裡收接電話, 需要確實是我們想開新的信用卡或新的手機。但是它阻止竊賊, 身份盜用, 開新的信用卡

CITIBANK籲各界關心個人身份盜用危機
重視日常生活細節以維護財產及信用安全
2005-10-26
世界新聞網
【紐約訊】CITIBANK發言人稱，近年來身份盜用案件日見猖獗，所謂身份盜用，就是指有人盜取了您的重要個人身份資料，並以此資料進行竊盜或詐騙。個人身份資料的定義包括您的姓名、住址、社會安全號碼、出生日期以及母親婚前的姓氏。許多身份盜賊做案的手法是用偷來的身份，以受害人的名義申請信用卡、借錢或是申請房屋貸款。雖說我們沒有辦法杜絕所有可能的身份盜用手法，但您可以採取一些措施來保護自己的財產安全。
下列步驟能夠幫助您降低身份遭盜用的風險，並且保護您的身份資料安全：
一，[b][color=red]保護您的信箱[/b][/color]：您的信件其實是身份竊賊最容易下手的目標，在送信後儘快拿走裡面的郵件。若要寄信應親自把信件投遞到附近的郵桶或是拿去郵局，以降低身份遭竊的風險。
二，[b][color=red]保護您的錢包[/b][/color]：身份竊賊也喜歡向受害人的錢包下手。您可以把記載有個人身份資料的物品收藏在家裡安全的地方，不要隨身攜帶。例如，不要把社會安全卡放在錢包或是皮夾，記住您的社會安全卡號，而不要把它寫下來隨身攜帶。身份竊賊也能從舊的收據上找出身份資料，所以不要把收據遺留在銀行提款機、銀行櫃檯或是加油站。其實，最保險的做法就是當您不再需要這些收據時，將其徹底摧毀。
三，[b][color=red]保護您的信用卡以及金融提款卡[/b][/color]：保護信用卡安全有幾個重要措施。首先，接到新信用卡時，馬上簽名。任何情況下都千萬不要把信用卡借給別人。如果您改地址或是電話號碼，請立刻通知銀行或是信用卡公司。如果您的信用卡遺失或是遭竊，也請立刻通知銀行或是信用卡公司。千萬不要把您的卡號寫在信封外面可以看見的地方。
但即使您處處留神小心，身份盜用還是有可能發生。如果您懷疑自己的身份遭到盜用以進行竊盜或詐騙，請立刻行動採取因應措施，並且保留您所有的對話以及通信紀錄。需要採取的因應措施將因個別情況以及您的身份如何遭到盜用而異，但下列四項基本行動幾乎適用於每一種身份盜用情況。
[b][color=red]第一步：聯絡主要信用紀錄機構的詐欺調查部門，通知他們您的身份遭到盜用，要求在您的檔案上加置「詐欺警訊」，並且給他們一份受害人聲明，要求所有的信用卡公司在發出任何新卡之前，或是更改現有帳戶資料時，必須打電話與您確認。這樣做可以防止竊賊以您的名義申請更多信用卡。 [/b][/color]
同時，向信用紀錄機構索取自己的信用報告。如果您聲明您的信用紀錄因身份遭到盜用而有誤，並且以書信索取信用紀錄，信用紀錄機構必須提供您一份免費報告。仔細檢查這份報告，並且確認您的名下沒有不法申請的信用卡，也沒有不是您本人進行的信用卡購物紀錄。詳細檢查信用報告的「查詢事項」部份，如果「查詢事項」底下紀錄了不法開立帳戶的信用卡公司對您進行的查詢，要求把這些「查詢事項」從您的紀錄當中刪除。這些步驟做完之後，應該在幾個月後重新申請一份信用報告，以確認所有的更正，也確認沒有新的詐騙交易事項。有些機構在提供信用報告時，會收取一點基本費用。
[b]第二步：聯絡債權方[/b]，包括信用卡公司、電話公司、其他公用事業、銀行或是其他貸款機構。先以電話聯絡每一債權方的安全部門，或是詐欺保護部門，之後再致函通知債權方。最重要的是致函聯絡信用卡公司，因為法律明訂要求受害人必須採取這個步驟，才能受到消費者權益相關法案的保護，合法清除信用卡帳單上的錯誤資料。如果帳戶遭到盜用，立即關閉該帳戶，並且申請新的帳戶，使用新的個人辨認號碼 (PIN) 以及密碼。請不要使用他人能夠容易取得的資料設定密碼，例如母親婚前的姓氏、出生日期、社會安全號碼的最後四碼、電話號碼或是連續號碼。
[b]第三步：向警察局報案，請務必向當地警察局，或是身份竊盜案發生的地區警察局報案[/b]。即使警察沒有辦法逮到竊賊，在警察局留下紀錄能夠幫助您與債權方溝通。索取警察局報案紀錄副本，以便在銀行、信用卡公司、或是其他債權方聯絡您時，作為受害的證明。
[b]第四步：向聯絡聯邦貿易委員會（Federal Trade Commission, FTC）申訴，該機構受理有關身份盜用的申訴[/b]。即使 FTC 沒有將歹徒繩之以法的權限，還是能夠幫助提供身份遭竊的受害人解決財務問題以及其他問題的各項資訊。FTC 並且能把受害人的申訴轉交給負責該事項的政府機構以及民間機構，以便採取下一步行動。您可以撥打免付費的 FTC 身份盜用熱線：1-877-IDTHEFT (438-4338)，聽力障礙專線 1-866-653-4261；也可以致函身份盜用清查中心，地址： Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue NW, Wash-ington, DC 20580；也可以上網到www.consumer.gov/idtheft。
</pre>