Unfamiliar charges, new accounts, and missing mail are common signs that someone is using your details without permission.
Identity theft rarely starts with a dramatic moment. It’s more like a slow leak: a charge you don’t recognize, a password reset you didn’t request, a bill that never arrives. The earlier you spot those clues, the less time a thief has to open accounts, move money, or pile up debt in your name.
You’ll find practical checks you can run in minutes, plus the signals that deserve a same-day response. You’ll also get a simple routine to keep your accounts clean without living on high alert.
How identity theft usually shows up
Most people notice identity theft in one of four places: money, credit, taxes, or online accounts tied to a phone number or email address. A thief may start in one channel, then try another once they get traction.
Money signals that deserve a closer look
Bank and card activity tends to show trouble early. Not every odd charge is theft, but patterns matter.
- Small “test” charges, then larger purchases later.
- Multiple transactions at odd hours or far from where you live.
- New payees, new transfer destinations, or ACH activity you didn’t set up.
- Declines on a card you rarely use, right after you used it once.
Credit signals that point to new-account fraud
Credit fraud can stay quiet until a lender reports a new account, a missed payment, or a hard inquiry.
- Hard inquiries from lenders you never contacted.
- Accounts you don’t recognize: cards, loans, store financing, “buy now pay later” lines.
- Addresses, phone numbers, or employers you never used.
- Collection notices for services you never received.
Mail and account changes that people brush off
Thieves love address changes because it hides the paper trail. Treat missing mail as a clue, not an annoyance.
- Bills or statements that stop arriving without a clear reason.
- Password reset emails or one-time passcodes you didn’t request.
- New devices logged in to an email, banking, or shopping account.
- Two-factor prompts that pop up when you’re not signing in.
Tax and benefits signals that can’t wait
Tax-related identity theft often surfaces when you try to file and get blocked, or when a notice arrives about activity you didn’t start. The IRS notes that victims may receive a letter asking them to verify their identity and return details. IRS guidance on ID theft victim assistance outlines common letters and next steps.
Also watch for benefit or payroll surprises: a pay stub with a new bank account, a notice about unemployment claims you didn’t file, or a denial because “you already have coverage.”
How to Detect Identity Theft With a Simple Weekly Routine
You don’t need a fancy dashboard. You need repeatable checks that catch problems early. Set a weekly block for the steps below, then do a deeper sweep once a month.
Step 1: Scan money activity in two passes
First pass: look for anything you don’t recognize. Second pass: look for anything that feels off, like a charge from a place you don’t visit or a transfer you didn’t schedule.
- Open your primary bank account and sort transactions by date.
- Check pending transactions, not just posted ones.
- Review card wallets (Apple Pay or Google Pay) for cards you didn’t add.
- Confirm your contact details and alert settings are still yours.
Step 2: Pull at least one credit report and read the identity sections
Start with the personal info and inquiry pages. That’s where early red flags often sit. The federally authorized site for free credit reports is AnnualCreditReport.com, which lets you request reports from Equifax, Experian, and TransUnion.
When you open a report, check these areas first:
- Personal information: name variants, addresses, phone numbers, employers.
- Inquiries: hard pulls, with dates and lender names.
- Accounts: opening dates, balances, payment status, and closed accounts that “re-opened.”
Step 3: Watch your email like it’s the master key
If a thief controls your email, they can reset nearly everything. Once a week, check your email account’s security page and confirm:
- Recovery email and phone number are yours.
- Recent sign-ins match your devices and locations.
- Forwarding rules and filters didn’t change.
Step 4: Do a quick address audit
Check the addresses saved in your banking, shopping, and mobile carrier profiles. A thief may add a new shipping address, then wait for a sale day. Also check your credit report address list and dispute unknown entries with the bureau that shows them.
Signals, What they can mean, What to check next
This table groups common red flags by where they show up and the next place to verify. Use it as a triage map: start with the row that matches what you’re seeing, then work outward.
| Signal you notice | What it may point to | Next check |
|---|---|---|
| Small unknown charge, then another one | Card testing before larger fraud | Card settings, recent merchants, wallet-linked devices |
| Hard inquiry from a lender you don’t know | New credit attempt in your name | Credit report accounts section; lender contact info |
| New address appears on a credit file | Application activity or file mixing | Dispute the address; review new accounts and inquiries |
| Statement or bill stops arriving | Mail diversion or account takeover | Account profile addresses; paperless delivery settings |
| Password reset email you didn’t request | Login attempt using leaked credentials | Email sign-in history; change password; sign out of other devices |
| 2FA codes keep arriving | Someone has your password | Reset password; rotate 2FA method; check linked devices |
| Tax return rejected as “already filed” | Tax-related identity theft | IRS account activity; verify notices; follow IRS instructions |
| Collections notice for a service you never used | Account opened, then unpaid | Debt validation request; credit report dispute with bureau |
| Mobile carrier says your SIM changed | SIM swap attempt | Carrier account access; port-out lock or account PIN |
Fast checks that catch account takeovers early
New-account fraud leaves trails on credit reports. Account takeover is quieter. It targets what you already have, then drains value from it.
Banking and payment apps
- Review connected external accounts and remove anything you don’t recognize.
- Check recurring transfers, scheduled bills, and new payees.
- Turn on alerts for new payees, transfers, and logins.
Retail and delivery accounts
Shopping accounts store addresses and saved cards. A thief may place an order, then try to delete the confirmation email.
- Check order history and saved payment methods.
- Review saved addresses and default shipping.
- Search your inbox for “order,” “invoice,” and “shipment.”
Mobile carrier accounts
If your phone suddenly loses service, treat it like an alarm. A SIM swap can let a thief intercept text codes and reset logins. Call your carrier from another line, ask about recent changes, and set a port-out lock or account PIN if your carrier offers it.
When to place a fraud alert or freeze
If you see red flags, you want friction in front of new credit. A fraud alert tells lenders to take extra steps to verify you. A freeze blocks most lenders from pulling your file unless you lift it.
The FTC explains how fraud alerts and freezes work and when to use each one. FTC credit freezes and fraud alerts also notes that you can place an alert by contacting one bureau, which then notifies the other two.
If you’re already dealing with identity theft and want a guided recovery plan, use the federal site IdentityTheft.gov recovery steps. It generates a checklist and letter templates based on what happened.
Document what you see before you start cleanup
Once you begin cleanup, screens and statements can change. Take screenshots or export PDFs of the activity that looks wrong. Write down dates, amounts, merchant names, phone numbers you called, and ticket IDs.
Keep one folder for identity theft items. A simple structure works:
- Credit reports (PDFs) with the date you pulled them.
- Bank statements and transaction screenshots.
- Emails about password resets, login alerts, and shipping notices.
- Notes: who you spoke with, what they said, what they promised, and by when.
Action plan by timeline
Not every clue means your identity is stolen, but you still want a clear plan. This timeline keeps you moving without panic.
| When | What to do | What you get out of it |
|---|---|---|
| Today | Change passwords on email, banking, and your mobile carrier; turn on login and transfer alerts | Stops repeat access and gives early warnings |
| Today | Pull at least one credit report and scan personal info, inquiries, and new accounts | Shows whether new credit activity is underway |
| Within 48 hours | Place a fraud alert or freeze; dispute unknown accounts and addresses with the bureau(s) | Blocks fresh credit attempts and starts the correction trail |
| Within 48 hours | Call banks and card issuers for unauthorized charges; ask for claim numbers | Starts reversal steps and locks down payment access |
| This week | File a report and follow the checklist built for your situation | Creates documentation that creditors and bureaus often request |
| This month | Re-check all three credit reports and confirm disputes updated | Confirms that removed items stay removed |
| Ongoing | Keep weekly scans and review alerts, then rotate passwords if you see fresh attempts | Keeps problems small and short-lived |
Habits that make issues stand out faster
Detection gets easier when your accounts are tidy and your alerts are tuned. A few habits go a long way.
Keep one “money day” each week
Pick the same day and do the weekly routine: bank scan, card scan, one credit report, email security check.
Separate recovery options
Don’t let your recovery email live in the same mailbox you’re protecting. Use a secondary email that you don’t use for shopping or newsletters, and keep its password distinct.
Keep a short list of accounts you actually have
A simple note with your banks, card issuers, lenders, and mobile carrier makes it easier to spot an impostor. When a letter arrives from a company not on your list, it stands out.
Where to start if you think it’s already happening
Start with email and your phone line, then money accounts, then credit reports. That order blocks resets and new logins while you sort out the rest.
References & Sources
- Internal Revenue Service (IRS).“How IRS ID Theft Victim Assistance Works.”Lists verification letters and steps for tax-related identity theft cases.
- AnnualCreditReport.com.“Annual Credit Report.com – Home Page.”Official site to request free credit reports from the three nationwide bureaus.
- Federal Trade Commission (FTC).“Credit Freezes and Fraud Alerts.”Explains what fraud alerts and freezes do and how to place them.
- U.S. Government.“IdentityTheft.gov.”Provides step-by-step recovery checklists and letter templates after identity theft.