Identity thieves are opportunistic. They tend to exploit simple vulnerabilities in individuals’ personal information security practices, and each critical piece of information or account they garner access to can help them steal more. Signs of fraud can also take weeks or months to reveal themselves.

That’s why it’s so important for anyone who thinks they have been a victim of identity theft to take certain precautionary measures, even if the specific situation that initially aroused suspicion (e.g., an unknown inquiry, account, address or delinquency listed on a credit report) has been dealt with appropriately. Below are the best steps you can take in the wake of an identity theft scare:

  1. Confirm The Removal Of Inaccuracies From Your Credit Reports: The first thing you’ll want to do before focusing on protecting your personal information from future incursions is double-check that all fraudulent and inaccurate listings have been removed from your credit reports. There’s too much at stake not to be sure.You already have your TransUnion credit report from WalletHub, and can order your Experian and Equifax credit reports through the government-sponsored website AnnualCreditReport.com. You’re entitled to a free copy of each of your major credit reports through this site every 12 months.
  2. Change Account PINs and Passwords: Security experts typically recommend changing passwords every few months — using an 8- to 10-character mix of upper and lowercase letters, numbers and symbols for maximum security — but it’s especially important following a case of identity theft.“Of all the things you and I can do [to protect ourselves from identity theft], I would say the single largest is password management,” said Mark Pribish, leader of the identity theft practice at Merchants Information Solutions, Inc., a company that consults on data security and conducts credit and background checks for employers and landlords.
  3. Review Your Mail & Credit Card Statements Carefully: Making sure that you actually receive all of your expected monthly account communications from lenders is a good way to confirm that none of your accounts has been hijacked. Thoroughly reviewing these documents for transactions or references to account changes that you do not recognize is similarly beneficial.Furthermore, taking a bit of extra time to scrutinize the mail you receive every day will reduce the likelihood that you’ll discard a letter from a lender, the IRS, the Social Security Administration or any other organization that may be trying to notify you about a past-due balance or change in account preferences that could signal fraud.
  4. Sign Up For Three-Bureau Credit Monitoring: Enrolling in a service that monitors all three of your major credit reports will give you peace of mind knowing that you will be immediately alerted to any important changes on your files. WalletHub provides free monitoring of your TransUnion credit file, but we won’t know if suspicious activity appears on your Equifax or Experian files. Given that creditors typically perform an inquiry with only one bureau when evaluating an application, guarding only one of these doors to your credit history would mean having to get somewhat lucky to catch a thief.Three-bureau credit monitoring doesn’t have to be permanent, nor does it have to be expensive, but it can be very useful in the months after evidence of potential identity theft arises. For help choosing a provider, check out our detailed breakdown of the most popular credit-monitoring services.
  5. Make Sure To Enroll In Electronic Account Access: One trend that identity-theft experts see emerging is the practice of fraudsters using certain key pieces of information about a person — such as their name, address, date of birth or Social Security number — to take control of online access to a credit card or government benefits account and, in turn, change the address or bank account associated with it in order to steal money and perpetrate more fraud.It’s easiest for a fraudster to pull off this type of scam when you, the real accountholder, have not yet registered your account for online access or established account preferences regarding electronic communications. This is especially prevalent when the victim doesn’t even realize online account access is available, as is the case with many elderly people and the Social Security Administration’s “my Social Security” web-management tools, for example.“Every case of Social Security fraud I’ve investigated in the past year and a half I traced back to the [my Social Security] program as the source — not because it was breached, but because the victim didn’t know about this new account being available and they didn’t take any action so the criminal did,” said Carrie Kreskie, director of the Identity Theft Institute at Hodges University.

    The easiest way to minimize your chances of falling victim to this type of scam is to claim your online account and use a strong password to protect it.

  6. Extend Your Fraud Alerts: Standard fraud alerts only remain in place for 90 days. But if you provide each credit bureau with proof that you are a victim of identity theft (e.g., your FTC affidavit and police report), they can add Extended Fraud Alerts to your files that will remain for seven years. This will serve as a lasting reminder for anyone who views your credit report, especially potential creditors, to watch out for signs of identity theft.

Taking these steps should help make you a much harder target for identity thieves, but it’s important to remain vigilant nonetheless. If your case of identity theft is has not been resolved to your satisfaction, you may want to file a complaint with the Consumer Financial Protection Bureau as well as hire an attorney who specializes in identity theft.