5 steps to take when your personal information becomes compromised

These days, most of us know a thing or two about avoiding scams. We scoff at emails from foreign princes soliciting Western Union money transfers — if the messages even make it through our spam filters, of course — and even our phones can detect if an incoming call from an unknown number is likely spam, telemarketing or a scam call.

Yet scams and schemes have also become more sophisticated — and they’re on the rise. A few years ago, it took me several minutes to realize the Chinese-speaking caller on the other end wasn’t actually calling from FedEx with a package from my mother in Taiwan. And when I Google “pay car registration online,” the first few links don’t go to my county tax office website; they all go to third-party agencies eager to “help” me pay my dues for a generous fee.

If you’ve fallen prey to a scam lately, don’t be embarrassed: You’re not alone.

“Identity theft is not one of those things that ‘happens to someone else,'” Michael Bruemmer, Experian’s VP of consumer protection, told TPG.

The Federal Trade Commission received more than 2.6 million scam reports in 2023 alone. According to the FTC, imposter scams are at the top of the fraud report list, accounting for more than $2.7 billion stolen from consumers.

One scheme targeting travelers, in particular, is the Global Entry enrollment scam. The Better Business Bureau reported the agency’s ScamTracker website had received multiple accounts of “misleading websites that fool people into handing over money and sensitive personal information.”

Related: There’s a new way to skip the wait for your Global Entry interview

How the Global Entry scam works

You search for the Global Entry application online, according to the BBB, and the official U.S. Customs and Border Protection website appears — as does another website that’s built specifically to imitate the official page.

If you follow that imposter link, you’re brought to a third-party company that offers to complete all the requisite paperwork on your behalf — just provide your personal information, such as your full name, passport number and home address. You’ll be prompted to pay the standard $120 government fee, plus an additional fee for the service.

Daily Newsletter

Reward your inbox with the TPG Daily newsletter

Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

What’s just happened? According to the BBB, “scammers have tricked you into paying extra money to complete the form on the official government website. Also, they now have access to your personal information and credit card details.”

Curious, I tested this Google search for myself. Here are my results for “renew Global Entry“:

GOOGLE

You’ll see that the Google search box shows me a preview of the steps I need to take, straight from the official CBP website. The very first link at the top, however, goes to an ad for a third-party site with all the right buzzwords.

In incognito mode, which doesn’t take into account the hundreds of travel sites I search every day, the official CPB page under “Global Entry enroll” appears even lower down the page beneath two ads with very legitimate-sounding URLs:

GOOGLE

But none of these companies are CBP-approved.

CBoarding Group did a bit of sleuthing and discovered that the listed address for one of these so-called “expediting agencies” actually went to a shady-looking warehouse in Houston, according to Google Maps.

“There is only one Trusted Traveler Programs website,” a CBP spokesperson told TPG. “Third-party companies that charge fees to process Trusted Traveler Program applications are not endorsed by, associated with or affiliated in any way with U.S. Customs and Border Protection or the U.S. government.”

Related: Simple steps to avoid credit card fraud

What to do if you’ve been scammed

A reader reached out to TPG for guidance after falling prey to one such site, wondering what next steps they should take to avoid having their personal and financial information further compromised.

“How bad is this, really?” the reader asked, explaining how they’d applied for Global Entry through a third-party site.

THE POINTS GUY

Unfortunately, it’s always bad news when your credit card details, home address and personal information such as full name, date of birth, driver’s license number and passport information have all been compromised.

“You have just opened up the gateway to becoming a victim of identity crime,” said Eva Velasquez, president and CEO of Identity Theft Resource Center, who suggests people such as this TPG reader act quickly if they accidentally give out personal information on a suspicious website.

Even if nothing happens to your data immediately, it’s no fun finding out the hard way that unscrupulous strangers have so much access to your private information. “A passport in the wrong hands could lead to various forms of fraud,” security awareness expert and Safr.Me CEO Robert Siciliano told TPG.

And just because data breaches are widely prevalent doesn’t mean the risks are mitigated in any way. “Recovering from identity theft can be a long and frustrating struggle,” said Michael Bruemmer, Experian’s VP of consumer protection. “Many people think it can only happen once, or that risks fluctuate. To the contrary, identity theft often carries with it lifelong consequences.”

The good news? A few simple safety steps can reduce the risk of identity theft and help current victims monitor for possible fraud. Victims can do damage control by reporting financial and identification documents stolen, keeping a close eye on physical security at their homes and subscribing to online data reports.

Security experts suggest taking certain following steps when your personal information is compromised.

Report your credit card as stolen

Block any subsequent transactions and request a new card with different numbers. (If you have a credit card with a “pause” button, this is a good time to use that feature.)

Lock down your credit file

Secure your credit file with all three major consumer credit bureaus until your card has been reissued. (Note that a credit lock is not the same thing as a credit freeze, which takes longer to lift than a temporary lock.)

Sign up for online notifications

Subscribe to text or email alerts so you’re warned each time your credit card is used for a transaction. Monitor your credit reports for suspicious activity, and immediately report anything out of the ordinary. And if your home address has been compromised, a good security system will help give you peace of mind, especially if you go with a system that syncs with your phone or sends digital alerts.

Monitor your email

If your email address was compromised, stay alert for various forms of phishing emails, and avoid clicking any suspicious links.

Report the scam

After you’ve taken steps to secure and monitor your personal and financial information, report the fraudulent company to the BBB ScamTracker website and to the FTC’s dedicated identity theft website.

Related: What’s the difference between credit card fraud and identity theft?

Bottom line

If you feel uncertain about managing the process yourself, you can call on the experts for help. Advisers at the Identity Theft Resource Center offer free guidance over the phone, Velasquez said, “including who you need to call [and] what you need to say. [They] will help you create an action plan that is best for you.”

Ultimately, the best protection against future scams is a strong, proactive approach.

“Consumers should be aware of the true risk, especially as the risk increases, and do what they can to reduce their vulnerability,” Bruemmer told TPG. “Taking steps to safeguard personal, sensitive information can protect against identity theft and keeping an eye on one’s financial accounts can mitigate or even stop fraud.”

The one thing you don’t want to do, according to Bruemmer? Get overwhelmed and pretend nothing has happened. “Doing nothing only makes it easier for thieves to claim even more victims.”

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *