State of Minnesota
More about
Attorney General
Lori Swanson

Minnesota Attorney General's Office

1400 Bremer Tower
445 Minnesota Street
St. Paul, MN 55101

(651) 296-3353
(800) 657-3787

M - F 8 am - 5 pm

TTY:(651) 297-7206
TTY:(800) 366-4812

Guarding Your Privacy

Chapter 2: A Look at Identity Thieves and How to Lessen Your Risk of Being a Victim

How Identity Thieves Operate

An identity thief doesn't need your signature, fingerprints, photo, personal identification numbers, mother's maiden name, or even the expiration date on your credit card. In this electronic era, your “identity” begins and ends with your social security number. A more recent trend is for identity thieves to gain access to personal information by breaching the security systems of financial institutions and information database warehouse companies.

Diverting Your Mail

Once an identity thief has your social security number, name and address the thief can divert your mail to a post office box or another address. By filing a temporary change-of-address form with the post office, an identity thief can re-route your mail to his or her mail drop for up to 30 days. No identification at all is required to do this. Your mail resumes at your address before you catch on. If your mail contains one of the 2.7 billion pre-approved credit card solicitations sent out each year in the United States, the thief can steal your identity and create a new one.

Pedigree Information Completes the Scam

With your social security number and name, an identity thief can begin to open fraudulent accounts in your name. Seasoned crooks often go a step further and collect additional information about you in an attempt to fool prospective lenders into thinking the thief is you. This pedigree information includes your employer, bank account information, mother’s maiden name, previous addresses, and date of birth, place of birth and even occupation and salary. Pedigree information is important to the thief because lenders sometimes use it to verify identity over the telephone. With this pedigree information a thief can easily obtain a copy of your birth certificate, your Social Security Statement and even a new driver’s license. With this information it is also much easier for a person to open fraudulent accounts, apply for loans and use you social security number for employment.

Reducing Access to Your Information

You may not be able to completely inoculate yourself from having your identity stolen, but limiting access to your information can reduce the risk. Follow these suggested steps to better protect your private data.

Remove Your Name from Marketing Lists

You may remove your name, or “opt-out,” from marketing or promotional lists maintained by credit bureaus, direct marketers, and other organizations with which you have a relationship.

Credit Bureaus. The credit bureaus offer a toll-free number to “opt-out” of having pre-approved credit offers sent to you for two years. When credit offers are thrown in the trash, they are a potential target for thieves. Call 1-888-5-OPTOUT (1-888-567-8688) or log on to for more information.

You can also notify the three major credit bureaus that you do not want personal information about you shared for promotional purposes. Write your own letter, or use the sample letter at the back of this publication, to limit the amount of information credit bureaus will share about you. Send your letter to the following addresses:

PO Box 105851
Atlanta, GA 30348-5851

PO Box 2104
Allen, TX 75013-9595

PO Box 1000
Chester, PA 19022

Direct Marketers. The Direct Marketing Association (DMA) is a trade association of catalogers, financial services firms, publishers, book and music clubs, online service companies, and others involved in direct and database marketing. To be deleted from the DMA members’ direct mail, telemarketing and email lists (other companies may continue to contact you) for up to five years, write your own request, or use the sample letter at the back of this publication, to the following addresses:

Direct-Mail Marketing
Mail Preference Service
Direct Marketing Association
PO Box 643
Carmel, NY 10512

Telephone Preference Service
Direct Marketing Association
PO Box 1559
Carmel, NY 10512


Federal law forbids a telemarketer to call you once you have asked to be put on that telemarketer’s “do-not-call” list. A telemarketer who ignores your request can be held for up $500 in damages per call and $1500 per willful violation. Thus, if you do not want to be called in the future, you should tell the telemarketer that you want to be placed on that telemarketer’s “do-not-call” list, and that you know you are entitled under federal law to $500 per call after your request.

You should also take an inventory of banks, charities, and other organizations with which you do business. Write to these organizations telling them not to sell or give out your name. You may use the form letter prepared by this Office on page 25. If you think your name has been sold, send a letter to the company or organization and complain. Ask for the list of businesses or charities that bought your name and information. Then, write to these organizations and ask them to put you on their “do-not-mail” and “do-not-sell” lists.

The National “Do-Not-Call” Registry

In 2003, the Federal Trade Commission (FTC) began registering consumers on a national “do not call” list. You may register up to three phone numbers (including your cell phone number) by visiting or calling 1-888-382-1222. Your phone number will remain on the registry for five years from the date you register. As of January 1, 2005, telemarketers covered by the National Do Not Call registry will have up to thirty-one (31) days from the date you register to stop calling you.

Some calls are exempt from the Do Not Call law. Examples of exempt calls include:

  1. calls from - or on behalf of - political organizations, charities, and telephone surveyors.
  2. calls from companies with which you have an existing business relationship.
  3. calls from companies you’ve given permission to call.

If your number is already registered on the National Do Not Call Registry, then you do not need to re-register with the state list. When you place your name on the national list, you will be automatically entered on the state list.

Don’t Be an Easy Target

When you pay bills, don’t leave the envelopes containing your checks at your home mailbox for the postal carrier to collect. If stolen, your checks can provide valuable information to the thief or be altered and cashed. Your credit card payments, if acquired by a thief, contain all the information needed to steal your identity. Also, consider installing a locked mailbox at your residence to reduce the possibility of mail theft.

When you order new checks from your financial institution remove extraneous information such as your middle name, phone number, Social Security number or driver’s license number. The fewer pieces of identifying information you have on your checks the better.

When creating passwords and personal identification numbers (PINs), do not use any combination of numbers that could be easily detected by thieves. Don’t use the last four digits of your Social Security number, your birth date, middle name, mother’s maiden name, address or consecutive numbers.

Don’t toss credit card convenience checks or pre-approved credit offers in your trash or recycling bin before first tearing them into small pieces or shredding them. The solicitations can be used by “dumpster divers” to cash the checks or order credit cards in your name. Do the same with other sensitive information like credit receipts, bank statements and important bills you do not retain for your records.

Store your canceled checks in a secure place. In the wrong hands checks could reveal a lot of information about you, including your account number, telephone number, and driver’s license number. Never permit your credit card number to be written on your checks by a merchant. (It is illegal in Minnesota for any merchant to write your credit card number on your check when you are completing a purchase.)

Carefully review your credit card statements and phone bills for unauthorized charges or fraudulent use. Scrutinize your local, long distance and cellular bills each month and report any unauthorized use to your service provider. You may contact your local telephone company to verify your long distance carrier and request a “freeze” on your account so it cannot be changed without your specific authorization

Be Smart with Credit Cards

Check for fraudulent use of your credit accounts. The most important step to safeguarding your identity is to monitor your credit card statements and credit report.

Once a year, order a copy of your credit report from the three largest credit bureaus. Reduce the number of credit cards you actively use. Carry only one or two credit cards in your wallet or purse and cancel all others. Unused cards should be canceled because, even though you don’t use them, the numbers are recorded on your credit report and can be used by identity thieves.
Don’t give out your credit card number or other personal information over the phone unless you know with whom you’re doing business. Even then, before revealing any personal information, find out how it will be used or shared with others.

Always take credit card and ATM receipts with you when you make a purchase or withdrawal. Monitor your mail when you are expecting a new credit card that you have applied for or a reissued credit card that has expired. Contact the issuer right away if the card does not arrive on the date expected.

Shop Smartly Online

The Internet puts vast information at your fingertips. With a click of a mouse, it lets you buy an airline ticket, buy a book, book a hotel, send flowers to a friend, or purchase stock – often at any time of the day or night. Before you shop, though, consider the following safety tips

Use a Secure Browser. A browser is software you use to navigate the Internet. Your browser should comply with industry security standards. These standards encrypt or scramble the purchase information you send over the Internet, ensuring the security of your transaction. Most computers come with a browser installed, though you may also download some browsers for free.

Shop with companies you know. Anyone can set up shop online under almost any name. If you’re not familiar with a merchant, ask for a paper catalog or brochure to get a better idea of their merchandise and services. Determine the company’s refund and return policies before you place an order.

Check the company’s online privacy policy. Many companies with privacy practices post a “privacy policy” on their web site. The privacy policy should disclose what information is being collected on the website, as well as how that information is being used. Before you provide any merchant with personal information, read its privacy policy. If you can’t find a policy, send an email or written message to the merchant’s site to get one.

Make sure you’re at the correct website. Online merchants may have links to other webpages selling the same product. For instance, you might go to an online bookstore to shop for a particular book and, in the course of your shopping, click on a link to “learn more about the author.” The link might take you to the author’s homepage where you can also order the book. You might inadvertently buy the book from the author rather than from the original bookstore, and then be bound by privacy and return policies you haven’t read. Before you order a product online, be sure to check the URL (the address at the top of the page) to ensure that you are on the correct website.

Disclose only necessary personal information. Don’t disclose personal information such as your name, address, telephone number, email address or social security number until you know who is collecting the information, why they are collecting it and how they will use it. If disclosure of personal information is necessary (e.g. to deliver a product you buy), then disclose only the amount of personal information that is required to complete the transaction. If you have children, teach them to check with you before giving out personal or family information online.

Pay by credit or charge card. If you pay by credit or charge card online, some companies let you pay bills and check your account status online. Before you sign up for any service, evaluate how the company is securing your financial and personal information. Many companies explain their security procedures on their website, often in their “privacy policy.” If you don’t see a security description, call or email the company and ask.

Keep a record. Be sure to print a copy of your purchase order and confirmation number for your records. Since the Federal Mail or Telephone Order Merchandise Rule covers orders made via the Internet, your merchandise must be delivered to you within 30 days. If there are delays, the company must notify you.

Opt-out of information sharing. Many companies now give you a choice on their website, often as part of their “privacy policy,” as to whether and how your personal information is used. These companies allow you to decline – or to “opt-out” of – having personal information such as your email address used or shared with other companies. Exercise this option to reduce access to your personal information.

Keep your passwords private. Be creative when you establish a password, and never give it to anyone. Avoid using a telephone number, birth date, or a portion of your social security number. Instead use a combination of numbers, letters and symbols.

The harm to victims of identity theft can be significant and long lasting. The perpetrators of these crimes severely damage your good name and your credit rating. It’s up to you to clean up the mess. Until you do, you may be denied loans, a mortgage, security clearances, promotions, and employment.

Act quickly and assertively to minimize the damage. When you deal with the authorities and financial institutions, keep a detailed log of all conversations, including dates, names, and phone numbers. Note the time spent and any expenses incurred. Confirm conversations in writing. Send all correspondence by certified mail (return receipt requested) and maintain copies of all letters and documents.

Next Page-Chapter 3: What to do if Your a Victim