AI voice-cloning scams: how to protect your family with a safe word
A plain-English guide to AI voice-cloning scams, how family emergency calls get faked, and the one shared safe-word rule that stops many panic-driven losses.
Read articlePersonal Security
Identity theft protection: what to do in the first 24 hours
A plain-English first-day response guide for suspected identity theft, covering the federal recovery steps that matter most before more accounts, credit lines, or claims appear in your name.
Individuals
If you think someone stole your identity, the first 24 hours are about three things: stop any account you already know is being abused, make it harder for someone to open new credit in your name, and create an official recovery record through the federal process.
The federal playbook is straightforward. IdentityTheft.gov says to call the companies where fraud happened, place a free one-year fraud alert, get your credit reports, and file your identity theft report with the FTC. If you move quickly, you improve the odds of containing the damage before the cleanup turns into a longer project.
Sources: IdentityTheft.gov recovery steps, FTC identity theft guidance, FTC fraud alerts and credit freezes
The first-24-hours checklist
If you want the shortest version, do this in order:
- Call the companies where you already know fraud happened.
- Ask them to close or freeze the affected accounts.
- Change logins, passwords, and PINs tied to those accounts.
- Place a free one-year fraud alert with one credit bureau.
- Pull and review your credit reports from all three bureaus.
- File your report at IdentityTheft.gov.
- If money moved, contact the payment provider or bank immediately.
That sequence follows the federal recovery workflow. It is not everything you may ever need to do. It is the right first day.
Step 1: call the companies where fraud already happened
IdentityTheft.gov puts this first for a reason.
If you already know a bank account, credit card, shopping account, phone account, or utility account was used without your permission, call the fraud department for that company first. Tell them someone stole your identity. Ask them to close or freeze the account so no one can add new charges unless you approve them.
IdentityTheft.gov also says to change the logins, passwords, and PINs for those affected accounts.
Source: IdentityTheft.gov recovery steps
This is the point where a lot of people waste time hunting for every possible downstream problem before they close the one that is already active. Do not do that. Shut the open doors first.
Step 2: place a fraud alert fast
IdentityTheft.gov says to place a free one-year fraud alert by contacting one of the three credit bureaus. That bureau must tell the other two.
A fraud alert does not lock your credit file completely. What it does is require a business to take extra steps to verify your identity before issuing new credit in your name.
That makes it a strong same-day move because it is fast, free, and centralized through one bureau first.
Sources: IdentityTheft.gov recovery steps, FTC fraud alerts and credit freezes
Step 3: decide whether to freeze your credit too
A fraud alert is useful. A credit freeze is stronger.
The FTC says a credit freeze restricts access to your credit report, which helps stop someone from opening a new account in your name. The tradeoff is that you must place freezes separately with each bureau and lift them when you legitimately want new credit yourself.
If you are dealing with confirmed identity theft, a freeze is usually worth serious consideration the same day, especially if the stolen information could support new-account fraud.
Source: FTC fraud alerts and credit freezes
For the broader household version of this control, the live family guide on identity monitoring, freezes, and the rest of the baseline stack is the right companion read.
Step 4: pull your credit reports and mark every unfamiliar item
IdentityTheft.gov says to get your free credit reports from Equifax, Experian, and TransUnion and review them for accounts or transactions you do not recognize.
This matters because identity theft is often larger than the one suspicious charge that first got your attention. A new account, address change, utility account, or inquiry you do not recognize gives you more to report and dispute.
IdentityTheft.gov notes that you can check your reports every week for free at AnnualCreditReport.com.
Source: IdentityTheft.gov recovery steps
As you review the reports, write down:
- accounts you did not open
- charges or balances you do not recognize
- hard inquiries you cannot explain
- address changes or personal information that is not yours
You will use that list in the FTC reporting and dispute process.
Step 5: file at IdentityTheft.gov
This is the step that turns panic into a documented recovery process.
The FTC says that if you report identity theft at IdentityTheft.gov, you get a personal recovery plan with next steps. IdentityTheft.gov says the site creates your Identity Theft Report and recovery plan based on the details you provide.
That report matters because IdentityTheft.gov says it helps prove to businesses that someone stole your identity and guarantees certain rights in the recovery process.
Sources: FTC identity theft guidance, IdentityTheft.gov recovery steps
If you create an account there, the site can also help track progress and generate pre-filled letters and forms. That is one reason I would not delay this step until "after things calm down."
Step 6: if money moved, go after the payment rail immediately
If this started as a scam or unauthorized transaction, the FTC says to contact the company you used to send the money right away and ask if there is a way to get it back.
The FTC's recovery guidance breaks this down by payment method:
- credit or debit card: contact the issuer and dispute the fraudulent charge
- bank transfer or withdrawal: contact the bank and report the unauthorized transaction
- gift card: contact the gift-card issuer and ask about a refund
- wire transfer: contact the wire-transfer company and ask whether it can be reversed
Source: FTC: what to do if you were scammed
That is time-sensitive work. If money left the account, do not wait until tomorrow because you are busy documenting the identity side.
Step 7: lock down the accounts that can reset everything else
The FTC says two-factor authentication makes it harder for someone to get into your account even if they know your username and password.
That is why the first accounts to harden are usually:
- your primary email
- your banking and card logins
- your password manager
- your Apple, Google, or Microsoft account
If identity theft started with a breached or reused password, this is where you stop it from spreading sideways.
Source: FTC two-factor authentication guidance
If you need the practical tool comparison, the live guide on 1Password vs Bitwarden vs Apple Passwords is the clean next step after the emergency work is done.
When to file a police report
IdentityTheft.gov says you may choose to file a report with your local police department and lists the documents to bring, including your FTC Identity Theft Report, a photo ID, proof of address, and any evidence of the theft.
You may not need that on every first day. But if a business, collector, or agency later wants a police report, you will be glad you already know the path.
Source: IdentityTheft.gov recovery steps
What not to do in the first day
Do not:
- wait for a second suspicious charge before acting
- assume a single password change solves identity misuse
- buy a monitoring product before doing the free federal steps
- trust a caller who says they can recover your money for a fee
That last one matters because scam victims often get targeted again. The FTC warns that refund and recovery scammers go after people who already lost money and promise to help recover it.
Source: FTC refund and recovery scam warning
Where identity theft protection fits
Identity theft protection services can be useful, but they are not the first-day response.
The FTC notes that monitoring and identity recovery services may help people fix damage from identity theft. That is real value. But the first 24 hours still belong to account shutdown, fraud alerts or freezes, credit-report review, and the FTC recovery process.
That is why I treat monitoring as a layer on top of the federal recovery steps, not a replacement for them. If you want the product-level breakdown, the live comparison on LifeLock vs Norton 360 with LifeLock is the right next read after you stabilize the incident.
Source: FTC identity theft guidance
For households that need a practitioner conversation after the immediate cleanup, the most relevant commercial next step is the individuals advisory page.
Final answer
In the first 24 hours after suspected identity theft, do not try to solve every future problem at once.
Shut down the fraud you already know about. Put a fraud alert or freeze in place so new credit is harder to open. Review all three credit reports. Then file at IdentityTheft.gov so you have a formal recovery plan and documentation.
That is the foundation. Everything else gets easier once those steps are done.
FAQ
What should I do first if I think someone stole my identity?
Call the companies where fraud already happened, ask them to close or freeze the affected accounts, and change the related logins and PINs. Then move to a fraud alert, credit-report review, and IdentityTheft.gov reporting.
Should I place a fraud alert or a credit freeze?
Use a fraud alert as a fast first move because one bureau notifies the other two. Use a credit freeze when you want the stronger barrier against new-account fraud, knowing you must place it separately with each bureau.
Do I need a police report?
Not always on day one. IdentityTheft.gov says you may choose to file one, and some disputes or institutions may ask for it later.
What if I only exposed personal information but do not see charges yet?
Treat that as an identity-theft risk event anyway. Lock down logins, protect your credit, and file through the FTC recovery path before misuse appears.
Can identity theft protection services handle this for me?
They can help with monitoring and restoration support, but they do not replace the first-day federal steps. You still need to stop active misuse, review your credit, and document the theft.
Sources and references
Last updated
June 15, 2026. We refresh this content as the threat landscape and tools evolve.
FAQ
Questions readers usually ask next
What should I do first if I think someone stole my identity?
Start with the accounts where you already know fraud happened, then place a fraud alert, review your credit reports, and file an FTC report at IdentityTheft.gov so the recovery process is documented.
Should I place a fraud alert or a credit freeze?
A fraud alert is a fast first move because one bureau notifies the other two, while a credit freeze is the stronger control against new-account fraud and must be placed separately with each bureau.
Do I need a police report for identity theft?
Not always on day one, but IdentityTheft.gov says you may choose to file one and some businesses or account disputes may ask for it later.
Can identity theft protection services fix this for me?
They can help with monitoring and restoration support, but the first-day federal response steps still matter because you need to stop current misuse and document the theft.
What if I only gave away personal information and no money was taken yet?
Treat it as an identity-risk event anyway. Change exposed logins, place protections on your credit, and follow the FTC and IdentityTheft.gov recovery steps before new fraud appears.
Related reading
Keep going
Do you really need a VPN? An honest 2026 answer
A plain-English guide to whether most people actually need a VPN in 2026, what a VPN really does, when it helps, and what it does not protect you from.
Read articleGovernment impersonation scams: when the IRS, SSA, or Medicare calls
A plain-English guide to government impersonation scams, including IRS, Social Security, Medicare, and FTC fake-contact schemes, with the red flags families should treat as immediate warnings.
Read article