By the time a debt collector calls or a lender rejects your loan, an identity thief may have been using your information for months. The warning signs often arrive much earlier.

They may show up as a small card charge, a strange IRS letter, a missing bill or an Explanation of Benefits for care you never received. Each one can look like routine mail or another account notice.

That is exactly what identity thieves count on. Here are 6 quiet signs of identity theft to check before the damage spreads.

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)

• Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com

WHY THAT $4 CHARGE ON YOUR STATEMENT COULD BE FRAUD

1) Small card charges can be an early sign of identity theft

A charge of $4 or less on your card statement may look harmless. However, it can be a thief testing whether the card still works before making a bigger purchase.

The Federal Trade Commission logged 503,450 credit card fraud reports in the first three quarters of 2025. That made credit card fraud the most common identity theft category it tracks.

Small test charges can be easy to miss. So can the purchase that comes next. The median fraudulent transaction in 2025 was $100, the same as in 2024. A charge that size can blend into a busy statement.

Federal law caps cardholder liability at $50 if you file the dispute in writing within 60 days of the statement date. Many card issuers waive even that, but you still need to act quickly.

2) Missing mail may point to identity theft

Missing mail can be more than an annoyance. It may mean someone filed a change-of-address request in your name and is collecting your rerouted mail.

The first warning sign is simple: the mail you normally receive stops showing up. That could include bank statements, tax forms, bills or medical notices.

Another red flag is a USPS Move Validation Letter for a change you did not request. USPS sends this letter to the old address within 10 business days of a change-of-address request.

You may also see a sudden wave of pre-approved credit offers from lenders you do not use. That can happen after a thief opens, or tries to open, an account in your name.

USPS has tightened identity checks for change-of-address requests, but criminals still target mailboxes, checks and personal documents. The FBI and Postal Inspection Service continue to warn that stolen mail fuels check fraud and identity theft.

3) Unexpected IRS letters can signal identity theft

An unexpected tax form can be a major warning sign. A 1099-K or W-2 from a company you never worked for may mean someone used your Social Security number to earn income.

That can create a tax problem for you. The IRS may treat the income as yours unless the form gets corrected. Employment-related identity theft reports to the FTC climbed 61% through the first three quarters of 2025 compared with the same period in 2021.

The IRS may also contact you before you spot the problem. Notice CP01E means someone used your Social Security number for employment. Letter 5071C asks you to verify your identity because the IRS flagged a tax return as suspicious.

Another red flag is an e-file rejection that says a return has already been filed in your name. That can mean a thief filed first and tried to steal your refund. 

4) Credit report changes are major identity theft warning signs

A new account on your credit report that you didn’t open is a sign that someone is borrowing money in your name. A hard inquiry from a lender you never applied with means a thief tried. The lender pulled your credit; the inquiry stays on your report for two years, even if the application was denied.

An address on your file you don’t recognize is where a thief is having your credit mail sent. An email confirming a password change you didn’t make means a thief has access to your account.

A credit freeze blocks new account applications but does not catch inquiries, address changes or account takeovers already in motion. Credit monitoring can watch all three bureaus and send an alert within minutes of new activity on a file, weeks before the debt collector does. 

WHY A CREDIT FREEZE ISN’T THE END OF IDENTITY THEFT

5) Medical bills for care you never received may reveal fraud

An Explanation of Benefits for a procedure or prescription you never received is a serious warning sign. It may mean someone used your insurance information to get care. Any bill that follows will have your name on it.

Watch for smaller clues too. Your deductible may drop even though you did not use your plan. You may also get appointment reminders for visits you never booked or refill notices for medicine you do not take.

Those alerts can point to the same problem. A provider’s file may list you as the patient, even though someone else received the care.

Medical identity theft can be harder to fix than credit fraud. Insurers may not remove false diagnoses or treatment records right away. Those records can affect future coverage, bills and even the care you receive.

6) Unrequested login prompts can mean your account is exposed

A multifactor authentication prompt you did not request is a major warning sign. It can mean someone has your password and is trying to get into your account.

Do not approve the prompt. Deny it, then change the password from a different device. Treat the old password as exposed, especially if you used it on more than one account.

A breach notification from a company you use is another reason to act quickly. Your data may already be in someone else’s hands. Freeze your credit, watch for strange account activity and be careful with any emails that claim to offer help.

Identity monitoring can scan the dark web and data broker sites for SSNs, addresses, driver’s license numbers and other identifiers. Alerts can show what was found and where, so you know which account to lock down first.

What to do if you spot signs of identity theft

If one of these warning signs has already arrived, do not ignore it. Start with the account, document or notice that raised the red flag.

1) Contact the company directly

Call the bank, insurer, lender or agency directly using a verified phone number. Do not use a link or phone number from a suspicious email, text or letter.

2) Report the identity theft

File a report at IdentityTheft.gov. Then freeze your credit at all three bureaus and set up an IRS Identity Protection PIN at irs.gov/ippin.

3) Consider extra identity theft support

Identity theft support can connect you with a U.S.-based fraud resolution specialist who works directly with bureaus, creditors and collection agencies on your behalf. Some plans also include up to $1 million in identity theft insurance per adult for eligible recovery costs.

No service catches every form of identity theft. A freeze blocks new accounts, and continuous monitoring can catch what it doesn’t.

One of the best parts of identity theft protection is its all-in-one approach to safeguarding your personal and financial life. Some plans include identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.

WARNING SIGNS YOUR MAIL HAS BEEN FRAUDULENTLY REDIRECTED

How to check if your personal information was exposed

If you are unsure whether criminals have already exposed your information, take action now. Start with a free identity breach scan to see whether your data appears in known leaks. Early detection gives you more control and helps you respond before fraud spreads.

Check if your personal information is already being used for identity theft, fraud or appearing on the dark web. See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.

4) Save every record

Keep copies of any letters, account notices, bills, screenshots or emails tied to the fraud. Those records can help when you dispute charges, correct tax forms or clean up medical records.

5) Add a fraud alert

You can also place a fraud alert on your credit file. A fraud alert tells lenders to take extra steps before opening new credit in your name.

6) Lock down exposed accounts

If your Social Security number may be involved, move quickly. Change passwords for any affected accounts, and use a password manager to create strong, unique passwords for each one. Then turn on two-factor authentication (2FA) wherever available.

Kurt’s key takeaways

Identity theft rarely starts with a dramatic warning. It often begins with something easy to miss, like a tiny card charge, a missing bill, an odd IRS letter or a medical notice that does not look right. The sooner you catch those clues, the faster you can freeze your credit, lock down accounts and stop the damage from spreading. No single tool catches every scam, but staying alert and using strong monitoring can give you a much better shot at spotting trouble early.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Have you ever spotted a small warning sign that made you realize someone was trying to steal your identity? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.