First, use the mechanism for discovering the unlawful activity as the first clue to untangling the great web. Was this information discovered in a credit report? Did a credit card company contact you and alert you to suspicious activities? Did the victim uncover the activity in a monthly statement? Consider the source, and start from there to determine the root of the leak.

Once the source has been identified, begin following the trail. If it was identified through a credit report, contact the company listed for the entry. If it was identified through a credit card statement, analyze the first few entries of unauthorized charges. If a bank or credit card company alerted you to suspicious activities, contact the bank or company and ask for more details.

Continue following the trail until it runs cold. In some cases, an errant restaurant employee may have copied the credit card information. In other cases, a skimmer could have been placed on the card reader at the gas pump. Or, perhaps, someone had all your personal information and applied for a line of credit under your name.

Once the trail runs cold, consider what actions you have taken that could have led to that beginning point, and how you can prevent it in the future. It may be as simple as using a credit card in the future, paying in cash, or placing a lock on the mailbox. It may also be a more complicated fix, such as removing all your personal information from all public forums or implementing a security procedure for discarded personal mail.

When uncovering the paper trail, be sure to document all the activities and instances of suspicious activity. You should be able to provide this information to the proper authorities that are investigating the fraudulent activity. Chances are, if the thief is doing this to you, they are doing it to others as well.

By keeping immaculate records, you can aid the police investigation, solidify a case against the thief, preserve evidence that may be useful for recovering lost funds, and uncover information that may be useful to other victims of the same perpetrator. Again, these records should be stored in a secure location, preferably a locked safe in a secure location. The records should be destroyed once it’s determined that the issue has been successfully and completely resolved.