The MyTrueIdentity scam operates in two related but distinct ways. The first is classic impersonation fraud: criminals use phishing emails, smishing texts, and vishing calls to impersonate the real MyTrueIdentity service, tricking victims into surrendering their Social Security number, account login credentials, or full card details. The second is subscription-enrolment fraud: consumers discover recurring monthly charges on their bank statements — often labelled “MyTrueIdentity,” “TransUnion Interactive,” or similar variations — for credit monitoring services they do not remember signing up for.

Understanding what the real MyTrueIdentity service is makes both variants of the MyTrueIdentity scam easier to identify. MyTrueIdentity is a legitimate identity monitoring service powered by TransUnion, offered to consumers through participating banks, credit cards, and financial institutions as a bundled feature. If you have a genuine MyTrueIdentity account, you enrolled through one of these partner channels — typically during a bank account or credit card application — and the service provides credit monitoring, alerts, and identity protection tools through the mytrueidentity.com portal.

The MyTrueIdentity scam impersonation variant exploits the service’s legitimate reputation and its association with TransUnion to make fraudulent contacts appear credible. When someone receives an email claiming to be from “MyTrueIdentity Security Team” warning of a compromised account, the combination of a real-sounding service name and a plausible alert context is effective. Many people who receive the MyTrueIdentity scam email are not even sure whether they have a MyTrueIdentity account — that uncertainty is exactly what the criminal relies on.

The subscription variant of the MyTrueIdentity scam is more ambiguous because the charges may come from a legitimate TransUnion service that the consumer genuinely enrolled in — but through a pre-ticked consent box, a free-trial-to-paid conversion, or a bundled product they did not read carefully. Distinguishing between a genuine subscription the consumer forgot about and an unauthorised enrolment requires investigation, which this guide covers in the protection section.

Both variants overlap with broader identity fraud patterns covered in our identity theft scams guide and our phishing scam pillar. The MyTrueIdentity scam is a specific and particularly targeted instance of the pattern because it victimises people who are already worried about identity security.

The MyTrueIdentity scam follows a consistent pattern across both its impersonation and subscription variants. Recognising the structure at any stage is enough to stop the fraud before damage is done.

Stage 1 (Impersonation): The Phishing Email or SMS

The MyTrueIdentity scam impersonation variant typically begins with a phishing email or smishing text. The email appears to come from a MyTrueIdentity address — using a display name like “MyTrueIdentity Security” — and claims a security alert, a suspicious login, a required account reverification, or a free upgrade to “premium” protection that requires confirming account details. The actual sending domain is never mytrueidentity.com — it is a look-alike domain or a compromised third-party mail server.

The message contains urgency: “Your identity monitoring has been suspended,” “Unusual activity has been detected on your account,” or “Your free trial is expiring — confirm now to continue coverage.” The specific threat varies, but the goal is the same: induce the victim to click a link before thinking clearly.

Stage 2 (Impersonation): The Credential Harvest Form

The link in the MyTrueIdentity scam email goes to a phishing page that is a near-perfect clone of the real mytrueidentity.com login portal. The victim is prompted to enter their MyTrueIdentity username and password. In many variants, the page also asks for the SSN or date of birth for “identity verification.” The form submits the data to the criminal’s server, then either displays an error or redirects to the real site — so the victim believes nothing unusual occurred.

Stage 3 (Impersonation): Credential Exploitation and Identity Theft

The harvested MyTrueIdentity login credentials are used immediately — either to access the victim’s real MyTrueIdentity account and extract the full credit monitoring data stored there (which typically includes SSN, address, credit accounts, and alerts), or to attempt credential-stuffing attacks on other accounts using the same username-password combination. The SSN, if harvested directly, feeds into new-account fraud and synthetic identity operations.

Stage 1 (Subscription): The Unconsidered Enrolment

The MyTrueIdentity scam subscription variant begins at the point of a financial product application — a new bank account, a credit card, a loan. The application flow includes a credit monitoring offer from MyTrueIdentity or a TransUnion partner, either as a free trial or a standalone opt-in. The consumer completes the application without reading every screen carefully, and the monitoring service is enrolled by default or through a pre-ticked consent field.

Stage 2 (Subscription): The Discovered Charge

Weeks or months later, the consumer notices a recurring monthly charge — typically $24.95, $29.95, or a similar amount — on their bank or card statement, labelled “MyTrueIdentity,” “TrueAccord,” “TransUnion Interactive,” or similar. They do not recognise the charge and cannot connect it to any product they knowingly purchased. At this stage, the consumer faces a choice between investigating, cancelling, and potentially disputing the charges, or continuing to pay for a service they do not use.

The MyTrueIdentity scam runs in several well-documented variants. Some are criminal fraud; others are legitimate service complaints that feel like fraud because of how enrolment was handled. Understanding the distinction helps victims choose the right response.

The Minneapolis Account Holder and the Suspended Coverage Alert

A 52-year-old accountant in Minneapolis received a MyTrueIdentity scam email claiming her identity monitoring coverage had been suspended due to a failed payment and that her personal data was “currently unprotected.” The email was professional, included the TransUnion logo, and contained a link to “restore coverage.” Because she was an actual MyTrueIdentity subscriber through her bank, the message seemed legitimate.

She clicked the link, entered her username and password, and also entered her SSN when prompted for “identity verification.” Three weeks later, a new credit card was opened in her name at a retailer she had never visited. Her real mytrueidentity.com account had been accessed — the attacker used her harvested credentials to retrieve the full credit file stored there, then used that data to open the fraudulent account.

The lesson: the MyTrueIdentity scam is most effective against real subscribers because the MyTrueIdentity scam email feels relevant. The protection is simple: never enter credentials or SSN via a link in an email. Access mytrueidentity.com directly through your browser to check any claimed account issue.

The Dallas Family and the Unrecognised Charge

A family in Dallas noticed a $24.95 monthly charge on their joint credit card statement labelled “MYTRUEIDENTITY.” Neither family member could recall signing up for anything by that name. The charges had been running for seven months — a total of $174.65 — before they caught them while reviewing statements for a mortgage application.

After calling the number associated with the charge, they discovered the service had been enrolled when the wife applied for a new credit card eighteen months earlier. The application included a default-enrolled credit monitoring offer that required an active opt-out step they had not noticed. They cancelled the service, received a two-month refund after escalating to the card issuer, and disputed the remaining five months — receiving a further three months back through a chargeback.

The lesson: the MyTrueIdentity scam subscription variant often runs for months before discovery. The protection is reviewing bank and card statements monthly and acting quickly when unrecognised recurring charges appear — the further back the dispute goes, the less likely a full refund becomes.

The Chicago IT Manager and the Data Breach Follow-Up

An IT manager in Chicago received a genuine data breach notification from a health insurance company. Four days later, he received a MyTrueIdentity scam email offering him a “complimentary one-year identity monitoring subscription” as a result of the breach, asking him to enrol via a linked form. Because the timing matched the real breach notice, and because the email used his name and mentioned the specific insurer involved, it was highly convincing.

He recognised the MyTrueIdentity scam because the link went to a domain ending in .net rather than mytrueidentity.com. His IT background made him check the URL before proceeding. He reported the email to the FTC and spam@uspis.gov and shared the warning with family members who had received the same breach notification.

The lesson: the recovery scam variant of the MyTrueIdentity scam uses real breach data — name, insurer, incident date — purchased from dark-web markets to make the fake offer appear to be a legitimate response to the real breach. The URL is the tell. Legitimate breach response monitoring is always offered through the breached organisation’s official portal or through a directly communicated real service, not via a cold email with a link.

The FTC, TransUnion, and consumer protection bodies have issued guidance relevant to both variants of the MyTrueIdentity scam.

The Federal Trade Commission (FTC) has received thousands of consumer complaints related to MyTrueIdentity and TransUnion Interactive subscription charges. In 2022, TransUnion and its credit monitoring subsidiaries reached a multi-million dollar settlement with the FTC over allegations that they used dark patterns to enrol consumers in credit monitoring subscriptions without adequate consent. The FTC’s guidance on negative option marketing — under which free trials must provide clear, conspicuous disclosure before converting to paid subscriptions — applies directly to the subscription variant of the MyTrueIdentity scam. Report at reportfraud.ftc.gov.

TransUnion, which operates the MyTrueIdentity service, has published explicit guidance stating that it does not make unsolicited calls or send unsolicited emails asking customers to verify personal information, SSN, or payment details. TransUnion’s official customer service for MyTrueIdentity subscribers can be reached at 1-844-338-0564 or through mytrueidentity.com — any other number provided in an unsolicited contact is criminal infrastructure.

The Consumer Financial Protection Bureau (CFPB) handles complaints about credit monitoring and identity protection services including MyTrueIdentity subscription disputes. Filing a CFPB complaint at consumerfinance.gov/complaint creates a formal record and requires the company to respond within a defined timeframe — it is the most effective route for subscription dispute resolution when direct cancellation attempts have failed.

Never Enter Credentials Via a Link in an Email or Text

The foundational protection against the MyTrueIdentity scam impersonation variant: always access mytrueidentity.com by typing the address directly into your browser. Never click a link in an email or text claiming to be from MyTrueIdentity, regardless of how official it looks. Any claimed account problem, security alert, or verification requirement can be checked at the real mytrueidentity.com after you access it independently.

This single rule defeats the phishing email credential harvest variant entirely. The criminal’s entire operation depends on the victim clicking the link — remove that click and the MyTrueIdentity scam cannot proceed.

Review Your Bank and Card Statements Monthly

The MyTrueIdentity scam subscription variant often runs for months before being discovered because consumers do not review statements regularly. Set a monthly statement review habit: look for any recurring charge you cannot immediately recognise and trace to a product you intentionally purchased.

When you find an unrecognised charge labelled “MyTrueIdentity,” “TransUnion Interactive,” or similar: call 1-844-338-0564 (the real MyTrueIdentity customer service) to identify the account and determine how and when it was enrolled. If you have an account you did not knowingly open, request immediate cancellation and a refund of recent charges.

Check the Email Domain Before Acting on Any Security Alert

Before responding to any email claiming to be from MyTrueIdentity, check the full sending email address — not just the display name. Legitimate MyTrueIdentity emails come from @mytrueidentity.com or @transunion.com addresses. Any other domain, however convincing, is the MyTrueIdentity scam impersonation variant. Forward the email to spam@uce.gov (FTC) and report it at reportfraud.ftc.gov before deleting it.

Know What Your Genuine MyTrueIdentity Account Looks Like

If you do have a real MyTrueIdentity account, familiarise yourself with how legitimate alerts appear. Real MyTrueIdentity alerts notify you of changes to your credit file — new accounts, hard inquiries, address changes — but they do not ask you to re-enter your credentials, SSN, or card details in response. The presence of any such request in a message claiming to be from MyTrueIdentity is the definitive signal of the MyTrueIdentity scam.

Opt Out of Credit Monitoring Offers During Financial Product Applications

The subscription variant of the MyTrueIdentity scam often originates at the application step for a new bank account, credit card, or loan. Slow down during every application and read all screens, particularly those offering “free” monitoring services. Look for pre-ticked consent boxes and opt out explicitly unless you want the service. If you do want credit monitoring, choose and pay for it directly through a service you intentionally selected — not through an application-bundled offer you cannot easily evaluate in the moment.

The response to the MyTrueIdentity scam differs depending on which variant you have encountered. The steps below cover both the impersonation fraud and the subscription dispute.