I had my identity thieved!

steingar

Taxi to Parking
Joined
Feb 6, 2007
Messages
29,248
Location
Land of Savages
Display Name

Display name:
steingar
This morning. They got into my Ebay account, ordered something, reworked the account and then spammed with with about a thousand E-mails.

Ebay account is gone, good riddance. Paypal no longer has a credit card for me. First world problems.
 
If I can give you some advice: get into every other online account you have: credit cards, house payment, bank, email, etc, and change your current password. I'd come up with a new password for each.
 
Last edited:
Good. What thieves can sometimes do is sort of "daisy chain" your info...using bits from each account, to build more and more info, to get into more of your accounts. Not to mention, most people use the same password (or nearly the same) for nearly all of their accounts, which makes it real easy.
 
Someone should hack John Wayne Jones' account.

With the 174 years of flying experience you will have, your insurance will go so far down they'll owe you money.
 
A security researcher, Troy Hunt, collects usernames and passwords from the dark web. You can find out if you have been pwned at

https://haveibeenpwned.com

You should absolutely have a different password at every site that contains financial information. I have a different email address for most sites as well. e.g MyBank@mydomian, MyCreditCard@mydomain, etc.
 
If I can give you some advice: get into every other online account you have: credit cards, house payment, bank, email, etc, and change your current password. I'd come up with a new password for each.

I know someone who did that before they found the malware that stole the first password. LOL.

Hilarity ensued. :)
 
I know someone who did that before they found the malware that stole the first password. LOL.

Hilarity ensued. :)
Possible, but I'd doubt they'd go for the ebay account first as they did here...of course, if Steinger has only used ebay since the malware...Hey @steingar , you download any programs lately?
 
Possible, but I'd doubt they'd go for the ebay account first as they did here...of course, if Steinger has only used ebay since the malware...Hey @steingar , you download any programs lately?
Nope, and I haven't used Ebay for anything but airplane porn in memory.
 
Years ago someone got into my eBay account. They gave me a second chance offer on an item I was selling..!!!:lol::lol::lol:
 
Possible, but I'd doubt they'd go for the ebay account first as they did here...of course, if Steinger has only used ebay since the malware...Hey @steingar , you download any programs lately?

They’ll go for anything. They don’t care at all what it is. Very few of these twits are targeting specific things. The ones that are are the really dangerous ones.

They’re usually targeting credit card number patterns with keyloggers. Way easier than messing with people’s accounts.

My sister is involved in some dorky MLM schemes. She tried to convince me a couple of years ago to use some unknown company’s electronic credit card. “You can put all of your cards in it and carry just that! It’s as secure as PayPal!”

I did my “IT guy” due diligence (especially for a family member) and told her to go nowhere near the thing. She listened to her MLM hawker “uplinks” instead because MLM... she’s going to be rich from it of course, you know.

She posted on FB yesterday that the money in her account with them was taken out via a hack of their website. You see, the little card doohickey was bad enough, but they also have a website and the card has the ability to load cash into the website and use that...

Stupid. Just stupid. I told her I make a lot of money CLEANING UP and stopping stupid crap like that. Her MLM “pays” her by dumping money into that card too.

Wouldn’t surprise me at all if the MLM itself was behind the hack.

We’ll see if she gets her money back. I saw her post and bit my tongue and didn’t say anything. No point. Her MLM “friends” had already started damage control in the comments.

Screw those people. They prey on folks like my sister who means well but is completely clueless. I’d throw them in jail for running an illegal bank if they weren’t so sleazy as to have her sign a contract that says they’re probably 100% not liable for “hackers”. They probably hired the hackers with cash.

And her thing is the low hanging fruit stuff. The real hacks targeting real money are incredibly bad. The FBI agent for one incident at a former employer of card theft said they don’t even assign an agent if the loss is below $1M or some company involved is politically connected and huge. And that was over half a decade ago. (Ours wasn’t anywhere near $1M. I can’t say which company was involved but they make operating systems.) :)
 
This is not identity theft. It's an account hack on one site. If it ever actually happens to you, you'll understand the difference.
 
She posted on FB yesterday that the money in her account with them was taken out via a hack of their website. You see, the little card doohickey was bad enough, but they also have a website and the card has the ability to load cash into the website and use that...
Yeah. In other words, it probably worked exactly as originally designed. Convince people to put enough of their money in one place until you decide to steal it all.
 
This is not identity theft. It's an account hack on one site. If it ever actually happens to you, you'll understand the difference.

We don’t know that. Could have been identity theft combined with social engineering. Unlikely since you would be hard pressed to even reach a live body at eBay, but... we don’t know. :) And most modern systems keep it from happening because anyone you reach on the phone can’t read your password anyway. Wasn’t that way back in the day, though! LOL.
 
If I can give you some advice: get into every other online account you have: credit cards, house payment, bank, email, etc, and change your current password. I'd come up with a new password for each.

Call all your credit card companies and get new cards issues ASAP....
 
I have (what I think) is a great system for creating individual, easy to remember, passwords for every website that requires a log in. Also, the system allows easy changing and remaining easy to remember.

Can't tell you what the system is though or I'd have to shoot you!
 
My Ebay also got hacked a few weeks ago. Let me say... Paypal is useless. They wouldn't do anything about the fraudulent charge until my bank refused to pay. Deleted my Ebay and Paypal accounts. Good riddance.
 
I just use Pass@word1 for everything. The bad guys don't even bother trying that any more.

When sites don't require password complexity I use my dog's name. No one would ever guess that for a password, and I never tell people on the internet that Autumn is a black Pomeranian. But I do mention how cute she is and post her picture all the time.
IMG_0488.JPG
 
We don’t know that. Could have been identity theft combined with social engineering. Unlikely since you would be hard pressed to even reach a live body at eBay, but... we don’t know. :) And most modern systems keep it from happening because anyone you reach on the phone can’t read your password anyway. Wasn’t that way back in the day, though! LOL.
I hate that term, "social engineering," because it makes con men sound respectable.
 
I just use Pass@word1 for everything. The bad guys don't even bother trying that any more.

When sites don't require password complexity I use my dog's name. No one would ever guess that for a password, and I never tell people on the internet that Autumn is a black Pomeranian. But I do mention how cute she is and post her picture all the time.
View attachment 61408
Raise of hands... how many of you just tried to log in to PoA as Ravioli?
 
I think he's referring to multi-level marketing.

Yup. The con artists of the world.

Never saw a major MLM continue to pay its telecom bills consistently for many many years.

Pyramid schemes always fold and set up a new tent under a DBA name the day after.

We baked that into our price they paid in telecom.

My favorite was the big conference calls with the head honcho who’d made millions. We were playing a cassette tape on cue for those for the weasels.

The honcho was on a yacht somewhere in the Bahamas.

And there was always some underling who wasn’t quite as vocally charismatic but good enough standing by if the cassette deck ate the tape.

“Oh, it looks like we lost Big Bob on the phone there, I’ll take over from here folks and we will see if we can get him back!” LOL.
 
Amazon has 2 factor authentication. Very easy to use, an app in your phone creates a passkey or they text it to you.wish all sites did!
 
My Ebay also got hacked a few weeks ago. Let me say... Paypal is useless. They wouldn't do anything about the fraudulent charge until my bank refused to pay. Deleted my Ebay and Paypal accounts. Good riddance.

My experience with PayPal has been very different.

A few years ago, my PayPal Business Debit Card was compromised by a POS breach. I found out the card had been compromised when two identical purchases were made at a Target store in Queens, each for somewhere around $350.00, within a few minutes of each other. I have notifications set on my account, so I was emailed immediately when the purchases were made.

I called PayPal, and within minutes they'd refunded the money to my account and canceled the card. But they also offered me the ability to make one last ATM withdrawal from a designated local ATM using the canceled card if I needed cash, or to wire it to my checking account if I wanted more cash than could be withdrawn from an ATM.

They also offered their assistance to the Sheriff's Department in investigating the breach. That turned out to be unnecessary because the geographic pattern of stolen card numbers made it obvious which store's system had been hacked. Pretty much everyone in the Greater Sparrow Fart Metro Area had at least one card number stolen. But PayPal did offer their help, even if it turned out not to be needed.

On another occasion a few years before the POS breach, PayPal called me when I used the debit card at an ATM in California after my itinerary indicated I should have been back in New York. I'd extended my stay for a few days without notifying them. The machine gave me the money, but PayPal immediately called me on my cell to verify my identity. I actually thought it was a bit creepy and mildly annoying at the time. But hindsight and multiple actual compromises of my plastic since then have changed my opinion. If anything, they were way ahead of the curve in terms of fraud prevention.

I don't know if I get special treatment from PayPal. I maintain a pretty high PayPal balance. They're also my merchant credit card processor and I run thousands of dollars in charges through them every month. I've also never had a chargeback or customer dispute in the entire time I've been using PayPal, which is something like 18 years. One of their reps once told me that's pretty rare. So maybe that long, perfect record makes a difference on the rare occasions I have to call PayPal. I really can't say.

I do know that the very few times I've had to contact PayPal, or the one time when they contacted me, have only improved my opinion of the company. I'm sorry your experience was less positive. I hope it was an anomaly.

Rich
 
I suspect my PayPal experience is going to be more similar to Austin's. I reported the fraudulent charge immediately. I got a canned "we'll let you know within 9 days" message. Once thing for certain, if they don't make good on this I"m done with them too.
 
My experience with PayPal has been very different.

A few years ago, my PayPal Business Debit Card was compromised by a POS breach. I found out the card had been compromised when two identical purchases were made at a Target store in Queens, each for somewhere around $350.00, within a few minutes of each other. I have notifications set on my account, so I was emailed immediately when the purchases were made.

I called PayPal, and within minutes they'd refunded the money to my account and canceled the card. But they also offered me the ability to make one last ATM withdrawal from a designated local ATM using the canceled card if I needed cash, or to wire it to my checking account if I wanted more cash than could be withdrawn from an ATM.

They also offered their assistance to the Sheriff's Department in investigating the breach. That turned out to be unnecessary because the geographic pattern of stolen card numbers made it obvious which store's system had been hacked. Pretty much everyone in the Greater Sparrow Fart Metro Area had at least one card number stolen. But PayPal did offer their help, even if it turned out not to be needed.

On another occasion a few years before the POS breach, PayPal called me when I used the debit card at an ATM in California after my itinerary indicated I should have been back in New York. I'd extended my stay for a few days without notifying them. The machine gave me the money, but PayPal immediately called me on my cell to verify my identity. I actually thought it was a bit creepy and mildly annoying at the time. But hindsight and multiple actual compromises of my plastic since then have changed my opinion. If anything, they were way ahead of the curve in terms of fraud prevention.

I don't know if I get special treatment from PayPal. I maintain a pretty high PayPal balance. They're also my merchant credit card processor and I run thousands of dollars in charges through them every month. I've also never had a chargeback or customer dispute in the entire time I've been using PayPal, which is something like 18 years. One of their reps once told me that's pretty rare. So maybe that long, perfect record makes a difference on the rare occasions I have to call PayPal. I really can't say.

I do know that the very few times I've had to contact PayPal, or the one time when they contacted me, have only improved my opinion of the company. I'm sorry your experience was less positive. I hope it was an anomaly.

Rich
Good to hear that they assist law enforcement...I investigate fraud for a government entity, and you'd be surprised how many stores, banks, or credit card companies do not assist with their own fraud cases, and actually do what ever is in their power to obstruct. I personally refuse to due business with Dicks Sporting Goods, Macys, and several banks because of it. But Dicks and Macys are THE WORST: if you are defrauded while at either store, expect them to bend over backwards to cover up the criminal's tracks. I've said it many times, the people of Dicks Sporting Goods truly are Dicks!
 
This morning. They got into my Ebay account, ordered something, reworked the account and then spammed with with about a thousand E-mails.

Ebay account is gone, good riddance. Paypal no longer has a credit card for me. First world problems.

First of all, if you had/have a checking or savings account associated with your PayPal account, you should contact the bank or credit union just to make sure there were no unauthorized transactions. Also, although PayPal doesn't show the entire bank account number in the Web GUI, they do show the name of the institution and the last few digits. That's probably more information than you want some random miscreant to have. Personally, I'd consider closing the account and creating a new one.

Secondly, you need to address the question of how said miscreant got access to your account. Unless you used a trivially weak password, I'm sorry to inform you that this may be only one of many accounts that were compromised. I'd check all of them for unauthorized activity and keep a close eye on them for the next few months. I'd also consider getting the number(s) changed on any plastic that was associated with your PayPal account. Again, they only show the last four digits; but it's a piece of a puzzle that you probably don't want out there.

Finally, file a police report. Chances are that the local police won't be able to do anything about something like this. File a report anyway. If anything comes of it in the future, you'll need that report on file.

I've been through this **** more times than I want to think about. I've learned that paranoia is sometimes a good thing.

Rich
 
Last edited:
Good to hear that they assist law enforcement...I investigate fraud for a government entity, and you'd be surprised how many stores, banks, or credit card companies do not assist with their own fraud cases, and actually do what ever is in their power to obstruct. I personally refuse to due business with Dicks Sporting Goods, Macys, and several banks because of it. But Dicks and Macys are THE WORST: if you are defrauded while at either store, expect them to bend over backwards to cover up the criminal's tracks. I've said it many times, the people of Dicks Sporting Goods truly are Dicks!

Well, in my case PayPal was on the hook for the charges if the case wasn't solved, so it was in their interest to assist. I also know for a fact that they called the Sheriff because one of my friends is a Deputy. He was pretty impressed with them.

Rich
 
Back
Top