Slashdot Mirror
Ask Slashdot: Identity Theft Attempt In Progress; How To Respond?
An anonymous reader writes "It appears that two weeks ago my email address got into the wrong database. Since that time there have been continuing attempts to access my accounts and create new accounts in my name. I have received emails asking me to click the link below to confirm I want to create an account with Twitter, Facebook, Apple Games Center, Facebook mobile account, and numerous pornographic sites. I have not attempted to create accounts on any of these services. I have also received 16 notices from Apple about how to reset my Apple ID. I am guessing these notices are being automatically generated in response to too many failed login attempts. At this point I have no reason to believe any of my accounts have been compromised but I see no good response."
Sometimes, it becomes necessary to change your e-mail address.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
I would contact my local police force and talk to the financial crimes desk. They may not be able to do anything at this point, but you should establish a paper trail ASAP, which would certainly work in your favor while explaining things to your bank or whatever if the bad guys do manage to hurt you in some manner.
Need a Linux consultant in New Orleans?
1) Wait and see if they succeed, then create new online and financial accounts and deal with the personal and financial fallout
2) Create new online accounts, transfer all information to new accounts and delete the old ones before they succeed
Up to you.
Sent from my ENIAC
to something not in the dictionary?
after that i would just ignore the failed attempts. after a while the perp will stop and move on to easier prey
Um... yes... There's this person, probably in another country, that I suspect is trying to gain access to my facebook account. LOL.
I believe that Jason Bateman was in a recent documentary on this topic - seemed very factual, and you should probably consider his plan of action:
http://www.imdb.com/title/tt2024432/?ref_=sr_1
-jd
Okay you need to listen to me carefully and to be focused. Do you have access to a bathtub? Good, take your laptop into the bathroom and fill the bathtub full of water. I need you to log into your Facebook and open your Farmville tab. You need to do this quickly before they gain access. Take each of your animals from your farm and love them and nuzzle them and say goodbye to them. Then hold them under water in the bathtub until they stop struggling.
...
Are you done? Good, leave them in the tub, they're in a better place now.
Go back into your room and crawl under your bed so the satellites they have control of cannot see you. Open up your Apple account and start forwarding your e-mails to your Gmail account. Yes, I know it will take forever, no there is not an easier way to do this. Okay, once you have all of those out delete your Apple account -- you'll get a new one later. You never really owned that stuff you bought on iTunes so just forget about it now, it's gone. Now log into iCloud on your laptop and start the laptop on fire. It's better to destroy all of those photos, tax returns and documents then to let them have them.
Now listen carefully because this part is important. These men are going to access your accounts. They're going to send your friends messages and make you seem like a jerk -- just for fun. There's nothing you can do about that. Just make sure to leave the Slashdot chat box open when they take you
Hello?
Hello? Anonymous Reader?
I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very large amount of Slashdot karma; karma I have acquired over a very long career. Karma that make me feel like I can stand up to people like you. If you let the anonymous reader's accounts go now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will ask you politely to stop messing with people.
My work here is dung.
"but I see no good response."
You can stop using that email, monitor your credit cards and other accounts, you can also freeze your credit cards and who can check your credit, change all your passwords, there are entire web pages dedicated to helping with this issue.
"If any question why we died, Tell them because our fathers lied."
Or two weeks ago you pissed someone off and they are just plugging your email address into everything.
I am Bennett Haselton! I am Bennett Haselton!
It looks like you've pissed somebody off and now they're just screwing with you. What would motivate a stranger to randomly open free online accounts under your email address, which they presumably don't yet control, when they can get one of their own just as easily? The days of breaking into and squatting somebody's paid AOL account are long gone. If this was true identity theft, things would start showing up on your credit report, you'd be getting nastygrams in the mail, and the collectors would start calling. Go change your passwords and move on with life.
You can change your passwords on every site to different random strings of unbreakable length and store them in a password manager, to guarantee that breaking one wouldn't affect the others.
Or you can attempt to close any accounts tied to that email.
Other than closing the accounts, there's nothing you can do. I've called the FBI in a similar circumstance. "Yes, we are tasked with enforcement of that nature. No, we will not act unless you've suffered actual monetary loss."
If you want to prevent this, use different email accounts for each service (you can forward them all to the same "main" account to make checking them easier), so if one email gets abused, you only risk one service. But that's too late for the submitter.
Learn to love Alaska
Having a fairly common name and a early gmail where I snagged first initial + last name I get a lot of junk there. Password reset attempts aplenty, people's airline tickets, house listings, closing documents...
Those I want off of I send a nice mail to support at the company and claim fraudulent use of my email address to register with them. You'd be amazed how fast your email will be off their account (sometimes the account survives that, sometimes... the id10t gets to get a new account -- have fun with that!).
Slashdot Patriotism: We Support our Dupes!
It is just someone who doesn't like you trying to fuck with you. That's not how identity thieves operate. Hopefully one of those automated emails sent you you includes an IP address of whomever is submitting the forms, and that may lead to something. I would say relax, it will pass.
Found some old recommendations I sent out to friends that weren't too tek savvy. It's fairly basic info that most should know.
I was looking into Life Lock and started reading what they actually do, which is in the fine print of their terms of service here.
http://www.dmachoice.org/ it's the primary service Life Lock uses to get you off of mailing lists and it's free. They also have some good info on how to keep secure online. There are several items you can go through to have your self removed form email and mail lists.
Then go to https://www.donotcall.gov/ and register your phone numbers for the do not call list.
Then go to https://www.optoutprescreen.com/ to remove your self from the credit card pre-approval lists.
If you want free credit reports use this site. https://www.annualcreditreport.com/cra/index.jsp You can get 1 free report every year from each of the 3 reporting agencies. If you break it up you could get 1 every 2 month. I could get one from Equifax this month. Then in 2 months my wife could get one for them. Then in 2 months I could get one from TransUnion. etc... The reason to get them is mostly to see who has been looking at your credit. Then make sure all the loans are yours.
Now for your online stuff. Get an email account at google or some place else that you can use for those online registration things that you need to do from time to time. Use that account only for things that you are unsure about. Keep another account for the more important stuff like the banks. You could even have a 3rd account for your general email.
Most web browsers have an option too clear the cache and cookies. Look for it. In Safari on Mac look under the Safari menu then select Reset Safari... On Windows it's under the File Menu. In Firefox you need to look in the Preferences and the Security tab. Resetting and clearing out the cookies will also clear saved passwords. The reason to do this is because many web sites set tokens on your web browser called cookies that allow them to track you and what you do online. They can see where you are going and what you do online. For Windows this is a big problem because there are ways to install applications on the system without you knowing. Then your computer can be used to send email spam to others or even be used remotely to take over other computers. This is really only a problem on Windows but for Macs they can still track your online usage and figure things out about you that might make it easier to get you to click on something that would install an application that could take over your computer.
For email. Set your email program to not automatically read your mail and try to use the built-in spam filters. Also set the options to not download in-line pictures and such. The pictures in spam can be used to also track you and verify your email address. If you and I get the same piece of spam the picture will actually not be in the email it's actually a picture on a web server someplace. The name of the picture is unique to each spam email so when your mail program tries to access the picture from the internet the spammers computer ticks off the unique name your computer used to get the picture. That unique name is associated with your email address.
It all starts at 0
My wife is being plagued by someone giving out her email address and signing up for various accounts.
It's not identity theft in this case, it's just a completely clueless person that doesn't understand that the address is hers, and using it to sign up for various things doesn't mean they can get to the email in the end.
Never attribute to stupidity that which can be adequately explained by malice.
-- Mrs. Hanlon's Razor
My money would be on a former friend of your wife's.
I started getting multiple "you have reached the maximum number of login attempts" from my bank. I changed the account name, and it ended.
Create a new email address, and switch iTunes over to that account. Keep in mind that when hackers got into Mat Honan's life, they did it by exploiting weaknesses in Apple and Google's authentication schemes. Neither weakness was enough on its own, but when combined hackers were able to get full access.
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
It's annoying, but be a little proactive and you'll be fine.
the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating
That is a common misconception. Will a freeze lower my credit score? No. (Source: http://atg.wa.gov/freeze.aspx)
Looks more like a case of cyberharassment to me.
Were you referring to the emails or the comments on /.?
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Good call on posting your BS as an AC.
Google Help: Receiving someone else's mail
http://support.google.com/mail/bin/answer.py?hl=en&answer=10313
Gmail doesn't recognize dots as characters within usernames, you can add or remove the dots from a Gmail address without changing the actual destination address; they'll all go to your inbox, and only yours. In short:
homerjsimpson@gmail.com = hom.er.j.sim.ps.on@gmail.com
homerjsimpson@gmail.com = HOMERJSIMPSON@gmail.com
homerjsimpson@gmail.com = Homer.J.Simpson@gmail.com
All these addresses belong to the same person. You can see this if you try to sign in with your username, but adding or removing a dot from it. You'll still go to your account.
They done goofed this time. You need to set up a backtrace. I can help you. Send me all of your log-in information and I will get the backtrace set up. Then I will forward your case on to the Cyber Police. These hackers aren't going to know what hit them.
Look where all this talking got us, baby.
Someone in China attempted to access my account about a month ago, and Google (praise be to the google gods), very generously forwarded me the offender's IP address. After about a week of single ping requests, the offender came back online.. and *poof*. He is no longer attempting to steal email accounts anymore. At least, until he gets a new computer.
Amazing stuff you can do with custom firmware these days, no?
No one believes your horseshit story. No one believed it back in 1992 when you threatened to hack people over IRC.
So, were you wifi leaching, using an evil twin and got MTM'd?
Honestly, sorry my friend, this kind of stuff is a PITA.
I would do the following
1. make sure your pc and router are not pwned
2. change the email address that all of your services use NOW
3. for good measure, change all of your passwords.
What moron moderated this bullshit "insightful"?
1. Including navigational software in my case it would rather be 300 EUR. How about steam? How about othe electronic goods?
2. You do not have to create new accounts, only the password and the emailaddress associated with it - your initial post was already misleading
3. If you do 2. and not the bullshit you were suggesting, nobody has to rebuy anything
Again: What moron moderated this insightful?
IANAL, but if you have their identity couldn't you sue them in small claims court? I'm assuming that they would be unlikely to show up, and you would get a default judgement. Then I think you could get a court order to have the sheriff (?) go and ransack their property to retrieve $XXX worth of stuff. Probably much more satisfying than just getting your $500 back.
...is a bitch to administer. Configuration, authentication, making sure you do all the crap so you don't get flagged as spam. I'll admit that the first time I played with Postfix it took me like two solid days to get everything set up right. You got any recommendations for deployment and admin to save me the headache next time? (Cuz the best part is, it's now been long enough that I've forgotten most of it and it'd probably take me another two days to set up...)
Ah yes. You would delete and recreate all your accounts.
Just because someone tries to break into your accounts by knowing your email address. Even though the email account is not (!) compromised but changed anyway.
Regarding your post: the email account was not compromised, so the emails to destroy your life can not be sent. And the address would be changed even in my point of view because of the ongoing attempts to get in. So the horrorscenario you describe won't become a reality. By ignoring adequate steps to react, you give every tease way too much power by just triggering a few password resets online.
To follow your advice would mean that all I need to do to actually harm someone is to know his email address and try a few password resets using Tor at different companies. And voila: Every account deleted, emailaddress changed, lost hundreds of dollars or much more. We are not only talking about apple but every electronic good bought online by that person. Steam - another 1000 EUR because all the games he bought are gone. And 20 - 40 games is not much.
You would not strengthen your passwords, change the associated email and tighten security, you would delete your digital personality by "destroying the traces that lead them to" your stuff...
You keep your emailaddress secret, correct? Because that information alone is dangerous by that logic.
We can stop here. You do not argue technically, but emotionally. If it makes you feel better to destroy every account you have instead of taking reasonable counter-measures, it is logical for you to do so. But I do not believe that this is a good advice, because it costs a lot of money without a reasonable security gain.
Thank you for using autotranslation, but I am afraid that every German reading this text knows that this is not manually written German from a foreigner but an automatic tranlation. So I am afraid that my claim that my English beats the hell out of your German, is still not falsified ;)