Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Identity Theft Attempt In Progress; How To Respond?

Posted by timothy on from the burrs-on-the-heel-of-the-foot-would-be-mercy dept.

An anonymous reader writes "It appears that two weeks ago my email address got into the wrong database. Since that time there have been continuing attempts to access my accounts and create new accounts in my name. I have received emails asking me to click the link below to confirm I want to create an account with Twitter, Facebook, Apple Games Center, Facebook mobile account, and numerous pornographic sites. I have not attempted to create accounts on any of these services. I have also received 16 notices from Apple about how to reset my Apple ID. I am guessing these notices are being automatically generated in response to too many failed login attempts. At this point I have no reason to believe any of my accounts have been compromised but I see no good response."

28 of 239 comments (clear)

  1. Change your e-mail address by Marxist+Hacker+42 · · Score: 5, Insightful

    Sometimes, it becomes necessary to change your e-mail address.

    --
    SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    1. Re:Change your e-mail address by Bearhouse · · Score: 5, Informative

      Indeed. Keep the old ones, of course, but change the passwords to something very, very secure and different for each one.
      Backup then delete all information associated in the Cloud with these addresses, (Android, iCloud, Gdrive...)

      Do not reuse any of the old accounts for anything. Use a "one-time" account for verification each of the new accounts, then nuke it and change to a new one.
      Do not be tempted to have one master account for verification of all the child ones.
      If you're using gmail, or similar, do NOT use some variation of your name, home town, company, whatever.

      Finally, pony up for your own domain etc. and get a nice email account you can totally control. Cheap, too.

    2. Re:Change your e-mail address by Anonymous Coward · · Score: 4, Informative

      Yes... but fubar@gmail.COM is NOT the same as foobar@gmail.AU. Reread the parent.

    3. Re:Change your e-mail address by Aardpig · · Score: 5, Insightful

      One does not simply change one's email address...

      --
      Tubal-Cain smokes the white owl.
  2. Don't just sit on your hands... by smartfart · · Score: 4, Insightful

    I would contact my local police force and talk to the financial crimes desk. They may not be able to do anything at this point, but you should establish a paper trail ASAP, which would certainly work in your favor while explaining things to your bank or whatever if the bad guys do manage to hurt you in some manner.

    --
    Need a Linux consultant in New Orleans?
    1. Re:Don't just sit on your hands... by ShanghaiBill · · Score: 4, Insightful

      I would contact my local police force and talk to the financial crimes desk.

      You would go to the local police because someone (probably on the other side of the world) knows your email address? If you are lucky, the police will just laugh and hang up. If you are unlucky, they may get pissed at you for wasting their time on something so frivolous. What are expecting the police to do?

      Just make sure you have good passwords on all your accounts, install a spam filter, and get on with your life.

    2. Re:Don't just sit on your hands... by Anonymous Coward · · Score: 4, Informative

      I've been down this road.. The local police are likely to tell you unless you are under threat of imminent bodily harm, you should contact the FBI. When you contact the FBI, they will tell you computers get viruses all the time and you should ignore the problem or contact your local police if you feel your life is in danger.

      I'm not trolling or being sarcastic. This was what actually happened when I contact LEOs to try and help solve the problem. Like others said, change your email address and get on with your life. Unless you want to spend a bunch of time chasing ghosts on your own time.

    3. Re:Don't just sit on your hands... by operagost · · Score: 5, Funny

      So first he beats you up, then takes your wallet?

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    4. Re:Don't just sit on your hands... by Technician · · Score: 4, Informative

      For part of your paper trail, look at the lower right corner of Gmail. I bad guys were in your account recently, you may find some evidence on the "Last account activity: 13 hours ago
      Details".. Click on the Details link and it will open your most recent login times and IP addresses. If you were not on a trip and you were logged in from Florida or somewhere else, it is time to save the info and change your password. Knowing the IP adderess of someone using your account is good evidence. Contact their ISP with time, date, timezone, with the info. It may be against his ISP's terms of service to hack from his account. For those without Gmail, this is what it looks like. Note IP addresses altered to protect my privacy. I checked my mail from work, home, and on a recent trip.
      Browser * United States (WA) (192.25.69.00) 1:11 pm (4 minutes ago)
      Browser United States (OR) (10.134.137.00) Feb 25 (13 hours ago)
      Browser United States (WA) (192.25.69.00) Feb 25 (20 hours ago)
      Browser United States (WA) (192.25.69.00) Feb 25 (20 hours ago)
      Browser United States (WA) (192.25.69.00) Feb 23 (3 days ago)
      Browser United States (OR) (127.34.103.00) Feb 22 (4 days ago)
      Browser United States (OR) (127.34.103.00) Feb 21 (5 days ago)
      Browser United States (OR) (127.34.103.00) Feb 20 (6 days ago)

      --
      The truth shall set you free!
  3. Your options are by Press2ToContinue · · Score: 4, Insightful

    1) Wait and see if they succeed, then create new online and financial accounts and deal with the personal and financial fallout
    2) Create new online accounts, transfer all information to new accounts and delete the old ones before they succeed

    Up to you.

    --
    Sent from my ENIAC
  4. did you change your email password? by alen · · Score: 5, Informative

    to something not in the dictionary?

    after that i would just ignore the failed attempts. after a while the perp will stop and move on to easier prey

    1. Re:did you change your email password? by Anonymous Coward · · Score: 5, Funny

      No, but he did change them all to "honest equine capacitor fastener"

    2. Re:did you change your email password? by bitt3n · · Score: 5, Funny

      to something not in the dictionary?

      I don't know about this advice. I once fell for one of those nigerian scammers who duped me into giving him my email password. then I changed my password to 'gullible', since I've heard that's not in the dictionary. somehow it was the first thing he guessed. what's worse is I used it for all my accounts, and now he posts idiotic comments as me on slashdot.

      --
      how many pairs of boxer shorts should you own?
    3. Re:did you change your email password? by CrimsonAvenger · · Score: 3, Insightful

      And just kiss access to all these accounts goodbye? I don't know about you, but I have difficulty trying to remember 20 passwords with 20+ random characters.

      Password Safe. I let it remember my passwords for me, and only have to remember the one to open the password safe.

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
  5. What would you report? by Anonymous Coward · · Score: 5, Funny

    Um... yes... There's this person, probably in another country, that I suspect is trying to gain access to my facebook account. LOL.

    1. Re:What would you report? by Em+Adespoton · · Score: 4, Insightful

      Um... yes... There's this person, probably in another country, that I suspect is trying to gain access to my facebook account. LOL.

      Laugh, but the GP is correct. File the paperwork. It's a CYA move, just like you'd do if something fishy was going on at work. Not only does this cover YOU, but it also provides a jumping off point, should some computer crimes force actually stumble on the perp. They can't do a thing against them in many cases unless someone has reported it first. Having a report on file unties all sorts of red tape for their investigations.

      That said, reporting it to a local county office isn't going to do much; you need to find the closest computer crimes division that will actually file your report and also add it to the federal/international databases so it can be cross-referenced by other investigators.

  6. Documentary on Identity Theft by jerdenn · · Score: 4, Funny

    I believe that Jason Bateman was in a recent documentary on this topic - seemed very factual, and you should probably consider his plan of action:

    http://www.imdb.com/title/tt2024432/?ref_=sr_1

    -jd

  7. Taken? by eldavojohn · · Score: 5, Funny

    Okay you need to listen to me carefully and to be focused. Do you have access to a bathtub? Good, take your laptop into the bathroom and fill the bathtub full of water. I need you to log into your Facebook and open your Farmville tab. You need to do this quickly before they gain access. Take each of your animals from your farm and love them and nuzzle them and say goodbye to them. Then hold them under water in the bathtub until they stop struggling.

    Are you done? Good, leave them in the tub, they're in a better place now.

    Go back into your room and crawl under your bed so the satellites they have control of cannot see you. Open up your Apple account and start forwarding your e-mails to your Gmail account. Yes, I know it will take forever, no there is not an easier way to do this. Okay, once you have all of those out delete your Apple account -- you'll get a new one later. You never really owned that stuff you bought on iTunes so just forget about it now, it's gone. Now log into iCloud on your laptop and start the laptop on fire. It's better to destroy all of those photos, tax returns and documents then to let them have them.

    Now listen carefully because this part is important. These men are going to access your accounts. They're going to send your friends messages and make you seem like a jerk -- just for fun. There's nothing you can do about that. Just make sure to leave the Slashdot chat box open when they take you ...

    Hello?

    Hello? Anonymous Reader?

    I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very large amount of Slashdot karma; karma I have acquired over a very long career. Karma that make me feel like I can stand up to people like you. If you let the anonymous reader's accounts go now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will ask you politely to stop messing with people.

    --
    My work here is dung.
  8. More Likely by g0bshiTe · · Score: 4, Insightful

    An anonymous reader writes "It appears that two weeks ago my email address got into the wrong database"

    Or two weeks ago you pissed someone off and they are just plugging your email address into everything.

    --
    I am Bennett Haselton! I am Bennett Haselton!
  9. How is this identity theft? by twotacocombo · · Score: 4, Insightful

    It looks like you've pissed somebody off and now they're just screwing with you. What would motivate a stranger to randomly open free online accounts under your email address, which they presumably don't yet control, when they can get one of their own just as easily? The days of breaking into and squatting somebody's paid AOL account are long gone. If this was true identity theft, things would start showing up on your credit report, you'd be getting nastygrams in the mail, and the collectors would start calling. Go change your passwords and move on with life.

  10. There isn't a solution by AK+Marc · · Score: 4, Informative

    You can change your passwords on every site to different random strings of unbreakable length and store them in a password manager, to guarantee that breaking one wouldn't affect the others.

    Or you can attempt to close any accounts tied to that email.

    Other than closing the accounts, there's nothing you can do. I've called the FBI in a similar circumstance. "Yes, we are tasked with enforcement of that nature. No, we will not act unless you've suffered actual monetary loss."

    If you want to prevent this, use different email accounts for each service (you can forward them all to the same "main" account to make checking them easier), so if one email gets abused, you only risk one service. But that's too late for the submitter.

    --
    Learn to love Alaska
  11. Chill out... by bazmail · · Score: 4, Informative

    It is just someone who doesn't like you trying to fuck with you. That's not how identity thieves operate. Hopefully one of those automated emails sent you you includes an IP address of whomever is submitting the forms, and that may lead to something. I would say relax, it will pass.

  12. Re:not much to do, a lot you can do? by zerosomething · · Score: 4, Informative

    Found some old recommendations I sent out to friends that weren't too tek savvy. It's fairly basic info that most should know.

    I was looking into Life Lock and started reading what they actually do, which is in the fine print of their terms of service here.

    http://www.dmachoice.org/ it's the primary service Life Lock uses to get you off of mailing lists and it's free. They also have some good info on how to keep secure online. There are several items you can go through to have your self removed form email and mail lists.

    Then go to https://www.donotcall.gov/ and register your phone numbers for the do not call list.

    Then go to https://www.optoutprescreen.com/ to remove your self from the credit card pre-approval lists.

    If you want free credit reports use this site. https://www.annualcreditreport.com/cra/index.jsp You can get 1 free report every year from each of the 3 reporting agencies. If you break it up you could get 1 every 2 month. I could get one from Equifax this month. Then in 2 months my wife could get one for them. Then in 2 months I could get one from TransUnion. etc... The reason to get them is mostly to see who has been looking at your credit. Then make sure all the loans are yours.

    Now for your online stuff. Get an email account at google or some place else that you can use for those online registration things that you need to do from time to time. Use that account only for things that you are unsure about. Keep another account for the more important stuff like the banks. You could even have a 3rd account for your general email.

    Most web browsers have an option too clear the cache and cookies. Look for it. In Safari on Mac look under the Safari menu then select Reset Safari... On Windows it's under the File Menu. In Firefox you need to look in the Preferences and the Security tab. Resetting and clearing out the cookies will also clear saved passwords. The reason to do this is because many web sites set tokens on your web browser called cookies that allow them to track you and what you do online. They can see where you are going and what you do online. For Windows this is a big problem because there are ways to install applications on the system without you knowing. Then your computer can be used to send email spam to others or even be used remotely to take over other computers. This is really only a problem on Windows but for Macs they can still track your online usage and figure things out about you that might make it easier to get you to click on something that would install an application that could take over your computer.

    For email. Set your email program to not automatically read your mail and try to use the built-in spam filters. Also set the options to not download in-line pictures and such. The pictures in spam can be used to also track you and verify your email address. If you and I get the same piece of spam the picture will actually not be in the email it's actually a picture on a web server someplace. The name of the picture is unique to each spam email so when your mail program tries to access the picture from the internet the spammers computer ticks off the unique name your computer used to get the picture. That unique name is associated with your email address.

    --
    It all starts at 0
  13. bullshit - gmail does NOT recognize dots by rgbrenner · · Score: 5, Informative

    Good call on posting your BS as an AC.

    Google Help: Receiving someone else's mail
    http://support.google.com/mail/bin/answer.py?hl=en&answer=10313

    Gmail doesn't recognize dots as characters within usernames, you can add or remove the dots from a Gmail address without changing the actual destination address; they'll all go to your inbox, and only yours. In short:

    homerjsimpson@gmail.com = hom.er.j.sim.ps.on@gmail.com
    homerjsimpson@gmail.com = HOMERJSIMPSON@gmail.com
    homerjsimpson@gmail.com = Homer.J.Simpson@gmail.com

    All these addresses belong to the same person. You can see this if you try to sign in with your username, but adding or removing a dot from it. You'll still go to your account.

  14. Okay, here's what you do: by pitchpipe · · Score: 4, Funny

    They done goofed this time. You need to set up a backtrace. I can help you. Send me all of your log-in information and I will get the backtrace set up. Then I will forward your case on to the Cyber Police. These hackers aren't going to know what hit them.

    --
    Look where all this talking got us, baby.
    1. Re:Okay, here's what you do: by sootman · · Score: 3, Funny

      Need help? I can whip up a GUI Interface in Visual Basic to track their IP address.

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  15. Re:Yeah you're right by echnaton192 · · Score: 5, Insightful

    What moron moderated this bullshit "insightful"?

    1. Including navigational software in my case it would rather be 300 EUR. How about steam? How about othe electronic goods?
    2. You do not have to create new accounts, only the password and the emailaddress associated with it - your initial post was already misleading
    3. If you do 2. and not the bullshit you were suggesting, nobody has to rebuy anything

    Again: What moron moderated this insightful?

  16. Self hosted email... by guevera · · Score: 3, Informative

    ...is a bitch to administer. Configuration, authentication, making sure you do all the crap so you don't get flagged as spam. I'll admit that the first time I played with Postfix it took me like two solid days to get everything set up right. You got any recommendations for deployment and admin to save me the headache next time? (Cuz the best part is, it's now been long enough that I've forgotten most of it and it'd probably take me another two days to set up...)