E-mail address compromised, need advice to stay safe.

[COcheesehead]

Change your passwords and make them unique to each site. I also use a “burner” account for all the non important stuff and then another account for things I want to keep safe. The safe account has stayed pure for years.

[donheff]

Quote:

Originally Posted by mpeirce If you’ve been using Yahoo for a long time, you’ve been “hacked" .[/INDENT]

Fair enough. We are using the term “you have been hacked” differently. I interpret that to mean someone has gained control of my account and can use it for nefarious purposes. A data breach means the provider has been compromised in some manner and some of my data may have been compromised. That has become so ubiquitous that we should all assume that our social security numbers and identifying information are public properties. I have long kept my credit frozen for that reason. To my knowledge, no one has gained control of any of my accounts although I recognize that a competent hacker who made me a target could undoubtedly do so. If that happens I hope I can catch it in time to limit the damage.

[GenXguy]

Unique passwords has always been the case for me, and now use 2FA via phone including a few authenticator apps. Don't trust any links you get in an email that may redirect you to a fraudulent site to phish info from you. I use a desktop computer and Firefox for financial sites. Credit is frozen.

[Sunset]

I use a unique email (and username and password) for my important financial accounts.

A big advantage is, when I get a bank/brokerage email to my other email accounts, I know it's fake/scam or at least not concerning my actual account as that is not the email I gave them.

It's a side benefit of using unique emails for banking.

[RetiredAndLovingIt]

Thanks for all your great advice. I agree "hacked" was the wrong word, I should have used compromised. I tried to edit the title but it won't let me so if a moderator can fix it, please do.
I'll create a new gmail address, it's about time I had a more mature one anyway.

[MichaelB]

Title updated

[RetiredAndLovingIt]

Thanks

[yhoomajor]

Google has been telling me (for years) that my email accounts are compromised. I just ignore. YMMV.

Its always a safe assumption that your emails can be accessed by others (Government, Police, Criminals and so on), so don't use it for anything that may cause trouble later on.

Most security tokens/code sent to email/phone expire in 30-60 minutes. If you want to be extra cautious, use phone for one time tokens, instead of email.

[Elliotgb183]

This is my story of financial/email/cellphone compromise and what triggered it. Please don’t forget that your email(s) and accounts and passwords associated with them can be hacked at any time. To find out if yours have you can check at haveibeenpawned.com. I found that several online companies I used emails for were hacked and all information including accounts and emails were sold on the dark web at least by 2 separate sites.

Right after the New Year this series of events occurred:

1. My cellphone was hacked. I have Consumer Cellular. The hacker bought a Sim card at a Target retail store and using my phone number, stated he lost “my phone”, had purchased another and needed a CC Sim card to activate it. It was easy for him to do this with virtually no security checks carried out.

2. The consequence of him using a new Sim card for my cellphone effectively “bricked” my phone and rendered it useless for outgoing calls, texts and messages.

3. Somehow, this person even had my bank account information. Specifically, my checking account number which is easily found on your check and on information stored on websites that you’ve purchased from.

4. He also had my primary email account hacked and due to my inability to receive text s, kept changing my password immediately after I logged in on my PC to reset it. He had control.

5. He hijacked my CitiBank credit account and shut my card down while attempting to have a new one issued to him in a different state using my name (probably to be sent to a scam house or P.o. box).

6. He got into my Paypal account and tried to use Xoom, a money transfer system within Paypal to send over $2500 from my checking account to his. Flagged by Paypal fortunately.

7. He attempted to wire transfer funds using my Wells Fargo account to himself.

8. He tried to charge an $800 Apple watch through Best Buy.

9. He tried to purchase over $900 worth of items via Walmart online.

How much money did I lose? $0.0.

Fortunately I had alerts turned on in Wells Fargo and all of the online attempts to cheat me failed.

It took 2 long weeks to get it all straightened out with new credit cards, bank cards and checking account. Since pretty much all of my payments are deducted from a bank account I had to change every payment being sent.

I was lucky. It started out with the cellphone so be aware!

[orbops]

Here's a trick so that you don't need a password manager. I use part of the website address plus a PIN and special character so that each website has it's own unique password and I don't have to try and remember anything.

[RetMD21]

Quote:

Originally Posted by Elliotgb183 This is my story of financial/email/cellphone compromise and what triggered it. Please don’t forget that your email(s) and accounts and passwords associated with them can be hacked at any time. To find out if yours have you can check at haveibeenpawned.com. I found that several online companies I used emails for were hacked and all information including accounts and emails were sold on the dark web at least by 2 separate sites

Glad you got it fixed fairly quickly. I wonder if he got your email first.

My main email address has been on that list for years and periodically I get notified by one of the monitoring companies that my information is on the dark web. I see attempts to log in from around the world but with a strong password and app based 2 factor I think I'm reasonably safe. Companies are too accommodating about sending password resets to an email so I have my important financial accounts set to an email I use just for them. I'm not a big fan of text based 2 factor.

[COcheesehead]

Aren’t you giving away your email by using the haveibeenpawned site?

[RetiredAndLovingIt]

Quote:

Originally Posted by Elliotgb183 This is my story of financial/email/cellphone compromise and what triggered it. Please don’t forget that your email(s) and accounts and passwords associated with them can be hacked at any time. To find out if yours have you can check at haveibeenpawned.com. I found that several online companies I used emails for were hacked and all information including accounts and emails were sold on the dark web at least by 2 separate sites. Right after the New Year this series of events occurred: 1. My cellphone was hacked. I have Consumer Cellular. The hacker bought a Sim card at a Target retail store and using my phone number, stated he lost “my phone”, had purchased another and needed a CC Sim card to activate it. It was easy for him to do this with virtually no security checks carried out. 2. The consequence of him using a new Sim card for my cellphone effectively “bricked” my phone and rendered it useless for outgoing calls, texts and messages. 3. Somehow, this person even had my bank account information. Specifically, my checking account number which is easily found on your check and on information stored on websites that you’ve purchased from. 4. He also had my primary email account hacked and due to my inability to receive text s, kept changing my password immediately after I logged in on my PC to reset it. He had control. 5. He hijacked my CitiBank credit account and shut my card down while attempting to have a new one issued to him in a different state using my name (probably to be sent to a scam house or P.o. box). 6. He got into my Paypal account and tried to use Xoom, a money transfer system within Paypal to send over $2500 from my checking account to his. Flagged by Paypal fortunately. 7. He attempted to wire transfer funds using my Wells Fargo account to himself. 8. He tried to charge an $800 Apple watch through Best Buy. 9. He tried to purchase over $900 worth of items via Walmart online. How much money did I lose? $0.0. Fortunately I had alerts turned on in Wells Fargo and all of the online attempts to cheat me failed. It took 2 long weeks to get it all straightened out with new credit cards, bank cards and checking account. Since pretty much all of my payments are deducted from a bank account I had to change every payment being sent. I was lucky. It started out with the cellphone so be aware!

Good story and glad they didn't get you but scary nonetheless. I've heard of that website and never used it but after doing a little checking it seems to be well regarded.

The correct website address is one letter off (no a)

https://haveibeenpwned.com/

[NXR7]

Quote:

Originally Posted by COcheesehead Aren’t you giving away your email by using the haveibeenpawned site?

Email addresses have NEVER been considered confidential so there is really no such thing as having a hacked email address. I worked in operational cybersecurity, not audit and compliance, for the last 20 years of my career.

haveibeenpwned.com is run by a very reputable person who has been vetted by pretty much everyone.

[a60dan]

My email address is all over the “dark web” but I use a password vault (Bitwarden) for a unique (usually 20 character) password for all accounts.

Wherever practical I also use 2 factor authentication. Text messages are defeated if your cell number is hacked. Be sure that your cell number cannot be ported without you receiving a call!

I use Google Authenticator for the most sensitive accounts, including the password vault.

So far I’ve been lucky, even after some low-life collected unemployment using my name and social security number with a bogus street address. I checked all 3 credit reports, and froze my credit reports (it only freezes for one year).

[waynezo]

I use 2FA for email and financial accounts. I have all 4 credit bureaus frozen and lifetime fraud alert. I use credit karma and experian to monitor my credit even though it is frozen. All banks and credit cards are set to alert for suspicious activity.

[COcheesehead]

Quote:

Originally Posted by NXR7 Email addresses have NEVER been considered confidential so there is really no such thing as having a hacked email address. I worked in operational cybersecurity, not audit and compliance, for the last 20 years of my career. haveibeenpwned.com is run by a very reputable person who has been vetted by pretty much everyone.

Ok upon your endorsement I tried it. My burner email was compromised five times, all of them over three years ago which seems about right based on the spam I get. My financial email shows zero issues. So thank you.

[target2019]

Please lock your SIM to your phone.

[Retired Expat]

Quote:

Originally Posted by RetiredAndLovingIt I'm really concerned about identity theft since it looks like my main e-mail address has been hacked and this is the second time now. I have a bunch of CD's maturing this year and the thought of moving funds around right is scaring me a lot. I'm looking for any suggestions to keep me safe when online so tis does not happen again. Here's what I have so far I'm going to create a new separate e-mail address for online banking only and use a new dedicated phone number only for 2FA. Changing passwords and using a new e-mail address for all my accounts. I'll keep the old one for the junk and subscription e-mails that I get. I'm going to powerwash one of my Chromebooks and only use it for online banking. I remember reading somewhere I should use it in guest mode as well to stay anonymous. I always use bank websites but then I started to think that their apps might be more secure. I assume the apps might run faster but are they safe? Which method do you use? I have not ran my credit report in a couple of years either so I need to do that. I will also be freezing my credit. Is it safe to save my passwords in Google or Microsoft or should I just write them all down moving forward? I currently have gmail and yahoo addresses, which do you consider safe and use? Anything else I should do? Basically I would love to completely remove my name and address from the internet and become completely anonymous online if that's possible.

Where ever possible use 2 step verification! Get a VPN!

[tenant13]

First, I hope you’re using password manager to protect yourself from that angle. Bitwarden is the one I would recommend. Secondly: SimpleLogin is a great way to create custom emails on the fly - every time you register somewhere. That way you know who sells your data and you can instantly delete/change that one email whenever you want without affecting any others. If you combine that with registering your own domain at a site like namecheap, you can have highly customizable set of emails.

Mine look more or less like that: newblog@firstname.lastname.com .Or chase@firstnamelastname.xyz. I registered my name as domains but you could choose something else to further distance yourself from your online data. If any emails get compromised I just delete them. Similarly to passwords.