E-mail address compromised, need advice to stay safe.

Google has been telling me (for years) that my email accounts are compromised. I just ignore. YMMV.

Its always a safe assumption that your emails can be accessed by others (Government, Police, Criminals and so on), so don't use it for anything that may cause trouble later on.

Most security tokens/code sent to email/phone expire in 30-60 minutes. If you want to be extra cautious, use phone for one time tokens, instead of email.
 
Complete Compromise

This is my story of financial/email/cellphone compromise and what triggered it. Please don’t forget that your email(s) and accounts and passwords associated with them can be hacked at any time. To find out if yours have you can check at haveibeenpawned.com. I found that several online companies I used emails for were hacked and all information including accounts and emails were sold on the dark web at least by 2 separate sites.

Right after the New Year this series of events occurred:

1. My cellphone was hacked. I have Consumer Cellular. The hacker bought a Sim card at a Target retail store and using my phone number, stated he lost “my phone”, had purchased another and needed a CC Sim card to activate it. It was easy for him to do this with virtually no security checks carried out.

2. The consequence of him using a new Sim card for my cellphone effectively “bricked” my phone and rendered it useless for outgoing calls, texts and messages.

3. Somehow, this person even had my bank account information. Specifically, my checking account number which is easily found on your check and on information stored on websites that you’ve purchased from.

4. He also had my primary email account hacked and due to my inability to receive text s, kept changing my password immediately after I logged in on my PC to reset it. He had control.

5. He hijacked my CitiBank credit account and shut my card down while attempting to have a new one issued to him in a different state using my name (probably to be sent to a scam house or P.o. box).

6. He got into my Paypal account and tried to use Xoom, a money transfer system within Paypal to send over $2500 from my checking account to his. Flagged by Paypal fortunately.

7. He attempted to wire transfer funds using my Wells Fargo account to himself.

8. He tried to charge an $800 Apple watch through Best Buy.

9. He tried to purchase over $900 worth of items via Walmart online.

How much money did I lose? $0.0.

Fortunately I had alerts turned on in Wells Fargo and all of the online attempts to cheat me failed.

It took 2 long weeks to get it all straightened out with new credit cards, bank cards and checking account. Since pretty much all of my payments are deducted from a bank account I had to change every payment being sent.

I was lucky. It started out with the cellphone so be aware!
 
Here's a trick so that you don't need a password manager. I use part of the website address plus a PIN and special character so that each website has it's own unique password and I don't have to try and remember anything.
 
Elliotgb183 said:
This is my story of financial/email/cellphone compromise and what triggered it. Please don’t forget that your email(s) and accounts and passwords associated with them can be hacked at any time. To find out if yours have you can check at haveibeenpawned.com. I found that several online companies I used emails for were hacked and all information including accounts and emails were sold on the dark web at least by 2 separate sites
Click to expand...

Glad you got it fixed fairly quickly. I wonder if he got your email first.

My main email address has been on that list for years and periodically I get notified by one of the monitoring companies that my information is on the dark web. I see attempts to log in from around the world but with a strong password and app based 2 factor I think I'm reasonably safe. Companies are too accommodating about sending password resets to an email so I have my important financial accounts set to an email I use just for them. I'm not a big fan of text based 2 factor.
 
Aren’t you giving away your email by using the haveibeenpawned site?
 
Elliotgb183 said:
This is my story of financial/email/cellphone compromise and what triggered it. Please don’t forget that your email(s) and accounts and passwords associated with them can be hacked at any time. To find out if yours have you can check at haveibeenpawned.com. I found that several online companies I used emails for were hacked and all information including accounts and emails were sold on the dark web at least by 2 separate sites.

Right after the New Year this series of events occurred:

1. My cellphone was hacked. I have Consumer Cellular. The hacker bought a Sim card at a Target retail store and using my phone number, stated he lost “my phone”, had purchased another and needed a CC Sim card to activate it. It was easy for him to do this with virtually no security checks carried out.

2. The consequence of him using a new Sim card for my cellphone effectively “bricked” my phone and rendered it useless for outgoing calls, texts and messages.

3. Somehow, this person even had my bank account information. Specifically, my checking account number which is easily found on your check and on information stored on websites that you’ve purchased from.

4. He also had my primary email account hacked and due to my inability to receive text s, kept changing my password immediately after I logged in on my PC to reset it. He had control.

5. He hijacked my CitiBank credit account and shut my card down while attempting to have a new one issued to him in a different state using my name (probably to be sent to a scam house or P.o. box).

6. He got into my Paypal account and tried to use Xoom, a money transfer system within Paypal to send over $2500 from my checking account to his. Flagged by Paypal fortunately.

7. He attempted to wire transfer funds using my Wells Fargo account to himself.

8. He tried to charge an $800 Apple watch through Best Buy.

9. He tried to purchase over $900 worth of items via Walmart online.

How much money did I lose? $0.0.

Fortunately I had alerts turned on in Wells Fargo and all of the online attempts to cheat me failed.

It took 2 long weeks to get it all straightened out with new credit cards, bank cards and checking account. Since pretty much all of my payments are deducted from a bank account I had to change every payment being sent.

I was lucky. It started out with the cellphone so be aware!
Click to expand...
Good story and glad they didn't get you but scary nonetheless. I've heard of that website and never used it but after doing a little checking it seems to be well regarded.

The correct website address is one letter off (no a)

https://haveibeenpwned.com/
 
COcheesehead said:
Aren’t you giving away your email by using the haveibeenpawned site?
Click to expand...

Email addresses have NEVER been considered confidential so there is really no such thing as having a hacked email address. I worked in operational cybersecurity, not audit and compliance, for the last 20 years of my career.

haveibeenpwned.com is run by a very reputable person who has been vetted by pretty much everyone.
 
My email address is all over the “dark web” but I use a password vault (Bitwarden) for a unique (usually 20 character) password for all accounts.

Wherever practical I also use 2 factor authentication. Text messages are defeated if your cell number is hacked. Be sure that your cell number cannot be ported without you receiving a call!

I use Google Authenticator for the most sensitive accounts, including the password vault.

So far I’ve been lucky, even after some low-life collected unemployment using my name and social security number with a bogus street address. I checked all 3 credit reports, and froze my credit reports (it only freezes for one year).
 
I use 2FA for email and financial accounts. I have all 4 credit bureaus frozen and lifetime fraud alert. I use credit karma and experian to monitor my credit even though it is frozen. All banks and credit cards are set to alert for suspicious activity.
 
NXR7 said:
Email addresses have NEVER been considered confidential so there is really no such thing as having a hacked email address. I worked in operational cybersecurity, not audit and compliance, for the last 20 years of my career.

haveibeenpwned.com is run by a very reputable person who has been vetted by pretty much everyone.
Click to expand...

Ok upon your endorsement I tried it. My burner email was compromised five times, all of them over three years ago which seems about right based on the spam I get. My financial email shows zero issues. So thank you.
 
Please lock your SIM to your phone.
 
RetiredAndLovingIt said:
I'm really concerned about identity theft since it looks like my main e-mail address has been hacked and this is the second time now. I have a bunch of CD's maturing this year and the thought of moving funds around right is scaring me a lot. I'm looking for any suggestions to keep me safe when online so tis does not happen again.

Here's what I have so far



I'm going to create a new separate e-mail address for online banking only and use a new dedicated phone number only for 2FA.

Changing passwords and using a new e-mail address for all my accounts. I'll keep the old one for the junk and subscription e-mails that I get.

I'm going to powerwash one of my Chromebooks and only use it for online banking. I remember reading somewhere I should use it in guest mode as well to stay anonymous. I always use bank websites but then I started to think that their apps might be more secure. I assume the apps might run faster but are they safe? Which method do you use?

I have not ran my credit report in a couple of years either so I need to do that. I will also be freezing my credit.

Is it safe to save my passwords in Google or Microsoft or should I just write them all down moving forward?
I currently have gmail and yahoo addresses, which do you consider safe and use?
Anything else I should do? Basically I would love to completely remove my name and address from the internet and become completely anonymous online if that's possible.
Click to expand...

Where ever possible use 2 step verification! Get a VPN!
 
First, I hope you’re using password manager to protect yourself from that angle. Bitwarden is the one I would recommend. Secondly: SimpleLogin is a great way to create custom emails on the fly - every time you register somewhere. That way you know who sells your data and you can instantly delete/change that one email whenever you want without affecting any others. If you combine that with registering your own domain at a site like namecheap, you can have highly customizable set of emails.

Mine look more or less like that: newblog@firstname.lastname.com .Or chase@firstnamelastname.xyz. I registered my name as domains but you could choose something else to further distance yourself from your online data. If any emails get compromised I just delete them. Similarly to passwords.
 
OP, you've gotten lots of recommendations so far, mostly good ones but some you probably can (and likely will) ignore. Here is my distillation of the "best practices" for online account security.

  • Use strong, unique passwords for all accounts, especially banking, financial, email, etc.
  • Enable 2FA for all important accounts, especially email, financial, password managers, etc.
  • Where possible, use a device (e.g., Yubikey) or authenticator app (e.g., Authy) for 2FA and avoid SMS/text.
That's it. If you strictly follow those three guidelines, your accounts will be about as immune to hacking as they reasonably could be.

Personally, I would also recommend using a password manager (e.g., Bitwarden), because I think this makes generating and using dozens of strong, unique passwords much easier than doing it manually. Some prefer the manual approach, however, and I think either way works fine as long as you strictly follow the three main guidelines.
 
Last edited:
In early Feb 2023 I got a message from my former boss. He urged me to follow his instruction on how to mail $5K placed on a Gift Card to a person I never met but assuring me that that person would authorize a grant on a Home Improvement project in order to make it better environmentally: changing drains, solar panels, re-piping the house etc. Amount depend on the project but minimum about $25K and more. It was "too good to be true". After I called him, it turned out his Facebook messenger account was broken into. A lot of scammers are very active now.
 
RetiredAndLovingIt said:
I'm really concerned about identity theft since it looks like my main e-mail address has been hacked and this is the second time now. I have a bunch of CD's maturing this year and the thought of moving funds around right is scaring me a lot. I'm looking for any suggestions to keep me safe when online so tis does not happen again.

Here's what I have so far

I'm going to create a new separate e-mail address for online banking only and use a new dedicated phone number only for 2FA.

Changing passwords and using a new e-mail address for all my accounts. I'll keep the old one for the junk and subscription e-mails that I get.

I'm going to powerwash one of my Chromebooks and only use it for online banking. I remember reading somewhere I should use it in guest mode as well to stay anonymous. I always use bank websites but then I started to think that their apps might be more secure. I assume the apps might run faster but are they safe? Which method do you use?

I have not ran my credit report in a couple of years either so I need to do that. I will also be freezing my credit.

Is it safe to save my passwords in Google or Microsoft or should I just write them all down moving forward?
I currently have gmail and yahoo addresses, which do you consider safe and use?
Anything else I should do? Basically I would love to completely remove my name and address from the internet and become completely anonymous online if that's possible.
Click to expand...
I did something similar a few years ago. I had a 20 year old email I used for everything and it was part of several data breaches


https://haveibeenpwned.com/


The site above will tell you if your email was part of known breaches.

Like you I made a separate financial only email and a couple of new emails for other things. I would think gmail is more secure than yahoo. Some like Proton email.

I now use a password manager. Where possible I use 2fa, preferably a 2fa app if the site allows it.

As to getting personal info off the web, probably practically impossible but you can google your name, number, etc and many of these identity check sites have an option to “do not sell my information” and opt out. There are dozens of these sites so it is an investment in time and a bit of a whack a mole. Also if a site gives or name or phone number and it shows up on google search you can request a search removal from google.
 
You must log in or register to reply here.

Similar threads

S
TurboTax: Now what?
Replies
18
Views
1K
donheff
donheff
S
Advice on Making More $$ in a Trust Account
2
Replies
26
Views
3K
pb4uski
pb4uski
FiveDriver
My Turbo Tax doesn't seem to have a way to input Savings Bond Sales
Replies
14
Views
706
pb4uski
pb4uski
Zona
Beneficial Ownership Info Reporting FinCEN requirement?
Replies
5
Views
291
Closet_Gamer
C
Janet H
Forum Update - We're back! Ask your questions here.
10 11 12
Replies
291
Views
8K
ShokWaveRider
ShokWaveRider

Latest posts

Back
Top Bottom