- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Hacked/Compromised?? Thoughts/Suggestions Needed.
Posted on 10/6/21 at 8:34 am
Posted on 10/6/21 at 8:34 am
So I've had a weird experience this morning that I would like to get the tech board's thoughts about. I think my email and/or password may have been compromised.
I woke up this morning to find about 100 emails in my gmail account (my main personal email account). Highly unusual as I usually only have 4-6 junk emails in there in the morning. It appears that they're all emails from random site confirming my subscription to their sites (none of which I subscribed to). I've posted 3 of the random messages before. As I said, all very random newsletters or sites.
So I initially thought someone was messing with me and just subscribed me to a bunch of crap as a joke to mess with me. But in addition to that, there was an order placed last night on my Walmart.com account. Not an order for thousands of dollars of electronics or anything like that, it was for 4 bottles of clorox bleach and a space heater. The shipping address is somewhere in Covington, LA. I logged into my Walmart account and my credit card and confirmed the order was placed on my account and charged to my card on file. I have called Walmart and cancelled the order.
I'm confused b/c this seems like weird and rather benign behavior for a cybercriminal (signing me up for random newletters and ordering $200 of crap from Walmart). I know the smart move would be to reset my password on everything, but I'm sure you guys know how monumental a task that would be given the dozens, if not hundreds, of logins I have various places that all use the same password.
Was this a one-off, random thing? The sign of worse things to come for me? It's just weird. I will note that many, many years ago I was somehow randomly attacked on my paypal account and someone ordered a $2000 computer using my account. I was able to cancel that order back at the time and changed my password to my paypal account (but no others) and nothing further happened. So again, if this is a random one-off thing, I don't want to start resetting my entire world. Thoughts? Advice?
Also, I guess I should report the fraudulent order online to the police? Who would I even call? The local (Baton Rouge) police? Covington police since that's the shipping address? Would it even do any good?
Ok, so here are the random emails I got subscribing me to various sites/newsletters.....
I woke up this morning to find about 100 emails in my gmail account (my main personal email account). Highly unusual as I usually only have 4-6 junk emails in there in the morning. It appears that they're all emails from random site confirming my subscription to their sites (none of which I subscribed to). I've posted 3 of the random messages before. As I said, all very random newsletters or sites.
So I initially thought someone was messing with me and just subscribed me to a bunch of crap as a joke to mess with me. But in addition to that, there was an order placed last night on my Walmart.com account. Not an order for thousands of dollars of electronics or anything like that, it was for 4 bottles of clorox bleach and a space heater. The shipping address is somewhere in Covington, LA. I logged into my Walmart account and my credit card and confirmed the order was placed on my account and charged to my card on file. I have called Walmart and cancelled the order.
I'm confused b/c this seems like weird and rather benign behavior for a cybercriminal (signing me up for random newletters and ordering $200 of crap from Walmart). I know the smart move would be to reset my password on everything, but I'm sure you guys know how monumental a task that would be given the dozens, if not hundreds, of logins I have various places that all use the same password.
Was this a one-off, random thing? The sign of worse things to come for me? It's just weird. I will note that many, many years ago I was somehow randomly attacked on my paypal account and someone ordered a $2000 computer using my account. I was able to cancel that order back at the time and changed my password to my paypal account (but no others) and nothing further happened. So again, if this is a random one-off thing, I don't want to start resetting my entire world. Thoughts? Advice?
Also, I guess I should report the fraudulent order online to the police? Who would I even call? The local (Baton Rouge) police? Covington police since that's the shipping address? Would it even do any good?
Ok, so here are the random emails I got subscribing me to various sites/newsletters.....
8
Posted on 10/6/21 at 8:46 am to jfw3535
quote:
Was this a one-off, random thing?
Do not assume that's the case. If someone was able to actually order from one of your accounts at the very least your Walmart account was compromised. It's possible your main email account that lets you reset all of the other accounts you have was compromised.
Change passwords on accounts where you think you've been compromised now, definitely your main email and walmart accounts.
If you reuse that password or close variations of it change all of those too. If you don't have a password manager now is probably a good time to look into one. I use LastPass and like it but there are many out there.
You should also run a virus scan and malware scan on your computers in case that's how they gained access. At the very least make sure Windows Defender is turned on and download a free malware scanner like malware bytes. LINK /
quote:
Also, I guess I should report the fraudulent order online to the police?
I'm not saying don't do it, but if it's a $200 order they won't do jack shite about it.
Posted on 10/6/21 at 9:33 am to jfw3535
quote:
I know the smart move would be to reset my password on everything, but I'm sure you guys know how monumental a task that would be given the dozens, if not hundreds, of logins I have various places that all use the same password.
quote:
So again, if this is a random one-off thing, I don't want to start resetting my entire world. Thoughts? Advice?
It doesn't matter if this is a one-off thing or not, you're asking for trouble by continuing to use the same password for every site. Yes, if you have hundreds of logins it will be an annoying task, but the more logins you have to gripe about, the increasing likelihood that a single one of those organizations is compromised, which in turns means all of your logins everywhere are compromised.
If it is a one-off thing, count your blessings and consider it a wakeup call. Get a password manager, learn how to use it, and spend an evening with it generating passwords, changing them on the web, and saving the new logins. It really isn't that hard to do. Take an hour and do all of the really important logins. Afterwards, every time you log into something, if you notice there's no password in your manager, generate/change/save a new password for it.
Posted on 10/6/21 at 10:44 am to efrad
What others said x1000 about not using the same password for all your logins, that's basic security 101. If you don't use a PW manager at least come up with some way of customizing PWs for sites in a way you can remember so they aren't all the same.
Not all websites handle their user info well. It's quite possible that a password on one site was not sufficiently protected such that hackers could get the plain text version and then since it's the same for all your accounts your email, Walmart etc were compromised.
You also need to contact your credit card that was charged and likely cancel and get a new one sent.
Not all websites handle their user info well. It's quite possible that a password on one site was not sufficiently protected such that hackers could get the plain text version and then since it's the same for all your accounts your email, Walmart etc were compromised.
You also need to contact your credit card that was charged and likely cancel and get a new one sent.
Posted on 10/6/21 at 10:53 am to jfw3535
What others say...change you email account password immediately, then start changing all the rest of your passwords. Never re-use a password and turn on multi-factor authentication on every account that supports it. I know it's a pain but the bad guys have the upper hand right now. Good luck.
Posted on 10/6/21 at 11:17 am to jfw3535
Most local police do not deal with credit card fraud because it's a low priority and they don't have the resources. Look up the contact info for the Federal Trade Commission, they have a number (and maybe email) for you to report it.
As others said, you have to assume this was not a one time thing and the person may have just sent a "test order". Request new credit card. Reset any password that has the same login credentials as your WalMart account. Password Manager would be ideal, but for now you should make sure you reset the passwords for any financial institutions ASAP until you can figure out how you want to address a massive change.
Also, if you don't already work with a monitoring company, look into signing up for a credit report monitoring company. Even if it's a free one like credit karma; it'll be something to help watch for activity. CK will catch it after the fact, but you can end it quick; others can catch it before anything happens.
As others said, you have to assume this was not a one time thing and the person may have just sent a "test order". Request new credit card. Reset any password that has the same login credentials as your WalMart account. Password Manager would be ideal, but for now you should make sure you reset the passwords for any financial institutions ASAP until you can figure out how you want to address a massive change.
Also, if you don't already work with a monitoring company, look into signing up for a credit report monitoring company. Even if it's a free one like credit karma; it'll be something to help watch for activity. CK will catch it after the fact, but you can end it quick; others can catch it before anything happens.
Posted on 10/6/21 at 11:18 am to jfw3535
quote:
I'm confused b/c this seems like weird and rather benign behavior for a cybercriminal (signing me up for random newletters and ordering $200 of crap from Walmart)
This is done to make sure the card is valid and will go through. Typically a day or two later you will see a bigger charge.
I've had this happen where someone bought a few 10.00 - 100.00 totals and then bam, a fricking canoe.
Posted on 10/6/21 at 1:08 pm to jojothetireguy
All the sign ups could be done so you are paying attention to them and hopefully miss the truly suspicious activity. Look in your deleted emails and see if you see any password reset emails for any of your other accounts.
Posted on 10/6/21 at 4:23 pm to Wiseguy
Change all your passwords and invest in a subscription to one of the apps like Keeper. Won’t solve this problem but will prevent it in the future
Posted on 10/6/21 at 8:44 pm to jfw3535
Buried somewhere in those 100 emails is the one email that indicates what happened with your Walmart account. This is a tactic used by cyber criminals to bury the needle in a haystack of garbage emails.
Posted on 10/7/21 at 6:58 am to jfw3535
Had the exact thing happen to me a few years ago. All the emails sign ups are an effort to conceal the order confirmation emails from Walmart.
Do the usual - change passwords. And have fun unsubscribing to random international mailing lists for the next 24 months.
Do the usual - change passwords. And have fun unsubscribing to random international mailing lists for the next 24 months.
Posted on 10/7/21 at 7:54 am to Wiseguy
quote:
ll the sign ups could be done so you are paying attention to them and hopefully miss the truly suspicious activity. Look in your deleted emails and see if you see any password reset emails for any of your other accounts.
That’s exactly what it is.
Spam the email, make an innocuous purchase, hope OP selects all and deletes including the purchase email so they don’t see it, wait a few days, BOOM charge like mad and compromise other accounts in the middle of your night.
Posted on 10/7/21 at 10:09 am to Meauxjeaux
The other thing I haven't seen mentioned - login to your credit card accounts every couple of days and just check that there are no unknown or unexpected charges. The email onslaught doesn't affect that, you'd still see a Walmart charge that you wouldn't recognize.
Posted on 10/7/21 at 10:22 am to jfw3535
Thanks for all the replies everyone. Bombarding me with 100 junk emails to bury the purchase email certainly makes a lot of sense. I have taken y'alls advice and I am have gotten a password manager and I'm in the long and arduous process of changing all my passwords. Ugh.
I'm old, hate change and have been using the same 2-3 passwords for the last 20 years, so this is a strange new world to me, but it's clearly necessary and long overdue. As always, I appreciate everybody's help and input.
I also cancelled that credit card, reported the fraud to both Walmart and my credit card. I'll skip the cop report as they won't do anything anyway. I'm an almost daily checker of all my account balances/activities anyway, so not much fraud is going to get past me without it being noticed within 24-48 hours.
I'm old, hate change and have been using the same 2-3 passwords for the last 20 years, so this is a strange new world to me, but it's clearly necessary and long overdue. As always, I appreciate everybody's help and input.
I also cancelled that credit card, reported the fraud to both Walmart and my credit card. I'll skip the cop report as they won't do anything anyway. I'm an almost daily checker of all my account balances/activities anyway, so not much fraud is going to get past me without it being noticed within 24-48 hours.
Page 1 of 1
Back to top
Follow TigerDroppings for LSU Football News