Data Breach Omnibus Thread

Other discussions not related to the Permanent Portfolio

Moderator: Global Moderator

User avatar
dualstow
Executive Member
Executive Member
Posts: 8610
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Wed Jul 31, 2019 12:15 pm

sophie wrote:
Wed Jul 31, 2019 6:48 am
...

Freeze your credit, find a way to monitor your credit report & various account transactions, and move on. All of our Social Security numbers and various other bits of personal information might as well be published in the New York Times. You can be sure that for every leak you've heard about, there are a few dozen you didn't hear about....
My parents got hit with identity theft over a year ago and they're still finding it difficult to move on.

I mean, they're mostly taking all the right measures. I helped them with passwords. They've filed reports with the authorities (who didn't care). I think they got their money back in every instance except for some Amazon purchases. Amazon originally said they would refund the amount and then, inexplicably, changed their mind.

Every morning, seven days a week, my Dad checks to see if any new lines of credit have been opened in his name, and things like that. Because 20 different things like that have happened so far. His address was changed at the post office for mail forwarding (no password required!). New credit cards were opened at places that my father called and warned them about: I'm looking at you, USAA. Loans were begun...
We even know the address where the crook was receiving his goods from Amazon and have informed the FBI. No joy.

We think it was Equifax and not an error on my dad's part, but they're doing everything they can to not make this worse. Will probably never move on.
Happy Veterans Day 🇺🇸 Bond markets are closed
User avatar
dualstow
Executive Member
Executive Member
Posts: 8610
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Wed Jul 31, 2019 5:42 pm

...and one of my cards was hacked. That was fast. Could just be plain vanilla fraud and not part of the breach, but...I tend to think it's part of it.
Happy Veterans Day 🇺🇸 Bond markets are closed
User avatar
Tortoise
Executive Member
Executive Member
Posts: 1174
Joined: Sat Nov 06, 2010 2:35 am

Re: Data Breach Omnibus Thread

Post by Tortoise » Wed Jul 31, 2019 10:32 pm

dualstow wrote:
Wed Jul 31, 2019 5:42 pm
...and one of my cards was hacked. That was fast. Could just be plain vanilla fraud and not part of the breach, but...I tend to think it's part of it.
“What’s in your wallet?”

Someone else’s Capital One card! >:D
User avatar
sophie
Executive Member
Executive Member
Posts: 3162
Joined: Mon Apr 23, 2012 7:15 pm

Re: Data Breach Omnibus Thread

Post by sophie » Thu Aug 01, 2019 6:56 am

Dualstow, so sorry to hear about your dad's travails. I would never have thought of the post office mail forwarding issue!!!

Instead of checking credit daily and fighting new loans as they pop up, why not have your dad freeze his credit? All those credit cards and loans must be a nightmare, but the freeze should prevent any new ones from happening.

And how exactly did the identity info allow the perpetrators to buy on Amazon under your dad's account? Did they get his password, or did they set up an account linked to one of his credit cards? Password is an easy fix. For the credit card, contact the credit card company, dispute the charges/report the fraudulent use, and change the card # or close the account. And contact Amazon to have them close the fraudulent account - you did that already, I expect.
User avatar
dualstow
Executive Member
Executive Member
Posts: 8610
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Thu Aug 01, 2019 7:28 am

Tortoise wrote:
Wed Jul 31, 2019 10:32 pm
dualstow wrote:
Wed Jul 31, 2019 5:42 pm
...and one of my cards was hacked. That was fast. Could just be plain vanilla fraud and not part of the breach, but...I tend to think it's part of it.
“What’s in your wallet?”

Someone else’s Capital One card! >:D
O0
I think on cnbc they said something to the effect of, they won’t be rerunning that ad anytime soon.
Happy Veterans Day 🇺🇸 Bond markets are closed
User avatar
dualstow
Executive Member
Executive Member
Posts: 8610
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Thu Aug 01, 2019 7:40 am

sophie wrote:
Thu Aug 01, 2019 6:56 am
Dualstow, so sorry to hear about your dad's travails. I would never have thought of the post office mail forwarding issue!!!

Instead of checking credit daily and fighting new loans as they pop up, why not have your dad freeze his credit? All those credit cards and loans must be a nightmare, but the freeze should prevent any new ones from happening.

And how exactly did the identity info allow the perpetrators to buy on Amazon under your dad's account? Did they get his password, or did they set up an account linked to one of his credit cards? Password is an easy fix. For the credit card, contact the credit card company, dispute the charges/report the fraudulent use, and change the card # or close the account. And contact Amazon to have them close the fraudulent account - you did that already, I expect.
Sophie, the mail thing was the craziest, but believe me there was fierce competition. O0
How: it started with a little social engineering. Getting the cell number transferred to another carrier without ever touching the physical phones. I have read both on forums and elsewhere that it’s fairly common to have a complicit employee at a cell company.

From there, accepting one-time PINs from all kinds of sites, including gmail. One year later, after just a few minutes or hours trying to wrest control of gmail from the thief and seeing it taken back, everyone is frozen out of the account. 100 documents lost, except those that were downloaded for offline preservation.

The only mistake he really made was not to tackle Amazon on time. I specifically told him to check his order history as soon as he told me his phone and email were hacked. He didn’t do it until i showed up in person. Actually, I did it and read it aloud to him. So there’s your answer: his account. But, I get it. He’s an octogenarian and he was shaken. Already had medical stuff going on in the family that was stressing him out, and other things, and then the hacker hit him where it counts.

Yup, he and I did what you said and much, much more. It’s been a journey.
Happy Veterans Day 🇺🇸 Bond markets are closed
User avatar
ochotona
Executive Member
Executive Member
Posts: 2817
Joined: Fri Jan 30, 2015 5:54 am

Re: Data Breach Omnibus Thread

Post by ochotona » Thu Aug 01, 2019 8:55 am

dualstow wrote:
Thu Aug 01, 2019 7:40 am
How: it started with a little social engineering. Getting the cell number transferred to another carrier without ever touching the physical phones. I have read both on forums and elsewhere that it’s fairly common to have a complicit employee at a cell company.
Two-factor using mobile phones is a semi-weak link! Which is why I use the app authenticator for both Fidelity and Schwab. For institutions where I rely on mobile phone for 2FA, I just enable every damn security alert possible by email and text, and plan to jump like OJ Simpson running through the airport for his Avis Car if I ever get one.

My credit reports are frozen...

I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
User avatar
Tortoise
Executive Member
Executive Member
Posts: 1174
Joined: Sat Nov 06, 2010 2:35 am

Re: Data Breach Omnibus Thread

Post by Tortoise » Thu Aug 01, 2019 6:19 pm

ochotona wrote:
Thu Aug 01, 2019 8:55 am
I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
Do you know if anyone using an IRS PIN has still gotten their refund stolen? If not, that sounds promising. There’s probably still a way for a determined thief to “recover a lost IRS PIN”, but I imagine it’s a pain in the butt and is thus an extra deterrent.
User avatar
dualstow
Executive Member
Executive Member
Posts: 8610
Joined: Wed Oct 27, 2010 10:18 am
Location: next to emotional support peacock
Contact:

Re: Data Breach Omnibus Thread

Post by dualstow » Thu Aug 01, 2019 7:44 pm

Tortoise wrote:
Thu Aug 01, 2019 6:19 pm
ochotona wrote:
Thu Aug 01, 2019 8:55 am
I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
Do you know if anyone using an IRS PIN has still gotten their refund stolen? If not, that sounds promising. There’s probably still a way for a determined thief to “recover a lost IRS PIN”, but I imagine it’s a pain in the butt and is thus an extra deterrent.
You know what’s funny, though? All the stuff that is a pain in the butt for law-abiding citizens is a walk in the park for slick criminals. My folks were asked to bring in paperwork no fewer than three times to renew their drivers’ licenses, but the crook got a copy of my dad’s just like that. Probably told them he misplaced his. Never mind that he had it sent to a totally different city.
Happy Veterans Day 🇺🇸 Bond markets are closed
User avatar
ochotona
Executive Member
Executive Member
Posts: 2817
Joined: Fri Jan 30, 2015 5:54 am

Re: Data Breach Omnibus Thread

Post by ochotona » Thu Aug 01, 2019 8:35 pm

Tortoise wrote:
Thu Aug 01, 2019 6:19 pm
ochotona wrote:
Thu Aug 01, 2019 8:55 am
I have to file my Federal tax returns using an annually-provisioned IRS PIN. Read this. No one can steal my refund.
Do you know if anyone using an IRS PIN has still gotten their refund stolen? If not, that sounds promising. There’s probably still a way for a determined thief to “recover a lost IRS PIN”, but I imagine it’s a pain in the butt and is thus an extra deterrent.
They mail the PIN to your home address, so if your physical mail is secure, you're ok.
User avatar
Tortoise
Executive Member
Executive Member
Posts: 1174
Joined: Sat Nov 06, 2010 2:35 am

Re: Data Breach Omnibus Thread

Post by Tortoise » Thu Aug 01, 2019 8:54 pm

dualstow wrote:
Thu Aug 01, 2019 7:44 pm
You know what’s funny, though? All the stuff that is a pain in the butt for law-abiding citizens is a walk in the park for slick criminals. My folks were asked to bring in paperwork no fewer than three times to renew their drivers’ licenses, but the crook got a copy of my dad’s just like that. Probably told them he misplaced his. Never mind that he had it sent to a totally different city.
Ah yes, the beauty of social engineering. If 99/100 gatekeepers strictly enforce the rules, but 1/100 bends the rules a little if asked the right way, just focus your efforts on finding that one weak gatekeeper and you’re in. The weakest link. :-\
User avatar
sophie
Executive Member
Executive Member
Posts: 3162
Joined: Mon Apr 23, 2012 7:15 pm

Re: Data Breach Omnibus Thread

Post by sophie » Sun Aug 04, 2019 6:39 am

Yikes dualstow, your poor dad!! So glad you were there to help. That was one thorough thief you were dealing with. email, mail, online accounts all at the same time???

I didn't get the invite for the IRS PIN and I don't live in one of the listed states, so I have to protect my tax return the old fashioned way: File as early as possible. There's a still a window where a thief could get in ahead of me, but at least it reduces the chances. I wish the IRS wouldn't accept returns until after the banks and brokerages cough up their 1099-divs. It's also annoying that Turbotax won't import them for at least a week after the forms are available online, so this past year I manually entered the last one.
Post Reply