Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Identity Theft Attempt In Progress; How To Respond?

timothy posted about a year ago | from the burrs-on-the-heel-of-the-foot-would-be-mercy dept.

Security 239

An anonymous reader writes "It appears that two weeks ago my email address got into the wrong database. Since that time there have been continuing attempts to access my accounts and create new accounts in my name. I have received emails asking me to click the link below to confirm I want to create an account with Twitter, Facebook, Apple Games Center, Facebook mobile account, and numerous pornographic sites. I have not attempted to create accounts on any of these services. I have also received 16 notices from Apple about how to reset my Apple ID. I am guessing these notices are being automatically generated in response to too many failed login attempts. At this point I have no reason to believe any of my accounts have been compromised but I see no good response."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Change your e-mail address (5, Insightful)

Marxist Hacker 42 (638312) | about a year ago | (#43016675)

Sometimes, it becomes necessary to change your e-mail address.

Re:Change your e-mail address (2, Interesting)

Anonymous Coward | about a year ago | (#43016781)

First things first:

Is it a gmail address ?

Is there another exact address from a different country ?

It could be as simple as foo.bar@gmail.com being confused with foobar@gmail.au

Happened to me.

Re:Change your e-mail address (1, Informative)

X0563511 (793323) | about a year ago | (#43016887)

foo.bar and foobar (and f.o.o.ba.r) are all the same account as far as gmail is concerned. The dots are dropped.

Re:Change your e-mail address (4, Informative)

Anonymous Coward | about a year ago | (#43016965)

Yes... but fubar@gmail.COM is NOT the same as foobar@gmail.AU. Reread the parent.

Re:Change your e-mail address (0)

Anonymous Coward | about a year ago | (#43017053)

clearly fubar foobar ... duh !!

Re: Change your e-mail address (1)

Anonymous Coward | about a year ago | (#43017515)

Malkovich Malkovich Malkovich?

Re:Change your e-mail address (0)

Anonymous Coward | about a year ago | (#43017265)

I don't believe that's the case. My name isn't too common, but there are others around. I am fooe.bar@gmail.com and have been for years. There's another address, fooebar@gmail.com that belongs to someone legitimate who lives in another city. We've never been hacked, don't get too much spam, but occasionally one of us will get an email that should go to the other one. We made contact ages ago and now occasionally correct each other's correspondents, as in "Oh, I'm the Fooe Bar who's a piano teacher in Omaha. You want the Fooe Bar who's a designer in Baltimore." Both of us use a somewhat uncommon variant for spelling our shared first name, so it would actually be Fooe Bar. Gmail has been distinguishing between us for a long time. It's only our human correspondents who sometimes have a problem.

bullshit - gmail does NOT recognize dots (5, Informative)

rgbrenner (317308) | about a year ago | (#43017493)

Good call on posting your BS as an AC.

Google Help: Receiving someone else's mail
http://support.google.com/mail/bin/answer.py?hl=en&answer=10313 [google.com]

Gmail doesn't recognize dots as characters within usernames, you can add or remove the dots from a Gmail address without changing the actual destination address; they'll all go to your inbox, and only yours. In short:

homerjsimpson@gmail.com = hom.er.j.sim.ps.on@gmail.com
homerjsimpson@gmail.com = HOMERJSIMPSON@gmail.com
homerjsimpson@gmail.com = Homer.J.Simpson@gmail.com

All these addresses belong to the same person. You can see this if you try to sign in with your username, but adding or removing a dot from it. You'll still go to your account.

Re:Change your e-mail address (0)

Anonymous Coward | about a year ago | (#43017179)

It should happen to everyone. It is required by the email standard for local-part (the part before the @ sign) processing in email addresses. The extra periods in the local-part are essentially ignored when determining the owner of the mailbox.

Re:Change your e-mail address (5, Informative)

Bearhouse (1034238) | about a year ago | (#43016935)

Indeed. Keep the old ones, of course, but change the passwords to something very, very secure and different for each one.
Backup then delete all information associated in the Cloud with these addresses, (Android, iCloud, Gdrive...)

Do not reuse any of the old accounts for anything. Use a "one-time" account for verification each of the new accounts, then nuke it and change to a new one.
Do not be tempted to have one master account for verification of all the child ones.
If you're using gmail, or similar, do NOT use some variation of your name, home town, company, whatever.

Finally, pony up for your own domain etc. and get a nice email account you can totally control. Cheap, too.

Re:Change your e-mail address (2)

danomac (1032160) | about a year ago | (#43016959)

Firstly make sure there's a damn good non-guessable password on his existing email account!

Re:Change your e-mail address (5, Insightful)

Aardpig (622459) | about a year ago | (#43017077)

One does not simply change one's email address...

Re:Change your e-mail address (2)

Lazere (2809091) | about a year ago | (#43017159)

No, when I feel the need for a new address, I simply add it to my growing pile of addresses. It's as simple as; create new address, make new address the contact for all the important stuff (bank/icloud/whatever) and keep the old one for things/people you may have forgotten.

Don't just sit on your hands... (4, Insightful)

smartfart (215944) | about a year ago | (#43016683)

I would contact my local police force and talk to the financial crimes desk. They may not be able to do anything at this point, but you should establish a paper trail ASAP, which would certainly work in your favor while explaining things to your bank or whatever if the bad guys do manage to hurt you in some manner.

What would you report? (5, Funny)

Anonymous Coward | about a year ago | (#43016769)

Um... yes... There's this person, probably in another country, that I suspect is trying to gain access to my facebook account. LOL.

Re:Don't just sit on your hands... (0)

Anonymous Coward | about a year ago | (#43016793)

Is it already time to reach out to the cops? Can anybody professional who has handled this chime in. This looks like something any one of us could be hit with.

My opinion
(a) Create a new email address and change it in every account you feel is important
(b) Share a few of the phishing emails you have got, and some slashdotter may be able to hit home with the server and give you more details
(c) Switch off html view in all your email clients (mobile/desktop) that use that email address
(d) start marking the phishing mails as spam so that your email provider may be able to use that information to protect you and other targets of this phisher.
(e) I dont know how IT savvy you are, if you are then start looking at using tools like Private Eye(if on mac) or other such monitoring software and post the logs

Hope we isolate the site and the nasty SOB soon!

Anonymous Coward

Re:Don't just sit on your hands... (1, Funny)

TechyImmigrant (175943) | about a year ago | (#43017061)

>Is it already time to reach out to the cops?

I suspect any cop would just stare at you blankly while sipping his coffee or chewing his/her doughnut.
That or they would work out an excuse to beat you up and arrest you for resisting arrest.

Cops are not equipped to deal with these things.

Re:Don't just sit on your hands... (1)

smartfart (215944) | about a year ago | (#43017363)

One of my best friends is a financial crimes detective in my city, and yes, he seems to know his stuff.

Re:Don't just sit on your hands... (1)

SQLGuru (980662) | about a year ago | (#43017143)

Out of curiosity, wouldn't changing your email account look just as suspicious as if your account was compromised?

Were I attacking someone, the first thing I would do is prevent them from getting the "you've been hacked" notices.

Re:Don't just sit on your hands... (4, Insightful)

ShanghaiBill (739463) | about a year ago | (#43017037)

I would contact my local police force and talk to the financial crimes desk.

You would go to the local police because someone (probably on the other side of the world) knows your email address? If you are lucky, the police will just laugh and hang up. If you are unlucky, they may get pissed at you for wasting their time on something so frivolous. What are expecting the police to do?

Just make sure you have good passwords on all your accounts, install a spam filter, and get on with your life.

Re:Don't just sit on your hands... (4, Informative)

Anonymous Coward | about a year ago | (#43017055)

I've been down this road.. The local police are likely to tell you unless you are under threat of imminent bodily harm, you should contact the FBI. When you contact the FBI, they will tell you computers get viruses all the time and you should ignore the problem or contact your local police if you feel your life is in danger.

I'm not trolling or being sarcastic. This was what actually happened when I contact LEOs to try and help solve the problem. Like others said, change your email address and get on with your life. Unless you want to spend a bunch of time chasing ghosts on your own time.

Re:Don't just sit on your hands... (0)

Anonymous Coward | about a year ago | (#43017323)

Play the straight man and simply explain to the police that you think you may have spotted identity theft in progress, and would like to file a police report to have a record for insurance purposes. They have no reason to disallow you filing a report as long as they think they'll only have to do a bit of paperwork.

Re:Don't just sit on your hands... (0)

Anonymous Coward | about a year ago | (#43017389)

I followed that path and filed two reports. Nothing is done with them as there is no evidence the police can understand to chase.

Re:Don't just sit on your hands... (1)

Anonymous Coward | about a year ago | (#43017469)

Well, it's not for the police; they admittedly aren't going to do anything. As somebody pointed out above, most local police departments simply aren't equipped to deal with complaints like this, and the FBI isn't likely to care unless it's something that can make headlines. The report is for insurance purposes, in case suspected identity theft progresses to actual identity theft. Thicker paper trails are always better when you have to deal with insurance adjusters.

That's not to say that somebody signing you up for BS accounts is necessarily indicative of attempted identity theft -- I have a very short gmail account name and have been dealing with exactly this crap for years with no ill effect. If somebody is truly concerned about it, though, and wants to cover all of his/her bases, creating an expansive paper trail is the way to go, and typically requires very little effort.

Re:Don't just sit on your hands... (0)

Anonymous Coward | about a year ago | (#43017481)

They have no reason to disallow you filing a report as long as they think they'll only have to do a bit of paperwork.

But they'll try! I had an actual case of ID theft once; and stuff was being sent to an address in the state next to mine. I went into a police station there to report it & get the report for my dealings with the credit companies (pita). They refused to take the report because I didn't live in the jurisdiction, but assured me that once I'd reported it to my local police they'd liaise and get right on it... My local police actually did take the report over the phone which was nice. It was an investigator for the bank which had been ripped off who eventually contacted me though, not any cop.

Re:Don't just sit on your hands... (2)

Dahamma (304068) | about a year ago | (#43017337)

As I'm sure about a million other people who have tried this before could tell you, this is a complete waste of time.

Most police departments couldn't care less if you report your car being burgled or your cell phone stolen (two cases I have tried to report and they basically acted like they couldn't be bothered), let alone someone just trying to use your email address on a web site. At least in the former case it is useful if you want to make an insurance claim.

As for any Internet fraud claims, etc - as another poster said, the local police will just refer you to the FBI, who will just tell you if there is no material loss they really don't care (and even if there is, if it's not thousands of dollars they really don't care, either). An old roommate of mine actually had the address of a person who scammed him for about $500 on Yahoo Auctions - the FBI, Postal Inspectors, and police all brushed him off. When he asked if it would be better for him to go to the address and confront the person himself, the police told him if there was an incident it would then be his fault. Nice.

Your options are (4, Insightful)

Press2ToContinue (2424598) | about a year ago | (#43016707)

1) Wait and see if they succeed, then create new online and financial accounts and deal with the personal and financial fallout
2) Create new online accounts, transfer all information to new accounts and delete the old ones before they succeed

Up to you.

Re:Your options are (1, Insightful)

Anonymous Coward | about a year ago | (#43016763)

Except in the case of things like an apple account, you lose access to everything you've ever purchased. I'm sure thats not the only example.

Re:Your options are (2)

gamanimatron (1327245) | about a year ago | (#43016911)

It's quite possible to change the email address associated with an Apple account, and dissociate the old address, as long as you can log into it. Just takes a few clicks and a couple of "click this link" emails.

Re:Your options are (0)

Anonymous Coward | about a year ago | (#43017379)

Except in the case of things like an apple account, you lose access to everything you've ever purchased. I'm sure thats not the only example.

For a company to continue to perform hardware work on my 5-year old (stock warranty) laptop free of charge simply because it looked bad, I find it hard to believe that they're going to give a hearty "fuck you" to anyone sitting on a $3,000 iTunes stockpile that simply needs to be transferred to a new account.

You would probably get someone's attention rather quickly by threatening future revenue. I hear CFOs are shot on sight for that kind of short-minded shit these days.

And for a company who's stock price has dropped by 1/3 rather recently, now is not the time for corporate arrogance. That Apple can't be shined with bullshit and fanboy sperm forever.

(Captcha = "audacity")

Re:Your options are (0)

Anonymous Coward | about a year ago | (#43017397)

Why not just update the primary email id associated with your apple id, and remove the compromised one?

That sure seems a lot easier than throwing away your entire purchase history.

Re:Your options are (1)

X0563511 (793323) | about a year ago | (#43016939)

3) change all your passwords and such securely and watch as they flail against your login

Re:Your options are (1)

pentalive (449155) | about a year ago | (#43017241)

Use a password locker like LastPass, let it geneate the longest, most complex passwords the apps/websites will allow and a different one for each website or app.

Re:Your options are (0)

Anonymous Coward | about a year ago | (#43017327)

How did they get his personal info to begin with? Has his computer been compromised in any way? Someone he might personally know might be a suspect also. If after changing accounts, passwords etcetera, attempts are being made again, then it's time to consider it could be someone he knows.

misnmer (0)

Anonymous Coward | about a year ago | (#43016725)

This does not sound like identity theft to me. This sounds like someone using a valid email address so that messages don't instantly bounce, and possibly an attempt to hack your existing accounts..

For help with identity theft, go to your local police, not slashdot.

Re:misnmer (1)

arth1 (260657) | about a year ago | (#43016905)

Looks more like a case of cyberharassment to me.
If this weren't slashdot, my first question would be "have you turned down anyone within the last year?"

To me, there doesn't seem to be enough to go to the police with at present, unless you happen to live somewhere where the police are under-worked, bored and looking for something to investigate that might not lead to a prosecutable or even fineable crime.

And if you think this is bad, wait until you get joe-jobbed.

Re:misnmer (1)

fustakrakich (1673220) | about a year ago | (#43017083)

For help with identity theft, go to your local police, not slashdot.

What, and have SWAT bust down your door and kill your dog? Stick with Slashdot.

did you change your email password? (5, Informative)

alen (225700) | about a year ago | (#43016735)

to something not in the dictionary?

after that i would just ignore the failed attempts. after a while the perp will stop and move on to easier prey

Re:did you change your email password? (5, Funny)

Anonymous Coward | about a year ago | (#43017091)

No, but he did change them all to "honest equine capacitor fastener"

Re:did you change your email password? (1)

Anonymous Coward | about a year ago | (#43017523)

No, but he did change them all to "honest equine capacitor fastener"

Assume an attacker will always start by running a dictionary attack, so you basically have a 4 character password with each character having a possibility of a few hundred thousand values. So it's only about as secure as a 5 or 6 character random string. Another detracting point for using real words is that they'll all get checked prior to random strings, so the attacker has a much better "worst-case" in terms of time to crack than he should. By the same token, a random string will almost always fall towards the ideal case (for the defender).

And yes, I know you were joking, but it needs pointing out. Passphrases are much weaker than they appear on paper unless the attacker is a complete imbecile.

As for the article, I suggest the guy immediately update all his passwords, use a unique one on every site, make them as long as the site will allow and consist of a purely random string picked by a decent program... humans are horrible at generating truly random passwords.

Re:did you change your email password? (1)

Cigarra (652458) | about a year ago | (#43017235)

I'm not sure "ignore the failed attempts" is the right thing to do here. It SHOULD BE, in an ideal world, but there's more than one case where persistent hackers get to reset an account [wired.com] , not by guessing the password, but by social engineering the support people from Apple, Amazon or whatnot.

It's a little unnerving, but I have no idea what exactly a user can do to prevent such things from happening to one.

email address (0)

Anonymous Coward | about a year ago | (#43016739)

Make a new email address and go to the websites that you use and change the account to reflect the new address. As for the other websites. Keep an eye on your bank statements and credit card statements because most banks require fraudulent transactions to be brought to their attention within 45-60 days otherwise they won't refund. Good luck

Tyler Durden (-1)

Anonymous Coward | about a year ago | (#43016795)

Is that you posting again?

Also consider, (0)

Anonymous Coward | about a year ago | (#43016807)

have you upset anyone recently?

Wanting to get into your email, and get to your financial stuff would lean toward id theft. But setting up accounts on porno sites? That might be a tip off that someone is trying to ruin your reputation.

Taken? (5, Funny)

eldavojohn (898314) | about a year ago | (#43016809)

Okay you need to listen to me carefully and to be focused. Do you have access to a bathtub? Good, take your laptop into the bathroom and fill the bathtub full of water. I need you to log into your Facebook and open your Farmville tab. You need to do this quickly before they gain access. Take each of your animals from your farm and love them and nuzzle them and say goodbye to them. Then hold them under water in the bathtub until they stop struggling.

Are you done? Good, leave them in the tub, they're in a better place now.

Go back into your room and crawl under your bed so the satellites they have control of cannot see you. Open up your Apple account and start forwarding your e-mails to your Gmail account. Yes, I know it will take forever, no there is not an easier way to do this. Okay, once you have all of those out delete your Apple account -- you'll get a new one later. You never really owned that stuff you bought on iTunes so just forget about it now, it's gone. Now log into iCloud on your laptop and start the laptop on fire. It's better to destroy all of those photos, tax returns and documents then to let them have them.

Now listen carefully because this part is important. These men are going to access your accounts. They're going to send your friends messages and make you seem like a jerk -- just for fun. There's nothing you can do about that. Just make sure to leave the Slashdot chat box open when they take you ...


Hello? Anonymous Reader?

I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very large amount of Slashdot karma; karma I have acquired over a very long career. Karma that make me feel like I can stand up to people like you. If you let the anonymous reader's accounts go now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will ask you politely to stop messing with people.

Re:Taken? (0)

Anonymous Coward | about a year ago | (#43016991)

man, don't mix that sh....t, can kill you

Throw away email (1)

DarthVain (724186) | about a year ago | (#43017403)

I don't know if it is sad or not, but I did this a very long time ago.

I have a throw away email address that I forward (and delete) everything from to one I actually use. When I use my online identity I only use the throw away account (Slashdot included). If it ever becomes compromised (or even just too much spam, which I think was my orginal intent before filters became very good), you can just drop and delete it (if possible), then if you like start a new one and continue the same process. Sure you may have to reconnect to various websites again to re-register or whatever, but seriously 90% are garbage anyway.

It's not perfect, and won't protect you from everything, but it is at least one level of seperation between you and your online communication. Anyway the way I figure it, it doesn't take much to foil most online attempts, most are looking for the low hanging fruit (usually enmasse, usally scripting, so any deviation throws a wrench into the works). Any amount of effort on their part is too much, as there are plenty of easier marks. If someone of some knowlege really wants to illegally access your stuff (and isn't really worried about repercussions), given time and resources they can probably do it. However I have always maintained that doing so to me would be rather pointless in terms of riches and loot, so why would anyone really bother.

Tilts my tinfoil hat to a jaunty angle.

Definitely Change the Email You Use for Apple (1, Insightful)

ios and web coder (2552484) | about a year ago | (#43016821)

It is a huge PItA to reset an AppleID.

This time, don't use "abcdef123456" as a password, hmm?

I have had my email address compromised (in spam databases) for years, and nothing like this has happened. However, I use non-trivial passwords (I use the Randall Munroe Method [xkcd.com] ), so I have yet to have had an email address actually cracked.

It sounds like they got more than just your email address. It looks like they actually cracked it.

I am getting sick to death of all my friends, associates, tech support folks, salespeople, etc. getting their email accounts cracked. I mean, I know scientists, engineers and real highbrow types, and they are constantly (often repeatedly) getting their emails cracked.

When you get your email cracked, you are selling out everyone on your contact list.

Good job!

Re:Definitely Change the Email You Use for Apple (1)

Anonymous Coward | about a year ago | (#43016969)

It is a huge PItA to reset an AppleID.

This time, don't use "abcdef123456" as a password, hmm?

It doesn't sound like that's what happened. That is, it doesn't sound like the attacker doesn't have control of the account at all. What the attacker DOES have is the email address and is harassing the user by attempting to A) subscribe it to a variety of pornographic websites (which appear to be requesting confirmation before doing anything) and B) brute-force a password check, both to no avail.

The problem is, the user keeps getting emails for all of this, which is getting annoying.

Re:Definitely Change the Email You Use for Apple (0)

ios and web coder (2552484) | about a year ago | (#43017051)

OK, I'll cede the point. However, I have a number of Apple IDs, and just having an email addy isn't enough to just go ahead and use it. They are pretty tinfoil, and recognize when a new computer is trying to access something.

However, in order for that to have happened, then I seriously doubt that it's really identity theft. Sounds like the OP pissed off someone that has their email addy.

Thanks for the "troll" rating, BTW. Really shows some class.

Re:Definitely Change the Email You Use for Apple (0)

Anonymous Coward | about a year ago | (#43017165)

Security through obscurity. Why people think it's a good idea to use the same address everywhere is beyond me.

Really? (2)

koan (80826) | about a year ago | (#43016825)

"but I see no good response."
You can stop using that email, monitor your credit cards and other accounts, you can also freeze your credit cards and who can check your credit, change all your passwords, there are entire web pages dedicated to helping with this issue.

Malicious or clueless? (1)

Anonymous Coward | about a year ago | (#43016839)

My wife is being plagued by someone giving out her email address and signing up for various accounts.

It's not identity theft in this case, it's just a completely clueless person that doesn't understand that the address is hers, and using it to sign up for various things doesn't mean they can get to the email in the end.

Re:Malicious or clueless? (2)

arth1 (260657) | about a year ago | (#43017005)

My wife is being plagued by someone giving out her email address and signing up for various accounts.

It's not identity theft in this case, it's just a completely clueless person that doesn't understand that the address is hers, and using it to sign up for various things doesn't mean they can get to the email in the end.

Never attribute to stupidity that which can be adequately explained by malice.
-- Mrs. Hanlon's Razor

My money would be on a former friend of your wife's.

Re:Malicious or clueless? (0)

Anonymous Coward | about a year ago | (#43017517)

Sadly enough, that's not the case. This is happening to me right now; dude is trying to buy a truck (with his own money, apparently) and I'm getting all his dealership communications (mostly "why aren't you answering? do you still want the truck?"). I guess that's what I get for registering for gmail when you could still get first/last name addresses....

Re:Malicious or clueless? (1)

Hjalmar (7270) | about a year ago | (#43017365)

I have had this happen. Eventually I was able to gather enough information about the person to contact them in real life. Nothing will freak out a person more than to be told by someone "stop using my email". Especially if you also prove that you know their home address, phone number, names of personal friends, etc.

reset your passwords (0)

Anonymous Coward | about a year ago | (#43016843)

Change your passwords to be very strong, and change them once a week for the next few weeks. Also contact some of your providers and see if they can put a trace on attempts.

More Likely (4, Insightful)

g0bshiTe (596213) | about a year ago | (#43016851)

An anonymous reader writes "It appears that two weeks ago my email address got into the wrong database"

Or two weeks ago you pissed someone off and they are just plugging your email address into everything.

Re:More Likely (1)

ShaunC (203807) | about a year ago | (#43017255)

That's what it sounds like to me, too. An identity thief wouldn't be having all of these email notifications etc. being sent to the victim's address, he'd have created an account on Yahoo or something to receive those messages without the victim knowing. The porn site registrations are a pretty good sign that this is "revenge spam." Someone just wants to annoy the heck out of submitter.

As an aside, anytime Apple updates their Terms of Service on an iOS device, there's always a button for "Send these terms via email." That form performs no check on a) whether the address entered belongs to an Apple ID, or b) whether you've already emailed the terms. So, you can easily have Apple spam someone's mailbox with as many copies of their TOS as you're willing to waste time on. Last time I did this, each click of the send button actually generated two emails... One about the TOS and one about the game store, or something.

Re:More Likely (1)

DarthVain (724186) | about a year ago | (#43017433)

It does sound a bit like ordering pizza's and magizine subscriptions to an address of someone you loath.

Everybody gets these (0)

Anonymous Coward | about a year ago | (#43016863)

I get these on all my email accounts. I highly doubt you were specifically targeted in any way.

Credit fraud alert and maybe credit freeze (1)

slashgordo. (2772763) | about a year ago | (#43016889)

With the 3 main credit agencies, definitely put a credit fraud alert on your account, and if you're a little more paranoid and have a few bucks, put a security freeze on your account, too. Hopefully if you have good passwords they'll lose interest and move along. You mentioned your Apple ID. Is there anybody at Apple that you can report the bogus password reset attempts to, and maybe they can trace their IP address?

Re:Credit fraud alert and maybe credit freeze (1, Informative)

Geoffrey.landis (926948) | about a year ago | (#43017047)

With the 3 main credit agencies, definitely put a credit fraud alert on your account

Do be aware that the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating, and result in banks quoting you higher interest rates if you apply for a loan.

Re:Credit fraud alert and maybe credit freeze (2)

BonemanPgh (2370264) | about a year ago | (#43017243)

the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating

That is a common misconception. Will a freeze lower my credit score? No. (Source: http://atg.wa.gov/freeze.aspx [wa.gov] )

Re:Credit fraud alert and maybe credit freeze (1)

Jumperalex (185007) | about a year ago | (#43017437)

Not to mention, even if it DID ... it would have to lower it a LOT and your score would already have to be on the margain to be bumped down into a new rate range. But alas, it is NOT true.

Re:Credit fraud alert and maybe credit freeze (1)

Geoffrey.landis (926948) | about a year ago | (#43017533)

the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating

That is a common misconception.
Will a freeze lower my credit score? No. (Source: http://atg.wa.gov/freeze.aspx [wa.gov] )

Well, I was talking about a fraud alert, not a freeze.

OK, a fraud alert won't reduce your numerical score. However, banks checking your credit report to consider issuing credit will see the fraud alert. Based on that, they chose whether to extend credit, and if so, what rate to offer. The law does not forbid them from taking the existence of a fraud alert on your account into consideration when deciding that, and you can expect that they will do so.

Your mileage may vary.

not much to do, a lot you can do? (1)

zerosomething (1353609) | about a year ago | (#43016895)

There has been not account compromise that you know of right? So there isn't much you can do. You should get your free credit report https://www.annualcreditreport.com/cra/index.jsp [annualcreditreport.com] This is the truly free ones. You can get one free one each year from each agency, there are 3 agencies so you can get one every 4 months. Just keep track of your financial info. You might disassociate the address they are trying to get into from any financial accounts. Change all your passwords to something good and use a password manager so you don't have to do the online reset process.

Re:not much to do, a lot you can do? (4, Informative)

zerosomething (1353609) | about a year ago | (#43016995)

Found some old recommendations I sent out to friends that weren't too tek savvy. It's fairly basic info that most should know.

I was looking into Life Lock and started reading what they actually do, which is in the fine print of their terms of service here.

http://www.dmachoice.org/ [dmachoice.org] it's the primary service Life Lock uses to get you off of mailing lists and it's free. They also have some good info on how to keep secure online. There are several items you can go through to have your self removed form email and mail lists.

Then go to https://www.donotcall.gov/ [donotcall.gov] and register your phone numbers for the do not call list.

Then go to https://www.optoutprescreen.com/ [optoutprescreen.com] to remove your self from the credit card pre-approval lists.

If you want free credit reports use this site. https://www.annualcreditreport.com/cra/index.jsp [annualcreditreport.com] You can get 1 free report every year from each of the 3 reporting agencies. If you break it up you could get 1 every 2 month. I could get one from Equifax this month. Then in 2 months my wife could get one for them. Then in 2 months I could get one from TransUnion. etc... The reason to get them is mostly to see who has been looking at your credit. Then make sure all the loans are yours.

Now for your online stuff. Get an email account at google or some place else that you can use for those online registration things that you need to do from time to time. Use that account only for things that you are unsure about. Keep another account for the more important stuff like the banks. You could even have a 3rd account for your general email.

Most web browsers have an option too clear the cache and cookies. Look for it. In Safari on Mac look under the Safari menu then select Reset Safari... On Windows it's under the File Menu. In Firefox you need to look in the Preferences and the Security tab. Resetting and clearing out the cookies will also clear saved passwords. The reason to do this is because many web sites set tokens on your web browser called cookies that allow them to track you and what you do online. They can see where you are going and what you do online. For Windows this is a big problem because there are ways to install applications on the system without you knowing. Then your computer can be used to send email spam to others or even be used remotely to take over other computers. This is really only a problem on Windows but for Macs they can still track your online usage and figure things out about you that might make it easier to get you to click on something that would install an application that could take over your computer.

For email. Set your email program to not automatically read your mail and try to use the built-in spam filters. Also set the options to not download in-line pictures and such. The pictures in spam can be used to also track you and verify your email address. If you and I get the same piece of spam the picture will actually not be in the email it's actually a picture on a web server someplace. The name of the picture is unique to each spam email so when your mail program tries to access the picture from the internet the spammers computer ticks off the unique name your computer used to get the picture. That unique name is associated with your email address.

Probably not Identity Theft (0)

Anonymous Coward | about a year ago | (#43016921)

In this case, it looks like you pissed someone off, and they are attempting to gain access to your account and create new accounts with the same e-mail address to get back at you using your name. Change your passwords, and make them strong. You can file reports with the police but they probably won't do much. Most importantly keep an eye our for people pretending to be you and slandering you. If you find it happening somewhere, then contacting the police and/or hiring a lawyer might make sense.

Sucks, but you must be proactive (0)

Anonymous Coward | about a year ago | (#43016927)

hit the credit reporting sites and see what they have to offer (Experian, Equifax, Transunion). Also, look up LifeLock. Talk to your bank and credit card companies. Delete as many accounts as you can (facebook, apple, twitter, etc.). Move your bank accounts to different banks. Have your banks disconnect your accounts from online-banking (I can choose which accounts to have visible when I log in to my banks website).

Moron with your name (0)

Anonymous Coward | about a year ago | (#43016937)

I recently had a similar issue. It turned out some moron in Denver with the same name as me thought that he automatically got to have a gmail account in that name. I've had the relevant gmail account since you needed invites. Some quick googling got me his contact info and it got sorted out. Looking back, I got lucky though. I'd change all your passwords and try to reach authorities if it goes on too long.

How is this identity theft? (4, Insightful)

twotacocombo (1529393) | about a year ago | (#43016949)

It looks like you've pissed somebody off and now they're just screwing with you. What would motivate a stranger to randomly open free online accounts under your email address, which they presumably don't yet control, when they can get one of their own just as easily? The days of breaking into and squatting somebody's paid AOL account are long gone. If this was true identity theft, things would start showing up on your credit report, you'd be getting nastygrams in the mail, and the collectors would start calling. Go change your passwords and move on with life.

The two above and... (1)

echnaton192 (1118591) | about a year ago | (#43016951)

Yes, what the two above me wrote:

1. go to the police. I guess even in the USA this might be a good idea. As post above this said, you might need the papertrail for evidence
2. create new emailaddress by another provider. Last time I checked hotmail was swarmed with compromised accounts, while gmail actually protected some customers. I do not know about outlook.com. Use IMAP and ssl so that you quckly receive all emails and do not have to delete mails (use provider with large inbox). Set new provider to get all the emails via ssl and pop from the old one (change password first to a strong one).
3. Change literally every password to a strong one and change the associated emailaddress of this account from any account you could think of. Use paper and pencil or trusted password safes (some even create good passwords in case you can not think of so many, use only machines or mobile devices you can trust).

Also (1)

g0bshiTe (596213) | about a year ago | (#43016963)

I'd be willing to bet AC poster used thisname@gmail.com and thisname@apple.com and thisname@whatever.com
Are all your usernames the same between all these sites?
Have you responded to any of the 16 notices from Apple about resetting your password? Are the emails actually coming from Apple and not some type of phish.

There isn't a solution (4, Informative)

AK Marc (707885) | about a year ago | (#43016975)

You can change your passwords on every site to different random strings of unbreakable length and store them in a password manager, to guarantee that breaking one wouldn't affect the others.

Or you can attempt to close any accounts tied to that email.

Other than closing the accounts, there's nothing you can do. I've called the FBI in a similar circumstance. "Yes, we are tasked with enforcement of that nature. No, we will not act unless you've suffered actual monetary loss."

If you want to prevent this, use different email accounts for each service (you can forward them all to the same "main" account to make checking them easier), so if one email gets abused, you only risk one service. But that's too late for the submitter.

Probably an id10t error. (2)

Rhys (96510) | about a year ago | (#43016977)

Having a fairly common name and a early gmail where I snagged first initial + last name I get a lot of junk there. Password reset attempts aplenty, people's airline tickets, house listings, closing documents...

Those I want off of I send a nice mail to support at the company and claim fraudulent use of my email address to register with them. You'd be amazed how fast your email will be off their account (sometimes the account survives that, sometimes... the id10t gets to get a new account -- have fun with that!).

Chill out... (4, Informative)

bazmail (764941) | about a year ago | (#43016981)

It is just someone who doesn't like you trying to fuck with you. That's not how identity thieves operate. Hopefully one of those automated emails sent you you includes an IP address of whomever is submitting the forms, and that may lead to something. I would say relax, it will pass.

I've had this happen to me (1)

black3d (1648913) | about a year ago | (#43016983)

When this has happened to me before, also with the apple ID resets, etc, I've simply hardened the passwords on all my accounts and happily kept on going. As long as you're not following any phishing links, you should be fine.

Trace them ... (0)

Anonymous Coward | about a year ago | (#43016993)

Track them down using the IP address information they have left behind during their attempts.

Then kill them.

Review your e-mail and other account settings (0)

Anonymous Coward | about a year ago | (#43017073)

Just review your accounts settings. Is your password a strong one?

For the backup e-mail (for lost passwords) is that account secure as well? What about that account's backup?

Are you security questions and answers complex? Are they truthful answers or did you put in some fake/random data as well to protect them? I recommend making the answers really long random strings (like 50+ character password), print the answers out, and store them in a safe or deposit box. Not on your computer.

2 factor auth available?

Your bank probably allows resets to your e-mail. Make sure that is locked down too.

Fraud Alert! (1)

TheCarp (96830) | about a year ago | (#43017087)

Most everyone is saying similar things, one thing I missed if anyone said it.... put a fraud alert on your credit. Lifelock does this, in fact, its really their main product. Basically, if you write a letter to the credit reporting agencies to tell them that you have reason to believe that someone is trying to steal your identity, they will post an alert on your records, which makes them actually do things like ask for ID when someone claiming to be you asks for a credit report.

The main nice thing about lifelock is/was (its been a while) that this only lasts a few months, they automatically renew it for you. The credit reporting agencies were pretty pissed about this claiming that the fraud alert system is....well.... for people like you who actually have reason to think someone is trying.... not just those of us who know how common and easy it is and know that we are all targets. (or as I liked to paraphrase it "waaaaah we have to do our jobs now....waaaah we can't just be irresponsible with our humoungous database of other people's information....waaaaah")

Happened to me (2)

Hjalmar (7270) | about a year ago | (#43017113)

I started getting multiple "you have reached the maximum number of login attempts" from my bank. I changed the account name, and it ended.

Create a new email address, and switch iTunes over to that account. Keep in mind that when hackers got into Mat Honan's life, they did it by exploiting weaknesses in Apple and Google's authentication schemes. Neither weakness was enough on its own, but when combined hackers were able to get full access.


It's annoying, but be a little proactive and you'll be fine.

Credit Report Pronto (1)

AnalogDiehard (199128) | about a year ago | (#43017121)

Order a free copy of your credit report [annualcreditreport.com] pronto and check for suspicious activity. Call the credit reporting agencies and put a fraud alert on your account - by providing a phone number only you have access to, any financial institution attempting to open a credit line or loan from someone using you stolen identity will see the fraud alert and call the phone number listed before approving. The fraud alert stays on your record for five years.

My soon-to-be-ex-wife attempted to open a $13,000 credit card in my name using stolen mail. The fraud alert put a stop to any more attempts. That fraud event came out in divorce court and the judge was not too pleased with her.

Regarding the emails to confirm or reset accounts, look for a link to report fraud. Use it (but not the p0rno emails, those bastards will just spam you forever since you just confirmed a live human on the other end).

Try to figure out what they're after, secure it. (0)

Anonymous Coward | about a year ago | (#43017161)

This isn't casual ID theft. You have something that somebody wants. Someone is trying to hammer at all possible points of your online presence, probably to find information or leverage to get in to something else. (This is the real reason password reuse is bad. One weak system, and your credentials are compromised in other systems)

Do you have a popular online presence? Do a lot of people follow and watch what you do?
Blog? Facebook page? Youtube account? Google+?

Facebook in particular. If you have even a midly popular account you'll be hammered HARD by break in attempts, and due to facebook's generally shit security, you'll probably lose it no matter how well you secure it.

Facebook's fail-open-yes-by-default nature means that popular accounts have huge exposure. Spammers, shady marketers, and social media opinion manipulators (Yes, this is a real thing) buy hacked popular accounts to get their messages to lots of eyes very quickly.

Most of facebook's most popular non-big-celeb accounts are stolen, and exist pretty much to be monetized by shady interests.

There's always suicide (0)

Anonymous Coward | about a year ago | (#43017187)

Hey, I don't think you can be charged with killing yourself .. can you?

Phish! (0)

Anonymous Coward | about a year ago | (#43017191)

Could just be Phishing too, trying to get you to click on the legit looking links that really take you to a malicious site...

GMail is your friend :D (0)

Anonymous Coward | about a year ago | (#43017281)

Someone in China attempted to access my account about a month ago, and Google (praise be to the google gods), very generously forwarded me the offender's IP address. After about a week of single ping requests, the offender came back online.. and *poof*. He is no longer attempting to steal email accounts anymore. At least, until he gets a new computer.

Amazing stuff you can do with custom firmware these days, no?

Okay, here's what you do: (4, Funny)

pitchpipe (708843) | about a year ago | (#43017501)

They done goofed this time. You need to set up a backtrace. I can help you. Send me all of your log-in information and I will get the backtrace set up. Then I will forward your case on to the Cyber Police. These hackers aren't going to know what hit them.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account