Ask Slashdot: Identity Theft Attempt In Progress; How To Respond? 239
An anonymous reader writes "It appears that two weeks ago my email address got into the wrong database. Since that time there have been continuing attempts to access my accounts and create new accounts in my name. I have received emails asking me to click the link below to confirm I want to create an account with Twitter, Facebook, Apple Games Center, Facebook mobile account, and numerous pornographic sites. I have not attempted to create accounts on any of these services. I have also received 16 notices from Apple about how to reset my Apple ID. I am guessing these notices are being automatically generated in response to too many failed login attempts. At this point I have no reason to believe any of my accounts have been compromised but I see no good response."
Change your e-mail address (Score:5, Insightful)
Sometimes, it becomes necessary to change your e-mail address.
Re: (Score:2, Interesting)
First things first:
Is it a gmail address ?
Is there another exact address from a different country ?
It could be as simple as foo.bar@gmail.com being confused with foobar@gmail.au
Happened to me.
Re:Change your e-mail address (Score:4, Informative)
Yes... but fubar@gmail.COM is NOT the same as foobar@gmail.AU. Reread the parent.
Re: (Score:3)
Without wishing to seem pedantic, there is no *@gmail.au — if anything it would be *@gmail.com.au but I've never known anyone to have that; only *@gmail.com, or in the UK *@googlemail.co.uk.
bullshit - gmail does NOT recognize dots (Score:5, Informative)
Good call on posting your BS as an AC.
Google Help: Receiving someone else's mail
http://support.google.com/mail/bin/answer.py?hl=en&answer=10313 [google.com]
Gmail doesn't recognize dots as characters within usernames, you can add or remove the dots from a Gmail address without changing the actual destination address; they'll all go to your inbox, and only yours. In short:
homerjsimpson@gmail.com = hom.er.j.sim.ps.on@gmail.com
homerjsimpson@gmail.com = HOMERJSIMPSON@gmail.com
homerjsimpson@gmail.com = Homer.J.Simpson@gmail.com
All these addresses belong to the same person. You can see this if you try to sign in with your username, but adding or removing a dot from it. You'll still go to your account.
Re: (Score:2, Informative)
That wasn't originally the case though. I believe that when they first instituted the referenced change, they excepted those that were already in conflict.
Re: (Score:3)
you're thinking of some other service
gmail launched in april 04.
Here's a post from the same month:
http://www.errorik.com/archive/2004-04.htm [errorik.com]
Here's July 04:
http://itsmygmail.blogspot.com/2004/07/gmail-address-variations.html [blogspot.com]
and Jan 06:
http://arstechnica.com/uncategorized/2006/01/6022-2/ [arstechnica.com]
Re: (Score:2, Informative)
Re: (Score:3)
Probably because it really does happen to some people - my own gmail address is signed up with a period, and someone else, presumably in the UK, signed up without. I still get Dell UK newsletters for him (and I'm in AU, so if I used my gmail address with Dell, I expect he would receive some Dell AU newsletters). Just because it's publicly stated that dots are dropped does not mean there wasn't a period where either the rule did not exist, or the code to enforce the rule was broken.
I've also sent mail to the
Re:Change your e-mail address (Score:5, Informative)
Indeed. Keep the old ones, of course, but change the passwords to something very, very secure and different for each one.
Backup then delete all information associated in the Cloud with these addresses, (Android, iCloud, Gdrive...)
Do not reuse any of the old accounts for anything. Use a "one-time" account for verification each of the new accounts, then nuke it and change to a new one.
Do not be tempted to have one master account for verification of all the child ones.
If you're using gmail, or similar, do NOT use some variation of your name, home town, company, whatever.
Finally, pony up for your own domain etc. and get a nice email account you can totally control. Cheap, too.
Self hosted email... (Score:3, Informative)
Re: (Score:3)
Firstly make sure there's a damn good non-guessable password on his existing email account!
Re: (Score:2)
Re:Change your e-mail address (Score:5, Insightful)
One does not simply change one's email address...
Re: (Score:2)
Re: (Score:2)
Whenever I sign up for a new service I use a custom throw-away address, labelled for that particular site, and if it gets hacked/used for spam or other I can go back to change the address (and/or password) with that service to an new throw-away address. All email get forwarded to my real address(s) of my choice, and when I start receiving mail I don't want I automatically know who got
Re: Change your e-mail address (Score:2, Informative)
Gishpuppy offers this service for free [gishpuppy.com] turn in your geek card for not knowing what he is talking about. :)
There's a Firefox plugin to automatically create addresses. I did this with all my loyalty cards. ???.kroger@gishpuppy.com and ???.walgreens@gishpuppy.com all forward to a special gmail box. If groupon keeps annoying the crap out if me, I can just log-in to gishpuppy and delete that address. All messages will be bounced back.
Simple as possible, completely free and stunningly effective.
Re: (Score:2)
The problem here is that there are PLENTY of services out there that insist on using your e-mail address as a username. A great many of those don't permit the changing of that username beyond the creation of the account. This essentially means that once you create such a linked account you can never change your e-mail address ever again - unless you want to go recreating all the linked accounts and losing anything in them in the process.
All my email routes through my domain to my gmail account. I never give out my gmail account (not that it's that hard to discover, but it's never my username anywhere). If my gmail is getting hacked, I can just move to a new one, and change the forwarding. There's nothing really to hack associated with the email addresses I give out - there's only forwarding there.
Don't just sit on your hands... (Score:4, Insightful)
What would you report? (Score:5, Funny)
Um... yes... There's this person, probably in another country, that I suspect is trying to gain access to my facebook account. LOL.
Re:What would you report? (Score:4, Insightful)
Um... yes... There's this person, probably in another country, that I suspect is trying to gain access to my facebook account. LOL.
Laugh, but the GP is correct. File the paperwork. It's a CYA move, just like you'd do if something fishy was going on at work. Not only does this cover YOU, but it also provides a jumping off point, should some computer crimes force actually stumble on the perp. They can't do a thing against them in many cases unless someone has reported it first. Having a report on file unties all sorts of red tape for their investigations.
That said, reporting it to a local county office isn't going to do much; you need to find the closest computer crimes division that will actually file your report and also add it to the federal/international databases so it can be cross-referenced by other investigators.
Re: What would you report? (Score:2, Funny)
404 in progress, all units respond!
Re:Don't just sit on your hands... (Score:5, Insightful)
I would contact my local police force and talk to the financial crimes desk.
You would go to the local police because someone (probably on the other side of the world) knows your email address? If you are lucky, the police will just laugh and hang up. If you are unlucky, they may get pissed at you for wasting their time on something so frivolous. What are expecting the police to do?
Just make sure you have good passwords on all your accounts, install a spam filter, and get on with your life.
Re: (Score:3)
Re:Don't just sit on your hands... (Score:4, Informative)
I've been down this road.. The local police are likely to tell you unless you are under threat of imminent bodily harm, you should contact the FBI. When you contact the FBI, they will tell you computers get viruses all the time and you should ignore the problem or contact your local police if you feel your life is in danger.
I'm not trolling or being sarcastic. This was what actually happened when I contact LEOs to try and help solve the problem. Like others said, change your email address and get on with your life. Unless you want to spend a bunch of time chasing ghosts on your own time.
Re: (Score:3)
As I'm sure about a million other people who have tried this before could tell you, this is a complete waste of time.
Most police departments couldn't care less if you report your car being burgled or your cell phone stolen (two cases I have tried to report and they basically acted like they couldn't be bothered), let alone someone just trying to use your email address on a web site. At least in the former case it is useful if you want to make an insurance claim.
As for any Internet fraud claims, etc - as an
Small claims court? (Score:3)
IANAL, but if you have their identity couldn't you sue them in small claims court? I'm assuming that they would be unlikely to show up, and you would get a default judgement. Then I think you could get a court order to have the sheriff (?) go and ransack their property to retrieve $XXX worth of stuff. Probably much more satisfying than just getting your $500 back.
Re: (Score:2)
Lol, you think my local cops have a "financial crimes desk"??? hahahahahahahahah Shit, I doubt my state police even have that.
Re: (Score:2)
My city doesn't even have a property crimes division, let alone a financial crimes division. Unless it's a traffic infraction or a violent crime, they do not investigate anything.
Re:Don't just sit on your hands... (Score:5, Informative)
For part of your paper trail, look at the lower right corner of Gmail. I bad guys were in your account recently, you may find some evidence on the "Last account activity: 13 hours ago
Details".. Click on the Details link and it will open your most recent login times and IP addresses. If you were not on a trip and you were logged in from Florida or somewhere else, it is time to save the info and change your password. Knowing the IP adderess of someone using your account is good evidence. Contact their ISP with time, date, timezone, with the info. It may be against his ISP's terms of service to hack from his account. For those without Gmail, this is what it looks like. Note IP addresses altered to protect my privacy. I checked my mail from work, home, and on a recent trip.
Browser * United States (WA) (192.25.69.00) 1:11 pm (4 minutes ago)
Browser United States (OR) (10.134.137.00) Feb 25 (13 hours ago)
Browser United States (WA) (192.25.69.00) Feb 25 (20 hours ago)
Browser United States (WA) (192.25.69.00) Feb 25 (20 hours ago)
Browser United States (WA) (192.25.69.00) Feb 23 (3 days ago)
Browser United States (OR) (127.34.103.00) Feb 22 (4 days ago)
Browser United States (OR) (127.34.103.00) Feb 21 (5 days ago)
Browser United States (OR) (127.34.103.00) Feb 20 (6 days ago)
Re: (Score:2, Funny)
>Is it already time to reach out to the cops?
I suspect any cop would just stare at you blankly while sipping his coffee or chewing his/her doughnut.
That or they would work out an excuse to beat you up and arrest you for resisting arrest.
Cops are not equipped to deal with these things.
Re: (Score:2)
Re:Don't just sit on your hands... (Score:5, Funny)
Re: (Score:2)
if you take it to the police, even if your particular department is useless on these sorts of issues, they will at least file a report. They many not do anything at all with it after they file it. But at least it's on record.
Now this doesn't help with the immediate problem, but if the crooks are successful in working their way past some logins and to a point where they have actually got access to something important (like a bank account, or heaven forbid enough information to get ID issued in your name) the
Re: (Score:2)
Out of curiosity, wouldn't changing your email account look just as suspicious as if your account was compromised?
Were I attacking someone, the first thing I would do is prevent them from getting the "you've been hacked" notices.
Your options are (Score:5, Insightful)
1) Wait and see if they succeed, then create new online and financial accounts and deal with the personal and financial fallout
2) Create new online accounts, transfer all information to new accounts and delete the old ones before they succeed
Up to you.
Re: (Score:2)
3) change all your passwords and such securely and watch as they flail against your login
Re: (Score:2)
Re: (Score:2)
I am a fan of KeePass, personally. Same idea, different tool.
Re: (Score:2)
Can't say enough about mSecure - it's one of the few that do NOT require an online sync of any kind. It'll sync across a local LAN/WLAN without sending traffic to the Internet. Of course, it has integration with a few services for that too if you want. One downside for some folks - it's an application, not a Web Service. Another downside - it does cost money ($10 on iOS and/or Android, and $20 for the mac or Win version, no linux one). But it's been reliable as hell for me and my business.
Re: (Score:2)
Well, KeePass just stores into a file. How you move that file around is up to you :)
It has some kind of internet thing, but I've never touched it.
Open source as well, if you care about that (I do)
Re: (Score:2)
3) change all your passwords and such securely and watch as they effortlessly use the forgot password feature on the site.
FTFY. You don't brute-force an account, you maybe try a few common passwords then attack the weak link.
Re: (Score:2)
How is that link supposed to be used without first getting into the now-secured email account?
Re: (Score:2)
How is that link supposed to be used without first getting into the now-secured email account?
Perhaps because not all "forgot password" links work that way [schneier.com]? Now, of course, that particular method no longer works and it did require some "personal" info and a physical call. However, it's not an isolated story, it's just the first that came up in my admittedly haphazard search. Online password cracking is too easy to detect and stop unless you have a large botnet at your disposal. Crackers are going after alternate channels. While you and I can pick our complex passwords to protect the front door, we c
Re: (Score:3)
Re:Yeah you're right (Score:5, Insightful)
What moron moderated this bullshit "insightful"?
1. Including navigational software in my case it would rather be 300 EUR. How about steam? How about othe electronic goods?
2. You do not have to create new accounts, only the password and the emailaddress associated with it - your initial post was already misleading
3. If you do 2. and not the bullshit you were suggesting, nobody has to rebuy anything
Again: What moron moderated this insightful?
300EUR? Oh my. I've changed my mind. (Score:2)
Maybe one day you might get the chance to follow your own advice. Some people exist only to act as examples for others, so be sure to let us know how that goes.
did you change your email password? (Score:5, Informative)
to something not in the dictionary?
after that i would just ignore the failed attempts. after a while the perp will stop and move on to easier prey
Re:did you change your email password? (Score:5, Funny)
No, but he did change them all to "honest equine capacitor fastener"
Re: (Score:3)
Re: (Score:3)
Stupid instant moderation applying shit. /. could actually require a confirmation for moderating rather than just a stupid drop down and automatically applying bullshit.
My bad. I didn't mean to mod you troll. Maybe
Re: (Score:2)
No, but he did change them all to "honest equine capacitor fastener"
I know XKCD made a good point, but that's still nowere near as good as passwords could be. It is extremely easy to memorise a fairly long gibberish sentence and use it as a password, eg. "The moon that afternoon was violently passive." Thats a 47 character password and I didn't even bother mangling any words, it could be made much better. I don't understand why accounts on some computer systems that have disk quotas measured in gigabytes have such arbitrarily small limits on the password. Is 1KB too much to
Re: (Score:2)
Probably. Because no one in their right mind is going to have a password that's 1KB long. Average word length in English is about 5 letters per word. Add in a space and you're at ~166 words for a 1KB password. An excellent typist types at 80WPM so that's 2 minutes to type in your password if you're really fast, you remember it, and you type it correctly.
Re: (Score:2)
Yeah, in addition to other reasons to hate Comcast (depending on where you live), they have an arbitrary 11-character password limit. At least a couple years ago, anyway.
Re: (Score:2)
If somebody was attacking me with this persistence, I would consider using randomgenerated passwords that are written down in an encrypted file on my machine.
Re: (Score:2)
And just kiss access to all these accounts goodbye? I don't know about you, but I have difficulty trying to remember 20 passwords with 20+ random characters.
Do change the E-mail address and make sure you have complex passwords that differ between sites. Complex Passwords are mixed case, have special characters, numbers and don't consist of dictionary words. Keep them as long as you can remember and keep them different between important sites. Change them regularly if you can.
Re:did you change your email password? (Score:4, Insightful)
Password Safe. I let it remember my passwords for me, and only have to remember the one to open the password safe.
Re: (Score:3)
Assume an attacker will always start by running a dictionary attack, so you basically have a 4 character password with each character having a possibility of a few hundred thousand values. So it's only about as secure as a 5 or 6 character random string.
If you are only talking about English words, there are about 300000 of them. A standard English language keyboard has about 94 characters available. So your four "word character" password is actually about as good as a password of an 11 character random string. But only if the attacker assumes you are using a password of 4 dictionary words separated by spaces. That is a very specific and unrealistic assumption to make.
Re: (Score:2)
It's a little unnerving, but I have no idea what exactly a user can do to prevent such things from happening to one.
Re:did you change your email password? (Score:5, Funny)
to something not in the dictionary?
I don't know about this advice. I once fell for one of those nigerian scammers who duped me into giving him my email password. then I changed my password to 'gullible', since I've heard that's not in the dictionary. somehow it was the first thing he guessed. what's worse is I used it for all my accounts, and now he posts idiotic comments as me on slashdot.
Documentary on Identity Theft (Score:5, Funny)
I believe that Jason Bateman was in a recent documentary on this topic - seemed very factual, and you should probably consider his plan of action:
http://www.imdb.com/title/tt2024432/?ref_=sr_1 [imdb.com]
-jd
Taken? (Score:5, Funny)
Are you done? Good, leave them in the tub, they're in a better place now.
Go back into your room and crawl under your bed so the satellites they have control of cannot see you. Open up your Apple account and start forwarding your e-mails to your Gmail account. Yes, I know it will take forever, no there is not an easier way to do this. Okay, once you have all of those out delete your Apple account -- you'll get a new one later. You never really owned that stuff you bought on iTunes so just forget about it now, it's gone. Now log into iCloud on your laptop and start the laptop on fire. It's better to destroy all of those photos, tax returns and documents then to let them have them.
Now listen carefully because this part is important. These men are going to access your accounts. They're going to send your friends messages and make you seem like a jerk -- just for fun. There's nothing you can do about that. Just make sure to leave the Slashdot chat box open when they take you
Hello?
Hello? Anonymous Reader?
I don't know who you are. I don't know what you want. If you are looking for ransom, I can tell you I don't have money. But what I do have are a very large amount of Slashdot karma; karma I have acquired over a very long career. Karma that make me feel like I can stand up to people like you. If you let the anonymous reader's accounts go now, that'll be the end of it. I will not look for you, I will not pursue you. But if you don't, I will look for you, I will find you, and I will ask you politely to stop messing with people.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I see what you did there....
Throw away email (Score:2)
I don't know if it is sad or not, but I did this a very long time ago.
I have a throw away email address that I forward (and delete) everything from to one I actually use. When I use my online identity I only use the throw away account (Slashdot included). If it ever becomes compromised (or even just too much spam, which I think was my orginal intent before filters became very good), you can just drop and delete it (if possible), then if you like start a new one and continue the same process. Sure you may h
Re: (Score:2)
Really? (Score:2)
"but I see no good response."
You can stop using that email, monitor your credit cards and other accounts, you can also freeze your credit cards and who can check your credit, change all your passwords, there are entire web pages dedicated to helping with this issue.
More Likely (Score:5, Insightful)
Or two weeks ago you pissed someone off and they are just plugging your email address into everything.
Re: (Score:2)
It does sound a bit like ordering pizza's and magizine subscriptions to an address of someone you loath.
not much to do, a lot you can do? (Score:2)
Re:not much to do, a lot you can do? (Score:5, Informative)
Found some old recommendations I sent out to friends that weren't too tek savvy. It's fairly basic info that most should know.
I was looking into Life Lock and started reading what they actually do, which is in the fine print of their terms of service here.
http://www.dmachoice.org/ [dmachoice.org] it's the primary service Life Lock uses to get you off of mailing lists and it's free. They also have some good info on how to keep secure online. There are several items you can go through to have your self removed form email and mail lists.
Then go to https://www.donotcall.gov/ [donotcall.gov] and register your phone numbers for the do not call list.
Then go to https://www.optoutprescreen.com/ [optoutprescreen.com] to remove your self from the credit card pre-approval lists.
If you want free credit reports use this site. https://www.annualcreditreport.com/cra/index.jsp [annualcreditreport.com] You can get 1 free report every year from each of the 3 reporting agencies. If you break it up you could get 1 every 2 month. I could get one from Equifax this month. Then in 2 months my wife could get one for them. Then in 2 months I could get one from TransUnion. etc... The reason to get them is mostly to see who has been looking at your credit. Then make sure all the loans are yours.
Now for your online stuff. Get an email account at google or some place else that you can use for those online registration things that you need to do from time to time. Use that account only for things that you are unsure about. Keep another account for the more important stuff like the banks. You could even have a 3rd account for your general email.
Most web browsers have an option too clear the cache and cookies. Look for it. In Safari on Mac look under the Safari menu then select Reset Safari... On Windows it's under the File Menu. In Firefox you need to look in the Preferences and the Security tab. Resetting and clearing out the cookies will also clear saved passwords. The reason to do this is because many web sites set tokens on your web browser called cookies that allow them to track you and what you do online. They can see where you are going and what you do online. For Windows this is a big problem because there are ways to install applications on the system without you knowing. Then your computer can be used to send email spam to others or even be used remotely to take over other computers. This is really only a problem on Windows but for Macs they can still track your online usage and figure things out about you that might make it easier to get you to click on something that would install an application that could take over your computer.
For email. Set your email program to not automatically read your mail and try to use the built-in spam filters. Also set the options to not download in-line pictures and such. The pictures in spam can be used to also track you and verify your email address. If you and I get the same piece of spam the picture will actually not be in the email it's actually a picture on a web server someplace. The name of the picture is unique to each spam email so when your mail program tries to access the picture from the internet the spammers computer ticks off the unique name your computer used to get the picture. That unique name is associated with your email address.
How is this identity theft? (Score:5, Insightful)
Also (Score:2)
Are all your usernames the same between all these sites?
Have you responded to any of the 16 notices from Apple about resetting your password? Are the emails actually coming from Apple and not some type of phish.
There isn't a solution (Score:5, Informative)
Or you can attempt to close any accounts tied to that email.
Other than closing the accounts, there's nothing you can do. I've called the FBI in a similar circumstance. "Yes, we are tasked with enforcement of that nature. No, we will not act unless you've suffered actual monetary loss."
If you want to prevent this, use different email accounts for each service (you can forward them all to the same "main" account to make checking them easier), so if one email gets abused, you only risk one service. But that's too late for the submitter.
Probably an id10t error. (Score:3)
Having a fairly common name and a early gmail where I snagged first initial + last name I get a lot of junk there. Password reset attempts aplenty, people's airline tickets, house listings, closing documents...
Those I want off of I send a nice mail to support at the company and claim fraudulent use of my email address to register with them. You'd be amazed how fast your email will be off their account (sometimes the account survives that, sometimes... the id10t gets to get a new account -- have fun with that!).
Re: (Score:2)
Having a fairly common name and a early gmail where I snagged first initial + last name I get a lot of junk there. Password reset attempts aplenty, people's airline tickets, house listings, closing documents...
Those I want off of I send a nice mail to support at the company and claim fraudulent use of my email address to register with them. You'd be amazed how fast your email will be off their account (sometimes the account survives that, sometimes... the id10t gets to get a new account -- have fun with that!).
Same here. Once got onto a string of lawyers emails. Most people are nice and thank you when you reach out, as I do when it is an obvious mistake. Only once did an id10t insist it was the right address. I said fine, but I have no responsibility to protect all that private information you are sending me. Eventually it stopped, I assume when the intended receipient asked about it and was told 'but I've been sending it for months...'
Chill out... (Score:5, Informative)
I've had this happen to me (Score:2)
Fraud Alert! (Score:2)
Most everyone is saying similar things, one thing I missed if anyone said it.... put a fraud alert on your credit. Lifelock does this, in fact, its really their main product. Basically, if you write a letter to the credit reporting agencies to tell them that you have reason to believe that someone is trying to steal your identity, they will post an alert on your records, which makes them actually do things like ask for ID when someone claiming to be you asks for a credit report.
The main nice thing about lif
Re: (Score:2)
Ok.... apparently what I said was correct...all except for the lifelock part. They WERE doing this until they got sued, they apparently don't do that anymore: http://en.wikipedia.org/wiki/LifeLock#Service_controversies [wikipedia.org]
Not sure what they are doing now, but I haven't kept up in years (obviously)
Happened to me (Score:2)
I started getting multiple "you have reached the maximum number of login attempts" from my bank. I changed the account name, and it ended.
Create a new email address, and switch iTunes over to that account. Keep in mind that when hackers got into Mat Honan's life, they did it by exploiting weaknesses in Apple and Google's authentication schemes. Neither weakness was enough on its own, but when combined hackers were able to get full access.
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
Credit Report Pronto (Score:2)
My soon-to-be-ex-wife attempted to open a $13,000 credit card in
Well (Score:2)
You're fucked :D
Okay, here's what you do: (Score:5, Funny)
Re:Okay, here's what you do: (Score:4, Funny)
Need help? I can whip up a GUI Interface in Visual Basic to track their IP address. [youtube.com]
Change your Apple ID (Score:2)
Not hard.
How do I change my Apple ID [apple.com]
You can also change the e-mail address on your Apple account. No loss of your previous purchases.
I think I would do this on anything where they had my CC info on file. Then pick a strong password for both your old and new e-mail address and wait for them to go away.
Let me Guess, you're the wifi leach from last week (Score:3)
So, were you wifi leaching, using an evil twin and got MTM'd?
Honestly, sorry my friend, this kind of stuff is a PITA.
I would do the following
1. make sure your pc and router are not pwned
2. change the email address that all of your services use NOW
3. for good measure, change all of your passwords.
Just a Wild Guess..... (Score:2)
Thought so.
A familiar list (Score:2)
Twitter.
Apple.
Facebook.
Those three have something [slashdot.org] in [slashdot.org] common [slashdot.org].
Re: (Score:2)
Looks more like a case of cyberharassment to me.
If this weren't slashdot, my first question would be "have you turned down anyone within the last year?"
To me, there doesn't seem to be enough to go to the police with at present, unless you happen to live somewhere where the police are under-worked, bored and looking for something to investigate that might not lead to a prosecutable or even fineable crime.
And if you think this is bad, wait until you get joe-jobbed.
Re: (Score:3)
Looks more like a case of cyberharassment to me.
Were you referring to the emails or the comments on /.?
Re: (Score:3)
My wife is being plagued by someone giving out her email address and signing up for various accounts.
It's not identity theft in this case, it's just a completely clueless person that doesn't understand that the address is hers, and using it to sign up for various things doesn't mean they can get to the email in the end.
Never attribute to stupidity that which can be adequately explained by malice.
-- Mrs. Hanlon's Razor
My money would be on a former friend of your wife's.
Re: (Score:2, Informative)
With the 3 main credit agencies, definitely put a credit fraud alert on your account
Do be aware that the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating, and result in banks quoting you higher interest rates if you apply for a loan.
Re: (Score:2)
the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating
That is a common misconception. Will a freeze lower my credit score? No. (Source: http://atg.wa.gov/freeze.aspx [wa.gov])
Re: (Score:2)
Not to mention, even if it DID ... it would have to lower it a LOT and your score would already have to be on the margain to be bumped down into a new rate range. But alas, it is NOT true.
Re: (Score:2)
the mere act of putting a credit fraud alert on your file with the credit agencies will reduce your credit rating
That is a common misconception.
Will a freeze lower my credit score? No. (Source: http://atg.wa.gov/freeze.aspx [wa.gov])
Well, I was talking about a fraud alert, not a freeze.
OK, a fraud alert won't reduce your numerical score. However, banks checking your credit report to consider issuing credit will see the fraud alert. Based on that, they chose whether to extend credit, and if so, what rate to offer. The law does not forbid them from taking the existence of a fraud alert on your account into consideration when deciding that, and you can expect that they will do so.
Your mileage may vary.
Re: (Score:2)
Someone in China attempted to access my account about a month ago, and Google (praise be to the google gods), very generously forwarded me the offender's IP address. After about a week of single ping requests, the offender came back online.. and *poof*. He is no longer attempting to steal email accounts anymore. At least, until he gets a new computer.
Amazing stuff you can do with custom firmware these days, no?
No one believes your horseshit story. No one believed it back in 1992 when you threatened to hack people over IRC.
correcthorsebatterystaple (Score:2)
I know your password then! I mean after all, I've memorized that xkcd comic for at least a year...
Re: (Score:2)
Security through obscurity. Why people think it's a good idea to use the same address everywhere is beyond me.
It's a sad day when the security of our accounts is so poor that we have to rely on obscurity to keep them safe.