cancel
Showing results for 
Search instead for 
Did you mean: 

Protection against future fraud.

tag
Anonymous
Not applicable

Protection against future fraud.

Hi!  So one of  my SOs email accounts was hacked.  They ended up hacking into his FB & Instagram account too.  The blocked the security emails so he didn't receive notifications.  I stayed up late last night checking accounts, computer logins, changing passwords, and etc. The next night they tried to login to his Microsoft account using his email but we got the notification because I deleted all the blocked emails and filters they used to try to prevent detection.  In the email search box I could see the recent searches and it was countless searches for w2, w9, TurboTax, ssn, atm, birth certificate, pin, account numbers, driver license, bank, statements, cash app, & etc.

 

We've locked & froze his credit. Except for his experian and we have send in paperwork to them. I've locked my credit too.

The last thing they searched for was Navy and I think they're trying to get info to hack My navy federal account.  He doesn't have one and NFCU is the only thing financially related to Navy I could think of.

 

What else do I need to do to secure my account... Im trying to find something I can use to alert me like identity theft alert or something.

 

I'm not sure how they got his info but we added one of my NFCU accounts for mortgage payments the day before.  We had issues setting up the payment and the mortgage company has general fraud and spam warnings on its website.  It's a shady bankruptcy/ foreclosure mortgage company so I feel like it's security is low level.

 

They payment we set up still hasn't gone through as well.  We called the company as soon as we thought something was off... the customer service rep sounded like they were taking a bath. It was as a super unprofessional call and not really helpful.

 

My SO isn't linked to my NFCU account so I doubt any of the info they got from his email could help them get into my account... but my NFCU account is where I have most of my cash flow.... so I worried that something is going to happen.

10 REPLIES 10
FireMedic1
Community Leader
Mega Contributor

Re: Protection against future fraud.

 Anything that has to do with that e-mail address seems to be where the root of the problem is.It comes from the Dark Web. They sell info back and forth. Make sure you create a strong password.

 

Talk to NFCU and explain whats going on. You can ask for new account numbers to prevent any problems. Just like a Credit card. Let that company know during business hrs whats up. Least they wont be bathing then. Good Luck. Others will have other tweaks that can help you.  Maybe get a gmail account too. Its always best to have 2 e-mail accounts. Only e-mail that ever hacked me was on Yahoo. Closed.


Message 2 of 11
CreditInspired
Community Leader
Super Contributor

Re: Protection against future fraud.

Thanks for sharing this info @FireMedic1 


|| AmX Cash Magnet $40.5K || NFCU CashRewards $30K || Discover IT $24.7K || Macys $24.2K || NFCU CLOC $15K || NFCU Platinum $15K || CitiCostco $12.7K || Chase FU $12.7K || Apple Card $7K || BOA CashRewards $6K
Message 3 of 11
FireMedic1
Community Leader
Mega Contributor

Re: Protection against future fraud.


@CreditInspired wrote:

Thanks for sharing this info @FireMedic1 


@CreditInspired 👍


Message 4 of 11
Anonymous
Not applicable

Re: Protection against future fraud.

He unfortunately was using yahoo and I'm sure that's where they were able to get in.  I'm going to try to get him to close his yahoo down.  


@FireMedic1 wrote:

@CreditInspired wrote:

Thanks for sharing this info @FireMedic1 


@CreditInspired 👍


 

He doesn't even use the Microsoft email...  

 

I talked with WF & NFCU and got everything squared away them.

 

Now it's just changing everything over.

 

 

 

 

Message 5 of 11
FireMedic1
Community Leader
Mega Contributor

Re: Protection against future fraud.


@Anonymous wrote:

He unfortunately was using yahoo and I'm sure that's where they were able to get in.  I'm going to try to get him to close his yahoo down.  


@FireMedic1 wrote:

@CreditInspired wrote:

Thanks for sharing this info @FireMedic1 


@CreditInspired 👍


 

He doesn't even use the Microsoft email...  

 

I talked with WF & NFCU and got everything squared away them.

 

Now it's just changing everything over.

 

 

 

 


Well you didnt post which e-mail he uses for Microsoft. So I took it as Outlook which most use for a Microsoft Account. You posted the searches they did and all in his email. I just went with Outlook. Sorry. Post edited.¯\_(ツ)_/¯


Message 6 of 11
Have1
Regular Contributor

Re: Protection against future fraud.


@Anonymous wrote:

 

What else do I need to do to secure my account... Im trying to find something I can use to alert me like identity theft alert or something.

 

 


@Anonymous If you are not using a password manager (KeePass, Bitwarden, etc.) to create and manage your passwords you are operating in "hard mode". 

 

Here are some ideas to think about:

 

1)  All your passwords should be too complex to be remembered except the one you use to get into your password manager. 

2)  Never reuse passwords - If a site where you have a password is hacked they then can try the username password combo from that site on other sites and get into your accounts.

3)  Get additional email addresses.  Use them to segregate your sensitive email traffic from your social media and commercial traffic.  I have a hotmail that I use for all the shady/shabby/spammy types.  That way, when the email gets onto the spamming/phishing lists I know it isn't actually a legit email from my bank/store account/service.  I have an account I use for my banking which is not used for stores or anything else.  Banks, having better security, tend to leak your email out less frequently so I get no spam there.  

 

Good luck.

Message 7 of 11
disdreamin
Valued Contributor

Re: Protection against future fraud.


@Have1 wrote:

@Anonymous wrote:

 

What else do I need to do to secure my account... Im trying to find something I can use to alert me like identity theft alert or something.

 

 


@Anonymous If you are not using a password manager (KeePass, Bitwarden, etc.) to create and manage your passwords you are operating in "hard mode". 

 

Here are some ideas to think about:

 

1)  All your passwords should be too complex to be remembered except the one you use to get into your password manager. 

2)  Never reuse passwords - If a site where you have a password is hacked they then can try the username password combo from that site on other sites and get into your accounts.

3)  Get additional email addresses.  Use them to segregate your sensitive email traffic from your social media and commercial traffic.  I have a hotmail that I use for all the shady/shabby/spammy types.  That way, when the email gets onto the spamming/phishing lists I know it isn't actually a legit email from my bank/store account/service.  I have an account I use for my banking which is not used for stores or anything else.  Banks, having better security, tend to leak your email out less frequently so I get no spam there.  

 

Good luck.


Just a random thank-you for that list. I need to get better about this, and your suggestions are very helpful.

Message 8 of 11
Have1
Regular Contributor

Re: Protection against future fraud.


@disdreamin wrote:

@Have1 wrote:

@Anonymous wrote:

 

What else do I need to do to secure my account... Im trying to find something I can use to alert me like identity theft alert or something.

 

 


@Anonymous If you are not using a password manager (KeePass, Bitwarden, etc.) to create and manage your passwords you are operating in "hard mode". 

 

Here are some ideas to think about:

 

1)  All your passwords should be too complex to be remembered except the one you use to get into your password manager. 

2)  Never reuse passwords - If a site where you have a password is hacked they then can try the username password combo from that site on other sites and get into your accounts.

3)  Get additional email addresses.  Use them to segregate your sensitive email traffic from your social media and commercial traffic.  I have a hotmail that I use for all the shady/shabby/spammy types.  That way, when the email gets onto the spamming/phishing lists I know it isn't actually a legit email from my bank/store account/service.  I have an account I use for my banking which is not used for stores or anything else.  Banks, having better security, tend to leak your email out less frequently so I get no spam there.  

 

Good luck.


Just a random thank-you for that list. I need to get better about this, and your suggestions are very helpful.


You are welcome.  

 

It occurs to me that I should also add this: 

 

4)  NEVER click on a link in email to go to your bank's website.  ALWAYS use the bookmark you have carefully set up in your browser and use regularly to check your accounts.  Someone phishing you is relying on you habitually clicking on your financial institution's email links.  

 

I am really annoyed that every big bank I do business with spams me with "click here to log into your account" emails.  They are habituating people to get duped.  All the little banks I have accounts with send me emails with a message to log into my account.  They expect that I can get to their website without a link.  

 

A corollary to the above:  Use a carefully set up bookmark to go to your bank every time.  Do not rely on typing in your bank's address into the address bar or using Google to pull up the link.  A typo'd variation of your bank's address may lead to a phishing site.  A phishing website that gets into the results of searches will take time to be identified and removed from search results by the search engines, so someone will be victimized before that happens.  Don't let yourself be that person.

 

You can get overly tinfoiled about this but developing habits that keep you away from the most likely threats is fairly easy.

 

Good luck.

Message 9 of 11
disdreamin
Valued Contributor

Re: Protection against future fraud.


@Have1 wrote:

I am really annoyed that every big bank I do business with spams me with "click here to log into your account" emails.  They are habituating people to get duped.  All the little banks I have accounts with send me emails with a message to log into my account.  They expect that I can get to their website without a link.  

 


 Yup, hard no to any link in an email for logging into anything secure, unless it's a requested password reset or confirmation email. Our IT dept did a phishing scheme and caught so many people out. The worst, though, was reporting a phishing email to them and having them send out a warning organization-wide...with the active link in the warning email, they didn't remove the hyperlink. But yep, completely agree with not using links in unsolicited emails.

Message 10 of 11
Advertiser Disclosure: The offers that appear on this site are from third party advertisers from whom FICO receives compensation.