Vanilla Forums has been nominated for a second time in the CMS Critic "Critic's Choice" awards, and we need your vote! Read more here, and then do the thing (please).
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

So a bitch email of mine got 'stolen'

L Ron HowardL Ron Howard Registered User regular
edited February 2011 in Help / Advice Forum
I guess 'stolen' in that someone guessed the very weak password on it. I'm not concerned with that, since they (stupidly?) never changed anything, nor sent any emails or anything. I already changed it to something a lot more secure, so I doubt I'll be seeing or hearing anything about it again.

The thing that bothers me is that they used it to make some purchases. Not with any of my CCs or anything, but I have some receipt type emails from an online store. I'm pretty obsessive with checking my purchases and the like, and nothing like it ever showed up on any of my stuff.

That's the thing that bothers me with this. This person, who is quite easy to find on the internet, is using a compromised account to send 'themselves' goodies.

I can only figure out one reason why someone would use a compromised account to send stuff to themselves.

The things were purchased last month, and it's been a good six since last I logged in, so they were already purchased, sent and received, so there's nothing I can do about it. However, it's settling as to why someone who can easily create their own free email account on any other number of places used one of mine to make a purchase.

So I guess my question is, what do I do about it?

L Ron Howard on
steam_sig.png
NNID - bejamus | ESO - (at)guinneapig

Posts

  • Dunadan019Dunadan019 Registered User regular
    edited February 2011
    were the purchases illegal in any way?

    do you have any proof that someone didn't just use your email by accident (like sending it to mike_ock23@google instead of mike_ock32@google) to buy something without hacking it instead?

    do you have the person's address from these receipts and were they from the same place?

    was there any email in there that you wouldn't want shared with the world for some reason?

  • DocDoc Registered User, ClubPA regular
    edited February 2011
    Yeah, are you sure that they compromised actually compromised your account?

  • L Ron HowardL Ron Howard Registered User regular
    edited February 2011
    Well, two of the purchases were within a week. I'd imagine if they'd screwed up the email addy, they wouldn't have done it twice in a week.
    It was done without registering the email address and creating an account. It wasn't gifted to the email on accident. It was just a fly-by purchase using my email addy.
    I have the address to where they were sent. The place where they were sent is different from where the person resides. The person seems to have a unique name, meaning Google, at least, cannot find more than one person with that name living in two different places. The person's permanent address is in one state, and it was sent to the same person in a different state, where there doesn't seem to be any public records of that person living in the other state.
    I don't want to go digging too hard if there's no need to.
    They didn't really compromise the account, because the PW was never changed, and no emails were sent. And, again, they didn't use any of my CCs. I could probably plug the order info into the website, or give them a call to get the information. I'm just not sure I want to go that far yet. I just suspect that it's all done all shady-like.

    steam_sig.png
    NNID - bejamus | ESO - (at)guinneapig
  • DocDoc Registered User, ClubPA regular
    edited February 2011
    So all that really happened was that they used your email address for a couple of online purchases? They never, as far as you know, actually had access to your email account?

    I can plug in anybody's email address when I make an order online. If anything, it compromises my order, not their email account.

    Unless you have reason to suspect they logged in (were the messages marked as read when you finally logged in and saw them for the first time?), just ignore it.

  • useless4useless4 Registered User regular
    edited February 2011
    They probably won't real purchases. Were there links ? Did you click the links to verify you didn't order anything?

    They were probably phishing for passwords using legit looking but fake Amazon (etc) sites. If you clicked any links and entered any passwords at that point I would start changing passwords left and right.

  • EchoEcho staring is caring Super Moderator, Moderator mod
    edited February 2011
    useless4 wrote: »
    They were probably phishing for passwords using legit looking but fake Amazon (etc) sites. If you clicked any links and entered any passwords at that point I would start changing passwords left and right.

    Very likely. I've had "Amazon" emails with "orders" for a thousand dollars. That actually caused me a few minutes of panic since I had just ordered real stuff from Amazon and thus thought someone had snagged my credentials when I ordered, but some closer scrutiny quickly revealed it as phishing attempts.

  • ImprovoloneImprovolone Registered User regular
    edited February 2011
    Wow, that's really clever.

    Voice actor for hire. My time is free if your project is!
  • illigillig Registered User regular
    edited February 2011
    Its probably a person accidentally using your email address.

    Some guy in Texas keeps accidentally using mine... and he's a staunch Republican donor, supporter who attends country music concerts.... so its typically easy to tell when an email is meant for him.

  • Kate of LokysKate of Lokys Registered User
    edited February 2011
    My fiance Pixels has a [commonfirstname][commonlastname]@gmail.com address, and he gets an unbelievable amount of shit intended for other people. Amazon orders, Expedia travel itineraries, confidential financial documents, you name it. Whenever possible, he emails the sender saying "Uh, hey, this email address doesn't belong to the guy you think it does, please stop sending me payroll information," but with automated stuff like order confirmations, there's really nothing he can do.

    You've already changed your password, you didn't find any changes, and it's probably just some dyslexic dude switching letters around on order forms. If you have a way to contact the guy (like a phone number included in the order info), you could try letting him know that you're getting his emails. If not, though, just ignore them and don't worry about it.

    I'm here to tell you about voting. Imagine you're locked in a huge underground nightclub filled with sinners, whores, freaks and unnameable things that rape pit bulls for fun. And you ain't allowed out until you all vote on what you're going to do tonight [. . .] So you vote for television, and everyone else, as far as your eye can see, votes to fuck you with switchblades. That's voting. You're welcome.
  • L Ron HowardL Ron Howard Registered User regular
    edited February 2011
    I know the purchases were legit because I can take the tracking info and plug it into the shipping company's website (FedEx or UPS or whatever) and get real things.
    The person signed (me?) up for the newsletter for the online store, as well as other things like Adult Friend Finder and other such kinds of sites. :S
    How many times could you misspell your own email address? And why would you suddenly start doing it on the 3rd of December, each time?

    I guess I'll just ignore it until other things start happening again.

    steam_sig.png
    NNID - bejamus | ESO - (at)guinneapig
  • InfidelInfidel Heretic Registered User regular
    edited February 2011
    My fiance Pixels has a [commonfirstname][commonlastname]@gmail.com address, and he gets an unbelievable amount of shit intended for other people. Amazon orders, Expedia travel itineraries, confidential financial documents, you name it. Whenever possible, he emails the sender saying "Uh, hey, this email address doesn't belong to the guy you think it does, please stop sending me payroll information," but with automated stuff like order confirmations, there's really nothing he can do.

    You've already changed your password, you didn't find any changes, and it's probably just some dyslexic dude switching letters around on order forms. If you have a way to contact the guy (like a phone number included in the order info), you could try letting him know that you're getting his emails. If not, though, just ignore them and don't worry about it.

    This happens to me all the time. I have received quite a lot of sensitive info.

    No, I don't need to see your cell phone call history each month.

    No, I probably shouldn't have access to your B2B backend account for corporate purchases.

    No, I will not be able to pick up the kids on Saturday.

    TwitchTV channel: OrokosPA OrokosPA
    Play D&D 4e? :: Check out Orokos and upload your Character Builder sheet! :: Orokos Dice Roller
    The PhalLounge :: Chat board for Critical Failures IRC! :: #CriticalFailures and #mafia on irc.slashnet.org
  • ImprovoloneImprovolone Registered User regular
    edited February 2011
    How many times could you misspell your own email address? And why would you suddenly start doing it on the 3rd of December, each time?
    Maybe it happened once and it saved to his browser?
    Could you suggest a more appropriate date to start misspelling your e-mail address? Maybe they recently created a very similar account.

    Voice actor for hire. My time is free if your project is!
  • saltinesssaltiness Registered User regular
    edited February 2011
    I know the purchases were legit because I can take the tracking info and plug it into the shipping company's website (FedEx or UPS or whatever) and get real things.
    The person signed (me?) up for the newsletter for the online store, as well as other things like Adult Friend Finder and other such kinds of sites. :S
    How many times could you misspell your own email address? And why would you suddenly start doing it on the 3rd of December, each time?

    I guess I'll just ignore it until other things start happening again.

    Some people are just dumb. There's a woman I don't know who is convinced my gmail address belongs to her brother and nothing I tell her can convince her otherwise. She would email me and chat me up on gmail constantly until I blocker her. Now I get emails from the rest of her family because shared my address with all of them.

    XBL: heavenkils
  • L Ron HowardL Ron Howard Registered User regular
    edited February 2011
    Thanks for allaying my fears, everyone.
    I guess with all the reports of people having their X stolen, I just jumped to that conclusion. I just figured that it wouldn't be that hard to know which email address is yours.
    I've never had it happen where people have sent me thing intended for another person like that. Well, outside of the obvious spam things.
    Thanks again, everyone.

    steam_sig.png
    NNID - bejamus | ESO - (at)guinneapig
  • exisexis Registered User regular
    edited February 2011
    If this is a Gmail account, log in and on the bottom of the page where it says "Last account activity..." click 'Details'. If someone has actually been logging into your account you'll be able to see different IP's in there.

    XBL: ecksys | LoL: deyur | Path of Exile: deyur | Check out our Kiwi games podcast
    camo_sig2.png
  • EchoEcho staring is caring Super Moderator, Moderator mod
    edited February 2011
    Turns out I saved a screenshot of that phishing mail. You can see why this was a HOLY SHITFUCK moments having ordered from Amazon a few days before I got this.

    amazpam.png

  • DruhimDruhim Registered User, ClubPA regular
    edited February 2011
    everything about that email makes it obvious it's fake

    $600 for a paperback? and the totals don't even add up?

    belruelotterav-1.jpg
  • EchoEcho staring is caring Super Moderator, Moderator mod
    edited February 2011
    Druhim wrote: »
    everything about that email makes it obvious it's fake

    $600 for a paperback? and the totals don't even add up?

    Form email. The actual product link, which was a real thing, was some signed limited edition hardcover fancy thingamabob.

    And Amazon spouts complete bullshit about what is actually a paperback most of the time.

  • L Ron HowardL Ron Howard Registered User regular
    edited February 2011
    That's awful.
    The smart thing to do is to take the order number and plug it back into Amazon, to see what it says.
    I mean, I did that with the shipping numbers to verify that the orders made to my account were legit. I also checked the headers and all that jazz. I didn't check the order numbers though.

    Just a question though, how did you know it was a phishing email? If you clicked on the order number did it take you to an Amazon-looking site?

    steam_sig.png
    NNID - bejamus | ESO - (at)guinneapig
  • ArbitraryDescriptorArbitraryDescriptor Registered User regular
    edited February 2011
    The smart thing to do is to take the order number and plug it back into Amazon, to see what it says.
    Yes, very yes.

    If you doubt the veracity of an email: Never click the links

    Always go to the site manually and verify it that way.

    Automata-Sg.png
  • DruhimDruhim Registered User, ClubPA regular
    edited February 2011
    Echo wrote: »
    Druhim wrote: »
    everything about that email makes it obvious it's fake

    $600 for a paperback? and the totals don't even add up?

    Form email. The actual product link, which was a real thing, was some signed limited edition hardcover fancy thingamabob.

    And Amazon spouts complete bullshit about what is actually a paperback most of the time.

    Doesn't change the fact that the total doesn't make any sense at all.

    belruelotterav-1.jpg
  • EchoEcho staring is caring Super Moderator, Moderator mod
    edited February 2011
    Druhim wrote: »
    Doesn't change the fact that the total doesn't make any sense at all.

    Split order.

  • DruhimDruhim Registered User, ClubPA regular
    edited February 2011
    Echo wrote: »
    Druhim wrote: »
    Doesn't change the fact that the total doesn't make any sense at all.

    Split order.

    "order will arrive in 1 shipment"
    and neither the subtotal or total make sense even with a split order

    belruelotterav-1.jpg
  • MichaelLCMichaelLC In what furnace was thy brain? ChicagoRegistered User regular
    edited February 2011
    The first book is currently $11.09.
    The second is $10.88, total $21.97.

    The fonts are all wrong too; it's obvious someone removed the fields and pasted new text in.

    Excision wrote: »
    My girlfriend is going down tonight!

    Steam:MichaelLC
Sign In or Register to comment.