Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
So a bitch email of mine got 'stolen'
L Ron Howard
Registered User regular
Registered User regular
I guess 'stolen' in that someone guessed the very weak password on it. I'm not concerned with that, since they (stupidly?) never changed anything, nor sent any emails or anything. I already changed it to something a lot more secure, so I doubt I'll be seeing or hearing anything about it again.
The thing that bothers me is that they used it to make some purchases. Not with any of my CCs or anything, but I have some receipt type emails from an online store. I'm pretty obsessive with checking my purchases and the like, and nothing like it ever showed up on any of my stuff.
That's the thing that bothers me with this. This person, who is quite easy to find on the internet, is using a compromised account to send 'themselves' goodies.
I can only figure out one reason why someone would use a compromised account to send stuff to themselves.
The things were purchased last month, and it's been a good six since last I logged in, so they were already purchased, sent and received, so there's nothing I can do about it. However, it's settling as to why someone who can easily create their own free email account on any other number of places used one of mine to make a purchase.
So I guess my question is, what do I do about it?
The thing that bothers me is that they used it to make some purchases. Not with any of my CCs or anything, but I have some receipt type emails from an online store. I'm pretty obsessive with checking my purchases and the like, and nothing like it ever showed up on any of my stuff.
That's the thing that bothers me with this. This person, who is quite easy to find on the internet, is using a compromised account to send 'themselves' goodies.
I can only figure out one reason why someone would use a compromised account to send stuff to themselves.
The things were purchased last month, and it's been a good six since last I logged in, so they were already purchased, sent and received, so there's nothing I can do about it. However, it's settling as to why someone who can easily create their own free email account on any other number of places used one of mine to make a purchase.
So I guess my question is, what do I do about it?
L Ron Howard on
Posts
do you have any proof that someone didn't just use your email by accident (like sending it to mike_ock23@google instead of mike_ock32@google) to buy something without hacking it instead?
do you have the person's address from these receipts and were they from the same place?
was there any email in there that you wouldn't want shared with the world for some reason?
It was done without registering the email address and creating an account. It wasn't gifted to the email on accident. It was just a fly-by purchase using my email addy.
I have the address to where they were sent. The place where they were sent is different from where the person resides. The person seems to have a unique name, meaning Google, at least, cannot find more than one person with that name living in two different places. The person's permanent address is in one state, and it was sent to the same person in a different state, where there doesn't seem to be any public records of that person living in the other state.
I don't want to go digging too hard if there's no need to.
They didn't really compromise the account, because the PW was never changed, and no emails were sent. And, again, they didn't use any of my CCs. I could probably plug the order info into the website, or give them a call to get the information. I'm just not sure I want to go that far yet. I just suspect that it's all done all shady-like.
I can plug in anybody's email address when I make an order online. If anything, it compromises my order, not their email account.
Unless you have reason to suspect they logged in (were the messages marked as read when you finally logged in and saw them for the first time?), just ignore it.
They were probably phishing for passwords using legit looking but fake Amazon (etc) sites. If you clicked any links and entered any passwords at that point I would start changing passwords left and right.
Very likely. I've had "Amazon" emails with "orders" for a thousand dollars. That actually caused me a few minutes of panic since I had just ordered real stuff from Amazon and thus thought someone had snagged my credentials when I ordered, but some closer scrutiny quickly revealed it as phishing attempts.
Some guy in Texas keeps accidentally using mine... and he's a staunch Republican donor, supporter who attends country music concerts.... so its typically easy to tell when an email is meant for him.
You've already changed your password, you didn't find any changes, and it's probably just some dyslexic dude switching letters around on order forms. If you have a way to contact the guy (like a phone number included in the order info), you could try letting him know that you're getting his emails. If not, though, just ignore them and don't worry about it.
The person signed (me?) up for the newsletter for the online store, as well as other things like Adult Friend Finder and other such kinds of sites. :S
How many times could you misspell your own email address? And why would you suddenly start doing it on the 3rd of December, each time?
I guess I'll just ignore it until other things start happening again.
This happens to me all the time. I have received quite a lot of sensitive info.
No, I don't need to see your cell phone call history each month.
No, I probably shouldn't have access to your B2B backend account for corporate purchases.
No, I will not be able to pick up the kids on Saturday.
The PhalLounge :: Chat board for Phalla discussion and Secret Santas :: PhallAX 2013
Critical Failures IRC! :: #CriticalFailures and #mafia on irc.slashnet.org
Could you suggest a more appropriate date to start misspelling your e-mail address? Maybe they recently created a very similar account.
Some people are just dumb. There's a woman I don't know who is convinced my gmail address belongs to her brother and nothing I tell her can convince her otherwise. She would email me and chat me up on gmail constantly until I blocker her. Now I get emails from the rest of her family because shared my address with all of them.
I guess with all the reports of people having their X stolen, I just jumped to that conclusion. I just figured that it wouldn't be that hard to know which email address is yours.
I've never had it happen where people have sent me thing intended for another person like that. Well, outside of the obvious spam things.
Thanks again, everyone.
$600 for a paperback? and the totals don't even add up?
Form email. The actual product link, which was a real thing, was some signed limited edition hardcover fancy thingamabob.
And Amazon spouts complete bullshit about what is actually a paperback most of the time.
The smart thing to do is to take the order number and plug it back into Amazon, to see what it says.
I mean, I did that with the shipping numbers to verify that the orders made to my account were legit. I also checked the headers and all that jazz. I didn't check the order numbers though.
Just a question though, how did you know it was a phishing email? If you clicked on the order number did it take you to an Amazon-looking site?
If you doubt the veracity of an email: Never click the links
Always go to the site manually and verify it that way.
Doesn't change the fact that the total doesn't make any sense at all.
Split order.
"order will arrive in 1 shipment"
and neither the subtotal or total make sense even with a split order
The second is $10.88, total $21.97.
The fonts are all wrong too; it's obvious someone removed the fields and pasted new text in.