Credit Cards Hacked! Cant figure it out!

I got a message 2 days ago saying my new credit card was being sent to me. Not weird, because they do this periodically. Today, I got an email saying my address and email were updated. That was weird. At the same moment, my wife got the same email for her card. I called and someone was able to get into our account online, order new cards, add new names to the accounts, and have new cards sent to a new address.

 

Here is the odd thing...we both have different accounts and different email addresses. We never give this info out. Im thinking that someone installed a keylogger on one of our computers. However, I ran Malwarebytes and nothing turned up!

 

Anyone have an idea of what is happening?

 

This is getting old! Someone filed a false tax return on us last year (2 separate incidents!). I also had someone open a paypal account and walmart card account earlier this year. These people had my social and name. However, I have since then froze my credit.

 

What happened today was weird. It was totally different. My credit is frozen, but that didnt prevent someone else from getting my user name and password and routing new cards to them.

 

Whats going on!!!?

that's called an account take over. it's fraud. the fraudster has your personal information and pull your credit report or call credit card companies to take over your account. they may not necessarily need your login or password. they can make a call and pretend to be you and request for a new card, change address etc.

 

you should research into identity theft protection for ways to protect yourself. never share any private info through phone unless you call the bank directly. many times, info is stolen through phishing and some frauds pretend to be collection agency and ask for personal info to "verify" you.

 

I would request for transaction alert for all your bank and credit accounts so you monitor this.

That's seriously scary!

 

I would completely format and re-install every device with access to the internet; smartphone, pc, mac, tablets, pads, laptops, coffeemaker, webcams, fridge, car and light bulbs (ok, maybe skip a few). Important to do this simultaneously, so an old infected machine does not infect a new one.

 

If you are victim of a somewhat limited attack, the keylogger/malware signature will not be picked up by most scanners. It's very easy to change the basic signature of an attack via the right tools, so it will go undetected by most software.

 

 

Did the credit card company provide you with the name and address for the new cards? If so, call FBI or police station local to the address and see if they will do something.

Identity theft is handled by the secret service (not police or FBI). You might want to call the police and establish a police report.

 

Research identity theft and take action with the three major credit reporting agencies.

You should place a fraud alert on your credit reports with all three agencies. This will prevent new lines of credit from being opened up without permission from you. I don't recall all the steps but it limits what can happen.

 

Last time I did this the fraud alert had to be renewed every 90 days.

 

I've not had your specific experience - but many years ago someone moved into my identity and opened up a bunch of credit cards and paid them off for 6 months until credit limits were increased. Then they opened up MORE cards, maxed them out and skipped town.

 

It took me five years and the help of the State of Maryland Anti-Fraud Unit (where we lived at the time) to clear my credit history. This person literally moved into my identity and it was the biggest pain in the ass I've ever experienced. The worst part was that the Secret Service agent wouldn't discuss the details of the case with me because they said I hadn't lost anything (financial). They were correct - the mess never cost me anything except time and aggravation (and lots of both) but I never had to pay anything that was stolen by the "fake me".

 

We had debt collectors calling our house and threatening collection action - and of course I said they had the wrong person which is what every deadbeat says.

 

This is a serious problem and you need to get your credit report, contact the credit reporting agencies and take action. If you hit a brick wall (those reporting agencies were terrible at responding to anything back when I had issues) contact your state representative or the police to find out who can help.

 

I wish you good luck. For everyone else - get a copy of your credit report from one of the agencies (they all share so one report is probably okay) and make sure it is accurate. Have incorrect addresses or any other bad info corrected. Keep an eye on it. And check your bank statements and online bills, etc.

 

There were two more attempts to steal my identity but both were squelched before anything happened. I believe someone inside our bank was using my checking info to attempt to buy things on ebay through paypal. We received a bank statement (and we've always read every one - and this was back in the day of paper statements before on-line was available). It said .06 had been deposited into our acct and then removed a few days later. I'd never used paypal at that point but found out that's how they verify your account. Obviously we called our bank and it was all corrected very quickly and quietly which is why I think it was someone inside the bank. Needless to say we changed banks.

Good luck getting the police to do anything. My parents had their credit stolen. The people involved even managed to put a hold on the mail coming to the house, and had it held at the post office under someone else's name in care of my mother. Fortunately, the mail carrier talked to my mother that day and told her she was supposed to hold her mail...so we got the police involved. When the people came to pick up the mail, the post office called it in as a robbery in progress...the closest police officer was a traffic cop who caught all three people involved...you'd think it would end here. Oh no. Before identifying what was happening and why he was called there, he got their info (which was all fake) and then let them go because there was no robbery. Nice huh. It gets better.

 

Now we had names. The police didn't do anything. Knew who the main person was...she was convicted of identity theft before...did they arrest her this time? Nope. They got 5 new iPhones, 5k in a pre-paid credit card, iPad, various walmart stuff, opened 13 new credit cards with 20k or higher credit limits, fuel cards, and fred meyer jewelry line of credit, and best buy. Oh yeah, and they opened a Bank of America checking account by depositing a washed check into the new account to get it open. We were able to intercept everything but the 5k pre paid card and the iPhones...which had new cell accounts linked to them...but AT&T won't do anything until the bill is past due...that's right...they stole the ID, charged FIVE iPhones to the account, and AT&T says it doesn't matter, they won't do a thing until the account is past due.

 

So...where we are, it's a misdemeanor to steal someone's identity...unless you can link that one person to THREE different people, then the police will treat it as a felony. To date, no arrests made, lifelock in place and we still get notices someone keeps trying to change account information. Stay on top of it, file a police report, although you might find the police will do little to help you in this situation.

The law on identity theft needs to be written. Much like hate crime and terrorism, identity theft should have special laws and punishments

I think I found the problem. I had a computer that is never used. In fact, my wife said sh only logged in once about a month ago. There was some suspicious internet software that installed a month ago and Malware-bytes picked it up! So, its now fixed. How it got on? No clue! She only used it to do google remote desktop a few times.

 

All passwords are changed and the 2 accounts they did hack are frozen. We are all good....for now.

 

This makes:

 

2 false tax returns

2 credit cards opened with stolen ID

2 card hacks that added new cards and card holders

 

This all in just a year! All different people and methods!

What kind of router and firewall do you have in place? If you're logging in remotely it better be something solid, or preferably a vpn.

 

What computer did she remote in from?

 

I'm surprised the CC companies didn't check up on this, especially with an Addy change and then large purchases. When we moved I obviously changed my address with amex. Inside of 15 minutes they were calling to verify I had in fact done this, and my account wasn't compromised.

A couple of thoughts:

 

- Do you do anything online with saved data (saved addresses, card numbers, etc)

- When is the last time you searched yourself online?

- When is the last time you searched your email address related to any online accounts online?

 

It sounds like you've had a data breach to an online account of some sort that has your personal info, and the info has been passed on somewhere. A keylogger could be a potential but it sounds more likely to be the result of an online data breach and being doxxed. I have a friend who works in fraud, I can ask him what he thinks.

Go get on this for a year till it stop: https://www.lifelock.com/