So we found a small charge on a credit care we rarely use from Hallmark.com (for an order placed at 1AM, when we were definitely asleep). Called the credit card company, cancelled the card.
A few days later, a package comes from Hallmark with a single package of Harry Potter candy in it. We definitely didn’t order it…but what is going on? If they have our CC #, why order something small and have it shipped to us? I’ve had a card stolen before, and seen where they make a small transaction I guess to verify the card works, but I’ve never had an item shipped to us.
And when we search the order #, we can’t find it associated with any of our e-mail addresses.
And then my wife went to yahoo.com (she has a Yahoo email she rarely uses), and she’s logged into an account—on her phone—that was just created 2 weeks ago. With a username and password she definitely did not create. She’s never without her phone, it’s hard to conceive of how someone could have created this new account on her phone (we can see welcome to your new e-mail message and nothing else in that account, so we know she was home here when it happened).
So are these two events related? And what could the scam possibly be? (customer service at Hallmark is closed now so we can’t call until tomorrow at least) but I’m curious if anyone out there has any insight as to what the heck we could be witnessing.
Hah. Maybe. I just don’t see how someone could have logged into a brand new account on her phone while she was in possession of it…nor why someone would do that.
Has she handed the phone to anyone else to use for a few minutes? The least spooky explanation for a new account appearing in a browser in jer phone (assuming the browser configuration isn’t being synced with another computer) is that someone uses that phone long enough to set up a login on that account at that website.
The yahoo situation could be because of some mixed up cookies. Those are what the browser and server use to know who you are after you log in. If the backend cookie database on yahoo got messed up, perhaps the cookie that was in her browser got accidentally duplicated for the cookie of someone else’s login. So it could be a coincidence like that perhaps.
Might the Yahoo account be somehow tied to another email account she has, as a backup account for her regular email or something? Still doesn’t explain why her phone was already logged in to it, but maybe if her regular email (that she accesses on her phone) has been compromised… just guessing, anyway.
The Hallmark charge: dunno, but maybe it was a test charge, and the scammers made a small purchase, sent to the known address on record to avoid any kind of cross-checking / fraud detection processes, and they were getting set to make other purchases.
I’d definitely recommend that she change passwords on pretty much everything, just in case there was some sort of compromise.
She can view the recent activity on that yahoo account to see what other IP addresses are accessing it. That may help to figure out where the person is.
There’s a common scam where a thief will order something using a stolen credit card and have it shipped to the cardholder’s address, or some third party’s address, with the intention of grabbing it from the porch before the resident brings it inside. This is safer for the thief than shipping it to the thief’s own address if the fraudulent purchase gets investigated. But normally it’s a high value item like a computer, not a box of candy.
We did check all of the other accounts to see if it was linked. This is a brand new account that was just created–the only e-mail in it was the ‘welcome to your new inbox’ e-mail. And the account is a person’s name and a year, like “MarySmith2013” or something like that.
We did change all her other passwords.
But why would someone create a new Yahoo account ? And log into it on her phone? And there’s no other suspicious activity on the bank account or credit cards, etc.
I don’t even know if the two incidents are related, I can’t come up with a scenario where any of this make sense.
Yeah - what I was thinking was: when I set up a yahoo email account, I was able to list my gmail address associated to it for recovery purposes. And I’m signed in to my gmail account on my phone. So a scammer sets up MY gmail as the recovery address, and somehow having that association would let the phone be signed in on the new account.
Just grasping at straws here. I have roughly zero idea as to whether that scenario would have that effect.
Has your wife checked the account (the yahoo, and the regular) to see if any oddball forward-and-delete rules were set up? I’ve heard that scammers who’ve hacked email may do that. How did she get the password to the new account?
The timing of the two events is definitely suspicious.
Has she checked that the various online accounts still have the correct email, and ONLY the correct email, associated?
Whoever set up the account actually saved the password (which we have since changed). There are no rules set up, and no e-mails have come in or out of it (that we can see).
If you hadn’t checked your credit statement, spotted the odd little transaction, and deep-sixed card, I’ll bet not too long after the intruder would have proceeded to charge a whole lot of stuff, using the fake Yahoo account to hide their true identity.
Probably would have had the goods shipped as a “gift” to some address where they could pick it up and vanish; it’s a thing for scammers like that to have it sent to a real address, have delivery alerts sent to their fake account in the scammee’s name, and swoop in to grab the delivery as soon as it gets dropped off.
Maybe. But why just a single package of candy? And I get making up a fake e-mail address–but why (or how) sign into said account on her phone? Or are these two somehow unrelated events?
