What can I do? when information is being traded on fraudulent sites?

My phone got hacked a month ago. I did a factory reset and manual setup. I didn’t want to risk a full restore from Google. I only reinstalled my most used Apps.

All online account Passwords changed and new credit card. On Amazon and PayPal there’s an option to sign off All signed-in accounts and change the Password.

I joined Equifax Complete Premier ID Protection and locked my credit report. Setup monitoring on my ssn, email etc. I requested a credit report to check for any activity.

I’ve gotten three Equifax alerts that my information was found on fraudulent trading sites that Equifax watches.

Other ID protection subscriptions offer similar monitoring.

Is there anything else I can or should do?

Just monitor your financial institutions activity, debit and credit. Most institutions will bear the cost of fraud on your accounts if they are notified within 60 days of the fraudulent activity.

I feel like the guy in the LifeLock commercial that put his ssn on the side of a Truck. That didn’t work out for him.

I’m not sure how mine got compromised. Probably from financial documents on my phone. I learned about file vaults too late.

My mom got one of these warnings, that her SSN showed up on Dark Web sites. Which, really, is so vague as to be meaningless. I could very easily create a website with millions of peoples’ SSNs on it. Just generate a bunch of nine-digit numbers. It only means anything at all if those numbers are connected to some other form of personal information.

I am a little paranoid about using my phone for financial transactions, because (without actual knowledge one way or the other) it seems less secure than using my PC through my ISP (I don’t use VPN, and that’s my last initialism in this post). So I don’t have any payment apps on my phone at all. In a pinch, I could use Paypal online (I don’t have the app installed), which might not be very secure either, and I think I’ve done it once. I have never used my phone to buy anything online either, nor keyed in any credit card information.

I don’t say this to pat myself on the back, for all I really know I am taking precautions that are completely pointless. I just prefer to operate this way. I can usually wait to order something online until I get home.

Does one only get those messages about one’s information being sold on the dark web if signed up for a service to do that?

I used Kaspersky for several years. It has a feature to scan the dark web for the phone’s primary email address.

The Identity Theft Protection Services allow more monitoring for ssn, health plan number etc.

It’s useful to know. But the dark web is unregulated. I can’t demand that my information be removed.

I’ve been trying to plug any security risks that I have. Kaspersky didn’t alert me to a malware attack. I switched my antivirus to Bitdefender.

Kaspersky is a Russian based company. People have concerns about it for some time. It was recently blocked from selling in the US. (It was earlier restricted in other ways.)

I read this a lot on social media, but no one has ever explained to me what actually occurred. So how were you “hacked”?

I don’t know for sure. It was probably a link that I was tricked into pressing.

Sometimes a web page ad will suddenly Open the Play store with a App ready to install. I never do anything except close the Play store.

The malicious stuff won’t bother asking. It just drops it’s payload quietly.

They had signed into my Google account. Emails that I noticed in the morning were missing that afternoon. I looked under Manage Google Account, Security, Your Devices and saw three unknown Iphone devices signed-in. I don’t own an Iphone. I signed them off and changed my password.

Meanwhile my Antivirus App never sent any notifications.

Kaspersky has saved me a couple times. Blocking a malicious website before it opened. That blocked warning screen is always scary.

This time Kaspersky snoozed. I needed to quit using a Russian product anyhow.

Bitdefender has good reviews. I’m using it now.

Is this stuff that Microsoft Defender is missing?

AFAICT, Microsoft doesn’t have a Bitdefender product for the Android OS.

Bitdefender (trial) is on my phone. I don’t know who makes it.

From Wikipedia, “Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East.”

Not sure if there are the same concerns about it that there are about Kaspersky.

Well, that’s interesting :thinking:

I haven’t bought it yet.

I need to read more antivirus reviews.

I know it keeps wanting me to buy their VPN. I already bought PIA awhile ago.

That shouldn’t be possible. It’s not the web page doing the asking; it’s your phone’s own operating system. It might be, of course, that some attacker has figured out a way to trick the OS, but phone OSes are much more locked down than desktop computers, so it’s both harder to find such exploits in the first place, and they get fixed quicker when they do come up.

If I were you, I would not worry too much about this. Why is Equifax telling you this? Because they want to sell you something; their credit monitoring service.

Note that Bitdefender is unrelated to Windows Defender, the antivirus and firewall software that comes with Windows.

Oh, brain crossed some wires. I meant Microsoft Defender, as @Czarcasm mentioned.

Bitdefender is a “competing” cyber product. I guess they have mobile products. I probably saw the mentions in the thread and got derailed.