Hacked !!!!!

[dribble]

I got hacked pretty bad. On the afternoon of December 23, I got a message that someone was trying to access my Apple account near Jakarta Indonesia. I get this same message when I access my account and when I hit "allow" I get a six digit code. I hit "Don't Allow" then went out to run some last minute Christmas errands.

While I was out I noticed my phone quit working. No calling no cellular data, so I couldn't look up any of my accounts. I got home opened my laptop and brought up my banking info. The guy was having a field day. Gift cards, Got into my Amazon and tried to buy a $2500.00 laptop. Got into my Pay Pal and sent money from my Visa card. Got into my Zelle and tried to send money. When my checking account ran out he transferred money from my savings. Purchased a stupid online game from a company in Africa for 140.00 and gave them a $60.00 tip. Had my emails routed to him. I grabbed my GF's phone, called the bank and had all my accounts shut down. The problem was the bank kept telling me they needed to send a code to my phone. I kept telling them that my phone was disabled and the hacker also was getting my emails. They didn't know what to do. I finally told them that my GF was on two of the accounts so they agreed to send the code to her phone.

On Christmas Eve morning, I went to the bank and cleaned out my accounts of all cash. I didn't know that I had to call a different number to get my Visa shut off. My Visa noticed the activity and declined all but one transaction. I went to m wireless carrier (Xfinity) and was told that they had cloned my sim card and got into my phone that way. I have it set up where if I make a purchase, I get an immediate message but I wasn't getting them because my phone was disabled.

Here's what I have done. Cancelled my email address and got a new one. Shut off my Pay Pal, my Amazon, My Visa and my bank accounts. I have to open new accounts now. Going to install a decent anti virus program that will do five devices. All in all I will lose no money because I go on it quickly and what he did get will be reimbursed. This is more of a warning that if you get such a message and your phone stops working, get home or to a wifi quickly.


Is there anything else I should do to help prevent a reoccurrence of this bullshit?

Oh and to top that off my sink drain plugged up on Christmas night after feeding 13 people Christmas dinner. The stoppage was 12 feet into the sewer pipe so we had to do all the dishes by hand in the laundry room sink. The next day I had to rent a pipe reemer at Home Depot. It took forever to clear the clog.

 

[Aces & Eights]

Shit, when it rains it pours. I fucken hate thieves. Every year or two my Visa gets compromised and I have to cancel everything and reset it with a new card when it arrives 5-7 working days later, always a pain in the ass.

I get alerts on every purchase with my phone, which is helpful. I’ve never had my phone hacked before.

 

[GRADS]

How did they clone your SIM card?

 

[SixD9R]

I’ve locked my credit with the 3 major credit reporting agencies. That means if anyone tries to open a credit account in my name (including me) they won’t be able to because the agency’s won’t release my credit information. If I want to apply for credit, I can simply temporarily unlock it.

 

[HTTP404]

How did they clone your SIM card?

1. SIM Swap: The hacker gains control of your phone number, likely through social engineering tactics with your mobile carrier.
2. Phone Disabled: With your number transferred, your phone loses cellular service, disabling calls and data.
3. Access to Accounts: The hacker uses your phone number to access accounts that use SMS for two-factor authentication, such as your email, banking, and payment services.
4. Email Forwarding: The hacker sets up email forwarding to keep receiving verification codes and account details.
5. Unauthorized Transactions: With access to your accounts, the hacker makes purchases, transfers funds, and performs other unauthorized actions.

 

[havasujeeper]

This is scary shit.

Unrelated, I'm going to change all my passwords today. Geez, maybe 40+ accounts?

 

[paradise]

Sounds like you’ve done everything needed to lock them out for the time being. Be extra vigilant as you are a ‘target’ now

 

[dribble]

How did they clone your SIM card?

The guy at Xfinity in Folsom said they did an E-Sim. Got my sim info then killed the card in my phone. What I don’t know is how they fit into my Apple Pay.

 

[BigQ]

Set a SIM lock number with you mobile carrier. Basically a PIN number to do anything with the a SIM number. Use a code generator instead of text message for the 2FA, or better yet for bank account use a Yubi key. Also use a password manager such as Bitwarden and a finger print or eye scan for access.

 

[rivermobster]

Yep.

2 step on EVERYTHING with an authentication app.

NOT the text pin they send to your phone!!!

@dribble

 

[napanutt]

Yep.

2 step on EVERYTHING with an authentication app.

NOT the text pin they send to your phone!!!

I don't want to Google right now. Explain the authentication app and why better than text to phone.

 

[Sleek-Jet]

Curious if you had an eSIM card or a physical SIM? I guess if they can access your phone that doesn't matter either way, at that point they can just go look at the SIM information in the settings menu.

 

[rivermobster]

I don't want to Google right now. Explain the authentication app and why better than text to phone.

Jezuz H Fuck...

You don't want to Google something, but you expect ME to type it all out???

Is it too cold and your fingers don't work???

Authentication Apps: How They Work and 5 Apps to Know About

An authentication app is a software application that is used to authenticate the identity of a user. Learn more.

frontegg.com

 

[napanutt]

Jezuz H Fuck...

You don't want to Google something, but you expect ME to type it all out???

Is it too cold and your fingers don't work???

Authentication Apps: How They Work and 5 Apps to Know About

An authentication app is a software application that is used to authenticate the identity of a user. Learn more.

frontegg.com

My request was meet. I got a link that seems to explain in layman terms.

Oh, and yes to both questions.

 

[GRADS]

My iPhone 14 doesn't have a SIM card so I guess I'm good.

 

[spectras only]

Visa froze my account recently. Ordered a part on e-bay early december and got a tracking number from DHL. I used DHL before for numerous items, never an issue. Paid for the item in full, tax and shipping. Week goes by, got an e-mail from DHL [ looked legit ] that I have to pay $2.00 before the part can be sipped to my door. I had a suspicion this e-mail wasn't right and ignored it. Sure enough, part didn't get delivered, and Visa caught the scam and froze my card. Talked to Visa, and they suggested to get a new card, or they could unfreeze my account if the part needed urgently. I told them, I'll wait for the effing post office strike is over, so my credit union [ 250 miles away in Vancouver ] can send me a new card. Also, was hacked on Amazon 3 yrs ago, some student loan in Pakistan, and an insurance fraud claim in Australia. Visa caught it, so it was taken care of it. It was sum of 8,000 dollars total.
I was a registered prime member, where Amazon had all my account information. So far I was lucky but dam, you can't trust anything anymore. I don't use my cellphone for any banking at all, only do my credit union online. Credit union only use my email, PW and a security code sent to my phone to verify. Fuckin scammers having a field day now a days, with all the AI shit, I wonder what's next?

 

[rivermobster]

Visa froze my account recently. Ordered a part on e-bay early december and got a tracking number from DHL. I used DHL before for numerous items, never an issue. Paid for the item in full, tax and shipping. Week goes by, got an e-mail from DHL [ looked legit ] that I have to pay $2.00 before the part can be sipped to my door. I had a suspicion this e-mail wasn't right and ignored it. Sure enough, part didn't get delivered, and Visa caught the scam and froze my card. Talked to Visa, and they suggested to get a new card, or they could unfreeze my account if the part needed urgently. I told them, I'll wait for the effing post office strike is over, so my credit union [ 250 miles away in Vancouver ] can send me a new card. Also, was hacked on Amazon 3 yrs ago, some student loan in Pakistan, and an insurance fraud claim in Australia. Visa caught it, so it was taken care of it. It was sum of 8,000 dollars total.
I was a registered prime member, where Amazon had all my account information. So far I was lucky but dam, you can't trust anything anymore. I don't use my cellphone for any banking at all, only do my credit union online. Credit union only use my email, PW and a security code sent to my phone to verify. Fuckin scammers having a field day now a days, with all the AI shit, I wonder what's next?

Security code sent to your phone?

Yep. It's only a matter of time till you are hacked again. See post 13 for the fix.

 

[BabyRay]

Authentication apps sound great, except for the fact I don’t understand exactly they work. As I read the info, the site I’m logging into must allow their use, but it appears to me that some sites only offer the option of having a code texted to me.

Is there something I’m missing?

 

[spectras only]

Authentication apps sound great, except for the fact I don’t understand exactly they work. As I read the info, the site I’m logging into must allow their use, but it appears to me that some sites only offer the option of having a code texted to me.

Is there something I’m missing?

i get what @rivermobster is saying. My wife use the landline phone that's unlike cellphones that are connected through the internet. I can't log in until verifying the sent code on messenger.
She calls the credit union and gets a number. simple and possibly safer!

 

[rivermobster]

Authentication apps sound great, except for the fact I don’t understand exactly they work. As I read the info, the site I’m logging into must allow their use, but it appears to me that some sites only offer the option of having a code texted to me.

Is there something I’m missing?

Nope. Not every entity has implemented their use yet.

Dumb on their part.

 

[rivermobster]

i get what @rivermobster is saying. My wife use the landline phone that's unlike cellphones that are connected through the internet.
She calls the credit union and gets a number.

Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.

 

[spectras only]

Vancity Credit union using the revolving code verification that I use for login. Wife is putting last ten digit number of her card .Vancity has the landline number She gets a rolling code she punch in on the verify box online of Vancity. Once the code verified, log in opened to do banking. Not much different that I'm using other than landline is not internet connected, like my cellphone is. Am I missing something?

 

[napanutt]

Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.

Thanks for caving in. This is exactly what I was looking for.

 

[spectras only]

Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.

If you own a car, DMV, has your DOB, full adress on you DL. All that is on government database everywhere. You can't hide.

 

[GRADS]

Or just buy a phone that doesn't have a SIM card.

 

[Sleek-Jet]

Or just buy a phone that doesn't have a SIM card.

They all have SIMS... Otherwise you don't have connection to a cellular network. iPhone 14's use a software SIM or eSIM.

 

[boatnam2]

I'm a little tech unsavvy, so what are you saying in first paragraph dribble?

 

[$hot]

What kind of phone?

 

[rivermobster]

For the Samsung peeps...

Samsung Galaxy S24 / Galaxy S24 Ultra - Enable / Disable / Modify SIM PIN | Verizon

Here's how to change the SIM PIN for your Galaxy S24 / Galaxy S24+ / Galaxy S24 Ultra or turn it on or off.

www.verizon.com

 

[Kachina26]

Security code sent to your phone?

Yep. It's only a matter of time till you are hacked again. See post 13 for the fix.

I don't have the savvy to get to post 13, can you post a link?

 

[rivermobster]

I don't have the savvy to get to post 13, can you post a link?

Post in thread 'Hacked !!!!!' https://www.riverdavesplace.com/forums/threads/hacked.304016/post-5327222

 

[gqchris]

Need to lock your Sim down with a code. Not all carriers have this yet, unfortunately.

Do you remember if your Xfinity login was a reused password? You can check to see if you have been in a data breach , 99.9 % chance yes at https://haveibeenpwned.com/

If your Xfinity password was the same as any of those breaches listed, thats how they got in.

Otherwise, they socially engineered the Xfinity rep to swap your sim. Which happens way too fucking often.

Next step, use an MFA app, such as Google Authenticator. Or Microsoft. Or Duo. I like Google as it backs up the codes to your Google account if you lose your phone you have a life raft.

Its the shit of nightmares and I hate the stress of it all being in the industry now. Wish I could retire soon. But aint in the cards.

 

[arch stanton]

Sounds like going back to a pager to get authentication code sent to may make things safer

 

[rrrr]

Sounds like going back to a pager to get authentication code sent to may make things safer

Until the Israelis blow it up.

 

[RichL]

For the Samsung peeps...

Samsung Galaxy S24 / Galaxy S24 Ultra - Enable / Disable / Modify SIM PIN | Verizon

Here's how to change the SIM PIN for your Galaxy S24 / Galaxy S24+ / Galaxy S24 Ultra or turn it on or off.

www.verizon.com

Thanks. Going to look into this.

 

[dribble]

Need to lock your Sim down with a code. Not all carriers have this yet, unfortunately.

Do you remember if your Xfinity login was a reused password? You can check to see if you have been in a data breach , 99.9 % chance yes at https://haveibeenpwned.com/

If your Xfinity password was the same as any of those breaches listed, thats how they got in.

Otherwise, they socially engineered the Xfinity rep to swap your sim. Which happens way too fucking often.

Next step, use an MFA app, such as Google Authenticator. Or Microsoft. Or Duo. I like Google as it backs up the codes to your Google account if you lose your phone you have a life raft.

Its the shit of nightmares and I hate the stress of it all being in the industry now. Wish I could retire soon. But aint in the cards.

Thanks for the info.

 

[C-2]

Damn that sux.

But, sharing your story will help a lot of members, including myself.

I've been out of the info security loop for several years now and I wasn't aware you should lock down your SIM cards.

Fortunately, Verizon makes it easy.

So thanks for posting your story, and thanks to everybody who suggested locking down the SIM.

 

[DRYHEAT]

Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.

So, what’s to keep your information safe in the revolving apps? Isn’t it just moving your information around? I don’t freaking know, I hate this shit.

Seems like every entity gets hacked at one point or another, including the Internet security companies.

I guess I need to just go back living under my rock in the desert.

 

[caribbean20]

Without reading all the details here, how do they access your bank accounts without your username and password? Those I keep close to the vest.

 

[Dalton]

Or just buy a phone that doesn't have a SIM card.

Your phone just has a e-sim, that's the easier one to steal, and how this happened. But even when your phone has a physical sim card it can be turned into a e-sim.

Every phone has a unique IMEI number, it's like the phone's vin number. Usually what will happen is they contact your cell phone company posing as you, they will say they got a new phone and need the phone number transferred, they then give the phone company the IMEI number of the phone they want your phone number transferred to, and boom, they're in control of all your secondary authentication.

The phone company does ask questions to verify your identity, but the scammer will have the answers, questions like "what's your mother's maiden name" etc.....

 

[Dalton]

Without reading all the details here, how do they access your bank accounts without your username and password? Those I keep close to the vest.

secondary authentication tied to your phone number or email, they change your password basically, like the button that says, "forgot your password", they use that and change it.

 

[caribbean20]

secondary authentication tied to your phone number or email, they change your password basically, like the button that says, "forgot your password", they use that and change it.

Wouldn’t work for those sites that require an answer to a secret question, right?

 

[Dalton]

Wouldn’t work for those sites that require an answer to a secret question, right?

Are the answers to the secret questions, actually secret?

Through different methods, they figure out the answers for the secret questions. Information like "what was the make of your first car?" isn't something you would think to keep secret, but it's a common security question. Another common one is "what's your favorite color?" or "what's your favorite vacation destination?"

 

[Angler]

This is why I will never have banking apps, or even log into any bank I do business with on my phone.
So I guess they can steal my RDP login info....

 

[Sleek-Jet]

So, what’s to keep your information safe in the revolving apps? Isn’t it just moving your information around? I don’t freaking know, I hate this shit.

Seems like every entity gets hacked at one point or another, including the Internet security companies.

I guess I need to just go back living under my rock in the desert.

It is an arms race. First it was strong passwords, then everyone went to 2 Factor Authentication and now the hackers have started to figure that out. Next you'll need to use an authentication app until the hackers break those too.

 

[caribbean20]

Are the answers to the secret questions, actually secret?

Through different methods, they figure out the answers for the secret questions. Information like "what was the make of your first car?" isn't something you would think to keep secret, but it's a common security question. Another common one is "what's your favorite color?" or "what's your favorite vacation destination?"

I guess my point here is there are a number of variables working in favor for someone who hasn’t spilled out their life story out on the internet. For those people, a few wrong guesses by the bad guy on things like secret questions (for me I choose secret questions and answers that may not be true, or could never be known by ANYONE but me) would seem to lock the victim’s account. Of course we must stay vigilant and many best practices are mentioned above. I’ll heed.

 

[rivermobster]

So, what’s to keep your information safe in the revolving apps? Isn’t it just moving your information around? I don’t freaking know, I hate this shit.

Seems like every entity gets hacked at one point or another, including the Internet security companies.

I guess I need to just go back living under my rock in the desert.

You know how rolling codes in a garage door opener work, right?

Same principal, but even more secure.

The code only shows up on YOUR phone for 60 seconds. It's not "stored" anywhere else.

No one besides you, has access to it.

So let's say your email and password log in are available on the dark web...

The douche nozzle enters it in, and in the next step, the bank asks for the code from your app.

Mr. douche nozzle doesn't have it, and he can't get it! He's locked out, even though he does have your log on credentials.

So he moves on to the next person on his list. Done deal. Game over.

With me so far?

 

[DRYHEAT]

You know how rolling codes in a garage door opener work, right?

Same principal, but even more secure.

The code only shows up on YOUR phone for 60 seconds. It's not "stored" anywhere else.

No one besides you, has access to it.

So let's say your email and password log in are available on the dark web...

The douche nozzle enters it in, and in the next step, the bank asks for the code from your app.

Mr. douche nozzle doesn't have it, and he can't get it! He's locked out, even though he does have your log on credentials.

So he moves on to the next person on his list. Done deal. Game over.

With me so far?

So do these apps ask for all your personal information? How does that work? It just seems like every time some layer of security is developed the hackers are not far behind hacking it.

I really am considering going out into the woods and living in a dirt hut. This shit brings me down.

 

[rivermobster]

So do these apps ask for all your personal information? How does that work? It just seems like every time some layer of security is developed the hackers are not far behind hacking it.

I really am considering going out into the woods and living in a dirt hut. This shit brings me down.

Nope!

Once you have the app on your phone, you have to "sync" the app to the entity you're trying to log into.

That's it!

Let's go back to your garage door opener again...

When you installed it, you pushed a button on your opener, and "synced" your remote to it. Now even though your neighbor, bought the same opener you have, you can't open his, and he can't open yours.

Same as the remote for your car alarm. It only works with Your car.

You feel me holmes? Your phone, is now your remote!

 

[DRYHEAT]

Nope!

Once you have the app on your phone, you have to "sync" the app to the entity you're trying to log into.

That's it!

Let's go back to your garage door opener again...

When you installed it, you pushed a button on your opener, and "synced" your remote to it. Now even though your neighbor, bought the same opener you have, you can't open his, and he can't open yours.

Same as the remote for your car alarm. It only works with Your car.

You feel me holmes? Your phone, is now your remote!

Sorry if it seemed like I was ignoring you, I appreciate the feedback and information. Day kind of went sideways there for a bit. Thanks again.