WELCOME TO RIVER DAVES PLACE

Hacked !!!!!

dribble

Well-Known Member
Joined
Mar 25, 2008
Messages
3,882
Reaction score
6,390
I got hacked pretty bad. On the afternoon of December 23, I got a message that someone was trying to access my Apple account near Jakarta Indonesia. I get this same message when I access my account and when I hit "allow" I get a six digit code. I hit "Don't Allow" then went out to run some last minute Christmas errands.

While I was out I noticed my phone quit working. No calling no cellular data, so I couldn't look up any of my accounts. I got home opened my laptop and brought up my banking info. The guy was having a field day. Gift cards, Got into my Amazon and tried to buy a $2500.00 laptop. Got into my Pay Pal and sent money from my Visa card. Got into my Zelle and tried to send money. When my checking account ran out he transferred money from my savings. Purchased a stupid online game from a company in Africa for 140.00 and gave them a $60.00 tip. Had my emails routed to him. I grabbed my GF's phone, called the bank and had all my accounts shut down. The problem was the bank kept telling me they needed to send a code to my phone. I kept telling them that my phone was disabled and the hacker also was getting my emails. They didn't know what to do. I finally told them that my GF was on two of the accounts so they agreed to send the code to her phone.

On Christmas Eve morning, I went to the bank and cleaned out my accounts of all cash. I didn't know that I had to call a different number to get my Visa shut off. My Visa noticed the activity and declined all but one transaction. I went to m wireless carrier (Xfinity) and was told that they had cloned my sim card and got into my phone that way. I have it set up where if I make a purchase, I get an immediate message but I wasn't getting them because my phone was disabled.

Here's what I have done. Cancelled my email address and got a new one. Shut off my Pay Pal, my Amazon, My Visa and my bank accounts. I have to open new accounts now. Going to install a decent anti virus program that will do five devices. All in all I will lose no money because I go on it quickly and what he did get will be reimbursed. This is more of a warning that if you get such a message and your phone stops working, get home or to a wifi quickly.


Is there anything else I should do to help prevent a reoccurrence of this bullshit?

Oh and to top that off my sink drain plugged up on Christmas night after feeding 13 people Christmas dinner. The stoppage was 12 feet into the sewer pipe so we had to do all the dishes by hand in the laundry room sink. The next day I had to rent a pipe reemer at Home Depot. It took forever to clear the clog.
 
Last edited:

Aces & Eights

Well-Known Member
Joined
Oct 8, 2022
Messages
318
Reaction score
994
Shit, when it rains it pours. I fucken hate thieves. Every year or two my Visa gets compromised and I have to cancel everything and reset it with a new card when it arrives 5-7 working days later, always a pain in the ass.

I get alerts on every purchase with my phone, which is helpful. I’ve never had my phone hacked before.
 

GRADS

Phishing license is paid up to date
Joined
Dec 19, 2007
Messages
19,697
Reaction score
24,466
How did they clone your SIM card?
 

SixD9R

Well-Known Member
Joined
Mar 16, 2019
Messages
3,576
Reaction score
13,443
I’ve locked my credit with the 3 major credit reporting agencies. That means if anyone tries to open a credit account in my name (including me) they won’t be able to because the agency’s won’t release my credit information. If I want to apply for credit, I can simply temporarily unlock it.
 

HTTP404

New But Seasoned Inmate #2002
Joined
Jun 20, 2008
Messages
3,885
Reaction score
7,476
How did they clone your SIM card?


  1. SIM Swap: The hacker gains control of your phone number, likely through social engineering tactics with your mobile carrier.
  2. Phone Disabled: With your number transferred, your phone loses cellular service, disabling calls and data.
  3. Access to Accounts: The hacker uses your phone number to access accounts that use SMS for two-factor authentication, such as your email, banking, and payment services.
  4. Email Forwarding: The hacker sets up email forwarding to keep receiving verification codes and account details.
  5. Unauthorized Transactions: With access to your accounts, the hacker makes purchases, transfers funds, and performs other unauthorized actions.
 

havasujeeper

Well-Known Member
Joined
Sep 4, 2014
Messages
2,810
Reaction score
5,647
This is scary shit.

Unrelated, I'm going to change all my passwords today. Geez, maybe 40+ accounts?
 

paradise

Spooner
Joined
Feb 19, 2008
Messages
4,715
Reaction score
5,398
Sounds like you’ve done everything needed to lock them out for the time being. Be extra vigilant as you are a ‘target’ now 😢
 

dribble

Well-Known Member
Joined
Mar 25, 2008
Messages
3,882
Reaction score
6,390
How did they clone your SIM card?

The guy at Xfinity in Folsom said they did an E-Sim. Got my sim info then killed the card in my phone. What I don’t know is how they fit into my Apple Pay.
 

BigQ

Well-Known Member
Joined
Jan 30, 2008
Messages
1,352
Reaction score
302
Set a SIM lock number with you mobile carrier. Basically a PIN number to do anything with the a SIM number. Use a code generator instead of text message for the 2FA, or better yet for bank account use a Yubi key. Also use a password manager such as Bitwarden and a finger print or eye scan for access.
 

Sleek-Jet

Well-Known Member
Joined
Sep 20, 2007
Messages
13,346
Reaction score
16,832
Curious if you had an eSIM card or a physical SIM? I guess if they can access your phone that doesn't matter either way, at that point they can just go look at the SIM information in the settings menu.
 

rivermobster

Club Banned
Joined
Dec 28, 2009
Messages
59,812
Reaction score
60,604

napanutt

Connoisseur
Joined
Dec 19, 2007
Messages
11,386
Reaction score
15,824

GRADS

Phishing license is paid up to date
Joined
Dec 19, 2007
Messages
19,697
Reaction score
24,466
My iPhone 14 doesn't have a SIM card so I guess I'm good.🤷‍♂️
 

spectras only

Well-Known Member
Joined
Sep 20, 2007
Messages
13,308
Reaction score
13,523
Visa froze my account recently. Ordered a part on e-bay early december and got a tracking number from DHL. I used DHL before for numerous items, never an issue. Paid for the item in full, tax and shipping. Week goes by, got an e-mail from DHL [ looked legit ] that I have to pay $2.00 before the part can be sipped to my door. I had a suspicion this e-mail wasn't right and ignored it. Sure enough, part didn't get delivered, and Visa caught the scam and froze my card. Talked to Visa, and they suggested to get a new card, or they could unfreeze my account if the part needed urgently. I told them, I'll wait for the effing post office strike is over, so my credit union [ 250 miles away in Vancouver ] can send me a new card. Also, was hacked on Amazon 3 yrs ago, some student loan in Pakistan, and an insurance fraud claim in Australia. Visa caught it, so it was taken care of it. It was sum of 8,000 dollars total.
I was a registered prime member, where Amazon had all my account information. So far I was lucky but dam, you can't trust anything anymore. I don't use my cellphone for any banking at all, only do my credit union online. Credit union only use my email, PW and a security code sent to my phone to verify. Fuckin scammers having a field day now a days, with all the AI shit, I wonder what's next?
 

rivermobster

Club Banned
Joined
Dec 28, 2009
Messages
59,812
Reaction score
60,604
Visa froze my account recently. Ordered a part on e-bay early december and got a tracking number from DHL. I used DHL before for numerous items, never an issue. Paid for the item in full, tax and shipping. Week goes by, got an e-mail from DHL [ looked legit ] that I have to pay $2.00 before the part can be sipped to my door. I had a suspicion this e-mail wasn't right and ignored it. Sure enough, part didn't get delivered, and Visa caught the scam and froze my card. Talked to Visa, and they suggested to get a new card, or they could unfreeze my account if the part needed urgently. I told them, I'll wait for the effing post office strike is over, so my credit union [ 250 miles away in Vancouver ] can send me a new card. Also, was hacked on Amazon 3 yrs ago, some student loan in Pakistan, and an insurance fraud claim in Australia. Visa caught it, so it was taken care of it. It was sum of 8,000 dollars total.
I was a registered prime member, where Amazon had all my account information. So far I was lucky but dam, you can't trust anything anymore. I don't use my cellphone for any banking at all, only do my credit union online. Credit union only use my email, PW and a security code sent to my phone to verify. Fuckin scammers having a field day now a days, with all the AI shit, I wonder what's next?

Security code sent to your phone?

Yep. It's only a matter of time till you are hacked again. See post 13 for the fix.
 

BabyRay

Well-Known Member
Joined
Oct 7, 2022
Messages
1,115
Reaction score
2,692
Authentication apps sound great, except for the fact I don’t understand exactly they work. As I read the info, the site I’m logging into must allow their use, but it appears to me that some sites only offer the option of having a code texted to me.

Is there something I’m missing?
 

spectras only

Well-Known Member
Joined
Sep 20, 2007
Messages
13,308
Reaction score
13,523
Authentication apps sound great, except for the fact I don’t understand exactly they work. As I read the info, the site I’m logging into must allow their use, but it appears to me that some sites only offer the option of having a code texted to me.

Is there something I’m missing?
i get what @rivermobster is saying. My wife use the landline phone that's unlike cellphones that are connected through the internet. I can't log in until verifying the sent code on messenger.
She calls the credit union and gets a number. simple and possibly safer!
 

rivermobster

Club Banned
Joined
Dec 28, 2009
Messages
59,812
Reaction score
60,604
Authentication apps sound great, except for the fact I don’t understand exactly they work. As I read the info, the site I’m logging into must allow their use, but it appears to me that some sites only offer the option of having a code texted to me.

Is there something I’m missing?

Nope. Not every entity has implemented their use yet.

Dumb on their part.
 

rivermobster

Club Banned
Joined
Dec 28, 2009
Messages
59,812
Reaction score
60,604
i get what @rivermobster is saying. My wife use the landline phone that's unlike cellphones that are connected through the internet.
She calls the credit union and gets a number.

Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.
 

spectras only

Well-Known Member
Joined
Sep 20, 2007
Messages
13,308
Reaction score
13,523
Vancity Credit union using the revolving code verification that I use for login. Wife is putting last ten digit number of her card .Vancity has the landline number She gets a rolling code she punch in on the verify box online of Vancity. Once the code verified, log in opened to do banking. Not much different that I'm using other than landline is not internet connected, like my cellphone is. Am I missing something?
 
Last edited:

napanutt

Connoisseur
Joined
Dec 19, 2007
Messages
11,386
Reaction score
15,824
Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.
Thanks for caving in. This is exactly what I was looking for. 😊
 

spectras only

Well-Known Member
Joined
Sep 20, 2007
Messages
13,308
Reaction score
13,523
Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.
If you own a car, DMV, has your DOB, full adress on you DL. All that is on government database everywhere. You can't hide.
 

GRADS

Phishing license is paid up to date
Joined
Dec 19, 2007
Messages
19,697
Reaction score
24,466
Or just buy a phone that doesn't have a SIM card. 🤣
 

boatnam2

Well-Known Member
Joined
Sep 20, 2007
Messages
13,782
Reaction score
7,390
I'm a little tech unsavvy, so what are you saying in first paragraph dribble?
 

gqchris

Well-Known Member
Joined
Mar 24, 2008
Messages
8,971
Reaction score
14,881
Need to lock your Sim down with a code. Not all carriers have this yet, unfortunately.

Do you remember if your Xfinity login was a reused password? You can check to see if you have been in a data breach , 99.9 % chance yes at https://haveibeenpwned.com/

If your Xfinity password was the same as any of those breaches listed, thats how they got in.

Otherwise, they socially engineered the Xfinity rep to swap your sim. Which happens way too fucking often.

Next step, use an MFA app, such as Google Authenticator. Or Microsoft. Or Duo. I like Google as it backs up the codes to your Google account if you lose your phone you have a life raft.

Its the shit of nightmares and I hate the stress of it all being in the industry now. Wish I could retire soon. But aint in the cards.
 

arch stanton

Well-Known Member
Joined
Jun 30, 2011
Messages
929
Reaction score
2,290
Sounds like going back to a pager to get authentication code sent to may make things safer
 

dribble

Well-Known Member
Joined
Mar 25, 2008
Messages
3,882
Reaction score
6,390
Need to lock your Sim down with a code. Not all carriers have this yet, unfortunately.

Do you remember if your Xfinity login was a reused password? You can check to see if you have been in a data breach , 99.9 % chance yes at https://haveibeenpwned.com/

If your Xfinity password was the same as any of those breaches listed, thats how they got in.

Otherwise, they socially engineered the Xfinity rep to swap your sim. Which happens way too fucking often.

Next step, use an MFA app, such as Google Authenticator. Or Microsoft. Or Duo. I like Google as it backs up the codes to your Google account if you lose your phone you have a life raft.

Its the shit of nightmares and I hate the stress of it all being in the industry now. Wish I could retire soon. But aint in the cards.

Thanks for the info.
 

C-2

Well-Known Member
Joined
Sep 26, 2007
Messages
12,654
Reaction score
8,399
Damn that sux.

But, sharing your story will help a lot of members, including myself.

I've been out of the info security loop for several years now and I wasn't aware you should lock down your SIM cards.

Fortunately, Verizon makes it easy.

So thanks for posting your story, and thanks to everybody who suggested locking down the SIM. 👍
 

DRYHEAT

Well-Known Member
Joined
Sep 6, 2010
Messages
7,539
Reaction score
14,052
Let's discuss this...

So someone calls in, pretending to be your wife...

What are they going to ask her for??

SS number? Those were all leaked/hacked this past year.

DL number? Leaked/hacked ages ago.

Current address and phone number?

Bank account number?

DOB?

Secret code word?

All are available on the dark web data bases.

A revolving code, that only you can see on your phone is the best option available, at the moment.
So, what’s to keep your information safe in the revolving apps? Isn’t it just moving your information around? I don’t freaking know, I hate this shit.

Seems like every entity gets hacked at one point or another, including the Internet security companies. 🤷‍♂️

I guess I need to just go back living under my rock in the desert.😔
 

caribbean20

Well-Known Member
Joined
Mar 4, 2011
Messages
1,711
Reaction score
3,801
Without reading all the details here, how do they access your bank accounts without your username and password? Those I keep close to the vest.
 

Dalton

Well-Known Member
Joined
Apr 15, 2011
Messages
2,352
Reaction score
2,175
Or just buy a phone that doesn't have a SIM card. 🤣


Your phone just has a e-sim, that's the easier one to steal, and how this happened. But even when your phone has a physical sim card it can be turned into a e-sim.

Every phone has a unique IMEI number, it's like the phone's vin number. Usually what will happen is they contact your cell phone company posing as you, they will say they got a new phone and need the phone number transferred, they then give the phone company the IMEI number of the phone they want your phone number transferred to, and boom, they're in control of all your secondary authentication.

The phone company does ask questions to verify your identity, but the scammer will have the answers, questions like "what's your mother's maiden name" etc.....
 
Last edited:

Dalton

Well-Known Member
Joined
Apr 15, 2011
Messages
2,352
Reaction score
2,175
Without reading all the details here, how do they access your bank accounts without your username and password? Those I keep close to the vest.


secondary authentication tied to your phone number or email, they change your password basically, like the button that says, "forgot your password", they use that and change it.
 

caribbean20

Well-Known Member
Joined
Mar 4, 2011
Messages
1,711
Reaction score
3,801
secondary authentication tied to your phone number or email, they change your password basically, like the button that says, "forgot your password", they use that and change it.
Wouldn’t work for those sites that require an answer to a secret question, right?
 

Dalton

Well-Known Member
Joined
Apr 15, 2011
Messages
2,352
Reaction score
2,175
Wouldn’t work for those sites that require an answer to a secret question, right?

Are the answers to the secret questions, actually secret?

Through different methods, they figure out the answers for the secret questions. Information like "what was the make of your first car?" isn't something you would think to keep secret, but it's a common security question. Another common one is "what's your favorite color?" or "what's your favorite vacation destination?"
 

Angler

Tritoon Racing
Joined
May 4, 2012
Messages
6,157
Reaction score
15,238
This is why I will never have banking apps, or even log into any bank I do business with on my phone.
So I guess they can steal my RDP login info....
 
Last edited:

Sleek-Jet

Well-Known Member
Joined
Sep 20, 2007
Messages
13,346
Reaction score
16,832
So, what’s to keep your information safe in the revolving apps? Isn’t it just moving your information around? I don’t freaking know, I hate this shit.

Seems like every entity gets hacked at one point or another, including the Internet security companies. 🤷‍♂️

I guess I need to just go back living under my rock in the desert.😔

It is an arms race. First it was strong passwords, then everyone went to 2 Factor Authentication and now the hackers have started to figure that out. Next you'll need to use an authentication app until the hackers break those too.
 

caribbean20

Well-Known Member
Joined
Mar 4, 2011
Messages
1,711
Reaction score
3,801
Are the answers to the secret questions, actually secret?

Through different methods, they figure out the answers for the secret questions. Information like "what was the make of your first car?" isn't something you would think to keep secret, but it's a common security question. Another common one is "what's your favorite color?" or "what's your favorite vacation destination?"
I guess my point here is there are a number of variables working in favor for someone who hasn’t spilled out their life story out on the internet. For those people, a few wrong guesses by the bad guy on things like secret questions (for me I choose secret questions and answers that may not be true, or could never be known by ANYONE but me) would seem to lock the victim’s account. Of course we must stay vigilant and many best practices are mentioned above. I’ll heed.
 

rivermobster

Club Banned
Joined
Dec 28, 2009
Messages
59,812
Reaction score
60,604
So, what’s to keep your information safe in the revolving apps? Isn’t it just moving your information around? I don’t freaking know, I hate this shit.

Seems like every entity gets hacked at one point or another, including the Internet security companies. 🤷‍♂️

I guess I need to just go back living under my rock in the desert.😔

You know how rolling codes in a garage door opener work, right?

Same principal, but even more secure.

The code only shows up on YOUR phone for 60 seconds. It's not "stored" anywhere else.

No one besides you, has access to it.

So let's say your email and password log in are available on the dark web...

The douche nozzle enters it in, and in the next step, the bank asks for the code from your app.

Mr. douche nozzle doesn't have it, and he can't get it! He's locked out, even though he does have your log on credentials.

So he moves on to the next person on his list. Done deal. Game over.

With me so far?
 

DRYHEAT

Well-Known Member
Joined
Sep 6, 2010
Messages
7,539
Reaction score
14,052
You know how rolling codes in a garage door opener work, right?

Same principal, but even more secure.

The code only shows up on YOUR phone for 60 seconds. It's not "stored" anywhere else.

No one besides you, has access to it.

So let's say your email and password log in are available on the dark web...

The douche nozzle enters it in, and in the next step, the bank asks for the code from your app.

Mr. douche nozzle doesn't have it, and he can't get it! He's locked out, even though he does have your log on credentials.

So he moves on to the next person on his list. Done deal. Game over.

With me so far?
So do these apps ask for all your personal information? How does that work? It just seems like every time some layer of security is developed the hackers are not far behind hacking it.

I really am considering going out into the woods and living in a dirt hut. 🤣 This shit brings me down.🙁
 

rivermobster

Club Banned
Joined
Dec 28, 2009
Messages
59,812
Reaction score
60,604
So do these apps ask for all your personal information? How does that work? It just seems like every time some layer of security is developed the hackers are not far behind hacking it.

I really am considering going out into the woods and living in a dirt hut. 🤣 This shit brings me down.🙁

Nope!

Once you have the app on your phone, you have to "sync" the app to the entity you're trying to log into.

That's it!

Let's go back to your garage door opener again...

When you installed it, you pushed a button on your opener, and "synced" your remote to it. Now even though your neighbor, bought the same opener you have, you can't open his, and he can't open yours.

Same as the remote for your car alarm. It only works with Your car.

You feel me holmes? Your phone, is now your remote! 😎
 

DRYHEAT

Well-Known Member
Joined
Sep 6, 2010
Messages
7,539
Reaction score
14,052
Nope!

Once you have the app on your phone, you have to "sync" the app to the entity you're trying to log into.

That's it!

Let's go back to your garage door opener again...

When you installed it, you pushed a button on your opener, and "synced" your remote to it. Now even though your neighbor, bought the same opener you have, you can't open his, and he can't open yours.

Same as the remote for your car alarm. It only works with Your car.

You feel me holmes? Your phone, is now your remote! 😎
Sorry if it seemed like I was ignoring you, I appreciate the feedback and information. Day kind of went sideways there for a bit. Thanks again.
 
Top