Jacamo account

thebullsback

Hi All, I received 3 email  from Jacamo (JD Williams)on the 6th may to inform me that my email address and password had been updated and a conformation of an order valued at £248.99 and that I should get in touch if I had not changed the address or password .

I had not changed any details and in fact never used Jacamo for many months so I contacted them via the included investigations link and pointed this out .I received an email by return stating that the matter would be looked into and could take up to 5 days.

Today the 11 may I received this email.      We are pleased to confirm that our investigation into the fraudulent use of your account has now concluded.

We appreciate that this may have caused you inconvenience or upset and would like to thank you for your assistance in bringing this matter to a close.

The outstanding balance has been cleared from the account and as the account hasn't been used for a number of years it has been closed.

I have attached a factsheet that has information on how to protect yourself from fraud.

Protecting yourself from fraud.pdf I hope this has fully resolved your enquiry.

when I open the fact sheet it suggests many ways in which I need to now do in order to protect myself yet there is no mention of how my account was hacked !!!

Personally I feel that this is not good enough.I wonder if anyone has any suggestions or observations on the matter.

     Regards

Lomast

Sounds like a phising email to me. when was the last time a legitimate confirmation email asked you to contact them if you didn't place an order .Never ever click on a link on an email I hope you didn't fill in any personal details on the so called investigations link

JReacher1

They probably don't know how your account has been hacked.  All they will know is that someone used your password to change your account details and then placed an order. 

There could be many reasons how this happened and most of them won't be anything to do with Jacamo.  If your password on Jacamo wasn't unique then that could be an issue, there is also issues with key logging software which could be on your home PC or failing that your password is just easy to guess.
This is a good site to check whether your password has been breached

https://haveibeenpwned.com/

If you put your email address in it will tell you what known hacks you have been exposed to.

As the problem has been rectified then it seems like the matter is resolved so I am not sure what else you want to happen?

antpdeana

On 9th June 2021 at about 5 a.m., someone got into my Jacamo account using a username and password that had been obtained from a data breach at Linked In (have since found this out using the haveibeenpwned.com website JReacher1 posted), in 2016, the fraudster having got into the account, placed an order leaving the delivery address as my own address, but then placed another order and changed the delivery address to either where they live, or use as a parcel collection location, with courier companies not requiring signatures, because of Covid, they just drop the parcels at the door, sometimes take a photo on their phone, and leave it there, so Mr / Mrs / Miss fraudster just come along and pick it up and go, luckily when Jacamo sent the order confirmation emails, it woke me, and on checking was astounded to find the orders placed. 
So I changed the password immediately on the account, I didn't even know I had been hacked, I contacted Jacamo as soon as their phone lines opened, and they stopped the orders, and blocked the account, until they had completed an inquiry into what had happened.
I have now removed the password from every account that was using it, just shows you should change passwords regularly, so each account I now have with various websites, especially ones that involve goods or money,  has it's own individual password, that isn't used anywhere else. I used the Norton Password manager to do this, took a few hours, but simple to do. 

MattMattMattUK

antpdeana said:

On 9th June 2021 at about 5 a.m., someone got into my Jacamo account using a username and password that had been obtained from a data breach at Linked In (have since found this out using the haveibeenpwned.com website JReacher1 posted), in 2016, the fraudster having got into the account, placed an order leaving the delivery address as my own address, but then placed another order and changed the delivery address to either where they live, or use as a parcel collection location, with courier companies not requiring signatures, because of Covid, they just drop the parcels at the door, sometimes take a photo on their phone, and leave it there, so Mr / Mrs / Miss fraudster just come along and pick it up and go, luckily when Jacamo sent the order confirmation emails, it woke me, and on checking was astounded to find the orders placed. 
So I changed the password immediately on the account, I didn't even know I had been hacked, I contacted Jacamo as soon as their phone lines opened, and they stopped the orders, and blocked the account, until they had completed an inquiry into what had happened.
I have now removed the password from every account that was using it, just shows you should change passwords regularly, so each account I now have with various websites, especially ones that involve goods or money,  has it's own individual password, that isn't used anywhere else. I used the Norton Password manager to do this, took a few hours, but simple to do. 

It has always been the advice and good practice to not reuse passwords across multiple accounts and also not to vary them by minor details but keep most of the password the same. Also password managers are a single point of failure, if that is compromised then the person who gains access then has access to everything. It is far better to create a system which allows you to remember passwords, rather than storing them somewhere where they could all be compromised at once.

deannagone

To answer your question OP.., the same thing happened to me with amazon.  I did, as far as I am aware operate safe anti hacking procedures, never opened a phishing email etc.  But my amazon account was still hacked.  Nothing else was.  I asked Amazon how this could have happened so I could assess the risk to other website accounts but like you (and I asked some specific questions). I was told Amazon would not reveal anything about their security procedures (which I wasn't actually asking about).  I wrote to the CEO, I queried this pointing out that as it was my account that had been hacked I had a right to know how, given how phishing was not a risk.  

It did no good at all.  It was a long long time before I used Amazon again.  Trust was gone. I suspect Amazon itself was hacked. 

I tend to enter card details individually on website when I buy something rather than allow them to be stored on a website's database.  Not fool proof but I tell myself it helps protect me.

I'm afraid there is nothing you can do to force a website that doesn't want you to know to explain to you what happened, even though its your information.  .