We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Fraud Advice!
Spender£
Posts: 350 Forumite
I was woken in the early hours by a ping on my phone with an email thanking me for my orders totalling over £1500 pounds.
This was from an online catalogue company which i have used occasionally although not for about six months!
It seems someone had got into my account and changed my email and password and arranged for the items to be sent to their address in the south of England.
As soon as the lines opened at 08:00am i contacted the company and eventually they managed to cancel the orders and change my details back including allowing me to reset my password.
The fraudsters used their own credit card to pay for the items (probably stolen) which makes me wonder why they used my account just to order unless the fraud would of been traced back to me somehow.
Do i need to change my email address for every account, i am concerned as my passwords i use are very complicated and i still don't know how they can break long complicated passwords like this all different symbols and mixed letters and numbers upper and lower case, i am thinking it might be a data breach as the most likely cause although the company it keeping very quiet about this in fact they have changed my credit limit to 0 possible as a precaution..
This was from an online catalogue company which i have used occasionally although not for about six months!
It seems someone had got into my account and changed my email and password and arranged for the items to be sent to their address in the south of England.
As soon as the lines opened at 08:00am i contacted the company and eventually they managed to cancel the orders and change my details back including allowing me to reset my password.
The fraudsters used their own credit card to pay for the items (probably stolen) which makes me wonder why they used my account just to order unless the fraud would of been traced back to me somehow.
Do i need to change my email address for every account, i am concerned as my passwords i use are very complicated and i still don't know how they can break long complicated passwords like this all different symbols and mixed letters and numbers upper and lower case, i am thinking it might be a data breach as the most likely cause although the company it keeping very quiet about this in fact they have changed my credit limit to 0 possible as a precaution..
Time Is The Enemy!
0
Comments
-
To make things worse i have been informed that in future i must pay using a card in full without using my account or waiting for a statement, it is as if i am being blamed for this i suppose!Time Is The Enemy!0
-
How do you access the catalogue company website ?
Desktop, phone, laptop or tablet ?
Have you clicked on any links in emails ?
I take it you dont use the same password for any other websites ?
Hopefully you dont, maybe just change the email address.0 -
I mainly access the website on my iPhone!DCFC79 said:How do you access the catalogue company website ?
Desktop, phone, laptop or tablet ?
Have you clicked on any links in emails ?
I take it you dont use the same password for any other websites ?
Hopefully you dont, maybe just change the email address.
I definitely don't ever click any fraudulent emails however i haven't had any from this company for months.
Your right i never use the same password on any other sites thankfully!
The problem with changing my email address is i use this email for every account i have more or less so will take a lot of work.Time Is The Enemy!0 -
If you have not used the co for about 6 months then close the account. Totally takes the risk away.Life in the slow lane0
-
Six months is not that long for me, i have ordered quite a few things from them in the past and they require a credit check to join even though i always pay the statement in full i thought it a lot of hassle to keep closing accounts and then creating new ones to place an order.born_again said:If you have not used the co for about 6 months then close the account. Totally takes the risk away.Time Is The Enemy!0 -
Now you have identified why they used your account and someone else's stolen credit card if you have to have a credit check to open an account.Spender£ said:
Six months is not that long for me, i have ordered quite a few things from them in the past and they require a credit check to join even though i always pay the statement in full i thought it a lot of hassle to keep closing accounts and then creating new ones to place an order.born_again said:If you have not used the co for about 6 months then close the account. Totally takes the risk away.
Before you explained it yourself I was going to suggest that its because some companies require initial orders to be sent to the payments registered address but subsequent orders to other addresses and so using your account bypasses this challenge assuming the card is stolen and the delivery address is different to the card's registered address.
Hopefully the company can tell you how access was gained... did they process a "forgotten password" request recently or such? Was there a brute force attempt to get into the account?
You certainly need to change the password on your email as a precaution. I'd also check in the deleted folder to see if there is any evidence there of their activities... for some reason when my email was hacked and this was used for access to my eBay and PayPal the people deleted all the forgotten password and order emails etc but left them in the Deleted folder, if they were more sensible they'd have deleted them permanently instead so no evidence doesnt mean they werent in there.1 -
Yes, to be honest i can only assume it was a stolen credit card although this was a guess on my part, unfortunately the company are not telling me anything about what has happened or why it happened which has led to me making a complaint to try and get information.Sandtree said:
Now you have identified why they used your account and someone else's stolen credit card if you have to have a credit check to open an account.Spender£ said:
Six months is not that long for me, i have ordered quite a few things from them in the past and they require a credit check to join even though i always pay the statement in full i thought it a lot of hassle to keep closing accounts and then creating new ones to place an order.born_again said:If you have not used the co for about 6 months then close the account. Totally takes the risk away.
Before you explained it yourself I was going to suggest that its because some companies require initial orders to be sent to the payments registered address but subsequent orders to other addresses and so using your account bypasses this challenge assuming the card is stolen and the delivery address is different to the card's registered address.
Hopefully the company can tell you how access was gained... did they process a "forgotten password" request recently or such? Was there a brute force attempt to get into the account?
You certainly need to change the password on your email as a precaution. I'd also check in the deleted folder to see if there is any evidence there of their activities... for some reason when my email was hacked and this was used for access to my eBay and PayPal the people deleted all the forgotten password and order emails etc but left them in the Deleted folder, if they were more sensible they'd have deleted them permanently instead so no evidence doesnt mean they werent in there.
I think you make an interesting point with the idea that with my account they could get the items sent to their address instead of the payment address.
Although a bit inconvenient i decided a while back not to leave any credit card information saved on the account just in case anyone got access although i try to do this with every retailer, i am now reaping the reward of that decision by the fact that my cards are safe at least.
The missing link here is the lack of information i have, the only details i do have are the fraudsters delivery address and email which is probably one of many these gangs hold, I'm not sure if i would be wasting my time to make any sort of contact with the fraudsters.Time Is The Enemy!0 -
In fact the only reason i knew about any of this was an email after midnight thanking me for changing my email address followed by one more email outlining my orders being confirmed.Spender£ said:
Yes, to be honest i can only assume it was a stolen credit card although this was a guess on my part, unfortunately the company are not telling me anything about what has happened or why it happened which has led to me making a complaint to try and get information.Sandtree said:
Now you have identified why they used your account and someone else's stolen credit card if you have to have a credit check to open an account.Spender£ said:
Six months is not that long for me, i have ordered quite a few things from them in the past and they require a credit check to join even though i always pay the statement in full i thought it a lot of hassle to keep closing accounts and then creating new ones to place an order.born_again said:If you have not used the co for about 6 months then close the account. Totally takes the risk away.
Before you explained it yourself I was going to suggest that its because some companies require initial orders to be sent to the payments registered address but subsequent orders to other addresses and so using your account bypasses this challenge assuming the card is stolen and the delivery address is different to the card's registered address.
Hopefully the company can tell you how access was gained... did they process a "forgotten password" request recently or such? Was there a brute force attempt to get into the account?
You certainly need to change the password on your email as a precaution. I'd also check in the deleted folder to see if there is any evidence there of their activities... for some reason when my email was hacked and this was used for access to my eBay and PayPal the people deleted all the forgotten password and order emails etc but left them in the Deleted folder, if they were more sensible they'd have deleted them permanently instead so no evidence doesnt mean they werent in there.
I think you make an interesting point with the idea that with my account they could get the items sent to their address instead of the payment address.
Although a bit inconvenient i decided a while back not to leave any credit card information saved on the account just in case anyone got access although i try to do this with every retailer, i am now reaping the reward of that decision by the fact that my cards are safe at least.
The missing link here is the lack of information i have, the only details i do have are the fraudsters delivery address and email which is probably one of many these gangs hold, I'm not sure if i would be wasting my time to make any sort of contact with the fraudsters.Time Is The Enemy!0 -
But that is obviously after they got access to your shopping account. What the forgotten my password type emails in your deleted folder would show is that they got into your email before getting into the shopping account (as they did with mine)Spender£ said:
In fact the only reason i knew about any of this was an email after midnight thanking me for changing my email address followed by one more email outlining my orders being confirmed.0 -
Spender£ said:
Six months is not that long for me, i have ordered quite a few things from them in the past and they require a credit check to join even though i always pay the statement in full i thought it a lot of hassle to keep closing accounts and then creating new ones to place an order.born_again said:If you have not used the co for about 6 months then close the account. Totally takes the risk away.
Given you pay the statement in full, are the items not available at other retailers that are not catalogue based and do not require a account?Life in the slow lane0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards