Has my personal information been compromised?
April 6, 2017 12:46 PM Subscribe
Gmail account disabled and Amazon account locked for security purposes. I need help figuring out what to do and what happened.
At 6 PM yesterday, I tried to log in to my Gmail account and received a message that it had been disabled due to unusual activity. I was able to get it enabled again via a security text and changed my password. There do not seem to be any unrecognized logins in my activity history in Google, nor any suspicious sent emails or other activity when I checked the account.
This morning, I received an email from Amazon Local saying that a charge I had made for a particular order was in dispute and asking for a stored card to pay for the order. While I use Amazon, Amazon Prime and Prime Now religiously, none of my past orders matched the order number in the email. I have never used Amazon Local, and the support link goes to what looks like a legit Amazon webpage. I tried to log in to my Amazon account and I get an error saying it's been locked for security purposes. It tells me I should expect an email to follow instructions to get it unlocked, but the email isn't showing up.
1. What could be going on here?
2. What should I do other than change all my passwords?
3. If I'm not getting an Amazon email with instructions on how to unlock my account, what are my options?
Both my Gmail and Amazon accounts are lifelines - I've had the former for almost a decade and there is a ton of sensitive, important information and emails on there. My Amazon account is used on a daily basis for domestic purchases and groceries and I'd be lost without it. My work laptop and my phone are the only devices I use and both were safe in my possession in the five or so hours within which I received the emails and tried to rectify the situation.
Thank you so much for your help!
At 6 PM yesterday, I tried to log in to my Gmail account and received a message that it had been disabled due to unusual activity. I was able to get it enabled again via a security text and changed my password. There do not seem to be any unrecognized logins in my activity history in Google, nor any suspicious sent emails or other activity when I checked the account.
This morning, I received an email from Amazon Local saying that a charge I had made for a particular order was in dispute and asking for a stored card to pay for the order. While I use Amazon, Amazon Prime and Prime Now religiously, none of my past orders matched the order number in the email. I have never used Amazon Local, and the support link goes to what looks like a legit Amazon webpage. I tried to log in to my Amazon account and I get an error saying it's been locked for security purposes. It tells me I should expect an email to follow instructions to get it unlocked, but the email isn't showing up.
1. What could be going on here?
2. What should I do other than change all my passwords?
3. If I'm not getting an Amazon email with instructions on how to unlock my account, what are my options?
Both my Gmail and Amazon accounts are lifelines - I've had the former for almost a decade and there is a ton of sensitive, important information and emails on there. My Amazon account is used on a daily basis for domestic purchases and groceries and I'd be lost without it. My work laptop and my phone are the only devices I use and both were safe in my possession in the five or so hours within which I received the emails and tried to rectify the situation.
Thank you so much for your help!
Seconding what blue core says: do not follow any links in e-mails you receive that purport to be from Amazon. Open a fresh browser window and go type "amazon.com" directly in the address bar. Take it from there.
posted by Winnie the Proust at 12:56 PM on April 6, 2017 [5 favorites]
posted by Winnie the Proust at 12:56 PM on April 6, 2017 [5 favorites]
I would recommend to backup your gmail messages using MailStore Home. A free product, pretty straight forward. It will download all your email onto your local machine (Windows, sorry). Once you got it, you can export it into other formats and what not. And then go to gmail and delete all your old emails. Why leaving this trove of information online when you don't have to? And how often do you really need to look up something from 5 years ago?
And of course n+ to using two-factor authentication.
posted by nostrada at 1:44 PM on April 6, 2017 [2 favorites]
And of course n+ to using two-factor authentication.
posted by nostrada at 1:44 PM on April 6, 2017 [2 favorites]
You need to contact Amazon ASAP to get your account unlocked (if it really is locked) or put a stop to any unauthorized access (if you got phished).
posted by mama casserole at 1:45 PM on April 6, 2017
posted by mama casserole at 1:45 PM on April 6, 2017
You might log into the Gmail web portal and look over your Gmail settings to make sure that your mail is not set to be forwarded to another email address. Probably good to look over all the other configuration settings as well.
posted by BillMcMurdo at 2:19 PM on April 6, 2017 [2 favorites]
posted by BillMcMurdo at 2:19 PM on April 6, 2017 [2 favorites]
Response by poster: Also, do you have two factor authentication enabled on your google account? Important you do so.
I do have it already, which is why I'm so puzzled as to how this happened. It's baffling to me, especially since I don't see any suspicious activity within my account.
posted by Everydayville at 3:12 PM on April 6, 2017
I do have it already, which is why I'm so puzzled as to how this happened. It's baffling to me, especially since I don't see any suspicious activity within my account.
posted by Everydayville at 3:12 PM on April 6, 2017
In addition to checking your recent activity, I would also check and make sure there aren't any forwarding rules in your Gmail account, and I'd also check connected apps, just to make sure your account didn't get set up with an app you didn't authorize. That warning you got may have been the result of someone trying to hack into your account, but not actually gaining access. But I would do a thorough look around.
On Amazon, you may have made a mistake by clicking a link in your email and then entering your info. You should never click links in your email that seem even a little fishy, as Hillary's campaign manager can attest to, instead just go directly yourself to the provider's website to examine your account. So, I would go directly to Amazon.com and try to login, and change all your info. If you account is actually locked, I would call them and tell them you think someone hacked into your account.
posted by AppleTurnover at 3:35 PM on April 6, 2017
On Amazon, you may have made a mistake by clicking a link in your email and then entering your info. You should never click links in your email that seem even a little fishy, as Hillary's campaign manager can attest to, instead just go directly yourself to the provider's website to examine your account. So, I would go directly to Amazon.com and try to login, and change all your info. If you account is actually locked, I would call them and tell them you think someone hacked into your account.
posted by AppleTurnover at 3:35 PM on April 6, 2017
AppleTurnover is nowhere near paranoid enough. You should never click links in your e-mail, period.
YOU must always establish the trust relationship. When someone calls you on the phone and claims to be calling from your bank, would you give them information about yourself and your accounts? Hopefully the answer is no, but for all too many people, the answer is that they got flustered or caught off-guard and provided information. E-mail really isn't any different.
Any time someone unexpectedly calls you from a bank or business, you should turn the call around and call the bank or business at a number that you independently retrieve and therefore can trust - NEVER a number provided by the calling party!
The same is true of e-mail, but in the specific case of e-mail, the amount of trickery that can go on is very extensive. Be paranoid. They ARE out to get you, because if they can get into your Amazon account, they can go on a shopping spree.
posted by jgreco at 3:57 PM on April 6, 2017
YOU must always establish the trust relationship. When someone calls you on the phone and claims to be calling from your bank, would you give them information about yourself and your accounts? Hopefully the answer is no, but for all too many people, the answer is that they got flustered or caught off-guard and provided information. E-mail really isn't any different.
Any time someone unexpectedly calls you from a bank or business, you should turn the call around and call the bank or business at a number that you independently retrieve and therefore can trust - NEVER a number provided by the calling party!
The same is true of e-mail, but in the specific case of e-mail, the amount of trickery that can go on is very extensive. Be paranoid. They ARE out to get you, because if they can get into your Amazon account, they can go on a shopping spree.
posted by jgreco at 3:57 PM on April 6, 2017
Response by poster: To clarify, I clicked on the link and it went to an Amazon page, but I did not enter information on that page. At the time, I was using my laptop, and went into my Amazon iPhone app to check the order number, from where I was led to the message saying my account had been locked.
So, no information was entered at the webpage from the link. All information thereafter was entered by going to Amazon directly, on my laptop.
posted by Everydayville at 4:33 PM on April 6, 2017 [1 favorite]
So, no information was entered at the webpage from the link. All information thereafter was entered by going to Amazon directly, on my laptop.
posted by Everydayville at 4:33 PM on April 6, 2017 [1 favorite]
Response by poster: Thank you all for your responses!
posted by Everydayville at 2:30 PM on April 7, 2017
posted by Everydayville at 2:30 PM on April 7, 2017
This thread is closed to new comments.
This worries me because it's always advisable to go directly to the website in question instead of following links in emails. I've seen some well spoofed pages. I'd go directly to amazon.com, change your password again. If not, contact them on the phone : 1 (888) 280-4331
Also, do you have two factor authentication enabled on your google account? Important you do so.
You can do the same with Amazon, once you get back into your account.
posted by bluecore at 12:55 PM on April 6, 2017 [8 favorites]