What realistic security measures should I take after being scammed?
January 12, 2020 6:30 PM   Subscribe

Do I need to BURN IT ALL WITH FIRE? What is a realistic way to proceed? I have already carried out the usually recommended security measures. I have a lay person's ability with iT. I need realistic advice for an ordinary person, not advice that the NSA would give to Morgan Stanley or the US Secretary of State.

First of all, I have an anxiety disorder. I have been very stressed for the last six months with workplace demands (which is why I bought the coat without thinking about it). I am stressed out also about the Iranian crisis and the climate crisis.

I used a well known auction site app (which I will call Foo.com) on my phone and I suspect that I was scammed and possibly hacked when I bought a coat sold by an equally well known online used clothes retailer (which I will call Baz.com) with an account on Foo.com.

I realized something was wrong when the confirmation emails from the Baz seller on Foo.com didn't look the same as usual: the actual seller had apparently spoofed the Baz account on Foo. I had bought from the Baz seller on Foo before and the account looked identical before the sale.

I took screenshots: the email of the seller looked suspicious and the text of the email was sloppily formatted. I emailed these screenshots to Foo, but they haven't done anything (Baz is a very big seller on Foo).

I also received a couple of Foo messages that disappeared instantly. The purchase actually cleared, shipped, and arrived, and is more ore less as advertised, though it may be a very good counterfeit. I do not KNOW that Baz's account on Foo was hacked. Baz is not a very efficient company and they may be outsourcing their Foo part of their business.

I have changed my passwords for Foo.com and many other sites, including oniine financials.
I have been keeping tabs on my credit card and bank accounts. I hanged my credit card number, and have not yet seen any other untoward activity (charges that I didn't make, etc.)

I still am frightened that the scammy seller has PWNED me and that I will be taken for all that I have and will end up homeless. Do I need, realistically, to BURN IT ALL WITH FIRE? I have done a hard reset (erase all content and settings) and reinstall on my phone and am not going to reinstall the shopping apps that apparently caused the trouble., probably). I know that wiped the evidence, except for the screenshots that I sent to Foo.com, but I could not leave the possibly hacked apps on my phone anymore.

Do I need to erase and reinstall my other devices; change my financial email as well as passwords; cancel my Foo account, which has a good reputation score; get new bank accounts; get a new identity? I am certainly canceling my Baz account, though it may be safer to buy directly from them than through Foo.

I feel basically violated, even though I realize that shopping on your phone on Foo and Baz is probably not secure and that capitalist companies are essentially not your friends.

I also don't know whether my workplace is to blame (a good sysadmin retired last year and the new one is not so hot; I have workplace email account on my phone).
posted by bad grammar to Computers & Internet (11 answers total) 1 user marked this as a favorite
 
Do I need, realistically, to BURN IT ALL WITH FIRE?

I seriously doubt it. What you've posted reads to me far more like generalized nonspecific anxiety than an actual security issue.
posted by flabdablet at 6:45 PM on January 12 [15 favorites]


Just to make sure I understand...

You used the legit site Foo.com to purchase Item from the seller (you thought was) Baz.com.

You paid through Foo.com. You did not pay through Baz.com or any other method.

You got a followup email from Baz.com that makes you think the Baz you bought from was not actually Baz, but Baz-Imitator.

You received your item.

You did not click on anything in any email from Baz (or Baz-Imitator), you did not provide any information to Baz (or Baz-Imitator), you did not go to Baz's or (Baz-Imitator's) website and purchase anything there.

If all these are true, then you have nothing to worry about. You are not hacked, you are not pwned, you are in no danger. Although your item might be counterfeit. Counterfeit merchandise runs rampant on the internet.
posted by erst at 6:47 PM on January 12 [12 favorites]


So what's happened is that you successfully bought an article of used clothing online, and received it, but you believe that the seller you bought it from was impersonating Baz.com in their account details in the Foo.com app?

Is there any particular reason they would've needed to hack Baz.com's real seller account, or could they just have created a second seller account and dressed it up to look like Baz.com?

One way or the other, if you're using the genuine Foo.com app it seems very unlikely to me (as a tech person) that you need to worry about any malicious software on your phone. And presumably Foo.com makes money by handling the payment details themselves, so those aren't provided to the sellers, and so the impersonator wouldn't have the ability to charge your credit card more.

If I'm accurately understanding what's going on here it sounds like all that's happened is the impersonator poached a sale from Baz.com; if you like the coat you got, it's nothing you should worry about. Reporting the impersonator to Foo was generous of you and is all that would be expected.
posted by XMLicious at 6:53 PM on January 12 [6 favorites]


Just to be clear: no 3rd party site is going to share your payment info with a seller account. It doesn’t happen. AT MOST, the possibly fake seller has your name, address, and Foo.com user name. And that is ALL.
posted by anastasiav at 7:41 PM on January 12 [4 favorites]


I think you're fine. You got the coat, which is more than most shady dealings usually accomplish. Buying a coat from an impersonator is not going to get you hacked or your identity stolen.

Presumably you changed all your critical passwords. You're good.
posted by Lyn Never at 7:53 PM on January 12


This is a situation where it might help to actually know who these two companies are, because I'm having a tough time following this. That said, based on my reading of your experience it seems very unlikely that you put yourself at risk during it.
posted by Polycarp at 8:57 PM on January 12 [6 favorites]


From your description your personal situation is probably fine. You likely own a stolen or counterfeit coat though.
posted by Tell Me No Lies at 8:21 AM on January 13


Occam's razor here: there was no wrongdoing whatsoever. You placed an order, and the requirements of the order were fully met. No scam. End of story.

But wait - what about the badly-formatted message that claimed it was from Baz, that arrived from an email address you didn't recognize? The thing is, that isn't evidence that the message wasn't legitimate. Maybe Baz moved to a new e-commerce management platform, which came with a new email address, and were in the midst of changing their e-mail communication templates (and perhaps having some difficulties with that). Perhaps, as you suggested, they outsource the work of shipping the goods they sell through Foo - and your coat order was handled by a different contractor than the one you were used to receiving mail from, resulting in a different email address and communications style.

It seems far less likely that there was a scam here, than this being a situation where you were made suspicious by a change in process that was legitimate, but that you were surprised by.

It's all good. Sleep easy tonight. Stay warm in your new coat.
posted by I EAT TAPAS at 8:44 AM on January 13 [1 favorite]


Strongly Nth-ing all the above that it sounds like you're fine and that nothing major has been compromised, certainly nothing that would enable a bad actor access to anything they shouldn't unless they also had a lot more other data about you.

If it helps with the peace of mind, you can get credit freezes for free from all the major credit reporting companies, which prevent your credit report from being pulled unless you authorize it. While I don't believe that this instance necessitates it, I'd recommend it as a best-practice, even if you don't end up needing it, since it's particularly hard to stuff that particular genie back in the bottle once it's out.
posted by Aleyn at 2:36 PM on January 13


Follow-Up. Thank you all so much. I know that I tend to panic. I still have no suspicious activity. I sent screenshots of the suspicious emails to Foo.com. Foo.com replied that the spammy emails were not from their site; unless they’re lying, the simplest explanation is that someone at Baz.com sent the phishy emails as a side hustle as their job was to monitor Baz’s sales on Foo and they’re probably paid poorly (Baz’s prices are low). The listing itself was real, at least as Foo asserts (if course they’d be reluctant to admit an internal spoof).

This seems most plausible. It explains why the listing, the FedEx shipping trail, the delivery, the packaging and the other shipping communications from Foo appeared normal for Baz, and it explains the scammer’s access to my email address and purchase data without supposing ninja-level hacking into Foo, PayPal, FedEx, or Gmail.

As for why I’m not using the companies’ names, a company that has expanded too fast will do other irrational things like threatening to sue customers who complain. I feel totally turned off from capitalism and buying anything online from new companies ever again.
posted by bad grammar at 5:43 PM on January 14


OK, so from an online security point of view my best advice to you is that you continue to do your level best to rein in that tendency to catastrophize. Because anxiety that bad is going to keep on making you work extremely hard at solving entirely the wrong problems, quite probably to the detriment of your actual online security.

Maintaining online security can only ever be done poorly by relying on rules of thumb like "when in doubt, change all your passwords". Doing it well requires an ongoing clear-headed and well-informed assessment of hazard and risk, and the anxiety on display in this question and its followup tells me that at present you don't have that.

The security measures you put in place before being scammed are generally more important than those you take afterward, and the single most important such measure for you would have to be getting the anxiety under control.
posted by flabdablet at 6:13 PM on January 14 [2 favorites]


« Older Payroll for one person?   |   Bio Child from Egg Donation and His Family Want to... Newer »

You are not logged in, either login or create an account to post comments