I woke this morning to about 550 new email subscriptions tying into my old university email address. This is not necessarily my primary email anymore, as I graduated in 2014, but I keep it around for various reasons and it is the main email tied to a few older accounts I have.
While filtering through this spam I noticed one was an order confirmation from JCrew. They had somehow got into my JCrew account and used my JCrew store card which is tied to the account as the default payment method. $650 worth of Nike’s later... and I only noticed because of that order email. I assume this must have happened via a password theft rather than the theft of the physical card, because I never use it- it’s not even in my wallet and is kept at home in a drawer. How they got the security code or if that was even required at time of purchase, I don’t know.
So I canceled the card, changed my password for my JCrew online account, added a 2-factor verification for my university email and changed the password, and put a freeze through all 3 main credit reporting services just for kicks. I think the last was probably overkill, but one of the spam emails was a subscription to myFICO’s newsletter... Which may just be nothing, but I’m really really worried they got more of my identity.
Is there anything else that I’m missing? Anything that I need to do that I haven’t thought of?
Submitted April 29, 2019 at 11:54AM by shefeltasenseoffear http://bit.ly/2DDKdlk
