Personal Finance

Someone seems to have been trying to get into my accounts for a few weeks

  • Last Updated:
  • Nov 8th, 2020 11:06 pm
[OP]
Member
Aug 27, 2014
437 posts
213 upvotes

Someone seems to have been trying to get into my accounts for a few weeks

It started with a week of my Tangerine being locked for no clear reason three times and me having to call to unlock it. That was several weeks ago. It wasn't clear what happened and I thought maybe it's just someone entering the wrong email address as their login, since for some reason lots of people think they have my email address. I didn't even know it was possible to log into Tangerine with an email address, in my opinion this is a very strong weakness especially given the lack of 2FA and the weak passwords, so I not only changed my password but also changed the email address associated with it to one I very rarely give anyone. It's only when I changed my email address that the account stopped getting locked. When I called the bank, they were able to tell me the fraudster was using a Montreal IP. I'm not in Montreal.

More recently, someone tried to get into my cellphone account. The provider sent me an email saying there was an unusual login and my account was locked. The email was weird because it kind of implied that both my user name and password were used, in which case I don't know how they could possibly find the login suspicious. This was a very unique password so it's also hard to believe.

Now today, someone got into my voip service account. It DID tell me that there was a login and that it came from a Montreal IP (I receive emails when there's a login from a new browser). I was using a weaker password here, one impossible to guess but that I have used before and that I could have been in one of those leaks. It's my fault for not making that account more secure but to be honest there isn't much to do with this voip service, it's mostly something I use because I still like to have a landline at home when family is calling. I changed password obviously.



I guess I should have been vigilant and reset all my passwords but my passwords are typically very strong unless it's a forum account I don't care about or something like this. I've made a list of all the accounts I could think of but I feel like I'll always forget about one. Typically anything money related, I would make extra secure, but I've been slightly neglectful with my cellphone and voip accounts. I have some concerns that someone would try porting my number. I've enabled my provider's port protection thing.

Recommendations? It all feels so targeted, I'm not sure how anyone would know I use that voip service in particular and why they'd target it.
4 replies
Deal Expert
User avatar
Aug 18, 2005
20164 posts
4718 upvotes
Burlington-Hamilton
OP, do you have a crazy ex-wife/husband? Not the first time I've heard that one on RFD.

General: Use a unique e-mail address for every service. I have my own domain and I create unique addresses, and I also throw in some random digits so they can't be guessed. For example, I would use something like "tangerine5324bank@yourdomain.ca" or similar. It's a bit of work to set up, but I keep it all organized in an encrypted password manager. If you use gmail, you can also use the plus (+) sign to generate sub addresses. Example: "youraddress+tangerine5324bank@gmail.com". Always keep some random bits in there so nobody can guess it.

Mobile Phone Account: Definitely call into them and ask if you can put a PIN or other security code on the account. This might not be enough security since someone could get your account number and try to port to another carrier. Just make sure you do not use any form of 2FA that's tied to a phone number! The phone company becomes the weakest link. Either used app-based 2FA (Google Authenticator, etc.) or get a secret backup phone number on a prepaid account. You could also use a VoIP service for phone-based SMS, but they can't receive certain types of SMS. I do not have a single 2FA verification tied to my main mobile number.

VoIP Service: I am not sure what you use, but with voip.ms at least, you can add app-based 2FA. At the very least, get a unique e-mail address for your login.
- casual gastronomist -
Member
Jan 24, 2004
491 posts
77 upvotes
I would keep an eye out on your credit reports too. Maybe even put a freeze on them to be on the safe side.
Sr. Member
Jan 21, 2013
584 posts
570 upvotes
In addition to the above recommendations, I'd recommend using a password manager like KeePass or Bitwarden to both generate unique passwords per account + securely store them.
Member
Jan 24, 2004
491 posts
77 upvotes
genericasianguy wrote: In addition to the above recommendations, I'd recommend using a password manager like KeePass or Bitwarden to both generate unique passwords per account + securely store them.
I recently evaluated all the online accounts I know I made and recorded them into Bitwarden cause I realized I had way too many and since I used different passwords for each, it was too hard to remember them all. I haven't saved the banking ones there and have those saved separately.

I also realized my main email was used a lot for the accounts so I bought a yubikey for extra security.

Top