I received a notification last night that someone changed my shipping address on Macys.com and when I visited the website, there was an open order for a PS5 with delivery to:

DONT IEPN 203 W PITTSBURGH AVE WILDWOOD CREST NJ 08260

After logging into Macy’s I got 43 emails at once to seven different services like “Excalidraw” and “Sportograf” trying to login using a magic link.

At this point was was pretty nervous so I checked my main email security. Sure enough, there have been repeated login attempts under my account going on every few minutes for weeks.

I also saw there was an attempted login to my cellphone or home internet company.

I use 2FA, authenticators, etc. Basically what else should I be doing? Is there any way to be more preventative? I really don’t wanna chuck this email but it is possible that may be the safest recourse. I do use this email for almost 300 different accounts to various things though.

  • pipes@sh.itjust.works
    link
    fedilink
    arrow-up
    5
    ·
    3 months ago

    There are free services that allow you to create countless emails, one per site is ideal, just like one (different) password per site. Addy and Simplelogin have a generous free tier, last I checked the first one allows for unlimited receive-only addresses (when shopping it’s very rare you need to respond), the second gives you some two-way addresses.

    If you get a domain, many registrars include free mail service, and have mail forwarding, or “redirecting”, which basically will allow you to create countless addresses (that can also send/respond) for your one account (You add these “email forwards”, or “Identities”, to your app of choice, like K9-Mail for android). You don’t necessarily need to buy their separate email package (although the interface might be more convenient). I’ll give you one example which includes email: OVHcloud, one of the largest clouds in europe.

    If you can afford it there are all-in-one services like Soverin with easier interface.

    It might be wise to start a slow process of migrating (or maybe deleting and creating again) accounts, and saving all this stuff in a password manager (like KeepassXC) if you aren’t already.