I received a notification last night that someone changed my shipping address on Macys.com and when I visited the website, there was an open order for a PS5 with delivery to:

DONT IEPN 203 W PITTSBURGH AVE WILDWOOD CREST NJ 08260

After logging into Macy’s I got 43 emails at once to seven different services like “Excalidraw” and “Sportograf” trying to login using a magic link.

At this point was was pretty nervous so I checked my main email security. Sure enough, there have been repeated login attempts under my account going on every few minutes for weeks.

I also saw there was an attempted login to my cellphone or home internet company.

I use 2FA, authenticators, etc. Basically what else should I be doing? Is there any way to be more preventative? I really don’t wanna chuck this email but it is possible that may be the safest recourse. I do use this email for almost 300 different accounts to various things though.

  • BaumGeist@lemmy.ml
    link
    fedilink
    arrow-up
    28
    ·
    4 months ago

    and when I visited the website, there was an open order for a PS5 with delivery to:

    After logging into Macy’s I got 43 emails at once to seven different services

    Did you manually navigate to Macys.com, or did you click a link in the email to “Macys.com”? Because it’s a common phishing technique, they may have used your macys email and password to password spray every other website they could find it associated with when you “logged in.” It’s usually a page that’s spoofed to look like a legitimate login page, which redirects you to the actual page once it records a login attempt.

    Also check HaveIBeenPwned.com, your email may show up in a few major beaches, which is enough for script kiddies to spray it across the entire net.