I was an idiot and gave all my sensitive financial information to one of those fake eBay spoof email thingies

Message Bookmarked

Bookmark Removed

I clicked on the URL in the email message that had the signin.ebay.com in the link, but didn't double check that the final URL had it, and I entered pretty much
* my ebay profile info
* ny name
* my address
* my phone number
* my debit card info
* my mother's maiden name and social security number and date of birth

I did all this stupid shit this past Wednesday, BEFORE ebay sent out all the warning emails about this specific e-mail.

I already contacted eBay regarding this e-mail, and I changed my eBay profile information, login name, password etc., and my eBay account was not used by anyone besides me since.

I'm about to contact my bank (once they update all their databases) and cancel my current debit card; and request a new debit card and pin number and all that. (at least i didn't provide my bank account number or anything like that, thank god, so I can still withdraw money.) I'll report any odd transactions on my account if any exist, and will likely get those refunded in a few days, if they exist.

I'm more worred about the last item though.

Who do I contact to warn that someone out there has my mother's maiden name, my social security number, and date of birth, and first and last name? I was going to contact the U.S. Social Security Department, but I'm not sure what they can do.

Is there a better place I can call regarding this?

Again, I don't think anything bad has happened so far, since i did this really stupid thing just this past Wednesday. But I want to nip this in the bud, and prevent anything bad from happening in the future. I'm thinking of even "changing" my mother's maiden name to all credit card institutions involved just to be sure (since I can't really change my social security number nor date of birth.. or can i?) But I don't know if there's a way I can stop anyone from using this information until I find out secondhand when I need this information for something VERY IMPORTANT, like buying property or a vehicle or applying for a job.

Does anyone has information regarding protecting their identity in cases like this, and how they handled it?

By the way, the website in question that now has all my precious info is this one... may their ilk rot in hell...

http://203.162.1.205

― Too Embarrassed To Say, Sunday, 26 September 2004 09:51 (twenty-one years ago)

the vietnam yellow pages??

― m. (mitchlnw), Sunday, 26 September 2004 09:56 (twenty-one years ago)

(sorry i'm not being helpful)

― m. (mitchlnw), Sunday, 26 September 2004 09:58 (twenty-one years ago)

haha, if you want to URL that claimed to be a signin.ebay.com link that got my info, here it is BUT BE FOREWARNED! DO NOT ENTER ANY SHIT INTO THIS PAGE..:

http://203.162.1.205/support/update.htm

Again, keep in mind, this appeared after I clicked on a link that said something like
"http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US"...

again, I was an idiot. :(

― Too Embarrassed To Say, Sunday, 26 September 2004 10:04 (twenty-one years ago)

if you go here http://lookup.ws/whois.php and type in 203.162.1.205 you can get an address, phone number, email address etc. for that website. could be all fake of course, but revenge is fun!

― zappi (joni), Sunday, 26 September 2004 10:28 (twenty-one years ago)

OK, so i finally cleared my old card and am getting a new debit/check card.

I called the Social Security hotline and since i don't know if my social security number was misused or not, I was told (via phone FAQ.. the one time it's actually helped me!) all I can do is send out a fraud alert to each of the three major credit bureaus -- which I can't do until Monday. So, I'll just get some sleep and issue those alerts then.

well, it could be worse, but I could have learned a harder way i guess.

― Too Embarrassed To Say, Sunday, 26 September 2004 13:49 (twenty-one years ago)

...oh, and I have to monitor my bank account until end of this Tuesday in case someone tried to make credit card transaction up until this morning... otherwise, thank you zappo, here's the beans on the site that created that spam email:

Domain report for: 203.162.1.205
[Cached]
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 203.162.0.0 - 203.162.255.255
netname: VNPT-VNNIC-VN
descr: Vietnam Posts and Telecommunications (VNPT)
descr: 23 Nguyen Du street, Hanoi capital, Vietnam
country: VN
admin-c: NXC1-AP
tech-c: KNH1-AP
notify: [email protected]
mnt-by: MAINT-VN-VNNIC
mnt-lower: VNPT
remarks: For admin contact mail to Nguyen Xuan Cuong ==> NXC1-AP
remarks: For admin contact mail to Nguyen Hien Khanh ==> KNH1-AP
changed: [email protected] 20020603
status: ALLOCATED PORTABLE
changed: [email protected] 20030731
source: APNIC

person: Nguyen Xuan Cuong
nic-hdl: NXC1-AP
e-mail: [email protected]
address: Vietnam Posts and Telecommunications (VNPT)
address: 18 Nguyen Du street, Hanoi capital, Vietnam
phone: +84-4-9430427
fax-no: +84-4-8226861
country: VN
changed: [email protected] 20040527
mnt-by: VNPT
source: APNIC

person: Khanh Nguyen Hien
address: Vietnam Datacommunications Company (VDC)
address: 258 Ba Trieu street, Hanoi capital, Vietnam
country: VN
phone: +84-4-8212680
fax-no: +84-4-9760397
e-mail: [email protected]
nic-hdl: KNH1-AP
remarks: Contact: [email protected]
mnt-by: VNPT
changed: [email protected] 20020604
source: APNIC

― Too Embarrassed To Say, Sunday, 26 September 2004 13:52 (twenty-one years ago)

Any email supposedly from ebay demanding address, financial information, etc. is always a fake.

― Leon Czolgosz (Nicole), Sunday, 26 September 2004 14:07 (twenty-one years ago)

Now I know... I never received such an email until last Wednesday though. :(

Again, at least I realized I was an idiot days after.. but I wished I could have avoided being an idiot altogether. :(

I'm currently submitting a possible Identity Theft form online to the Social Security web site, to alert them of possible fraud.

― Too Embarrassed To Say, Sunday, 26 September 2004 14:20 (twenty-one years ago)

you can get another ss# but it would be a pain updating all your institutions with the new # i guess...

― ron (ron), Sunday, 26 September 2004 22:26 (twenty-one years ago)

your mother's going to have to change her maiden name!

― s1ocki (slutsky), Monday, 27 September 2004 00:44 (twenty-one years ago)

you are also gonna have to change yer birthdate and town of birth!

― Eisbär (llamasfur), Monday, 27 September 2004 00:46 (twenty-one years ago)

just bite the bullet and change mothers

― Mediawhore, Monday, 27 September 2004 00:47 (twenty-one years ago)

I always respond to emails asking for personal/financial details. I simply enter a load of crap in the hope that it annoys someone somewhere.

First Name: Mickey
Surname: Mouse
Mother's Maiden Name: McAye-fucking-right-im-that-stupid-you-conning-verminous-gimps
etc.

I just filled in the form on the page Embarrassed posted.

― Onimo (GerryNemo), Monday, 27 September 2004 00:56 (twenty-one years ago)

Or bite the mullet and change brothers.

xpost

― roxymuzak (roxymuzak), Monday, 27 September 2004 00:56 (twenty-one years ago)

This scam is called phishing, it has been around for quite some time now - and that IP would unfortunately be one of probably hundreds, as these c*nts just move servers constantly to avoid detection.

They spoof all kinds of legit organisations to skim your credit card or password info. Ive seen: eBay, LiveJournal, various online banks, Microsoft update etc (I almist fell for a netbanking one way back when this stuff first came to light but luckily got sus in time).

NO LEGIT ORGANISATION will EVER ask you by email to submit passwords or sensitive info, or click on a link to go do so *from an email*.

If you *ever* get an email you aren't sure about, the best bet is to go to the site you'd normally visit (ebay, bank etc) directly by typing the URL in - NOT from your email. Its *really really* easy to diguise another server's IP under a faked version of the URL.

― Trayce (trayce), Monday, 27 September 2004 01:05 (twenty-one years ago)

http://www.consumer.gov/idtheft/

― TOMBOT, Monday, 27 September 2004 01:11 (twenty-one years ago)

Step one is crucial if you want to prevent being crippled. Welcome to the future.

― TOMBOT, Monday, 27 September 2004 01:12 (twenty-one years ago)

There is a PayPal one, too.

― Kerry (dymaxia), Monday, 27 September 2004 02:16 (twenty-one years ago)

You must be logged in to post. Please either login here, or if you are not registered, you may register here.