Wapsi Square Forum

Just today, I have received two calls (separated by many hours) where the people told me they were returning my call!

I have no idea what that means. Was my phone hacked? My identity stolen? (I have not seen any unusual activity in my bank account or credit card accounts, though, but I have not yet checked on my credit score and credit dossier...)

Or is someone merely spoofing my phone number?

How do I counter that? What are my best options?

lake_wrangler wrote: ↑Thu Aug 06, 2020 9:02 pm Just today, I have received two calls (separated by many hours) where the people told me they were returning my call!

I have no idea what that means. Was my phone hacked? My identity stolen? (I have not seen any unusual activity in my bank account or credit card accounts, though, but I have not yet checked on my credit score and credit dossier...)

Or is someone merely spoofing my phone number?

How do I counter that? What are my best options?

It's common for phone scammers to make calls with forged Caller ID numbers... a lot of voice-over-IP services don't validate the calling-number information. Scammers do this to make it look as if the calls are coming from a local source, raising the odds that the called number will answer.

So, it's likely that this incident had nothing to do with your phone, or you personally... some sales-slimer could have picked your phone number completely at random. There nothing you can do, yourself, to prevent this.

Do check your financials, though, just to be sure.

FWIW - More than once Caller ID said I was calling myself. Some of the spoofing techniques use the area code and local exchange numbers to make you think it's someone local calling. The point is caller ID is not completely trustworthy, although I do believe it when it comes up "Spam" or "Private Number".

One password trick you may find handy is including some way of recognizing which website is attached to the password you're using. For example, if your password is X123, if you use that for Wapsi Square Forum, try WapX123 instead. More than once I've back tracked mail spam/blackmail messages to the origin site that way, and passed feedback to their Phishing e-mail addy. And what does it say about modern days that the Spell Check on my mail client recognizes "Phishing" without flagging it?

Any way, good luck on staying ahead of it. For myself, I have a multi section binder to keep track of passwords: Bank, Medical, Social, Gaming, Shopping, etc, etc. Makes life (and password changes/updates) much simpler.

Atomic wrote: ↑Mon Aug 10, 2020 9:33 amFWIW - More than once Caller ID said I was calling myself. Some of the spoofing techniques use the area code and local exchange numbers to make you think it's someone local calling. The point is caller ID is not completely trustworthy, although I do believe it when it comes up "Spam" or "Private Number".

Out of curiosity, did you answer when you apparently called yourself?

Atomic wrote: ↑Mon Aug 10, 2020 9:33 amOne password trick you may find handy is including some way of recognizing which website is attached to the password you're using. For example, if your password is X123, if you use that for Wapsi Square Forum, try WapX123 instead. More than once I've back tracked mail spam/blackmail messages to the origin site that way, and passed feedback to their Phishing e-mail addy.

I personally use a password manager (LastPass, to be precise), so all my passwords are a jumbled mess that would make it hard for anyone to guess.

How would you go about back tracking spam or blackmail messages, based on which password you use? I've heard of the possibility of creating aliases in gmail, to figure out which site you've subscribed to is to blame for selling your info to spammers (similar to what you said, but on the email part of the deal: [alias specific to subscribed site].[actual email address]@gmail.com. That way, when you get spammed, just check which email address they sent it to, and it gives you an idea of where the fault lies. But I don't understand how doing so for a password would be effective, in that regard.

Atomic wrote: ↑Mon Aug 10, 2020 9:33 amAnd what does it say about modern days that the Spell Check on my mail client recognizes "Phishing" without flagging it?

I find spellcheckers to be hit-or-miss on a regular basis, actually. Heck, my email client will flag verbs that are just fine, just because I used a contraction between the subject and the verb (particularly in French, like "j'aime" or "j'étais" and so on... even though the rest of the time the French checker is fairly accurate...) So I find that even when using a spellchecker, you still have to have a decent command of the language in which you are typing, so as to recognize false flags...

Atomic wrote: ↑Mon Aug 10, 2020 9:33 amAny way, good luck on staying ahead of it. For myself, I have a multi section binder to keep track of passwords: Bank, Medical, Social, Gaming, Shopping, etc, etc. Makes life (and password changes/updates) much simpler.

But isn't that a security risk on another level? If you maintain said binder at home, you don't risk as much, since one should, hopefully, be able to trust family members, but then if you need those passwords from work, you won't have access to them... And generally, if someone ever breaks into your home, they will tend to try to abscond with what seems like the more valuable items in their eyes, so they probably won't be looking through your books, papers, binders, and so on...

On the other hand, if you do keep the binder (or a copy of it) at work, then you put yourself at risk, as you can never tell who will be passing through the office, or whether an industrial spy will try to gather information by breaking in at night... and you still end up with the problem of needing a copy at home, or only be able to access the sites at work for which the passwords are kept at work...

Granted, it's better in an unidentified/falsely identified binder than to keep it on a post-it on the side of the screen or in the desk's top drawer... But I would still be weary of someone finding it...

Incidentally, I was speaking to a friend about this the day after it happened (the supposed returned calls), and he told me that it had just happened to him that very day...

Many years ago I was in the habit of beginning and ending online passwords with a space. Would have confused the heck out of anyone who got hold of my paper list of passwords.

But then I got a computer with Windows, and the password dialogs in (at least that version of) Windows automatically stripped off leading and trailing passwords.

My password binder is home use.

Back tracking the password spam was simple since it was a E-mail blackmail threat announcing they had my password "WAXXONwaxxoff" and what an Interesting Time I had visiting naughty sites, and what a shame if all your social network friends found out... send bitcoin to...blah blah. Since all my passwords are single site, I was able to contact that site to let them know they were being phished and included the message. Lather, Rinse, Repeat for other such attempts.

YMMV and good luck with everything!

Ah. Yes. I've received that kind of message before, except that the password they claimed was mine had nothing to do with any of my passwords. That's why I didn't make the link between password and backtracking.