[Disclaimer: I'm not a lawyer, or anything, mind. I'm not even working shifts in the Law Library till after April. I speak colloquially, because I dunno what the legal definition of a tosspot is, though the colloquial one is totally this guy.]
Today on ElectricQuaker:
The Napoleon of Crime Vs. (Wellington) Boots.com in: The Wobbly-Headed Doll Caper!!
Yes, indeed, ladies & gentlemen! Today you can thrill! at the tale of a criminal!
A criminal whose dastardly plots know no restraint, whose cruel machinations know no mercy, whose fiendish mind knows no thought!
…Or, to put it another way, who’s a right pain in the arse, because I’ve had to lock down my credit card because of him. Git.
On my way home from work on Friday (I got sent home ill, which is always annoying) I checked my email & found “Paypal” had sent me an email telling me I’d added a new address. There was a second email telling me I’d authorised a payment.
‘Huh.’ I thought ‘that’s some convincing-looking phishing, there. I guess I’ll report it.’ So I did.
A bit later Paypal replied to say, basically ‘Yep, that was phishing. Good on yer for reporting it,’ and I crashed out for the rest of the day.
Being as I was ill, my sleep patterns were all to pot, so I was awake again at midnight, and took a bath (and a hot toddy made, disgracefully, with Bowmore single malt, for we had no blend in the house), and idly fired up the computer to see how the Internet had managed to cope without me for the past six hours.
Naturally, I checked my email accounts, and I was surprised to find another email from Paypal, this time saying ‘O, hai. Your payment, we haz it.’
…This one was even more convincing than the other two; no ‘Dear customer,’ here: there was my name, all correct & shipshape, and… the last four digits of my credit card number…?
So I forwarded that to Paypal as well, along with a message that said ‘This really is just some clever phishing device, right?’ and pointed a new browser window at Paypal and went and logged in.
(This is where our criminal mastermind comes in, this is)
Somehow, somebody broke into my Paypal account, added a new address (which is presumably serving as a drop; if it transpires it’s actually their home address I will actuallyLOL), and made off with a valuable consignment of, er, Boots aren’t allowed to tell me what it is because of the Data Protection Act.
Since Paypal automatically notifies me when somebody does, for example, randomly tell them that I live in London now in case it isn’t me doing it I’m not really sure why they thought this would work, but they evidently did, because otherwise I’d have an inbox slightly-less-full of emails claiming I was editing my own account. The only equivilant I can think of is trying to theive a wallet that somebody’s got chained to their own trousers; they’re likely to notice once it starts to pull, you know…
Gormless though the theft may be, I’ve still had to scramble all my passwords, boosting them up from mixed-case alphanumerics of 6-10 characters to mixed case 12 character-plus jobs, have got myself a GPG key with which I’m slowly starting to encrypt things and I’m having to do without cards because, of course, they all have to be changed now because some poxy git couldn’t be bothered to pay for his own sodding vaseline and spot cream.
And I really don’t know how they got in. Grumble. Although as far as I know, the Met., Boots, Paypal, Dyfed-Powys police & the Bank are all looking into it (which would give me more comfort if it didn’t sound just a bit like the plot synopsis for an Ealing Comedy…) Spoke to a chap from the police down in London the other day, actually, he was nice & friendly & seemed to think I was likely to get the money back, at least.
Still a pain in the arse, though.
Those of you with GPG keys, point me in the right direction & I’ll see if I can work the buggers.
and speaking of work: back to it, I suppose…