Here’s the story. It’s a bit long, but hang in there.
I have four computers in my house. My iMac, and three PCs that my boys use for gaming. All the computers are hardwired to a router.
A couple of weeks ago, we started getting emails from one of my boy’s games (Epic/Fortnite, I think) that somebody was trying to change his password. These messages were addressed to his email address [Dear XX@XX.com] instead of his screen name [Dear Gamer]. Since we weren’t trying to change the password, and the email said as much, we ignored them. No, we didn’t change his password. Yet.
He also got a few emails (I monitor his email account) from what looked like a gaming company called Gaijin, again about changing passwords. The message was addressed to his gamer tag. My son has never had an account with this company, and did not recognize any of the games. I then got messages that said somebody had logged into his Gaijin account first in Russia, then in Missouri.
On Sunday, I started getting emails addressed to my Gmail (with an extra period added in the name part) that said that I had opened an account with a company in India called Freecharge, which sells prepaid phone cards. I got a rapid series of emails saying that they had recharged some cards. So I went to look at my credit card accounts. One of them had four charges (two each) from tourism companies, one in Canada and one in Europe. The charges were for $0.00. We called the CC company and had the card canceled.
We changed the passwords on my son’s games on Sunday, and by Monday we got another email that somebody was changing his password again, seemingly almost right after I changed it. The only way this would/could be possible, as far as I know, is if somebody were monitoring his email and getting the reset codes. So I changed the password AND email in the game, then called my ISP to cancel my son’s email address. When I tried to log into the master email account (which I have never used to send or receive mail) it was locked. I called Spectrum, and they said that they noticed unusual activity on it recently and locked it. Once we reset, there was no mail activity on it, but they couldn’t tell me what sort of unusual activity was occurring. Perhaps somebody was trying to access it unsuccessfully.
After changing ALL email passwords and ditching my son’s compromised account, things were pretty quiet today. Until this evening, when my wife got an email from a different CC company alerting a possible fraudulent charge. Sure enough, somebody used our other card, the one that had NEVER been stolen, to buy chicken in California. So we called, canceled, and will be getting new cards.
This could be a coincidence. But all of this happening so close together makes it hard to imagine that it could be. A few weeks ago we went through and made sure that none of the CC information was stored on the game servers. As far as I know, we don’t have any CCs saved anywhere, though it could have been stolen ages ago. The PCs are running Win 7, and I have run a full MSE scan on them and found nothing. I downloaded a free virus scan for my Mac (Avira) and ran that. Nothing.
So, my question is: Could this possibly be a coincidence? Could the latest CC theft just come from some card stripper somewhere? Could somebody have gotten into my computer through the networked PCs? And, even if they did, there’s nothing there. I keep a passwords document on the computer, but it is a password-protected MSWord doc, and doesn’t even have the CC numbers on it, though it does have email credentials. At this point, I don’t really know what to do. It’s practically impossible to stay ahead of these people, as they are always more savvy than I am.
Which is why I’m asking you fine people. Any suggestions on how to move forward?