Equifax claims process is now open
-
Yeah they were definitely social engineering and using stolen info to do so. They were answering my Paypal security questions before they resorted to the SIM cloning. I had to change my answers to the security questions to strong passwords instead of actual answers about what my first pet was named. I knew they were fucking with my phone because it kept ringing and then hanging up instantly. I'm assuming they were testing out their setup before triggering the 2FA text.
-
Surprisingly, I'm not on the list.
-
-
@murpheous You have no credit history??
-
@Nic said in Equifax claims process is now open:
@murpheous You have no credit history??
56% or something close was affected, not 100% of US population.
-
@Nic said in Equifax claims process is now open:
Yeah they were definitely social engineering and using stolen info to do so. They were answering my Paypal security questions before they resorted to the SIM cloning. I had to change my answers to the security questions to strong passwords instead of actual answers about what my first pet was named. I knew they were fucking with my phone because it kept ringing and then hanging up instantly. I'm assuming they were testing out their setup before triggering the 2FA text.
Aww - yeah that definitely sucks. And they did this twice?
Does PP not offer a OTP option - i.e. offline app only on your phone, not SMS for 2FA?
-
@Dashrender said in Equifax claims process is now open:
@Nic said in Equifax claims process is now open:
Yeah they were definitely social engineering and using stolen info to do so. They were answering my Paypal security questions before they resorted to the SIM cloning. I had to change my answers to the security questions to strong passwords instead of actual answers about what my first pet was named. I knew they were fucking with my phone because it kept ringing and then hanging up instantly. I'm assuming they were testing out their setup before triggering the 2FA text.
Aww - yeah that definitely sucks. And they did this twice?
Does PP not offer a OTP option - i.e. offline app only on your phone, not SMS for 2FA?
Yeah they did it twice, within the span of a couple weeks. The first time I didn't realize they were using info about me to answer security questions to reset the password, so I just changed my password and turned on 2FA. The second time was when they started using the text 2FA to get a verification code to change the password.
PP didn't offer any other 2FA options than SMS at the time, but it looks like they've finally gotten with the times:
https://benbrian.net/authenticator-app-support-in-paypal-finally/ -
@Nic said in Equifax claims process is now open:
@Dashrender said in Equifax claims process is now open:
@Nic said in Equifax claims process is now open:
Yeah they were definitely social engineering and using stolen info to do so. They were answering my Paypal security questions before they resorted to the SIM cloning. I had to change my answers to the security questions to strong passwords instead of actual answers about what my first pet was named. I knew they were fucking with my phone because it kept ringing and then hanging up instantly. I'm assuming they were testing out their setup before triggering the 2FA text.
Aww - yeah that definitely sucks. And they did this twice?
Does PP not offer a OTP option - i.e. offline app only on your phone, not SMS for 2FA?
Yeah they did it twice, within the span of a couple weeks. The first time I didn't realize they were using info about me to answer security questions to reset the password, so I just changed my password and turned on 2FA. The second time was when they started using the text 2FA to get a verification code to change the password.
PP didn't offer any other 2FA options than SMS at the time, but it looks like they've finally gotten with the times:
https://benbrian.net/authenticator-app-support-in-paypal-finally/Oh.. the first time, there was no 2FA...got it.
-
@Nic said in Equifax claims process is now open:
PP didn't offer any other 2FA options than SMS at the time, but it looks like they've finally gotten with the times:
https://benbrian.net/authenticator-app-support-in-paypal-finally/When did this happen? I know PP has supported third party tokens of OTP for many years - at least 5. They might not have supported, say Google authenticator, or MS authenticator, but they definitely supported purchasable tokens.
-
@Dashrender said in Equifax claims process is now open:
@Nic said in Equifax claims process is now open:
PP didn't offer any other 2FA options than SMS at the time, but it looks like they've finally gotten with the times:
https://benbrian.net/authenticator-app-support-in-paypal-finally/When did this happen? I know PP has supported third party tokens of OTP for many years - at least 5. They might not have supported, say Google authenticator, or MS authenticator, but they definitely supported purchasable tokens.
According to the blog post link above:
Until recently, PayPal really only offered one form of 2FA, which they call “2-step verification”: SMS.On the seller side you might have more options:
https://www.paypal.com/us/smarthelp/article/how-do-i-enable-2fa-(two-factor-authentication)-for-my-paypal-powered-by-braintree-user-faq3500but as just a regular Paypal user you were stuck with SMS until two months ago.
-
In the past, you could purchase a physical PayPal security key, which would generate one-time codes, similar to a Yubikey device. That doesn’t seem to be an option any longer.
So they used to offer a third party key, but apparently stopped at some point.
-
thanks for this thread - I did have simple SMS 2FA enabled - I've now converted to MS authenticator.
-
Thanks for posting this @Nic. I had someone open a credit card in my name with information stolen from Equifax. Luckily they didn't use it for anything before it got flagged.
-
@Kelly said in Equifax claims process is now open:
Thanks for posting this @Nic. I had someone open a credit card in my name with information stolen from Equifax. Luckily they didn't use it for anything before it got flagged.
Glad it got caught before causing you any damage. You can still claim any time you spent dealing with this, such as time on the phone with credit agencies or your bank.
-
@Nic said in Equifax claims process is now open:
@Kelly said in Equifax claims process is now open:
Thanks for posting this @Nic. I had someone open a credit card in my name with information stolen from Equifax. Luckily they didn't use it for anything before it got flagged.
Glad it got caught before causing you any damage. You can still claim any time you spent dealing with this, such as time on the phone with credit agencies or your bank.
Yup, I already put in for that. Yay money
-
@murpheous said in Equifax claims process is now open:
Surprisingly, I'm not on the list.
Me either! and I have plenty of credit history over the past 18 years. My wife was on it, who never had a credit card until after we were married a few years ago.
-
@Kelly said in Equifax claims process is now open:
Thanks for posting this @Nic. I had someone open a credit card in my name with information stolen from Equifax. Luckily they didn't use it for anything before it got flagged.
The same happened to my wife - though the card showed up at our house. The whole situation was just bizarre... it could have been so much worse.
-
I'm getting the cash. 10 years of credit monitoring is worthless, same with their insurance. It won't prevent identity or credit card theft. And their reaction time is piss poor, you'd get a notice 1-3 months later of someone opens new account in your name, and by that time crook will probably charge thousands. Credit freeze is the only option and they don't offer that. Discover bank offers credit monitoring for free to anyone: https://csp.discover.com/free-credit-score/index.html
-
@marcinozga said in Equifax claims process is now open:
I'm getting the cash. 10 years of credit monitoring is worthless, same with their insurance. It won't prevent identity or credit card theft. And their reaction time is piss poor, you'd get a notice 1-3 months later of someone opens new account in your name, and by that time crook will probably charge thousands. Credit freeze is the only option and they don't offer that. Discover bank offers credit monitoring for free to anyone: https://csp.discover.com/free-credit-score/index.html
Much like Credit Karma
-
Yes, Credit Karma checks 2 bureaus I think, while Discover does 1. I just realized I had to place Fraud Alert after that breach and I spent some time on phone with bank when I applied for iPhone financing during that time, so that's going to qualify as expenses.