I received a notification last night that someone changed my shipping address on Macys.com and when I visited the website, there was an open order for a PS5 with delivery to:
DONT IEPN 203 W PITTSBURGH AVE WILDWOOD CREST NJ 08260
After logging into Macy’s I got 43 emails at once to seven different services like “Excalidraw” and “Sportograf” trying to login using a magic link.
At this point was was pretty nervous so I checked my main email security. Sure enough, there have been repeated login attempts under my account going on every few minutes for weeks.
I also saw there was an attempted login to my cellphone or home internet company.
I use 2FA, authenticators, etc. Basically what else should I be doing? Is there any way to be more preventative? I really don’t wanna chuck this email but it is possible that may be the safest recourse. I do use this email for almost 300 different accounts to various things though.
If you use a strong password and 2fa, there’s no way to prevent login attempts, and a strong enough authentication will make random login attempts just a nuicance. You can set up a recovery address (that must be equally safe). If you are using an online password manager, check there was no known leak
There is 1 way to stop login attempts. Use an alias provider (e.g. simplelogin.io), and change the account emails to a randomly generated alias.
Even if you used the same password everywhere, as long as the email/username for the account is randomly generated the password is essentially useless.
Or plus addressed email aliases, which are free. Most automated spamming software do not remove the plus so you can block most of them like that. I use them.
name+8fh39sn@example.com