....maybe.

At 4am, I received an email that my Capital One phone number had been updated, and at 4:02am, that a checking account had been created, congrats.

I used to have a CapOne credit card, but it's been closed and dormant. But I do still have an account. So I logged into the account - my password still works. My mobile phone number was changed to my old HOME phone number, which is super weird, because that land line has been gone forever. If I call that land line, it tells me the average cost of a funeral is over $8000 and climbing.

A secondary mailing address was added to my account. Unfortunately, CapOne doesn't tell you when, but I assume 4:01am.


So, based on that, do they have my info? I issued a fraud report with CapOne and they're giving me the runaround but I think they eventually closed the account (the new checking account, btw, doesn't show up in my CapOne account online, but the mailing address does). Also, contacted the credit agencies and put them on alert.

What else do I need to do? The password for that account was not used elsewhere.

You can contact Experian, Equifax and Trans Union and register that you’ve been a victim of fraud. Which means your accounts will be locked and you’ll need to unlock them whenever applying for a loan and maybe anything to do with getting a cell phone. See step 3 https://www.cftc.gov/LearnAndProtect/AdvisoriesAndArticles/6Steps.html.

What may have happened is part of establishing a synthetic ID. https://www.experian.com/blogs/ask-experian/what-is-synthetic-identity-fraud-theft/ You may have caught in time before the synthetic ID was used to open a credit card or whatever. I’m just spitballin here because who knows what they were doing…

Bugger, hope you get bit sorted. Is it worth running your emails through https://haveibeenpwned.com/ to do a check? I'm picking you are the kind of guy who doesn't use the same passwords twice but having my main email compromised years ago.... myspace! :)

What's in your wallet?

So you didn't reuse a password from elsewhere and since it was an old, inactive account it seems unlikely that you were phished into giving up access to it. Hard to crack an account externally without some way to steal the credentials... :\

You didn't use this account to pay when the nice man called about renewing your expired Vindows support did you? Did you give the helpful support guy access to your Vindows dextop?

Some banks got busted not long ago for opening accounts that weren't requested. That seems unlikely if an additional email was added to the account at the same time.

Capital One had a data breach back in 2019. Account credentials were not included but lots of personal information including SS numbers were.

https://www.cnn.com/2019/07/29/business/capital-one-data-breach/index.html

I wonder if someone has mined this data and come up with a mechanism for getting access to accounts? I don't know what kind of checks this process for getting account access has beyond this first page, but everything on the first page was in the data breach. Any additional checks could probably be mined by cross-referencing other sources.

https://verified.capitalone.com/enroll/pii

I agree with others advising to lock your credit down for now.

I have to confess that I've never heard of that one.

Obviously you didn't open the accounts - so something's up.
Step 1 is to notify Capital One - which you've done.

In this day in age - if you have NOT been affected by identity theft, it's only a matter of time.
I personally have three (3) identity monitoring services that I use. And still I'm nervous as hell about everything.

Your particular situation sounds like a combination of data mining and somebody who half knows what they're doing. I'd keep following up with Capital One (as painful as that is). Unfortunately one of the (extreme) drawbacks of living in the digital age is the ease of which it is to exploit vulnerabilities. Things are more convenient than ever...but also more attention than ever is required on the individual's part to make sure nothing untoward is going on.

In fact, I just took the opportunity to pull one of my 3 free credit reports from annualcreditreport courtesy of your reminder of how easily things can go awry.

Best of luck. These situations suck :(