Possible Identity Theft Issue

[Eleven]

This concerned me when it happened today, and still does. I'm not quite sure what to do next other than the simple steps I have already taken.

Me and my sons used to play Dark Age of Camelot (online MMORPG for anyone who doesn't know. It is similar to World of Warcraft). We stopped playing regularly a couple years ago, and closed the 2 accounts.

So, I remained in control of the accounts, they were just inactive. We did activate a free trial last month but didn't play. My son had continued to play several 'free shards', private run game servers that didn't cost money to play. Most required some form of message board membership, so players could communicate with each other, and the game servers admins could verify who was playing. These servers were notorious for being hacked, but it didn't matter much, you just start over somewhere else.

I suspect on some of these, my son used our old legit DAoC account login info, just to make it easier for him to remember.

So today I get an email from EA-Mythic that our main account contact info and password had changed. That email also noted what the info was changed TO. I called immediately and being the original account owner, I had the 'secret word' that serves as proof to EA of the true account owner. (The second account was never affected, of course it has a different name)

I had all the info changed back, the customer service rep said the account had not been activated, so I was sure nothing had been stolen or vandalized (in the game, items are worth money and people buy and sell with real money, and malicious people will gain access to an account and delete things out of spite).

Right after the phone call, I checked the online account management page and saw that the account now had a '30 day prepaid time card' activated and the account was now active. Only 2 reasons for this: the CSR gave me the free month (doubtful, he didn't mention it) or the hacker activated the account *just* before I gained back control of the account.

So I logged in to just do a quick check and nothing was out of place, everything was where I left it. I left the character logged in and the game running for a while, just in case anyone in the game would happen to message the character, sometimes hackers and account thieves take note of characters and communicate through them.

About 15 minutes later, the phone rang and I immediately recognized the area code, as the same one that my contact info had been changed to, but it was a different number.

I answer and some guy says "Is this Scott?", I said yea and he says "My name is Mike, did you have some issue with your DAoC account?" and I replied that I had. He then said "OK, I'm sorry about that, but I had just bought that account, were you selling it?" He also said "Mythic told me the original account owner changed all of my info back".

Of course I wasn't selling, and told him so. He apologized again, and I told him he didn't need to, but the account was mine, always had been and I never had intentions of selling it. I mentioned that if he paid someone using PayFail, he could give them my number and I would help get his money back.

He apologized again and we hung up. Then I realized that the original email I received had the new contact info it, and none of that matched this guy. The phone number was different, although the same area code, and the name was different. Then I got scared and called EA support again and asked if there was any way possible for someone who did have the account name and password to actually get my personal info, like name and phone number. They stated they NEVER give out any info without the secret word.

So, somehow someone found my account name and password, which is not too hard to fathom if my stupid kid used that info on one of the free shards, but the fact that "Mike" knew my name and phone number was scary.

I don't know how he could get that info. I have changed all my passwords everywhere (none were ever the same as that game, and that game account name has nothing to do with anything real like my bank, PP, ebay, or business accounts).

"Mike" may or may not be the hacker himself, he may be a victim as well, but he has my name and phone number.

I don't use Lifelock or any other credit monitoring service, but I am considering it now, what says you?

Sounds like someone found out your password on the game and then looked on the website at your information? I don't know for sure though but the only reason I would be concerned with identity theft is if the person also had your full credit card number, social, drivers license number, or bank account information. It doesn't seem like they could do a whole lot in the game and I think that a prepaid card means that they did not use a credit card to purchase it but rather bought it at the store. But I haven't played that game before. Anyways, best of luck to you and let us know how it turns out and I hope none of this came off as rude.

[Eleven]

The only thing that makes me think for a minute that "Mike" was indeed a victim, is maybe he received the same email I did, as verification of the contact info change.

I think its a built in safety measure, to send copies to the NEW and OLD contact info. If he did in fact receive the same email when he changed the info over to his name and phone number, then he would have my info as well.

The confirmation email when you change contact info, passwords, etc etc showed me my old info and his new info.

I could be paranoid, but it was too weird after the email to have this dude call me, and of course none of his supposed info matching what the email had said it was changed to.

(And no you didn't sound rude at all, you somewhat put me at ease.)

[NCRadioMan]

I would call the police and tell them exactly what you said here. Sounds very suspicious and I would think you have enough info for them to investigate.

[Bill86]

It's just kids trying to steal accounts to get ahead in a game. They sometimes go pretty far to do this. Unless the voice wasn't that of someone under say 18-21? I would doubt they would take it any farther then that but this is just my own opinion. I would suggest using different passwords and information for video games, as I do. I would still probably contact the local police in "mikes" area, if that is in fact his real name (doubt it). But have them trace the call or see who owns the line/cell and let them have a chat with him.

[Eleven]

I don't use the same passwords for anything, but I did just change them ALL tonight after this. We don't play the games any more but of course the accounts and the info is all still there.

Mike sounded adult, certainly not a kid. Him having my number could very well be as simple as him receiving the same email I did with the info change. But the fact that someone did have access to that account sucks.

Victim or not, I think if I contact the police up there and explain it to them, and they do contact him, he will know one of two things: 1, I didn't scam him...or 2, if he is the scammer he knows someone is on to him.

[loki]

you can call the police but i really doubt they're going to do anything more then take a report and then go onto something else.

[icehog3]

Quote:

Originally Posted by loki

you can call the police but i really doubt they're going to do anything more then take a report and then go onto something else.

True, but not because they are lazy or uncaring. Internet issues cross jurisdictional lines and most municipal and county police departments don't have the resources to investigate and prosecute. It will fall to a federal agency to act, which is also unlikely unless there was some tangible loss that occurred.