A little off topic, but I would suggest that you freeze all three of your credit reports so no one can open accounts using your identity.
https://www.experian.com/blogs/ask-experian/credit-education/preventing-fraud/security-freeze/
It’s the same thing LifeLock does for $30 a month.
Also, you should use a password manager so you never type in a password. Keyloggers that record your keystrokes and forward them to bad guys are one of the most common ways of getting access to your online accounts.
Don’t use a debit card for purchases; it’s a direct gateway to all of your accounts, and you could be financially wiped out. Use a debit card ONLY when you withdraw cash at a bank’s office, with a teller.
Use a simple credit card, which doesn’t allow access to your checking and saving and investment accounts.
My Wells Fargo CC has been hacked 5x since I got it in 2018, and the bank/ CC company have refuted all the charges and credited my account, plus issued a new card each time. It’s been almost 18mos since last hack, and with all financial usernames/passwords changed, so far, so good.
Find out if you had passwords identified here:
Put in your various email addresses. Do note if you reuse passwords, criminals will simply use your email address and breached password against other websites, hoping you reused that password, there.
It is also possible your debit card was skimmed. Only use the chip inserted into a reader and a PIN. Otherwise, consider something like Apple Wallet to hold a debit card. If you swipe a debit card, you could be feeding a skimmer tool. No point of sale should allow a card slide to be required. Don't use a debit card if they only let you slide it.
For credit cards, always try to use Apple Wallet with Apple Pay. It is the most safe method.
Be careful about using “free” wifi. Bad guys can get you that way, too.
So sorry for your troubles.
I’m no expert, so I can only give a few rudimentary items and suggestions.
There have been many major events in recent years in which millions of accounts of various kinds have been hacked. One of the biggest that I remember was more than a decade ago when Chinese figures hacked into government computers and stole the data of millions of government employees.
Although your email being on the dark web is not a good thing, it may not be as unusual as you think. It wouldn’t surprise me if half of the American public unknowingly are in the same boat.
Change passwords on all significant accounts. Use different passwords for each account. Enable your bank accounts to notify you if there are unusual purchases. Some banks allow you to limit a geographic area in which your cards can be used. Use a credit card instead of a debit card for out of the ordinary purchases.
Others probably can give you better information. I hope that you have no further problems in the near future.
Use secure passwords and long pin #’s and change them often. Use ‘tap’ to pay and avoid ever putting your pin# in to any ATM’s or POS terminals (The ATM’s at your bank are usually safe though) but now even most bank ATM’s have ‘tap’ to enter too, so always use that instead of entering a pin#. Remember, they can get all the info on your card but without the pin# they’re out of luck, so guard your pin like you would your wallet.
There’s more but those things right there will keep your card very secure.
One of the things I have done is buying prepaid cards at sources I trust.
So I pickup $200 visa card or master card, pay an activation fee of $7.95, then use it at many locations, my credit union cards are never put at risk. Now that doesn’t mean they can’t hack your card by some other means but it reduces that likelihood. The couple times I’ve had my card hacked the fraud alert people picked up on it right away. But at places like point of sale like for gas or food, I use those cards so the most someone can steal from me is the amount on that card, and usually I’ve used it so it is rarely face value that they can get.
FWIW.
Starting the in the last 2 days, I have been getting multiple “system-generated notification sent by Gmail’s mail server when an email you attempted to send could not be delivered to its intended recipient” from (supposedly) mailer-daemon@googlemail.com.
All of my mail from all of my accounts are forwarded to my private Protonmail accounts... I haven’t used google-mail in years.
This appears to be another type of spoofing/phishing, and you should NOT click on anything contained (or even open) those mails, as they can then get your personal information.
(I now have my email filter to send all of these straight to my spam folder.)
I am not saying this happened to you, but it is a possibility, and is now, always, a future possibility that everyone needs to be aware of.
Burned once with that...never again.
I have the debit cards for both my banks set to send me an email for any charge over 1$. My phone is set to give me a special notification tone when a charge comes through.
I also use Privacy.com virtual cards for all recurring charges like insurance, subscriptions, etc.
I’d get out of San Antonio.
This has happened to me a few times.
Those addresses and a police report need to go the State Attorney General's office. If the criminals are doing it to you, they're doing it to others and you know their pickup point.
They don't likely live there but live nearby and "steal" the packages from the porches they get the items delivered to.
Leaving Amazon boxes at those addresses with actual items in them but also hidden trackers may expose an entire network of thieves.
I want to thank everyone who contributed advise and useful links in this thread. It’s getting late now, and I can’t stay up any longer. I’ll definitely be making use of this information in the morning!
BKMK
Never, ever use a debit card. I use either a credit card or cash. And I pay my credit cards in full each month. A debit card leaves your bank account vulnerable. Fraudulent use of your credit card has a $50 limit per fraudulent charge, which I’ve never been charged. I had a friend have his entire bank account wiped out due to debit card fraud. Sure, he eventually got his money back, but his account was unusable until that occurred.
I’ve had Life Lock for about 18+ years now. They’ve caught fraud.. ID theft for me a couple times and one was my SS number that turned out to be an error on a loan application not an actual fraud.
I only use AMEX, no other CC and it’s paid monthly in full, never a balance. They’ve caught fraud several times and I never pay a dime.
RFID skimmers are used all the time by criminals. They get close enough they can scan you CC in your wallet, pocketbook etc. Use an RFID protectant cover for your CC.
Change email passwords often 16 or more random characters.
Put credit freezes on all your credit bureau accounts and leave them there.
Never use a debit card for daily transactions...that’s a direct line to your bank account.
There’s a lot you can do but nothing is perfect.
Whenever you buy something on the internet, DO NOT let that site save your credit card info for future purchases. Also, use well-known secure sites to do your online shopping like Amazon or Walmart. You can buy just about everything on those sites.
I know it's a pain, but use dual authentication to log into your most critical sites like your bank. Having to also text a code back on your cell along with entering your password is impossible to hack.
You might be able to ‘turn off’ your husband’s debit card if you aren’t going to use it. I know I can turn off my credit and debit cards. —Anyway good luck with getting this under control. You’re getting some really good advice.
My Girl friend had a santander account and got a card she never used. A bunch of charges showed up from CA. I told her to switch banks. she didn’t but reported the card. Some of this is inside jobs. Santander (spanish company sucks by the way) You need a phone to take money out of the bank.