
Ask HN: Someone is using my email account to sign up for random websites - czatt
I have recently started receiving a lot of &quot;please confirm your subscription by clicking the link below&quot; emails for things I have not signed up for. 20-30 per hour, which is too much for it to be someone just trying to annoy me. Has anyone gone through this bug before? Is it a scam attempt? Any way to fix it?
======
rs23296008n1
I get around 6 emails per day from various spammers operating from AWS
servers[1] asking that I unsubscribe to stop receiving their emails. They
presumably want me to: reveal my location (the page has tracking pixels) and
that my email works (confirm target address is valid). Or something similarly
stupid or valuable to them.

I also got a very threatening email purporting to have access to my gmail etc.
I didn't wait around for confirmation. My instant response: got a new sim for
its mobile number, set up 2fa on that for gmail. Put new sim in an old phone.
Also changed password etc.

I advise anyone with a gmail etc still using sms/text for 2fa to at least set
it up so the mobile number used is not one that has ever appeared in your
contacts list. Or that you've ever given out to a random website, eg
facebook/linkedin. Linkedin has repeatedly lost control[2] over their database
in terms of email/phone number.

I kept my main number just for contact as before but I dont use it for 2fa.
Also, plenty of other 2fa options exist so use them. Authenticator app is a
thing too. Now I have two phones with that app. Very handy.

My new "authentication" phone is a prepaid thing with 365 say expiry and $5
credit. I never make or receive calls on it. Its not on my contact list.

I'll leave out the benefits of having your own domain because this comment is
long enough. Only that it makes spam origin detection so much easier. Not to
mention filtering.

[1] why gmail can't filter by sender hostname/ip is beyond me. I'd also like
to tag emails from unsecured transports. My current solution is reporting spam
via gmail and also I'm in the process of extracting out a automated list of
AWS hosts that are sending spam so I could report them to AWS.

[2] which is why my very old mobile number that was fresh at the time is now
"out there" against my email address. The source was hopefully just linkedin
scraping. I know it was only linkedin because that phone was unfortunately
destroyed about a week later.

------
mtmail
I'm on the opposite side. A script setting up accounts on our website where
clearly the name and email address (and timezone and IP address) don't fit
together to get users to click those link in confirmation emails.

Best theory we have is they want to identify users who click on anything to
send them a real scam later.

Very annoying.

~~~
czatt
Ugh. I wonder if there is anything I can do that is not just sitting and
waiting for them to stop.

I hope I don't have to get rid of my gmail! Alternative is to come up with a
way to filter those straight to spam, I guess..?

------
ohiovr
I would advise changing your email passwords and since you are now a target,
try to get some kind of 2fa

