
Ask HN: How should I hack the hacker? - coffeedan
Some A..hole hacked my identity (through one of the many recent data breaches most likely). Among other things, he created a fraudulent account for me at one of the credit bureaus and tried to download my credit report. He didn&#x27;t get it, but when I discovered this I was able to get the email address he was using.<p>So my thought is to try to turn the tables on him and phish away whatever other info he&#x27;ll provide through that email address. Any other ideas?
======
Atlas
I had this happen to me. The hacker used freecreditreport.com (Experian) to
pull a credit report using the information an old employer leaked. They took
the information from my credit report and tried to change the address of my
credit cards to a UPS store mailbox and get new cards issued.

Fortunately one card was with a credit union that gave me the fraudulent
address. I filed a police report in the jurisdiction where the UPS Store was
located. Nothing came of the compromise, but at least I had a record if
something happened later.

I also got the email address of the hacker from freecreditreport.com, but it
was useless. The only way I found out that my credit report was pulled through
freecreditreport.com was due to my employer (not the leak) getting employees
accounts with Experian as a perk. When I contacted Experian, the rep noticed I
had two accounts, one through my company and one through freecreditreport.com.

How did you figure it out?

~~~
coffeedan
I got mail from Experian containing an access code to activate "my" account.
Apparently, this guy failed the standard credit report info test so they sent
postal mail to the address on file to ensure he was legit. He wasn't of
course, so I got the postal mail.

~~~
Atlas
Glad he failed. I have had my identity stolen several times including
fraudsters trying to file bogus state and federal tax returns. I cannot
complain too much; all that I learned from that got me into the identity
business.

Thankfully in my case, the fraudster failed the knowledge-based authentication
questions that the bank asked when he attempted to change my address and have
a new card issued. I suspect that is what happened in your case too.

------
minimaxir
Er, two wrongs don't make a right.

~~~
coffeedan
Easy to say, but you try having someone file tax returns on your behalf, order
debit cards in your name, etc, and then not feel like he's deserving of a
little "street justice".

