Hello. Nick had his Gmail and Paypal accounts pryed open, and a couple of
shiny new computers ordered in his name. If you live in Atlanta, I'd
appreciate some help getting a photo of the fake shipping address:
Ok, first a little background on me. I'm 25, married, no kids (yet), own a house and have a mortgage and work as the head of IT for a small company in Altoona, PA. I'm used to using Google on a daily basis for both personal and work. I practically use all of Google's web services, from the online spreadsheets and documents to Gmail and Google Bookmarks, so I have A LOT of information in these accounts. I run firewalls, antivirus, and antispyware on all the systems at home and on the ones I manage, so security has never been an issue. I also must note that the passwords that I use are non standard, not words, and are made up of numbers, letters, and other characters in both uppercase and lowercase.
On Wednesday I was in my gmail account following up with my usual emails. Nothing was out of the sorts. I closed out of my Gmail for the night.
Upon checking my Gmail on Thursday morning at about 8:45, I had trouble signing in. Gmail just wouldn't take my password. I thought to myself if I had been putting in the wrong password, so I tried all other passwords I could think of. It then hit me that either my account was locked out or someone changed my password. I did a little research on the password issue and found that someone must have changed it! I now was in panic mode, just thinking of everything that could be potentially lost or compromised. I have emails in my Gmail account for services I've signed up for, such as paypal, web hosting, etc... I always change these passwords from the default ones, but it's still the principal of having that 'link'.
My next task was to try and reset my password to try and get back into my Gmail account. I used the 'lost password' form, which was supposed to email a link to the secondary email account in the Gmail account in case of such emergencies. After it said the email was sent, I began checking what I though was my backup email I had set. Nothing came in.... I re-submitted the lost password form, and I still never got an email... I checked my other email accounts to see if I got anything there... No Dice! I then realized that the secondary email that was in my Gmail account was an inactive email address from an ISP (Atlantic Broadband), that I had gotten rid of a year ago. I'm now on Verizon Online. My heart sunk knowing that not being able to get access to that account would not let me reset the password. The only other way to reset a password in Gmail would be having the account sit inactive for 5 days, and then answering the security question I set, or that the new intruder might have set! I didn't have 5 days, and what's to say that the new squatter would let my account go inactive.
I took a shot in the dark and loaded up the address of Atlantic Broadband. I clicked on the login link, put in my old username and password to the now over a year old account and clicked the Log In button..... The page reloaded WITH ME LOGGED IN! My account was still active (even thought I stopped paying the bill a year ago!) I was able to get to my email! Checking the email showed me the link to reset the password!! YES!!! The guy that squatted on my Gmail account slipped up and didn't change the secondary email account! I was able to immediately reset the password.
Logging into my Gmail account yielded some very startling information. I immediately saw 4 new UNREAD emails... some confirmation emails. I had confirmation emails from both Dell and PayPal. I clicked on the PayPal email expecting to see some sort of phishing scam, but in the email weren't the usual "reset your password" links that go to some url like "http://im.stealing.ur/information/password_reset.htm". I just about had a heart attack when I saw the payment amount $3,371.76 USD. I also saw that they used my name for the shipping address, but another shipping address for the road, city and state. I then went and opened the Dell email. Sure enough it was a confirmation for the purchase of 2 computers. Not just 1 but 2... selfish bastard.... Pretty nice systems too, but they could have done better. I then went to the other Dell email that was there, and it said that the order was delayed because PayPal wouldn't authorize the payment. I then opened the last email and it was from PayPal saying that my account access was limited due to "...reason to believe that my account was accessed by a third party...". Whew... PayPal blocked the payment. I had to laugh to myself thinking that if Paypal even tried to process anything it would have bounced BIG TIME!
Up to this point I've never had a problem with PayPal. I've always just used their services for ebay only, and my purchases are far and few.
Now realizing that this idiot has gotten into my paypal account (yeah, ok, so I was stupid and had the same password on my paypal account as my Gmail account, although the usernames were different). I tried logging into my PayPal account, and found that it was truly limited (thought the password wasn't changed on me- yay!). I was able to go through the actions to reinstate my account, all for the last step. When you have your account limited through PayPal, you must complete 3 steps:
Note: Nick McBride is the real name of the guy who's account was pryed open.
He lives in Pennsylvania.
We are both wondering what is at 1265 Sylvan Road. in Atlanta. That is where the thief wanted the computers shipped.
Here's what I got so far:
From the Dell Computer Order:
He was assigned customer ID:77978946
The following billing information was used:
1265 Sylvan Rd.
Atlanta, GA 30310
Total Charges: 3,371
When he made the paypal payment, he used my name "Nicholas McBride" but with the same address as above. My paypal address was confirmed, however the address he used was obviously unconfirmed.
Looking at the times of the emails from Dell and Paypal, it took about 45 minutes for Paypal to flag the account and limit its activity.
Other info I know:
I did a reverse lookup on the address and phone numbers, no luck.
I pulled the address up in google maps and took a look at the location. I used the hybrid map, so I could see where houses were. I noticed that the arrow for the address marker was on the left side of the street, where there appeared to be a few auto wrecking yards. I then did a yellowpages.com lookup for "Auto" using that road using a radius of 2 miles. And found:
Georgia Auto Salvage Incorporated
1285 Sylvan Rd. SW
Atlanta, GA 30310
Mapping showed me that it was the same one on the same side of the road like 10 feet away from where the first marker was.
I figured if the guy didn't want to put an exact address in, use something a little off, and UPS would probably know where it had to go, but the feds wouldn't have a clue.
I called the Auto Salvage place to ask if Jerry was there, but the guy that answered didn't speak English very well, and couldn't seem to understand me. So I took that as a lost lead for now.
I then focused on the phone number "Jerry" provided. Doing a white pages reverse lookup told me that it was a sprint cell phone number out of Texas. Calling the phone number yielded confirmation it was a cell phone that was turned off and it went straight to voice mail. The voice main greeting sounded like someone blew into the phone receiver to cover it up...
I then decided to jump right in and I went to nonpublished.com and pulled up a report of that phone number that gave me a name and city/state:
Smith, Ronald A
Austin, TX 78701
Using that info, I was able to get a few Ronald Smiths in Texas, but nothing in the 78701 zip code. That's where I am now.
If you live in Atlanta, I'd appreciate some help getting a photo of the would-be shipping address:
1265 Sylvan Rd.
If you live in Atlanta, I'd appreciate some help getting a photo of this address as well.
-Rob 8 a.m. Pacific time
Photos! Please read Nicks Paypal Account, page 2.
contact Rob | science club | pranks | How much is inside? | Home | Incredible Stuff I Made | Torn-up Credit Card Application | Magazine Advertising
December 2, 2006