On Thursday March 30, 2017, Jagger Walsh took his last breath. He was 10 years old, and died from cancer.
Jagger was a bad dog. He suffered from separation anxiety and a general dislike of people. He most disliked when people used the front door, regularly charging and nipping at our visitors upon entering and exiting. If a guest shielded himself from the bite, Jagger violently ripped at the door mat. A coping mechanism, we mused.
Jagger was a Lhasa Apso, a Tibetan breed known for its beautiful coat of long hair. We can’t blame Jagger for his incessant barking and aggressive behavior; Lhasa Apso’s were bred to be fiercely protective, suspicious of strangers and to alert their owners of intruders. In this respect, Jagger was actually a good dog. He took his role very seriously, much to the chagrin of our neighbors, friends, the postman, and visiting family.
Despite his beautiful coat of hair, Jagger was not a beautiful dog. He had an under bite that stuck out like a bull dog. His front feet were deformed as well, pointing outward like a duck or a dancer. This gave him a very characteristic look – a Lhasa Bull Duck like none other. But despite his flaws, Jagger was very confident. He would jump onto your lap and paw at your legs until you gave him hugs, scratches, and kisses. And you were happy to give him your affection, because once Jagger stopped barking at the door, he was actually extraordinary sweet. Like a Sour Patch Kid. First sour, then delicious.
Jagger’s favorite past time was running in and out from the open screen door, enjoying the warmth of the sun for a few moments before running inside to ensure his family was still okay. He also loved going on daily walks around the park with his mom. During the afternoon, he sat in the studio listening to his dad make music. By all accounts, Jags was an avid music critic and gave sound advice.
Those who met Jagger know he had a hard exterior. But once making it through his front door – both literally and metaphorically – Jagger protected you. His barks weren’t aggressive, but rather a loud “Hello” – like from an old deaf man. His front teeth were just an upside smile. And his dainty walk reminded you that to his core, Jagger was a gentleman.
Jagger was a bad dog, but he was the best bad dog we ever had. We will forever miss his blond body running up and down the stairs, jumping on our beds and cuddling when we felt sad, bored, or simply in need of unconditional and never ending love.
Jagger, I hope there are a million doors to bark at in heaven. Love you forever – rest in peace.
Today, while chatting with a co-worker, I received a PayPal notification on my cell confirming my eBay purchase of $586.00.
I love when my purchases are approved. My PayPal account sees more action than nearly any other app on my phone. But I only like hearing from PayPal when I’m buying things.
I did not buy anything on eBay today. I have not bought anything on eBay in years. Once Amazon Prime wooed me into membership, I forgot eBay existed – which is part of the problem.
My eBay is connected to my PayPal, which was connected directly to my checking account. Panic commences. My first steps were to:
Stare at my PayPal app.
Self doubt – “Did I buy a Ford 6.0L Powerstroke Victor Reinz Head Gasket & Head Studs?” No. What is that? Also, I drive a Nissan.
Look for a cancel or dispute button. Find nothing.
Login to bank account. There is no pending purchase… yet.
Login to eBay on my computer.
Request a cancel order.
Cancel order three more times.
While waiting on the phone for a human being after spending ~5 minutes explaining the issue to a lady robot, I changed my eBay password. Hopefully the criminal couldn’t make any more purchases there for now.
The PayPal representative was very nice and helpful. First, he froze my account and reset my password. Now both eBay and PayPal were protected. I explained the situation and he immediately refunded my account. He also verified all my information and notified me that there was a new address in my settings – a Trenton, NJ address.
He explained the order had already gone through and the money was going to leave my bank account, but I could transfer the refund to my bank now to break even. I thanked him and we hung up. It was really easy, and that is really rare. Many hacked accounts are hard to reclaim.
How my account was compromised
Firstly, the person in Trenton who ordered the head gasket is 100% not a hacker. eBay was hacked in 2014 and the site requested all users change their passwords. I did not, because I forgot eBay existed.
There is a black market for selling website credentials. When a site like LinkedIn or eBay is hacked, the hackers can collect thousands (if not millions) of usernames and passwords which they then sell. They can sell 100 usernames to one person, and 5,000 to another depending on what the buyer can afford. With this list in hand, the thief will try each password and username they purchased until finding the ones that work. Reply All has a very interesting podcast about buying and selling passwords.
In my case, I had the same password for eBay and PayPal. I can’t be sure which account they got to first, but with that password they were able to access several websites. In using the same password I had set myself up for fraud.
Finding the thief
The thief had changed my primary shipping account to their house. It was a Trenton, NJ address. So I began:
Google map the house. It looks scary and it’s in a bad neighborhood.
Zillow the house. I can see it hasn’t been sold or bought recently. I look at the estimated worth, property taxes, etc. I am trying to get a feel for the people who live here, and more importantly I’m trying to decide if I think the house is being rented or not.
Google the address for public records of people who have lived there.
At this point, I find 4 names of people who live or have lived in this location. The first two are men over 60 years old. They don’t have Facebook or any online presence that I can find, so I set their names aside.
The third name belongs to a middle-aged woman called Brenda. Brenda has a Facebook, and she still lives in Trenton. Most coincidentally – she is friends with the fourth person on my list – a late twenty-something woman named Felisha. Felisha lives in Trenton currently.
I deduce, and you may disagree with my reasoning, that Brenda and Felisha live together. Public records show they both have lived at the address and they are friends on Facebook. Neither Brenda nor Felisha are friends with the older gentlemen listed as previous residents, and I determine the men are less likely to be involved.
Felisha lives in Trenton. Her pictures are of a late twenty-something, heavy set woman with a constant mean mug. She wears all male clothing and portrays herself as very tough. If I have to guess between Brenda (her mother perhaps) or Felisha, I am assuming Felisha is the thief. Am I wrong? Maybe. It’s definitely not enough evidence to call the police. I could send Felisha a Facebook message, but I’m not a journalist and I don’t want this to get weird.
Perhaps Felisha’s friend is the thief, using Felisha’s address to throw us all off. I don’t know, and I’m not going to follow up with it because…
Two hours after the ordeal began, I received confirmation from eBay that the order was cancelled. Not only did I get my money back, but Felisha is not getting free head gaskets and the seller isn’t out almost $600. There is justice in this world.
What you need to do
Have you been hacked?
https://haveibeenpwned.com/ is a website that tracks if you have any accounts on websites that have been hacked and had user info stolen. It is a safe and reputable website, and it’s scary.
Enter your username that you use on most sites, or simply enter your email address. It will tell you what websites you are a part of that have been hacked. If you’re in the database, change your passwords.
Have several different passwords
I changed every password today on every site. PayPal, eBay, email accounts, all banking and credit cards, Facebook… you name it. You need to create a system of passwords. At least 1 password for email, 1 password for social, 1 password for banking, etc.
If a thief does get your password, they will try it on a ton of websites. Don’t let them get too far.
Enable two-factor authentication (2FA)
2FA is a system on Gmail and other platforms that will send a code to your phone or alert you in another way if your account is accessed from a new computer or device, or if your password is changed. The thief will enter your password, and then find a screen that reads “We have texted you a code to your cell phone. Please enter the code to proceed”.
Unless they also have your phone, or whatever second method of confirmation you create, the thief will likely be locked out.
If PayPal had texted me when my account was first accessed from an unknown device, all of this could have been stopped in advance. Enable 2FA on every account you can.
Enable app notifications on your phone
Allow any app that deals with your email or banking information to send you push notifications on your activity. When you buy something on Amazon Prime, get a text about it. It was the text that alerted me to the fraud and allowed me to stop it immediately. Otherwise, I may not have gotten my money back, and Felisha could have charged even more to my account.