COX EMAIL HACKED ONCE AGAIN
My Amazon account was hacked again through my Cox email. This is the 4th time it has happened over the past few years. I have 2 factor authentication set up with Amazon but they bypass that & click ...
Forum Discussion
This doesn't sound right. If you've changed your email account numerous times on Amazon, what are the odds somebody can navigate to those pages (Cox, Yahoo, Gmail, etc)...on their browser, mind you...and crack those passwords? I suppose they could access all accounts if you're using the same email address and/or phone number as your recovery methods but if you've changed that password as well, the odds are still astronomical.
Passwords aside, if you're using the Amazon Two-Step Verification, those codes are either locally generated (app) or locally accessible (SMS). Meaning, nobody can see those codes unless they have access to your "primary mobile device." If they don't have access to your primary device, they'd need access to your mandatory back-up device to either see or hear your unique security codes.
It doesn't sound like somebody has access to your Cox account, but somebody has access to your device(s). As BSD noted, something or someone has either infected your network or has access to your devices.
However, if you're using the Amazon Alternate Sign-In for Two-Step Verification, this could be causing your mystery. What is your first suspicion somebody has changed your password on Amazon; is it an error message after submitting your password? If so and you're using the Alternate verification, that's normal because your password will change every time.
Alternate Sign In for Two-Step Verification
[Step] 4. Add the security code to the end of your account password on the device or app you are attempting to register and submit again. For example, if your password is "abcdef" and the security code you receive is "12345", then enter "abcdef12345" in the password field. You will then be signed into your Amazon account.
Reference: https://www.amazon.com/gp/help/customer/display.html?nodeId=201962400
If you're using the normal 2-step method, you can skip the security code verification by checking the option for Do Not Require Codes on This Browser. This option needs cookies but if you're clearing cookies, you could be suspicious because Amazon will force you to re-verify again.
If you're not opting to bypass codes or not clearing cookies, you'll need to review your account in Amazon for any unknown "trusted" access and then either untrust, deverify, deauthorize, deregister those devices. If it keeps reappearing, you'll need to contact Amazon to investigate.
You didn't mention if the hacker is actually ordering stuff on Amazon. Are they? If so, where are they sending the packages?
I found out they got in through my Cox email & clicked forgot password on Cox & Amazon but they couldn't do anything on Amazon since Amazon sent the passcode to my phone.
If you...or somebody...clicks Forgot Password on Cox, what do you have to do? Do you have to answer a secret question? If so, change your secret questions and answers.
However, if the somebody knows you well, they could be easily answering your questions. If so, provide bogus answers you'd only know. For example, if Cox asks, "What's the name of your childhood pet?"...use the name of a pet belonging to someone else that you'd uniquely know.
Cox provides an option to reset your question-answer if you've forgotten the answer. However, that could be a flaw if an unauthorized user knows everything about your account, such as account number, PIN, last-4, secret answers, etc. I'm not sure how Cox has you verify this, such as either online or only via telephone.
Is the password for your Cox user account different from Cox webmail? I know there are two different links but if you change the password on your user account, does it affect your webmail account? If not, then change the password to your user account.
If someone gets into your email, they can go to the cox website & see your secret question & click on show answer. How secure is that?
Are you asking or telling me? I don't know it's functionality. I've logged into webmail once, hated it and moved on.
Someone got into my email & I get my Cox bill there & for some reason cox put the whole account # on the email........could be they're getting in like that because no one knows my security answer, not even my family.
As mouth alluded to above, there was a massive data breach of account information a few years ago. I don't know what info was compromised but we should assume it contained the answers to our secret questions. Change your questions and answers.
Also, if possible, change the passwords on your user account, forum account and webmail because they're getting in somewhere.
I understand this is a pain but when Cox loses our account credentials, everything is compromised.
The password is same when signing in using an email client and signing in using Cox webmail.
