Cactus3963โ
Your experience was obviously very worrying and stressful so I have to stress upfront that I am not doubting you at all.
However, I would respectfully ask whether you know for certain that the scammer/hacker changed your sign in account and VM account password by contacting VM support staff?
The reason I ask is that if the hacker had been able to gain access to your VM account, (perhaps using your VM credentials taken in a data breach for example) then they could have made those changes to your VM account without any help from VM support staff and without having to answer any security questions whatsoever.
If that was the case there is still a big security issue to be addressed but the focus of attention changes.
Switching your account sign in to a different address was a great move and in view of your experience that sign in email account definitely needs to be one that's protected by 2FA or similar.
If the hacker used VM support to make the changes to you account, it's worth mentioning that the 3 security questions that Daniel_Et refers to in his post often include a question about the bank account that you use to pay VM.
VM staff never ask for the full sort code and account number but the fact that they knew enough to pass those security suggests the hacker has a considerable amount of information about you.
Finally, with your security background I am sure that you have already:
- checked your credit reports for any changes that might suggest you have already been affected by identity theft.
- you have also run extensive malware checks on your devices to ensure that the hackers are not able to pick up your VM credentials from your devices via malware.
I really hope that you can get some sort of closure to this, as it stands it is clearly a big worry whether the hacker/scammer can do the same again.
Coenoby
