WTF kind of scam is this?

[TR]

I just got 55 emails, all from various government entities welcoming me to subscribing. And the first one was from the Department of State thanking me for updating my email subscriptions to include (i’m putting a list behind a spoiler because it’s very long lol):

SPOILER: Click to show

You have subscribed to the following topics:

Public Schedule
Western Hemisphere
Europe and Eurasia
South and Central Asia
Near East
Climate, Environment, and Conservation
Economic, Energy, Agricultural and Trade Issues
Secretary's Remarks
Department Press Briefings
Press Releases
Diplomatic Security
Foreign Per Diem Rates
Africa
East Asia and the Pacific
Women's Issues
Counterterrorism
International Health Issues
Democracy, Human Rights, and Labor
Arms Control and International Security
International Organizations
Trafficking in Persons
Collected Releases
Direct Line to American Business
Law Enforcement, Narcotics, Anti-corruption
Population, Refugees, and Migration
UNHCR & IOM JPO and AE Vacancy Alerts
International Expositions (World's Fairs)
Treaties - Text of Treaties and Agreements Published in TIAS
The Week at State
Media Hub Briefings
All Flagship Emails
From the Secretary's Desk
U.S. Advisory Commission on Public Diplomacy

You have subscribed to the following category/categories, which include all the topics listed below them in the signup form:

Flagship Emails
Foreign Affairs Topics
Most Requested Publication Types
Regions and Countries
Subscribe to All Topics Above
Travel

That first email came from: usstatebpa@public.govdelivery.com which seems legitimate from googling and all of the other emails have.gov email addresses.

I deleted them all and I’m not clicking on any links, I guess I’ll go directly to the Department of State website and try to unsubscribe? But what the actual fuck?

[plutosmoon]

I just had this happen on Thursday at the same time my HSA account was hacked. I believe they flood your email with nonsense to cover any email you might get about a login or withdrawal. The emails all linked to legit government websites, it was the hackers trying to cover up their login. I'd check accounts and look for any sort of email notifications from bank accounts. The HSA hackers submitted a claim, changed my reimbursement account, and nearly grabbed $3000, I'm still not entirely sure how they got past my 2-Factor authentication.

[archiethedragon]

Sept 28, 2024 17:41:50 GMT -5 plutosmoon said:

I just had this happen on Thursday at the same time my HSA account was hacked. I believe they flood your email with nonsense to cover any email you might get about a login or withdrawal. The emails all linked to legit government websites, it was the hackers trying to cover up their login. I'd check accounts and look for any sort of email notifications from bank accounts. The HSA hackers submitted a claim, changed my reimbursement account, and nearly grabbed $3000, I'm still not entirely sure how they got past my 2-Factor authentication.

This. This happened to me as well. Check your accounts

[TR]

omg that's exactly it! I'm calling my HSA now because I can't delete the account on-line.

[sometimesrunner]

This happened to me a couple of weeks ago, but they were almost all universities. They all were the type where you have to click on a link to verify your email address, which I didn’t do so I haven’t received any more from them. Just like the other poster, this happened when someone hacked into my target account and attempted to place an order. Lucky for me, Target had already flagged and rejected the order so all I had to do was update my password with them.

[TR]

Sept 28, 2024 17:41:50 GMT -5 plutosmoon said:

I just had this happen on Thursday at the same time my HSA account was hacked. I believe they flood your email with nonsense to cover any email you might get about a login or withdrawal. The emails all linked to legit government websites, it was the hackers trying to cover up their login. I'd check accounts and look for any sort of email notifications from bank accounts. The HSA hackers submitted a claim, changed my reimbursement account, and nearly grabbed $3000, I'm still not entirely sure how they got past my 2-Factor authentication.

Thank you SO much! I did see the HSA email, but I get a lot of those because we changed HSA holders at work recently, but someone had added an account for EFT transfer and submitted a claim for $12,000! They deleted the claim and the account and I changed my username, password, security question, and changed my email password since email is one of my 2 factor authentications. Whew.

[TR]

plutosmoon- Is your HSA with HealthEquity by chance? I’m wondering if maybe they had some kind of breach, and if so I’m going notify my work.

[plutosmoon]

Sept 28, 2024 18:16:28 GMT -5 TR said:

plutosmoon - Is your HSA with HealthEquity by chance? I’m wondering if maybe they had some kind of breach, and if so I’m going notify my work.

Yes, HealthEquity. I got a data breach notification from them last week too. I told all my co-workers to check, but none of them received the data breach email or had any issues.

[TR]

Sept 28, 2024 18:18:17 GMT -5 plutosmoon said:

Sept 28, 2024 18:16:28 GMT -5 TR said:

plutosmoon - Is your HSA with HealthEquity by chance? I’m wondering if maybe they had some kind of breach, and if so I’m going notify my work.

Yes, HealthEquity. I got a data breach notification from them last week too. I told all my co-workers to check, but none of them received the data breach email or had any issues.

Interesting! I just double checked and I hadn’t gotten a data breach notification. I will tell my coworkers just in case.

[bittybomb]

This happened to me and I don’t know if it’s a coincidence but at the same time someone got into my payroll app and tried to change my direct deposit account. Thank goodness my HR reached out to confirm before approving. I was spooked and change my passwords to everything.

[underwaterrhymes]

Thank you for posting this. I have HealthEquity for my HSA and did not get a data breach alert, but I just went in and changed my email and password.

[RitzyHeifer]

I had the same happen right at the same time my Ace Hardware account was hacked and a (large but not HUGE) order was placed. They managed to change the shipping address so I assume were trying to bury the order confirmation in the 60+ subscription emails and then know they had an active account to exploit.

All that to say, check ALL accounts and change passwords on email and everything else. Not just HSAs.

[livinitup]

Once you have a targeted attack, it’s recommend that you change all of your passwords across all websites and devices.

Sorry!