I was minding my own business, browsing Buzzfeed at lunch and I got an email from Deliveroo saying; ‘Nando’s – Finsbury Park has accepted your order’.
Now, I’ve never been to Finsbury Park, nevermind being fancy enough to go ordering a Nandos for lunch (can you imagine the luxury!?)!
A chicken-based saga started to unfold.
Maybe Deliveroo made a mistake?
I assumed it was just a mistake from Deliveroo, but the address the chicken was on the way to – with a phone number – certainly wasn’t mine. (Can you believe the gall of the chicken robbers, happily letting me know where they were?!)
I gave Deliveroo a call to check, and they had told me that the odds are my account has been hacked, they closed down my account and said they would investigate.
Not only do I think the scammers generally have a cheek, but I think they lack real imagination. Their orders were super average (chicken, chips and a medium drink) considering they were using someone else’s money – they didn’t even add halloumi!
I had been hacked
Obviously, I kicked off on Twitter and tried to gather a mob together to turn up the thief’s address and get my chicken back or convince him to change his ways, but no-one seemed up for it.
I stared at the flat on Google maps for a while and thought about texting them, ‘how’s your chicken?’ – but 10 times out of 10, my brilliant ideas backfire on me, so thought better of it.
Deliveroo gave me a callback and explained what happened. Basically, I had given my email and password to a different company which had been hacked in 2018. Criminals then sold my email and password on the dark web, probably for a couple of quid to the Nandos thieves.
Now, I was an idiot who used that exact email and password for lots of accounts, including Deliveroo. The scammers tried it there, to see if it worked – and it did. They would have tried other accounts such as Amazon and Uber too.
So lesson learned, changed all my passwords, and now they are all very different.
Have your details been sold on the black market?
There’s a really easy way to find out if your details are likely to be on the black market. Check out the website Have I Been Pwned?, put in your email address and it will tell you if your account details have been stolen.
My details were stolen from a website called Apollo in July 2018 – and still can’t work out when I gave them the details in the first place. I’m so used to making a billion accounts for all sorts of things, I’m not really sure who has this information!
If you have, change all your passwords ASAP. Even if you haven’t, but you use the same password for a lot of websites, it’s so worth changing them.
How to create a decent password
There are a lot of ways to create a strong password, check out this guide I wrote for the Money Advice Service on it. That said, my favourite one is this, straight from the mouth of Edward Snowdon.
If you can’t be bothered to watch, long story short – instead of using a password, use a pass-phrase. Snowdon’s example was along the lines of ‘MargaretThatcherIsSexy110%’. So think up a sentence rather than a word.
So yeah, still have the thief’s password and address. I Googled revenge tactics, which included glitter in the post, or putting the number on Gumtree selling services – but you know, the best revenge is living a life not as a scummy criminal, so going to stay classy!
Luckily, Deliveroo were very nice and gave me the money back, but so did the bank when I called them up to cancel the card (which was an absolute pain!). So I was about £23 up in the end, and I learned a lesson, it could have been a lot worse!
What would you do if you had the address and number of a stranger who stole from you?