seems more like your computer/phone/whatever you use to login might be compromised then, no?
this is the biggest issue people have with all this āconvenienceā. next time we someone complain about taiwans draconian bank system, just realise that most of taiwans fraud is now mostly the idiots fault actually giving permission, not the bank 
I can never understand why it should be even legally possible to apply for credit checks, loans etc via email and the like. and some people want a cashless society, dear lord.
hope you get it sorted. I would be wiping everything and starting new. not just emails, business, personal etc but get a new sim card at the same time as contacting government fraud agencies. I would contact taiwans anti fraud yesterday to at least get paperwork filed in the even you are stuck with a debt, you can then show official paperwork, date stamped by the officials, which will help win out if court becomes reality.
dont take it lightly if it seems you are getting fucked. be diligent. contacting everyone you know and changing up, even if its 5000 people, is far easier than years of court proceedings and potential bankruptcy. or worseā¦
ps. this email is seems like an obvious bullshit email, not legit in the slightest, until proven otherwise.
DoNotReplyUS@service.americanexpress.com
firstly, the uppercase looks like it came from an online gamer 20 years ago. second, the service. shouldnāt be after the @ it will be before the @keoni
after the @ should only be the actual confirmed american Express address. seems phishy as all hell before even reading the email!
a simple communication to AE to confirm the address is legit would probably be easier than trying to get them to divulge sensitive data over the phone/email. which they ABSOLUTELY should NEVER do! scammers try that shit all the time. they should be smarter than that.
1 Like
I donāt borrow money so I have no credit history. True liberation is having zero debt and not living in constant fear of someone sabotaging my credit score so I canāt borrow money.
2 Likes
All of the emails sent seem to have something after the @ but before the actual domain. Like @info.prosper.com or @service.americanexpress.com so it sounds like there might be something to this.
However, the emails all include links to legit sites, so even if those are fake emails, Iām unsure what their actual goal is.
Anyways Iāve contacted all the companies I received emails from to check if they are legit emails at least. Iāll be calling the ones I havenāt spoke to on the phone, and also the credit agencies during the business hours tomorrow.
3 Likes
To confuse you and deceive you into clicking one of the links that they control.
So, the official SoFi support replied to my phishing report saying the email was legit and there was an application made in my name.
2 Likes
Tbf your name is American af. I had at least 50 meishijias in my graduating class
7 Likes
Have you considered not sharing the first 12 digits of whatever card this is with the whole interwebs? Iām just sayinā. 
8 Likes
thatās good. best to confirm with them. if itās legit, I would be contacting all the fraud agencies. taiwan, USA and UK. dont be shy. at least you get actual date stamps and you can avoid paying 1nt after said date if court happens.
ps. sorry @keoni I have no idea why my message tagged youā¦
2 Likes
Firstly, although scary I wouldnāt lose any sleep over it. Call them on a business day and itāll get sorted out. They are pretty good at cleaning stuff up, especially as its so blatant.
2 Likes
So one of the cards they applied for has apparently been acceptedā¦ unless this is all fake. Email came from capitalone@notification.capitalone.com
The link in the email goes to https://applicationcenter.capitalone.com/
I donāt see how that could be a fake domain
1 Like
sorry if this is an absurdly.oviously dumb question.
you dont have a SIN. do the cards, in the country of application, require one? if yes, and you dont have one, this is actually somewhat comical (sorry).
Yep. I donāt have a SIN, so if these are real then they are affecting some other person who theyāve stole from too. Iām not too worried because of that, but still want to get to the bottom of this
2 Likes
for sure, but kind of a weird one. you dont have the power to get private info over the phone (hopefully), but government anti fraud agencies absolutely do.
The only explanation I could think about is that someone is using these applications as a decoy for a real attack against on of your bank accounts. They will keep you busy hunting down all these applications - meanwhile they will empty your real bank accounts.
Iām still thinking that some guy in the US who also uses protonmail for email and has the same name as me just applied for a bunch of credit/loans and typed his address in wrong the first time, and auto filled it wrong the following times. If someone was trying to actually use a fake identity to apply for cards they would have the emails go to their own inbox, not mine. The fact that one of the cards was accepted also makes me think someone with a real SS number applied too.
This whole thing is weird as fuck.
4 Likes
I feel stressed just imagining Iām you. What a pain!
4 Likes
no worries 
youāre being phishedā¦
the real online card application site for capital one is here https://applynow.capitalone.com
btw, I hope you didnāt click on that site in the emailā¦. sometimes, the point of the email is just to get someone to click on a linkā¦
The link I shared came from clicking on Apply Now on one of the cards here https://www.capitalone.com/credit-cards/
Itās highly unlikely that an attacker would have access to a subdomain of capitalone.com.
The host part of URLs is resolved right to left - so if someone owns example.org, they would need to take explicit action to give away apply.example.org or whatever.example.org
2 Likes