Just to follow up on what happened to me.
It was pretty much my fault. I ordered a device from an online vendor, and they used my shipping address to create the check with my real address on it to fool my employer.
The device was an actual product called a Tvidler. The scammer is called EKOMLITA and is just a middle man. You order something, they may or may not order it from a real vendor and get it sent to you. The first thing they try after using your address is to NOT mail you the product, then send a "Customer Service" email asking you if you were satisified. Of course you are likely to open the email because you never received the product, and BOOM, they're in.
I luckily paid with PayPal, and after a dispute through, the product arrived from a different vendor way later. I let PayPal know that EKOMLITA is a scam vendor. The customer service email was sent to my hotmail, and I should have known better than to open considering what had happened. I didn't put the two occurrences together until I opened the email and changes started happening immediately, and the ID Shield folks alerted me in pretty much real time that my data suddenly appeared on web.
I googled EKOMLITA, and they are known scammers, but they weren't the folks that I ordered from. They must have set up a site that mirrors the real vendor, or have hacked that vendor to re route to them. IDK enough about it to know how they did it.
Long story short, I don't use that Hotmail account anymore, and never used it for much anyway, the ID Shield is working, and I guess EKOMLITA has moved on to working other rubes. I did a hard reset on my laptop and used the latest version of Windows, so hopefully any spyware they installed is gone.
I got scammed because I let my guard down, lesson learned. I'm just glad I paid through PayPal, I'm trusting that their security is pretty good. It's pretty amazing the havock the hackers created using just my email and mailing address. I heard that AI is being used to hack now. I ran into a friend that just had his Facebook hacked, and it was using his info to contact his "friends" with Trojan Horse bugs.