Jump to content
primeats

My email has been hacked

Recommended Posts

If anyone here has recently gotten an email from me([email protected]) please don't open it. I am not in England, still here in Illinois, don't send money, this is a scam that has gotten a few of my friends a while ago. Sorry for any inconvenience this may have caused you all. I'm taking a few hours off to change passwords, cancel credit cards, and try to recover my contacts from my crappy AOL account. I can still be reached at the [email protected] account. :mad:

Link to comment
Share on other sites

Re: My email has been hacked

Yea I'm sure it's Dave too, just trying to lighten the mood for him. Getting your information hacked is a real drag and a total waste of time for him; sending out new emails, making posts like this one, having to contact his financial institutions etc.

Good luck Dave, sorry to hear about this.

Link to comment
Share on other sites

Re: My email has been hacked

I knew it was our Dave soon as he continued asking for money!! Ha! LOL

Sorry Dave, couldn't help it; had to help Larry lighten the load..... hehe

Who knows where the Chuck Roast recipe is that's been talked about here lately (I think Doc) that's supposedly tastier than the brisket?

Yesterday I picked up two large chuck roasts from Sam's for this weekend.

Link to comment
Share on other sites

Re: My email has been hacked

Who knows where the Chuck Roast recipe is that's been talked about here lately (I think Doc) that's supposedly tastier than the brisket?

Yesterday I picked up two large chuck roasts from Sam's for this weekend.

Search didn't turn up very many convincing ideas. Looks like - unless I hear something more convincing before tomorrow - ye ol' roast is going in the dutch oven for cooking. Today is country style ribs.

Link to comment
Share on other sites

Re: My email has been hacked

That scam has been going for a few months now. The first one I got was from a friend at the yacht club then another from a sailing friend at Cisco.

Recipients of emails probably have little to worry about - the one's I've seen don't carry viruses but are just scams. An analysis I recently read said that most of these scams get the bulk of their victims in a very short time, often just hours, after being launched.

The bad-guys are using all sorts of techniques to break into people's email to send convincing emails from the victim's account but the victims are making it very easy by using terrible passwords (http://www.whatsmypass.com/the-top-500- ... f-all-time) and by reusing the same password on lots of places.

If you used the same password here or at other forums as you do on your email, all it takes is a bad apple at one of those forums and they have your password. Or maybe you were surfing at the coffee shop and somebody listened to your wifi traffic (it is really not rocket-science, trust me - even a newbie can download the Firesheep Firefox extension from http://codebutler.com/firesheep?c=1 and start getting into your Facebook and other sites).

So you use an easy password for your email but you aren't worried because you, of course, use a good one for banking. But what about all the send-my-password or password-reset features that work by sending you an email? Oops.

But with dozens of forum/mail/social/banking/investment/school/club/etc. sites, what is a good netizen to do?

First, use a password vault of some sort. After reading about some recommended tools in a network trade magazine I started using KeepassX (http://www.keepassx.org/). You have one password you use to unlock the vault which is encrypted with good AES and/or Twofish encryption. Your good passwords are in the vault - a different one for every site. KeepassX will also generate good random passwords for you and can auto-type them into sites at the click of a mouse. A similar one is Password Safe written by security expert Bruce Schneier (http://passwordsafe.sourceforge.net/). Password Safe is Windows only while KeepassX has versions for Linux, Mac and Windows. Both are open-source and free to download and use.

Second, use secure HTTP (so the site starts with https://) wherever possible. It doesn't protect against you if Mallory is working at the site your are visiting or if the site itself has been compromised but it does secure the communication between your computer and the server as well as helping validate that you are connected to the site you think instead of an impostor site - another pretty easy to accomplish trick. HTTPS is all that is needed to defeat Firesheep and other network-sniffing attacks. (Mallory and Eve are the standard example bad-guys in security examples while Alice and Bob are good guys).

While HTTPS was originally reserved for banking and similar sites in part due to the extra server load imposed, it is now available on the biggest sites on the net, Google and Facebook (announced right after Zuckerberg's page was hacked), along with numerous others like Twitter, Wikipedia and New York Times.

Firefox users can download HTTPS Everywhere (http://www.eff.org/https-everywhere) from the Electronic Frontier Foundation. This addon tries to automatically switch to using secure http where possible.

Happy/safe surfing...

Link to comment
Share on other sites

Re: My email has been hacked

Are you missing a long lost twin, LW? :D

KeepassX on my computer and phone, Firesheep, https - you hit just about everything! Some additions:

There's a setting in Facebook to automatically turn on https - this seems to be smart enough that Facebook feed readers like Tweetdeck seem to follow the setting:

http://ask-leo.com/how_do_i_turn_on_htt ... ebook.html

Google's GMail (and other Google accounts) not support something called 2-factor authentication. When you log in from a new computer the first time, in addition to your password you can use an app on your phone (or get something old-fashioned called a "text message" which is kind of like Morse code for phones :lol:) to get a one-time password. This means that even if someone guesses my actual password, they need my phone to actually log in. Or if they've got my phone (and can unlock it - you do lock your phones, right?) they still need my password.

http://googleblog.blogspot.com/2011/02/ ... -your.html

Best of luck getting things back on track, primeats, and I hope you get out of London OK! ;)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...