cancel
Showing results for 
Search instead for 
Did you mean: 

Ransom try on?

Highlighted
Community Veteran
Posts: 6,028
Thanks: 1,662
Fixes: 3
Registered: ‎06-11-2014

Re: Ransom try on?

I had a few emails like this last year, it made me laugh about how they watched me on my "camera", my two laptops, desktop and NVR server all have no cameras, and even if they did I'd have removed them anyway as I don't use webcams (plus they're fun to play with when removed as they can be connected via USB and turned into crude digital microscopes!), so, deleted them... Grin

Highlighted
Hero
Posts: 4,182
Thanks: 1,812
Fixes: 120
Registered: ‎30-06-2016

Re: Ransom try on?


@Luzern wrote:

@Baldrick1 Operation P.assword is being dealt with. Funny thing is that I use strong words formatted like  ~9hc38ju2 with variants for each mailbox, so would have thought myself reasonably safe.


It's not only passwords that you should worry about but also email addresses that have been collected. If you use the Have I Been Pwned checker it will tell you where possible the source of the leak and whether it is just the address or address and password that's been stolen. If you keep the same email address you are forever inviting spam and phishing emails to be directed to you. Many should be filtered along the way but as you have found out, the odd one will get through. The question has to be whether this bothers you enough to change an email address that you may have been using for years.

I use a password safe, which I keep on a USB memory stick. This allows me not only to generate a new random password for every on line account but also gives me a record of all organisations that may have my email address on file. Thus I also have a record of which ones I need to update should I change the address and still want to here from.

Highlighted
Anonymous
Not applicable

Re: Ransom try on?

Where I can I always use 24+ characters in my password, including upper / lower case, number and of course symbols. In fact my Amazon password is 27 characters long!

 

Highlighted
Hero
Posts: 4,182
Thanks: 1,812
Fixes: 120
Registered: ‎30-06-2016

Re: Ransom try on?

It doesn't matter how long your password is if it's been stolen. I use 2FA on sites that keep my credit card details on file.

Highlighted
Anonymous
Not applicable

Re: Ransom try on?

Yes, that's obvious Smiley I referring to the guessing of them more then anything else. I also use 2FA where supported, including Amazon.

 

Highlighted
Hero
Posts: 4,701
Thanks: 875
Fixes: 8
Registered: ‎31-07-2007

Re: Ransom try on?

Isn't 2FA somewhat burdensome, involving use of the mobile for every site you want to email? My passwords are 10 digits, but I have seen 16 recommended. 27 as mentioned above seems like overkill. How much harder to hack does each  one make it?

Also I am thinking, if common domains like plus.com are more vulnerable than private ones, like @luzernbolivarmilionaire.me.

That said, I'll not be getting too fazed.

 

No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Highlighted
Anonymous
Not applicable

Re: Ransom try on?

2FA can be a faff but you can have 'trusted devices' i.e. your desk top PC and or tablet where you don't have to use them.

27 chars may be overkill but...

https://www.scientificamerican.com/article/the-mathematics-of-hacking-passwords/

 

Highlighted
Hero
Posts: 4,182
Thanks: 1,812
Fixes: 120
Registered: ‎30-06-2016

Re: Ransom try on?

The problem with trusted devices settings, certainly on Amazon is that they use cookies to remember your device. I have my browser set to always remove these bits of potential spyware every time I close the browser, so trusted devices doesn't work. I suppose I could set it up to leave these cookies alone but I don't particularly want Amazon tracking me and anyway I'm now in the habit of using Google Authenticator.on my phone.

Highlighted
Seasoned Pro
Posts: 940
Thanks: 328
Fixes: 4
Registered: ‎22-10-2015

Re: Ransom try on?


@Baldrick1 wrote: I would not be happy entrusting my emails to hotmail. Maybe I'm overcautious but if I know that the bad guys have my emailaddress then I take action immediately.

Really can't see the point. Its no different to someone knowing where you live. You don't change house just because something bad came through the letter box. If they had control / passwords for the account, now that would be at a totally different level.

 

As for Hotmail, can't complain. Have never had any problems with it since it was setup. Free email, huge storage space, comes with 2FA / MS authenticator / trusted devices etc. Not much difference to Google really. Just glad I don't use the Plusnet email address.

Ever helpful. Grin Sure, I’d love to help you out. Now which way did you come in?
Highlighted
Hero
Posts: 4,182
Thanks: 1,812
Fixes: 120
Registered: ‎30-06-2016

Re: Ransom try on?

@idonno 

That of course ie entirely your decision. Personally I do not like to receive phishing emails or the more unpleasant scam emails such as the one that is the subject of this topic. More importantly my wife sometimes picks up my emails and I suspect that either type would cause upset.

As for Hotmail, I am unhappy with the prospect of all my communications sitting os an American web server, be it owned by Microsoft or Google.

Highlighted
Hero
Posts: 4,701
Thanks: 875
Fixes: 8
Registered: ‎31-07-2007

Re: Ransom try on?


@idonno wrote:

@Baldrick1 wrote: I would not be happy entrusting my emails to hotmail. Maybe I'm overcautious but if I know that the bad guys have my emailaddress then I take action immediately.

Really can't see the point. Its no different to someone knowing where you live. You don't change house just because something bad came through the letter box. If they had control / passwords for the account, now that would be at a totally different level.

 

As for Hotmail, can't complain. Have never had any problems with it since it was setup. Free email, huge storage space, comes with 2FA / MS authenticator / trusted devices etc. Not much difference to Google really. Just glad I don't use the Plusnet email address.


No one has commented on the worth or otherwise of getting a private domain, as mentioned in an earlier post

No one has to agree with my opinion, but in the time I have left a miracle would be nice.
Highlighted
Aspiring Legend
Posts: 11,367
Thanks: 3,704
Fixes: 1
Registered: ‎04-11-2014

Re: Ransom try on?

@Baldrick1 

Not only communication, it's also about what we post on sites such as this which I would suggest, contain far more information about us than emails which lets face it, are fast becoming old hat in the age of mobile phones and multiple social media platforms.

Do the likes of plusnet as a convenient example keep, share or distribute any of it?

Personally I have no idea and practically I don't really care given my age. I do care however about being aware enough to ensure certain information is contained and controlled as best I can. Wink

Highlighted
Anonymous
Not applicable

Re: Ransom try on?


@Baldrick1 wrote:

As for Hotmail, I am unhappy with the prospect of all my communications sitting os an American web server, be it owned by Microsoft or Google.


If you have an aversion to Google why install their authenticator app?

Highlighted
Hero
Posts: 3,982
Thanks: 858
Fixes: 18
Registered: ‎30-07-2008

Re: Ransom try on?


@idonno wrote:

As I don't have any interest in Bitcoin(s) or know anyone who uses it, I just created a rule that if Bitcoin(s) was mentioned in the subject or in the message body, delete it. Haven't seen any since.


Very effective. Smiley

I started doing this with a few key words a few months ago - "bitcoin" was the first!

Borrow from pessimists – they don’t expect it back
Highlighted
All Star
Posts: 1,211
Thanks: 372
Fixes: 2
Registered: ‎25-07-2007

Re: Ransom try on?

A while ago I 'obtained' a copy of our audit teams Server analysis tools.

One of the tools was password complexity, of course I had to try it. Running across our Domain of over 1k users with no auto block as it was running internally. Amazed, the report contained the actual passwords used. 90% of passwords were shown after less than half a second. the rest took up to 24hrs. Random characters were no problem, neither were graphic characters and even backspaces. Upper/lowercase made no difference neither were substituting numbers for letters.

The difficult ones ? There weren't any as these were eventually shown using brute force....