Jump to content
Why become a member? ×

Have I been hacked? What do I do?


Recommended Posts

7 minutes ago, Stylon Pilson said:

I get this exact email on a regular basis, nearly word for word.

The funniest bit for me, and the real giveaway that it's a scam, is that I don't even have a webcam on my computer!

S.P.

Or do you!!!

*tinfoil hat*

  • Like 1
  • Haha 2
Link to comment
Share on other sites

36 minutes ago, hooky_lowdown said:

It is entirely possible to download spyware, malware and any other forms of virus' just by clicking on an email. If you don't know this, you should do some research my friend.

Obviously there are many levels of scammers/hackers, some are chancers, which I think the OP may have received. However, tech is so sophisticated, it's also possible to trigger or run clandestine software simply by moving your cursor over an email (you don't need to click on it to trigger).

I used to work in the web design industry for more than 20 years, and I've worked with many extremely talented web developers to know just how amazingly sophisticated tech can be.

As I've already said... NEVER open unsolicited emails.

Possible in some cases, but in this day and age it is basically not an issue unless you happen to be a particular target by a supergroup

https://www.howtogeek.com/135546/htg-explains-why-you-cant-get-infected-just-by-opening-an-email-and-when-you-can/

In fact with most modern email apps it's sometimes impossible not to 'view' an email.

Link to comment
Share on other sites

7 hours ago, ped said:

I got one of these emails on a burner account I used for something ages ago. I asked them to go ahead and release the video... please like and share!

 

Psssst.

Look, nobody tell Ped we've all seen it, OK ? Just keep it quiet.

What ?

What ?

 

Oh....he's...he's right behind me isn't he ?

 

Edited by ahpook
  • Haha 2
Link to comment
Share on other sites

Just now, ahpook said:

 

Psssst.

Look, nobody tell Ped we've all seen it, OK...just keep it quiet.

What ?

What ?

Oh....he's...he's right behind me isn't he ?

 

Don’t act like you weren’t impressed 

  • Haha 3
Link to comment
Share on other sites

4 minutes ago, ahpook said:

I know...it's put a whole new meaning on 'going down'.

 

You don’t realise he’s a soul singer until his Bill Withers......

(20-odd years I’ve been waiting to get that joke legitimately into a conversation. Twenty-odd years. My life mission is now complete)

  • Haha 4
Link to comment
Share on other sites

13 minutes ago, Skinnyman said:

You don’t realise he’s a soul singer until his Bill Withers......

(20-odd years I’ve been waiting to get that joke legitimately into a conversation. Twenty-odd years. My life mission is now complete)

/Jumps to feet, bursts into applause/

Maestro ! Maestro !

 

  • Thanks 1
  • Haha 2
Link to comment
Share on other sites

9 hours ago, Skinnyman said:

You don’t realise he’s a soul singer until his Bill Withers......

(20-odd years I’ve been waiting to get that joke legitimately into a conversation. Twenty-odd years. My life mission is now complete)

It's good to set yourself targets you feel you can achieve! Well done you! 👏

:D

8 hours ago, ahpook said:

/Jumps to feet, bursts into applause/

Maestro ! Maestro !

 

They say that sarcasm is the lowest form of wit.

I disagree entirely! :D

Link to comment
Share on other sites

20 hours ago, BassTractor said:

 Password managers concern me though. My daughter swears by one and it's Russian. Who is to say it's not the Russian mafia acting as the good guys for some time before getting nasty? 
 I don't know the answer to this, but don't take the (imagined) risk.

Unless the password manager is a scam from day 1, this shouldn't concern you. Passwords are not stored in the password manager's database in cleartext, so even the people running that company are not able to read your passwords. They are encrypted using your master password as the key, and the master password is also not stored anywhere on their servers. As long as that password is secure enough and not used for any other account anywhere online, noone will ever be able to read your passwords.

There's an infinitely much larger problem inherent in not using a password manager, because that invariably leads to reuse of passwords (since most people can't remember unique passwords for each and every account). Sites get hacked every day, and it could be literally years before anyone even finds out that your user data has been compromised. Unlike in Hollywood movies, there's no blinking red light in the company's IT department warning them that they've been hacked. The only way that warning could detect a hack would be if the developer already knew of the vulnerability, and if he knew the vulnerability he would fix it.

If your password for one site is out there, and you've used that same password for other accounts, you now have a much bigger problem.

Password managers will also generate more secure passwords that are much harder to simply guess. If you use a combination of names or dictionary words in your password, it will have two consequences:

1: It's easier for an automated system to crack it, because it can "simply" run through a dictionary and throw in various numbers and other characters in order to brute-force your password

2: There's a greater chance that someone else out there has used the same password, which means that if their password is revealed somehow, yours might be too.

Use a password manager. If you prefer to use an "American" one, then go ahead, but any well-reputed password manager will be a million times safer than any other reasonable approach.

If you really distrust cloud storage (which is fair enough), there are offline password managers that will only store your passwords locally on your computer and sync them to local storage on your other devices.

Edited by Naigewron
  • Like 1
Link to comment
Share on other sites

1 hour ago, Naigewron said:

Unless the password manager is a scam from day 1, this shouldn't concern you. Passwords are not stored in the password manager's database in cleartext, so even the people running that company are not able to read your passwords. They are encrypted using your master password as the key, and the master password is also not stored anywhere on their servers. As long as that password is secure enough and not used for any other account anywhere online, noone will ever be able to read your passwords.

There's an infinitely much larger problem inherent in not using a password manager, because that invariably leads to reuse of passwords (since most people can't remember unique passwords for each and every account). Sites get hacked every day, and it could be literally years before anyone even finds out that your user data has been compromised. Unlike in Hollywood movies, there's no blinking red light in the company's IT department warning them that they've been hacked. The only way that warning could detect a hack would be if the developer already knew of the vulnerability, and if he knew the vulnerability he would fix it.

If your password for one site is out there, and you've used that same password for other accounts, you now have a much bigger problem.

Password managers will also generate more secure passwords that are much harder to simply guess. If you use a combination of names or dictionary words in your password, it will have two consequences:

1: It's easier for an automated system to crack it, because it can "simply" run through a dictionary and throw in various numbers and other characters in order to brute-force your password

2: There's a greater chance that someone else out there has used the same password, which means that if their password is revealed somehow, yours might be too.

Use a password manager. If you prefer to use an "American" one, then go ahead, but any well-reputed password manager will be a million times safer than any other reasonable approach.

If you really distrust cloud storage (which is fair enough), there are offline password managers that will only store your passwords locally on your computer and sync them to local storage on your other devices.

Well.....if the Russian company in question is Kaspersky - lets just say they are currently under the same scrutiny as Huawei by the NCSC and NSA at the moment.

  • Like 1
Link to comment
Share on other sites

23 hours ago, ped said:

Ignore and add 'bitcoin' to your spam filter :)

As a general rule, you should change your passwords on sites you use so they each have a unique code. You can use a password manager to help with that.

Can you give an example of a good password manager please

Link to comment
Share on other sites

2 hours ago, Naigewron said:

Unless the password manager is a scam from day 1

Exactly, and that's where the concern lies.
(BTW, I wrote encryption software myself and am too aware of what software developers can do.)

Thanks for a good post though, and for the tip on the offline managers.

 

Edited by BassTractor
  • Like 1
Link to comment
Share on other sites

I have to rectify something. In a now edited post I said Kaspersky were dodgy from the start.
They may well have been, but I wouldn't know.
See, I've just found out I was instead thinking of a Norwegian company with a similar Russian-sounding name.

Sorry for any possible concerns. 

  • Like 1
Link to comment
Share on other sites

4 minutes ago, BassTractor said:

I have to rectify something. In a now edited post I said Kaspersky were dodgy from the start.
They may well have been, but I wouldn't know.
See, I've just found out I was instead thinking of a Norwegian company with a similar Russian-sounding name.

Sorry for any possible concerns. 

I found an internet website with the story, so I can now post this: :lol:

https://www.teiss.co.uk/news/ncsc-kaspersky-lab-products/

  • Like 1
Link to comment
Share on other sites

8 minutes ago, BassTractor said:

I have to rectify something. In a now edited post I said Kaspersky were dodgy from the start.
They may well have been, but I wouldn't know.

The guy who runs Kaspersky is ex Russian secret service and a mate of Putin. He has said he believes the use of the internet should be "monitored by the authorities".

This is the gist of his comments and is the reason I would not use his software in a million years. I know all the others are probably in bed with their respective Governments but as it turns out, on the internet, the Russians can be trusted the least.

  • Like 1
Link to comment
Share on other sites

57 minutes ago, KingPrawn said:

Can you give an example of a good password manager please

It depends on your devices really; for example if you use an iPhone and a Mac then the built in 'Keychain' is pretty seamless. Another good one is LastPass, which my dad uses - I think that works across different operating systems. 

Some of them seem quite expensive though, so you can also set things like two factor authentication on sites you use which contain sensitive data like anything that stores your card details or where payments are processed. I think some browsers like Chrome have the ability to set a two factor process using a google phone app in tandem.

It's a bit of a faff at first but I decided to make the jump about five years ago and get my online activity game tight, part of that was to move to a completely cloud based system. 

  • Thanks 1
Link to comment
Share on other sites

22 hours ago, hooky_lowdown said:

It is entirely possible to download spyware, malware and any other forms of virus' just by clicking on an email. If you don't know this, you should do some research my friend.

Obviously there are many levels of scammers/hackers, some are chancers, which I think the OP may have received. However, tech is so sophisticated, it's also possible to trigger or run clandestine software simply by moving your cursor over an email (you don't need to click on it to trigger).

I used to work in the web design industry for more than 20 years, and I've worked with many extremely talented web developers to know just how amazingly sophisticated tech can be.

As I've already said... NEVER open unsolicited emails.

Ohhh... Kay. Thanks for your advice.

Signed,
Someone who has worked in the web design industry for more than 20 years, and still does.

😄

Link to comment
Share on other sites

24 minutes ago, wateroftyne said:

Ohhh... Kay. Thanks for your advice.

Signed,
Someone who has worked in the web design industry for more than 20 years, and still does.

😄

Lets just say Cyber is a constantly changing environment and new attack vectors are being developed and discovered (and indeed patched) constantly.

Link to comment
Share on other sites

On 03/07/2019 at 10:20, ped said:

I had one of those - I stung them along for about 30 minutes, pretending I was completely computer illiterate (she spent a few minutes telling me which the space bar was) and when she finally said 'And what does it say on your executable window?' I said 'oh, that's strange - it says 'f&*k off'

I work in a company that is an ISP and provides all sorts of Cloud and Hosted services...when we get one of these calls it's tools down and gather round the lucky recipient. Best we've had is 36 minutes before they hung up in frustration...we have a sweep running for the longest, the winner buys drinks at the Xmas Do... 😁

  • Like 1
  • Haha 1
Link to comment
Share on other sites

+1 for Lastpass. I watched the 2 hour vid from Steve Gibson years ago when he reviewed it in detail and that swung me into using it. I think the way they explained it was great. When your passwords are encrypted and sent to the cloud, it's like mincing a cow. No matter how hard you try, you will never put the cow back together.

Top tips:

1) Change your passwords on all your sites to long ones. 15 characters would be my bare minimum and make them random. The password manager as someone has suggested will come up with random strings for you. Let it do the work.

2) Don't just get a password manager and store the passwords you've always used on various sites - change them up into something bonkers. You don't have to remember it, the manager does that so make it 20+ because the strength of the password goes up not just a bit but a *whole lot* each time you add a character.

3) Multi-factor authentication. Make life easy for yourself by not using this. Wait, wha? OK, what I mean here is, sure, you'd make life easy for you but then you've made it easier for hackers. *DO use multi-factor authentication,* it's free and it's really easy once you've used it. I use Google Authenticator. What this means is, even if you give your password to someone (disclaimer: don't do this), they cannot use it to effect without your phone or mobile device to hand. If you think this is going overboard, then consider what happens if they get into your email. Which brings me to...

4) Make your email really really secure even if you don't do anything else. If your email is hacked, that's the kingpin to the rest - they'd reset passwords on all your accounts (ebay / amazon etc.) and then you're multi-screwed.

The best bit is you're never fishing around guessing passwords any more. It integrates with the browser, over multiple devices and platforms. I still go further than this but I'm not prepared to take the tin foil hat off.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...