"Do you use Amazon?" came an email from a friend. I checked the email address. It was hers. "Yes" I replied with an uncharacteristic lack of verbosity. A short while later came the scam email. I rang to tell her that her email account had been hacked. She already knew. Unfortunately on this occasion the scammer had got hold of her password and taken over control of her account. It was a Yahoo account so possibly the scammer had got hold of her password from a very old leak when Yahoo had a lot of problems with security.
The outcome is that the spammer has details of everything she has done via email and has locked her out of her email account too. As all her contacts are in it she's lost them as well.
I am often laughed at for my security measures which mean that I use a password app with a very secure password and that no two things requiring a password have the same password. I know my master passwords for my computers and the password app and that's it. I use separate email addresses for different tasks after I learned years ago that the travel industry used to sell password lists.
As I use Apple for all my computing/cellphone etc I rarely have to type in secondary passwords and unlocking my phone and computer are generally by fingerprint and/or eye or facial recognition.
Anyway none of this would have been bloggable but for the fact that I decided the the loss of the rest of the day and evening to sorting out the outfall from the incident was exceptionally irritating.
When I was scammed I immediately went to change my password on that account. Google wouldn't let me. It locked my account saying that there was suspicious activity on it. The only conclusion to which I could come was that a potential scammer had recently tried to get in using an old password from one of the old Yahoo leaks. My passwords are usually changed every couple of years (or when I decide I want to waste a day looking at a screen and getting frustrated) but whatever it was Google decided I was a potential scammer. It took me many hours and a lot of coffee to convince their algorithms otherwise.
With scammers getting more and more sophisticated it behoves every one of us to keep all our passwords separate and secure.
Good advice. Time to change my passwords. I have gotten much better at making them more complicated, and will have to do that even more as the hackers and scammers up their game. George Orwell is no doubt chuckling.
ReplyDeleteDavid, I remembered seeing your comment and was puzzled that it wasn't here. It was in the 'Published' folder but marked as spam. As you say in your second comment Google is being a pest.
DeleteSorry to hear about your friend's security dilemma. I think you are right about scammers' evolving and ever more devious procedures. I guess I am like most people when it comes to passwords, security and all that - far too blasé for my own good. Maybe I will be scammed one day and you will be able to retort, "Told you so!"
ReplyDeleteYP, I'm not the 'I told you' sort of person. I hope it never happens to you but if, say, you got locked out of your blog you, not I, are the one who has to sort it and suffer the inconvenience. I
DeleteSadly Grahm, this activity is on the increase.
ReplyDeleteAt the weekend I received a text message which I could see was scam. I reported it to Vodafone because it was particularly clever and the fake URL was well disguised. And immediately deleted the offending message. Half an hour later Vodafone shut down my account to protect me . . . but did not explain what they had done.
The rest of Sunday evening was spent trying to unpick their security measures and I do understand what they did, and why it was not clearly explained (in case the scammer actually had my physical phone) but it was ruddy stressful and a couple of hours of my life I am never going to get back.
Like you I use different passwords for everything . . . which sometimes slows ME down but that is a price I am prepared to pay. "Allegedly" the increase in cyber attacks in the last couple of months is Russian-backed, but I suspect we will never know whether that is true or not.
Jayne, it's a huge problem for many at the moment and can only get worse, especially for people who are not computer literate. For some reason it was believed that the scam causing this post originated in Nigeria.
DeleteIt is particularly frustrating that nowadays we are increasingly facing more day to day tasks that can only be done online, and a proportionately increased danger of being hacked or scammed.
ReplyDeleteJayCee you've hit the nail on the head. It's becoming more and more difficult to do anything without access to the internet.
DeleteSorry you got scammed. What an awful, complicated mess that can cause. Sounds like you know what to do to get it straightened out. Makes us all paranoid, tho, doesn't it?
ReplyDeleteEllen, it does make us paranoid and with very good reason! (Your comment unfortunately disappeared with David's but I've rescued and re-instated it).
DeleteI am rather lax with my passwords etc, and have not yet been scammed. The Windows Security seems to be very efficient.
ReplyDeleteIt is, pity their updates aren't.
DeleteYou are very fortunate Cro. Apple security is excellent too and, because it is not the majority player, computer attacks are fewer however it's not the security of Apple or Windows that is the problem it is the use of passwords and, in this case, it may all have emanated from a leak a few decades ago of Yahoo passwords.
DeleteAdvice noted. We have different passwords on everything but there are so many these days and F refuses to keep them in her phone since one was stolen. There were no stored passwords but she realized how easy it would be to lose them all. There really seems to be no answer to it, (and I'm not allowed to tell anyone where she hides the notebook.).
ReplyDeleteTigger, I recall a security 'expert' saying that short of using a password storage program (like 1Password) the best thing for the average person to do was write the passwords down somewhere because statistically the chances of a burglar breaking and and capturing the precious hoard was statistically very small. The problem is that few of us can remember a dozen passwords never mind 431.
DeleteWhile what happened to your friend, and also to yourself, was upsetting to read, Graham it was a good wake-up for myself. I also use Apple devices which thankfully stores passwords but that doesn't mean I have all secure ones and like others have put off making some needed changes. Thank you for this post because even though it is somewhat of a chore, I plan to do one at a time and hopefully will get them changed.
ReplyDeleteBeatrice, your post also went to spam for some obscure reason. I'm pleased to have been a catalyst for some action.
DeleteI use Chrome and all my passwords are on a list in settings for folk I need them for. If the cookies thing goes pear shaped I just look them up and log in from there. I don't let it save bank ones so I've got them written in a book. It's a novel not a note book. I change the password every three months plus I have card readers to verify it's me. I can remember in the old days using a card in three countries in two days and having to wait a day for money to clear for fuel or worse a beer. Took a day for the bastards to answer the phone.
ReplyDeleteThe Yahoo thing was years ago. Is Yahoo still about, for that matter is AOL still doing email?
Didn't help me save the old Blog with Google but that was me being a smart arse and having an AOL email for foreign things and using it on Google. Not a major problem. Carrying plenty of cash used to help but with the rate our governments are printing it I suspect it'll be back to gold and silver shortly. Need Sherpas for that.
PS, Look at the price of heavy scrap if you doubt my doubts on FIAT paper money. It is useful for paying ne'er do wells. Fiat money can't be swapped for gold at the same price gold was ten years ago. Labour can if barter is used. For a few hours lambing and foot trimming you get a lamb. That doesn't pay public servant wages but can they can't lamb, weld, trim feets or drive computer controlled machines?
DeleteAdrian the email that's been taken over was a Yahoo one and the second one which was not taken over but used was an AOL one. Interestingly I assumed that they had both disappeared from the UK because I've not seen either in address for years. Adrian you haven't lived in the Hebrides where most of the original public servants were also crofters and multi-tasking was in their blood. I know accountants who have sheep and a fishing boat not to mention an old grey Ferguson. They are, I admit, a dying breed.
DeleteEvery attempt at scamming does indeed cause a lot of trouble, and even if they don't manage to steal anything else, they steal a lot of time! I do use different passwords and email, and special security for the most important stuff. But it's still a lot too keep track of. Only a couple of months ago I had spam email that seemed to come from Amazon but I saw through it. (I blogged about it so you may perhaps remember.) The tricky thing about that one was that the fake email said Amazon had put my account on hold because of detecting unusual activity... trying to get me to click on a link to a page to get that sorted. I logged in the usual way though and my account was not blocked. I reported the fake email to Amazon. I got a fake reminder a week or so after but treated that the same way, and since then it hasn't been repeated.
ReplyDeleteMonica, you are fortunate because you are pretty savvy when it comes to things like that. It is astonishing, though, how people get caught. I know one person who was fully aware of these things in a professional capacity but was momentarily caught off guard. He managed to sort it instantly and no damage was done. He was on his way to have lunch with me and a few friends and he was visibly shaken that he had actually momentarily been caught off guard.
Delete14 spaces plus, password for each account, Never Use a Word or any personal info to create a password, and, change passwords regularly, once a month to 6 months or less. If by accident you type a password where your email address goes, then change your I password. Never click on emails from an account unless you are resetting or expect that specific email. Never opt for remember me or save your password on a browser.
ReplyDeleteThose are the rules I follow from what I've read online over the years. All info is written and dated in an address book kept at home. Main accounts are duplicated and kept separate. Common sense 101
Absolutely, Maywyn, common sense.
DeleteOnline data security is always a concern. This has served as a reminder for me to update some of my details, although I do try to use two step verification where possible. X
ReplyDeleteYes, Jules, two step verification is very important.
DeleteGood advice that looks too hard for me to follow. But I really liked the word 'behoves'!
ReplyDeleteLesley, I am soooo pleased that you picked up on the word 'behoves'. I don't use it very often but I think it's a lovely word.
DeleteI left a comment yesterday, but Blogger in its inimitable way of late seems to have dispatched it to the ether. Why they tinkered with a system that worked well for year is beyond my level of comprehension.
ReplyDeleteDavid, your original comment has been rescued from span and instated in its rightful place. I am annoyed by their comment changes because I lost an insert in the program which enabled me to attach links and formatting to comments.
DeleteI'll just chuck something else into the comments if may . . . firstly to thank you for raising this once again, because if it prompts just one of your readers to update their passwords that's a great thing.
ReplyDeleteThe second thing is that whilst one's own personal security might be good, if the company to whom you have just given your email address, phone number, home address and debit card number whilst shopping gets hacked, then you are at some risk. I use a "sacrificial" email address for all the accounts I have to create to buy things together with a payment card that is not linked to anything important and has a small credit limit.
Jayne, I have been using the occasional "sacrificial" (not heard that term before) email but I read about them yesterday and I'm going to start using them more frequently. Thanks for the nudge.
DeleteMy earlier comment isn't showing up...
ReplyDeleteSorry about your being scammed. Makes me feel paranoid when I am using my computer! Ugh!
Ellen, I found you comment. It was treated as spam but not marked as such. Another Google glitch.
DeleteVery interesting to read the conments here. As you know, data protection & information security are my livelihood - in an ideal world, my job would not exist.
ReplyDeleteMeike, what is unfortunate for some is fortunate for others!
DeleteI'm very particular about passwords I use online, no one would ever guess them, they are that mind boggling lol but yes I knew about the yahoo leaks a few years ago, I prefer to use other email providers these days.
ReplyDeleteAmy, you are obviously very computer safety aware. It's so important these days to avoid a lot of angst.
Delete