EmailDiscussions.com - View Single Post

n5bb · 4 Nov 2018, 07:03 AM

I agree that a password manager and unique passwords for each site is the best solutions. I use the SplashID password mangager on Windows, iOS, and their website. But there are many password manager solutions these days, including some included with operating systems and browsers.

As others have pointed out, it’s important to use a different random password at each site which needs a password. Most sites now use your email address as the username, so I use a unique Fastmail subdomain password for each site when I sign up. So if I get phishing spam sent to that unique address, I know that specific service had a security breach. That allowed me to discover a breach of my special email address at a bank and an IT services company. Only the unique email was exposed (not my password). If you use a single login name/email and password at all sites then if one is breached all are available to a scammer.

By far the most important service to keep secure is the email service where you receive notices and password reset messages from your online services. And, of course, your mobile phone, since many services send you login codes and reset messages via a mobile text message.

Scammers are very ingenious. Earlier today I received a scam phishing email (which Fastmail caught and placed in my Spam folder) which appeared to be from the widow of a friend who passed away 3 years ago. The From email address was fake and used the username of my old friend but the domain name of a company in Canada which is no longer in business and has no MX record so no incoming email server. I’m in the US. But the scammer probably didn’t know that — they just had a name to use in the signature and From field and a From domain which they could use with no difficulty. The message body consisted of a goo.gl shortened link to hide the actual URL (which was a PHP page on a server in Turkey). Don’t respond to suspect emails or click any links in them! I hate link shorteners, since they are used by scammers to hide their dangerous URL so you don’t know where you go when you click the link.

Bill

4 Nov 2018, 07:03 AM	#29
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,927	I agree that a password manager and unique passwords for each site is the best solutions. I use the SplashID password mangager on Windows, iOS, and their website. But there are many password manager solutions these days, including some included with operating systems and browsers. As others have pointed out, it’s important to use a different random password at each site which needs a password. Most sites now use your email address as the username, so I use a unique Fastmail subdomain password for each site when I sign up. So if I get phishing spam sent to that unique address, I know that specific service had a security breach. That allowed me to discover a breach of my special email address at a bank and an IT services company. Only the unique email was exposed (not my password). If you use a single login name/email and password at all sites then if one is breached all are available to a scammer. By far the most important service to keep secure is the email service where you receive notices and password reset messages from your online services. And, of course, your mobile phone, since many services send you login codes and reset messages via a mobile text message. Scammers are very ingenious. Earlier today I received a scam phishing email (which Fastmail caught and placed in my Spam folder) which appeared to be from the widow of a friend who passed away 3 years ago. The From email address was fake and used the username of my old friend but the domain name of a company in Canada which is no longer in business and has no MX record so no incoming email server. I’m in the US. But the scammer probably didn’t know that — they just had a name to use in the signature and From field and a From domain which they could use with no difficulty. The message body consisted of a goo.gl shortened link to hide the actual URL (which was a PHP page on a server in Turkey). Don’t respond to suspect emails or click any links in them! I hate link shorteners, since they are used by scammers to hide their dangerous URL so you don’t know where you go when you click the link. Bill