EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 2 Nov 2018, 04:11 PM   #16
xyzzy
Junior Member
 
Join Date: May 2018
Posts: 18
I try to answer questions on the att internet support forums. In the last two days there have been three posts of a similar scam. Oddly, I just answered one just before I came here and saw this thread. The poster said they were being asked for $871. Wonder where they came up with that number. The other two were, if I recall, around $900. This latest poster didn't go in to any details but I did reply to ask for the details.

I'm only mentioning this here just to inform that this scam is not limited to fastmail email addresses.
xyzzy is offline   Reply With Quote
Old 2 Nov 2018, 04:32 PM   #17
noclue
Essential Contributor
 
Join Date: Dec 2007
Location: San Antonio, Texas USA
Posts: 498
Thanks, xyzzy. That is reassuring. I guess I thought FM was invincible, but a scam is a scam! I talked to my Mac lady, and she said to consider this a prank call, that I shouldn't worry about it. You have echoed her advice, so other than beefing up my passwords I think I'm going to do just that. I don't want to deal with a password manager. I do see the benefit of one, but I don't have the brain power to mess with it.

The $871 is what was in my email, too. I should have known that this was a hoax when the "author" insinuated that I'd been visiting "initimate" sites. I am a 72-year old female! . A fairly boring one at that...
noclue is offline   Reply With Quote
Old 2 Nov 2018, 04:41 PM   #18
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,086
Well, it made me smile!

https://www.theregister.co.uk/2018/1...ackmail_video/
FredOnline is offline   Reply With Quote
Old 2 Nov 2018, 04:52 PM   #19
noclue
Essential Contributor
 
Join Date: Dec 2007
Location: San Antonio, Texas USA
Posts: 498
I have to pass that one on, Fred! Thanks.
noclue is offline   Reply With Quote
Old 2 Nov 2018, 06:50 PM   #20
Terry
The "e" in e-mail
 
Join Date: Jul 2002
Location: VK4
Posts: 2,599
Quote:
Originally Posted by noclue View Post
The password in that scam email was NOT my password. The only thing that was correct was my email address.
That's good at least it was nothing to do with Fastmail.
Terry is offline   Reply With Quote
Old 2 Nov 2018, 09:17 PM   #21
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 573
Quote:
Originally Posted by FredOnline View Post
www.theregister.co.uk/2018/10/26/blackmail_video/
What a great way to start a Friday! Thanks Fred.
somdcomputerguy is offline   Reply With Quote
Old 2 Nov 2018, 11:37 PM   #22
jhollington
Essential Contributor
 
Join Date: Apr 2008
Posts: 361
Quote:
Originally Posted by xyzzy View Post
I try to answer questions on the att internet support forums. In the last two days there have been three posts of a similar scam. Oddly, I just answered one just before I came here and saw this thread. The poster said they were being asked for $871. Wonder where they came up with that number. The other two were, if I recall, around $900. This latest poster didn't go in to any details but I did reply to ask for the details.
Yeah, I've been seeing these e-mails in my spam folder for a few months now, so it's not even a new scam. The amounts and other details change slightly, but the premise is pretty much identical for every one of them.

That said, the inclusion of passwords does seem to be more recent. My father got caught up with one of those a few weeks ago although it was an older password in his case *and I've recently gotten one or two with a password in them as well, which I've been able to trace back to obscure sites that I haven't even logged into in almost ten years.

In short, as others have pointed out, these come from security breaches where hackers have gotten their hands on lists of users and passwords from various sites, from the huge ones at places like LinkedIn, Dropbox, and Adobe, to scores of much smaller sites.

You can visit https://haveibeenpwned.com to look up your e-mail address and see a list of any places where your password may have been compromised in a hack, and if you use a password manager like 1Password, it actually ties into this database directly and flags any passwords that you should change.
jhollington is offline   Reply With Quote
Old 3 Nov 2018, 06:00 AM   #23
TenFour
Essential Contributor
 
Join Date: Feb 2017
Posts: 366
Supposedly my password was taken in a Dropbox breach and a LinkedIn breach a few years ago, but since I have been using unique passwords and storing them in password managers for many years I had little to worry about. I kept nothing much in Dropbox anyway, and only my profile in LinkedIn, with nothing I would consider private. IMHO a password manager is the only way to go for most of us. Try one out--they are really quite easy to use and worth it, though there are also many free versions. Probably the #1 thing to do for security if you don't already use one.
TenFour is offline   Reply With Quote
Old 3 Nov 2018, 06:18 AM   #24
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 573
The email I received was To: an address I explicitly used for Dropbox, but the password in the email was for another web service that has been long (close to a decade) out of business, and I hadn't used that service for several years or so before that. Also of interest to me is that the password was in the wrong letter case (the password revealed was all lower case, where several of the letters were upper case in actuality) and several 'special characters', that were in the real password, were not in the spam email password..

- Bruce
somdcomputerguy is offline   Reply With Quote
Old 3 Nov 2018, 06:30 AM   #25
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 573
Quote:
Originally Posted by TenFour View Post
Probably the #1 thing to do for security if you don't already use one.
I agree 100%. I also use my password manager, KeePass, as a 'bookmark holder' and only go to some sites using that manager which holds the unique, unmemorable password.

- Bruce
somdcomputerguy is offline   Reply With Quote
Old 3 Nov 2018, 07:43 AM   #26
Folio
Junior Member
 
Join Date: Jul 2014
Posts: 21
For the truly dedicated user of password managers:

https://www.passwordstore.org/

There are even Firefox and Chrome extensions.
Folio is offline   Reply With Quote
Old 3 Nov 2018, 08:05 AM   #27
somdcomputerguy
Cornerstone of the Community
 
Join Date: Jun 2004
Location: Rupert, WV
Posts: 573
Quote:
Originally Posted by Folio View Post
www.passwordstore.org
Interesting. I'm a fairly regular user of GPG as well. When I get some 'free' time, I just might 'toy' around with it. Honestly though, I'll most probably stick with KeePass, as I've been using for the better part of two decades and I'm very comfortable with and dedicated to it. Thanks for the link though.

- Bruce
somdcomputerguy is offline   Reply With Quote
Old 3 Nov 2018, 09:08 AM   #28
Folio
Junior Member
 
Join Date: Jul 2014
Posts: 21
Quote:
Originally Posted by somdcomputerguy View Post
I'll most probably stick with KeePass...
Yes, as much as I like tinkering with pass, I actually use KeePassXC.
Folio is offline   Reply With Quote
Old 4 Nov 2018, 08:03 AM   #29
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,392
I agree that a password manager and unique passwords for each site is the best solutions. I use the SplashID password mangager on Windows, iOS, and their website. But there are many password manager solutions these days, including some included with operating systems and browsers.

As others have pointed out, it’s important to use a different random password at each site which needs a password. Most sites now use your email address as the username, so I use a unique Fastmail subdomain password for each site when I sign up. So if I get phishing spam sent to that unique address, I know that specific service had a security breach. That allowed me to discover a breach of my special email address at a bank and an IT services company. Only the unique email was exposed (not my password). If you use a single login name/email and password at all sites then if one is breached all are available to a scammer.

By far the most important service to keep secure is the email service where you receive notices and password reset messages from your online services. And, of course, your mobile phone, since many services send you login codes and reset messages via a mobile text message.

Scammers are very ingenious. Earlier today I received a scam phishing email (which Fastmail caught and placed in my Spam folder) which appeared to be from the widow of a friend who passed away 3 years ago. The From email address was fake and used the username of my old friend but the domain name of a company in Canada which is no longer in business and has no MX record so no incoming email server. I’m in the US. But the scammer probably didn’t know that — they just had a name to use in the signature and From field and a From domain which they could use with no difficulty. The message body consisted of a goo.gl shortened link to hide the actual URL (which was a PHP page on a server in Turkey). Don’t respond to suspect emails or click any links in them! I hate link shorteners, since they are used by scammers to hide their dangerous URL so you don’t know where you go when you click the link.

Bill
n5bb is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 02:47 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy