EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 6 Sep 2021, 10:16 AM   #1
unbob
Senior Member
 
Join Date: Oct 2006
Posts: 100
Gang Extracts Cash From 100k Inboxes Daily

So, how does FM protect it's users from this scam?

https://krebsonsecurity.com/2021/09/...inboxes-daily/
unbob is offline   Reply With Quote

Old 6 Sep 2021, 08:33 PM   #2
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,683
Three quick thoughts on this scheme. First, it depends on stolen passwords. If you use long, random, and unique passwords for each account that would require them to have actually hacked into Fastmail (or your other email provider) directly. Second, if you don't use IMAP and can turn off IMAP access, that would block them from logging in easily. Third, I can't remember the last time I received a gift card via email--I'm not sure I ever have received one that way. I can recall sending a gift card to someone once. Is that a common thing to be done?
TenFour is offline   Reply With Quote
Old 7 Sep 2021, 10:18 AM   #3
hadaso
The "e" in e-mail
 
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,801
Quote:
Originally Posted by unbob View Post
So, how does FM protect it's users from this scam?
FastMail allows IMAP (and several other services) to be accessed using an "app password" that is generated by Fastmail and is a quite random complex string, so it would not be in any of the lists of compromised passwords these people use to access email accounts.
hadaso is offline   Reply With Quote
Old 7 Sep 2021, 10:43 AM   #4
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
Arrow 2FA and App Passwords improve security

Fastmail allows you to make use of two methods of improving the security of your login credentials.Of course, you should use a long random main password, and you won't need to use it on any apps, so it should remain secure as long as it's long (impossible to guess) and you don't lose control over your backup local copy. In other words, use a password safe program with a long unique password itself (which you never use for any other purpose). The major problem with passwords is people who use short passwords and/or reuse a password on multiple sites. Don't do either of those things!

Go to the Settings>Password & Security page of your Fastmail account.
  • This is where your main password, password recovery, and two-step verification are managed.
  • You can also check which browser and Fastmail mobile app sessions are currently logged into your account, and force any of these to be closed.
  • You also manage third-party apps (such as IMAP access) on this settings page.
Bill

Last edited by n5bb : 7 Sep 2021 at 10:49 AM.
n5bb is offline   Reply With Quote
Old 7 Sep 2021, 06:16 PM   #5
BritTim
The "e" in e-mail
 
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,084
To add to Bill's excellent advice above, look carefully at methods you allow to recover a lost account password. This can be a nasty security weakness. In particular, be aware that methods that rely only on access to your mobile phone are often unsafe. There are ways criminals are, in many cases, able to get a sim card that misappropriates your mobile phone number.
BritTim is offline   Reply With Quote
Old 7 Sep 2021, 08:35 PM   #6
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,683
My guess, based on acting as tech support for family and friends, is that there is an infinite supply of victims who don't utilize even the most basic security advice: very simple passwords that are easy to guess, no 2FA, repeated use of the same password, even sharing of passwords with others. I don't know how many times I have heard someone say something like,"They'll never guess my password," which indicates to me they only have one password they use for everything. When I try to educate them to at least use different passwords on different sites and maybe even try a password manager that is way too inconvenient. On the other hand, I have only met a couple of people in person who have ever been the victim of an online scam, and it usually had to do with visiting a scammy website without thinking or clicking a link in an obviously scammy email.
TenFour is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 06:57 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy