Main Area and Open Discussion > Living Room
Email Security
cmpm:
Someone has found my email and password with my Gmail account.
And used my account to send spam.
Changing the password fixed it though.
From searching for answers I found some do this for spamming your contacts.
Which they did, until Gmail blocked the account for suspicious activity.
Rightfully so, and I'm glad they did.
I'm wondering how they did it.
One thing I learned was to not use the same password for forums that you use for email or other things.
This is possibly how they got my info. And the best answer I could find.
I have no virus' or any spyware on my computer that I know of.
Still I ran full scans of Nod, SAS, and mbam-still nothing.
I know it was not DC, but I suspect another forum.
Question - How can I find out who done it? Is it possible?
Reading what others said, only turned up China based outfits engaged in this activity....
?
I'm not in China or a Chinese forum.
I am in a few forums though...5 or 6 I think.
mouser:
One thing I learned was to not use the same password for forums that you use for email or other things.
--- End quote ---
this is really critical -- do not use the same password on multiple sites, and never use the same password for an online service as you do for your email or financial institutions.
cmpm:
Yes, very critical.
Kind of funny in a way though.
Since I have my other email address accounts in my contacts.
I spammed myself. :)
That's part of how I figured out what was happening.
I apologize if you received this spam.
J-Mac:
Another thing you have to be careful about: The extremely stupid concept most financial institutions have of requiring you to have "security questions and answers". I don’t know who dreamed this up but it is very dangerous IMO. The questions commonly put forth for this are ones whose answers can easily be derived with a little searching around. For example, it wouldn’t be difficult for me to obtain the name of the high school someone attended, the city they were born in, married in, etc. Especially with the social network profiles so easily viewed today.
Once I gather enough of that trivial data on someone I could go to a site requiring login and claim I am you and that I forgot my password - or just enter an incorrect password. Then answer appropriately when they ask for the answers to the security questions and they will give me a new password. Some will only email it to a backup email address you supply but many people use Hotmail or other free accounts for the backups and then let them lapse.
Whenever you are required to provide answers for so-called security questions, give nonsensical answers and be sure to make a note of what you give as answers. Use the "Secure Note" feature of Roboform, LastPass, or Keepass. Because someday you will need to remember those answers. I use a completely random series of numbers and letters for, say, the name of my high school. Anyone who discovers the actual high school I attended will be disappointed if they try and give that as a security answer. Do the same for all the questions. No human reads them; only a computer. So no one should question how you attended a high school named, "23dkic4ls89". ;)
Jim
f0dder:
Another thing you have to be careful about: The extremely stupid concept most financial institutions have of requiring you to have "security questions and answers". I don’t know who dreamed this up but it is very dangerous IMO.-J-Mac (October 09, 2010, 01:58 PM)
--- End quote ---
Yeah, and extremely silly - especially if they require you to fill this info. I always choose "mother's maiden name" and fill in "byggemand bob" - which is obviously not her maiden name.
Navigation
[0] Message Index
[#] Next page
Go to full version