Attempted Scam

Discussion in 'Time Out' started by Ian J, Jul 6, 2019.

  1. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,307 1,520
    I have just received the following email:-

    Normally I just delete rubbish like this but in the first line he quoted a password and it is one that I used to use frequently a few years ago.

    The only place that I can recall still using that password is UKBF but it hasn't been scraped from here as I use a personal email address for UKBF and the scam email was addressed to my business email.

    I don't visit porn sites and don't have a webcam on my PC so that bit is rubbish but I do have concerns that he knows one of my passwords even though it's not an important one
     
    Posted: Jul 6, 2019 By: Ian J Member since: Nov 6, 2004
    #1
  2. cjd

    cjd UKBF Legend Full Member - Verified Business

    15,447 3,073
    I've had a had of these and they also use the password I use here. Maybe a coincidence but...
     
    Posted: Jul 6, 2019 By: cjd Member since: Nov 23, 2005
    #2
  3. Darren_Ssc

    Darren_Ssc UKBF Regular Free Member

    421 85
    Doubt it. The site is poorly administered and a coincidence is unlikely unless you use the same password for every account you have?

    May be stating the obvious but a good idea to change all your passwords, not just the one to this site?
     
    Posted: Jul 6, 2019 By: Darren_Ssc Member since: Mar 1, 2019
    #3
  4. Mike Hayes

    Mike Hayes UKBF Enthusiast Free Member

    1,035 261
    This may help identify which sites have leaked you data:

    https://haveibeenpwned.com

    And for anybody else reading this thread... this is why you should use unique passwords for every website, account, etc. Using a password manager will make this easier - I recommend 1Password.
     
    Posted: Jul 6, 2019 By: Mike Hayes Member since: Jan 7, 2016
    #4
  5. Mr D

    Mr D UKBF Legend Free Member

    16,195 1,804
    Yes. However run whatever security software you have first before changing.
    There are people who change passwords and give the scammers the new ones.

    Its a good idea to change passwords regularly anyway. In case someone is not polite enough to email you before trying to cause problems.
     
    Posted: Jul 6, 2019 By: Mr D Member since: Feb 12, 2017
    #5
  6. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,307 1,520
    Thanks for that. Looks like it could have been LinkedIn which was hacked seven years ago and I changed my password soon after the breach became public.

    I hear what you say about unique passwords but it's quite hard in practice with a dozen forums, banks and credit cards and dozen of other regular sites too
     
    Posted: Jul 7, 2019 By: Ian J Member since: Nov 6, 2004
    #6
  7. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,307 1,520
    It wasn't this site because they used my business email address. I have a special domain name that I use for forums and the like and prefix it with the name of the forum so this one would be [email protected].
     
    Posted: Jul 7, 2019 By: Ian J Member since: Nov 6, 2004
    #7
  8. OMGVape

    OMGVape UKBF Regular Free Member

    243 29
    All well and good until one of these password vaults gets hacked
     
    Posted: Jul 7, 2019 By: OMGVape Member since: Jan 21, 2018
    #8
  9. Mike Hayes

    Mike Hayes UKBF Enthusiast Free Member

    1,035 261
    The hacker would need to obtain your master password otherwise the data is useless.

    I think we can all agree that using a unique password per account is the right way to go about things, so then it just becomes a matter of how you remember those passwords. For most people (who don't have an incredibly memory) this would mean storing them somewhere - whether that's on pen and paper, in a text file, in a password manager with the vault stored locally or in a cloud synced password manage is another matter. I don't think pen and paper or an unencrypted text file are good ideas at all personally (very easily obtained), so that leaves password managers and the choice between local storage and cloud storage depending on your views of the cloud and the security model used by password managers.

    This is another reason why two-factor auth is a must. I enable two-factor auth on any website I can but unfortunately some services still don't offer it for some reason.

    How do you manage your passwords?
     
    Posted: Jul 7, 2019 By: Mike Hayes Member since: Jan 7, 2016
    #9
  10. Mr D

    Mr D UKBF Legend Free Member

    16,195 1,804
    Paper - perhaps a notebook at home in a drawer - does not have to be a security issue. Someone breaking into the house first before they can access your account?
    Low probability. Can boost security by keeping passwords separate without linked indicators as to what they relate to.
    So might have a book with Persimmion17 as a password on page 4 and in a separate place have number 4 relate to BT password.
    Those using any particular site many times may well remember the password for that site easily. So its the less often used sites someone may want writing down.
     
    Posted: Jul 7, 2019 By: Mr D Member since: Feb 12, 2017
    #10
  11. Newchodge

    Newchodge UKBF Big Shot Free Member

    12,464 3,236
    Dead simple. I use a formula with identical elements that I know without looking and variable elements for each site. I can write down (pen and paper) the variable elements with no risk whatsoever that someone breaking into my house could, under any circumstances, use the paper records. I could probably record them in a computer file without real risk.
     
    Posted: Jul 7, 2019 By: Newchodge Member since: Nov 8, 2012
    #11
  12. atmosbob

    atmosbob UKBF Ace Free Member

    3,866 869
    What is the point of every website having a password to do anything?

    If I go into a shop, Tesco, M&S, WHS etc I never get asked for a password to get through the door. Why do websites like Booking.com, Travelodge and my local water company add massive amounts of time to every transaction by having passwords that don't work?
     
    Posted: Jul 7, 2019 By: atmosbob Member since: Oct 26, 2009
    #12
  13. Mike Hayes

    Mike Hayes UKBF Enthusiast Free Member

    1,035 261
    Sounds like a nightmare to manage to me.

    What happens when you're on the move and need to know a password?

    With a password manager, I can access passwords securely on my mobile or laptop at any time, so wherever I am I can access my accounts.

    Another advantage of a password manager which hasn't yet been mentioned is autocomplete. I'm logging into different accounts dozens of times per day but only ever have to hold down a couple of keys on my keyboard to login.

    Plus they're highly organised using different vaults and tags.

    In order to rotate passwords frequently, or when a website is compromised, your passwords must surely have some random element to them which must be referenced from somewhere?

    Interesting but sounds like more effort (and probably less secure) than using a password manager though.

    Edit: I see what you mean, the variable parts are stored on paper. Again, sounds like a pain to manage and gives you no access while on the move.

    I agree - a guest checkout should always be offered. I normally use the guest option if available, even on websites I may shop at frequently, and do become a bit frustrated when a website insists on creating an account.
     
    Posted: Jul 7, 2019 By: Mike Hayes Member since: Jan 7, 2016
    #13
  14. Opinion87

    Opinion87 UKBF Regular Free Member

    259 50
    I believed you until I read "I don't visit porn sites."
     
    Posted: Jul 15, 2019 By: Opinion87 Member since: Jul 1, 2015
    #14
  15. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,307 1,520
    Without giving away too much let's just say that my wife is 24 years younger than me :D
     
    Posted: Jul 15, 2019 By: Ian J Member since: Nov 6, 2004
    #15
  16. Paulo1Chop

    Paulo1Chop UKBF Contributor Free Member

    90 9
    Ha ha! Well that escalted quickly! 24 years...cheap at twice the price Ian!!;)

    I had a similar email a few months ago.....

    I googled it a bit and found a scam article on the front page of the SERPs...I think it was from the Independent or a similar online publication of such standing. I think it comes from a historical hack years ago which is then sold on...to who knows where.

    I got a bit lost with th replies about password management....Password1 always works for me! Stupidity often beats technology! :confused:
     
    Posted: Jul 15, 2019 By: Paulo1Chop Member since: Jul 12, 2019
    #16
  17. estwig

    estwig UKBF Legend Free Member

    12,225 4,272
    I've seen the webcam footage, lets just say it was a small video.

    If I was you, I'd pay up quick!
     
    Posted: Jul 16, 2019 By: estwig Member since: Sep 29, 2006
    #17
  18. Mark T Jones

    Mark T Jones UKBF Big Shot Full Member

    3,378 1,009
    You have 6 friends? I wish I had some.
     
    Posted: Jul 16, 2019 By: Mark T Jones Member since: Nov 4, 2015
    #18
  19. Karimbo

    Karimbo UKBF Ace Free Member

    1,684 169
    I just use complex and unique passwords for any website with financial data or a lot of real personal data.

    For forums I just use the same, otherwise it gets so difficult to manager your passwords.
     
    Posted: Aug 21, 2019 By: Karimbo Member since: Nov 5, 2011
    #19
  20. Karl M

    Karl M UKBF Contributor Free Member

    31 0
    Do you use any password generators like keychain app? It was not easy for me to start using it but now I never think about my passwords safety.
     
    Posted: Sep 11, 2019 By: Karl M Member since: Jul 5, 2019
    #20