Phishers are getting sophisticated

Printable View

Show 40 post(s) from this thread on one page

05-20-2019, 13:59
CS1983

Even more fun is the Indian Windows Support scammers. Rajnish, I'm on Linux. Go away.
05-20-2019, 14:01
davsel

Quote:

Originally Posted by O2HeN2

Assuming it works like 1Password.com that I use, nothing. They don't have anything but encrypted data that even they can't decrypt. I'll give more details when I'm on a real keyboard.

O2

If someone figures out your password to 1Password, LastPass, etc, they have access to ALL of your accounts. Encrypted or not.

ALL your eggs in one basket.
05-20-2019, 14:06
CS1983

KeePass is not cloud based, btw. At least the version I have. So they'd have to get physical access to my machine, guess the PW for the hard disk, guess log on PW, guess KeePass Master, and then find themselves utterly bored.
05-20-2019, 14:22
Mtneer

Quote:

Originally Posted by Zundfolge

So I got one of those scam emails "I hacked your email account, so send me bitcoin or I'll show the world the porn you look at" ... it had my email address and said what the password was. While that's not the PW for that email address it is one I've used other places (although not in a long time since I let LastPass generate them now).

I think the guy doesn't have anything on me but it is disconcerting.

I get several of these a week. They sometimes come in waves where I might get a dozen in one day, all with different subject lines. They go straight to my spam folder and are never opened.

I'm a big fan of 1Password. It also has features for tracking hacked accounts, highlighting duplicate passwords (from before I bought it), generating strong passwords, autofill, etc. Syncs to my iPhone so I can open it with a thumbprint.
05-20-2019, 14:44
Justin

Quote:

Originally Posted by CavSct1983

Even more fun is the Indian Windows Support scammers. Rajnish, I'm on Linux. Go away.

Several months ago I stumbled across a YouTube page of a guy who made sport out of taking the bait from these scammers and then hacking and destroying their computer/internal networks.

Basically he'd spin up a bunch of VMs, give the scammers access to the VM, and do something like leave a PDF or Excel file on the desktop named something juicy like "financial account data" or the like.

The scammers, of course, would copy the files, which were shot through with malware. Listening to the scammers become increasingly angry as their systems would blink out one after the other was pretty hilarious.
05-20-2019, 14:47
CS1983

Quote:

Originally Posted by Justin

Several months ago I stumbled across a YouTube page of a guy who made sport out of taking the bait from these scammers and then hacking and destroying their computer/internal networks.

Basically he'd spin up a bunch of VMs, give the scammers access to the VM, and do something like leave a PDF or Excel file on the desktop named something juicy like "financial account data" or the like.

The scammers, of course, would copy the files, which were shot through with malware. Listening to the scammers become increasingly angry as their systems would blink out one after the other was pretty hilarious.

Did you see the one where the screen went into some sort of fractal mind warp of opening files on the scammers machine and crashed their network through propagating the file everywhere, or something? They somehow timed it so the scammer accepted a remote request and then dropped the file on the desktop. In the background you hear nothing but yelling indians.
05-20-2019, 14:49
bellavite1

It's going to show my porn to the world???
Oh well, so I like Tits & Ass...SHOCKING!!![panic]
05-20-2019, 15:03
Zundfolge

Quote:

Originally Posted by davsel

If someone figures out your password to 1Password, LastPass, etc, they have access to ALL of your accounts. Encrypted or not.

ALL your eggs in one basket.

That's why you should change it regularly. The online password managers are still many orders of magnitude safer than most people's opsec ... especially considering the fact that most people use the same login and password on all their online accounts (and the password is something simple like a pet's name).

Don't let the perfect be the enemy of the good.
05-20-2019, 15:22
Skip

Quote:

Originally Posted by CavSct1983

Did you see the one where the screen went into some sort of fractal mind warp of opening files on the scammers machine and crashed their network through propagating the file everywhere, or something? They somehow timed it so the scammer accepted a remote request and then dropped the file on the desktop. In the background you hear nothing but yelling indians.

[LOL]

Link it if you got it.

I love those guys! Every second they keep a scammer occupied is a second they don't have to rip off grandma.
05-20-2019, 16:30
O2HeN2
Quote:

Originally Posted by davsel

If someone figures out your password to 1Password, LastPass, etc, they have access to ALL of your accounts. Encrypted or not.

ALL your eggs in one basket.

Not entirely true, but this is one misunderstanding that kept me from getting on board with a password manager for years.

Here's how 1Password.com works:

1Password generates a long key when you signup.

You need to install that key on whatever devices you wish to use 1Password on. This step can be a PITA but it's a one time deal per device and the QR code (or was it a barcode? I don't remember) that 1Password can generate of the key helps.

Here's security feature 1: That key AND your password are BOTH necessary to decrypt your information. So if someone "figures out your password" as you stated, without the key they have nothing UNLESS they also have one of your devices and/or your key as well.

Security feature 2: Your password is never send to 1Password, so even they don't have it. Your information remains encrypted until it's ON your device and then it's decrypted there using your password and key.

So no decrypted information is stored on 1Password's side nor does any decrypted information move through the network.

Downside is don't expect any "Password recovery" option from 1Password. If you forget it, you're SOL. This is a feature, not a bug, serioiusly.

Nice thing is that when you setup your 1Password account it prints out a nice sheet of paper with your key on it and space to write your password.

I have two copies of this, one in my safe deposit box and the other in the GF's safe deposit box.

So, to recap:
- If someone gets your password they can't get into your stuff.
- If someone steals one of your devices they can't get into your stuff.
- If someone gets your key they can't get into your stuff.
Only if they have the key AND your password can they access your stuff.

Use a good passowrd, something cryptic but easy to remember like "F0ur$c0r3@nd" and everything will be very, very secure and safe.

O2

Show 40 post(s) from this thread on one page