A quick note about internet safety, if someone wants to
access your e-mail account very badly, then they will, and there’s really
nothing you can do about it. Case in
point, today, I received an e-mail from a contractor/friend that my wife and I
used many times in our house in Westfield.
Really honest guy and did good work (met him while getting coffee in
Maria’s in Chester, NJ…so if you’re in the Morris County area, I will hook you
up). The e-mail was designed to look
like a Dropbox link with a header that read “You have a pending incoming docs
(sic) shared with you via Dropbox. Click to open: SECURE MESSAGE.” Then there was a brief sentence explaining
Dropbox and a logo for that company.
The first tip that this was bogus was the lousy English
used. “You have a pending incoming docs…” What?
OK…I’ll bite. I hovered my mouse
over the single link to see where it went
(do not click!)
www.vialorran.com.br...plus
a number of forward slashes and other folder horseshit.
Hrm…not a Dropbox link?
How very strange.
So, thinking that this was most
likely a robo-hack of a friend’s account, I replied and wrote the following “Hey Rob, I got this from your e-mail
address. It's not legit and may contain a virus. You probably want
to reset your password. Herb Scott”
A minute later, I got this:
“It is legit. Please sign in
and view the documents i sent to you. Thank you”
Riiiiiiiiiiiiiight. Next step was to call Rob. The shortsightedness of the thief was that I
wouldn’t be able to alert the account owner.
Got on the phone with Rob and he said that I was the third person to
make him aware of this and that he was on it.
Most scary was that someone
took the time, while in Rob’s account, to reply! HOLY MOTHERFUCKING SHIT!
What to do? Rob will reset his password, and, hopefully
will heed my recommendation to activate the two-step authorization that
Google/Gmail allows for. Simply, once
you enter your username and password for your e-mail, a SMS/Text message is
sent to your phone with a unique 6-digit number which you then have to enter
into your browser window in order to complete your log-in process. It’s all explained much better here.
If you’re using one of these
Cloud accounts (i.e. Google, Hotmail, Yahoo, etc.) it is imperative that you
cover your digital ass with a 2-step verification. Also also…a dude who cracks your PW for one
site is going to be tempted to use it on others, such as Amazon, PayPal, and
any credit-card married website so as to really hit the cyber-theft
jackpot. People, YOU CAN NOT USE THE
SAME PASSWORD FOR EACH WEBSITE YOU ACCESS…EVER…DON’T DO IT. There are a number of password logs available
for iOS and Android…and/or you could create a syntax where you have a root PW
and then different prefix or suffix unique to each site you sign up/in
for.
Today it was Rob, and I hope
that he was able to get it under control before there was any real damage
done. I know that those thieves know I
responded to his e-mail that I’m a real e-mail address…and I wouldn’t put it
past them to try my account next.
Luckily, I’ve got 2-step verification going on, and hopefully that will
be enough to keep them out. Fingers
crossed.
No comments:
Post a Comment