Advertise on Bikeforums.net



User Tag List

Results 1 to 23 of 23
  1. #1
    Senior Member Retro Grouch's Avatar
    Join Date
    Feb 2004
    Location
    St Peters, Missouri
    My Bikes
    Rans Enduro Sport, Hase Kettweisel Tandem, Merin Bear Valley beater bike
    Posts
    23,730
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    OT - somebody hacked my email account.

    If you get an email from me saying I lost my wallet in London, send the money to my house because I'm not really in London.

    The ironic thing is that I suspect the hacking has something to do with renewing my Norton account because it asked for my email password and the renewal didn't go through normally. RATS!

  2. #2
    Galveston County Texas 10 Wheels's Avatar
    Join Date
    Nov 2007
    Location
    In The Wind
    Posts
    25,353
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You were scammed....
    [SIZE=1][B]What I like about Texas[/B]
    http://www.youtube.com/watch?v=PGukLuXzH1E

    Set F1re To The Ra1n ( NY Night Rain Ride)
    http://www.youtube.com/watch?v=W7jfcWEkSrI

  3. #3
    Senior Member NCbiker's Avatar
    Join Date
    Sep 2011
    Posts
    353
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What happened to you is called being "phished". No one hacked into your account, you gave them the information they needed to get in.

  4. #4
    Senior Member Retro Grouch's Avatar
    Join Date
    Feb 2004
    Location
    St Peters, Missouri
    My Bikes
    Rans Enduro Sport, Hase Kettweisel Tandem, Merin Bear Valley beater bike
    Posts
    23,730
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by NCbiker View Post
    What happened to you is called being "phished". No one hacked into your account, you gave them the information they needed to get in.
    Whatever. Any chance they'll pay my on-line bills for me?

  5. #5
    Senior Member jdon's Avatar
    Join Date
    May 2009
    Posts
    4,157
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Retro Grouch View Post
    If you get an email from me saying I lost my wallet in London, send the money to my house because I'm not really in London.

    The ironic thing is that I suspect the hacking has something to do with renewing my Norton account because it asked for my email password and the renewal didn't go through normally. RATS!
    The same happened to a friend of mine and the scenario seemed plausible for the individual. I phoned him at home to confirm he hadn't lost his passport and was stuck in a *****house in Germany unable to pay.
    Quote Originally Posted by maddmaxx View Post
    How are you ever going to live in the real world if you can't get along with people who don't believe what your do?

  6. #6
    Senior Member
    Join Date
    Jul 2011
    Location
    Raleigh, NC
    My Bikes
    2012 Motobecane (BikesDirect) Immortal Force; 2011 (?) Civia Bryant Gates Carbon Belt Drive (upgraded to Alfine 11 and Gates CenterTrack)
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Retro Grouch View Post
    Whatever. Any chance they'll pay my on-line bills for me?
    Do you use that same password for any other activities on the web that you don't wanted compromised?

    A lot of people use the same password for multiple accounts (email, Amazon purchase, etc). That's a bad idea in general.The people who were phishing know that, and are trying to gain access to any other account you might have that might use the same password. They couldn't care less about your Norton account.

    For example, they might check to see if you use that same password for Amazon purchases, online banking, or online bills of various kinds.

    In general, no one - Norton or anyone else - needs your email password, except at actual login. The don't actually store your password, they store an encrypted version that can't be "reversed" very easily. So when you log in, they encrypt the password you supply and compare that with the encrypted password on record. If the two encryptions match, the password matches. That means they don't need to to store or to know your password.

    The picture is a little more complicated than that, but those are the fundamentals. No one needs to know your password, so any email you get soliciting your password is bogus.

  7. #7
    Senior Member donheff's Avatar
    Join Date
    Jun 2007
    Location
    Capitol Hill, Washington, DC
    My Bikes
    Specialized Tricross Comp
    Posts
    1,236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikepwagner View Post
    Do you use that same password for any other activities on the web that you don't wanted compromised?
    +1. If you are using that password elsewhere change it fast. Someone with access to your email may be able to find a lot of info on you leading them to other accounts. Hopefully you have been able to access your email account and change your email password?
    Every man is, or hopes to be, an Idler. -- Samuel Johnson

  8. #8
    Senior Member Laserman's Avatar
    Join Date
    Sep 2009
    Location
    Metro Detroit
    My Bikes
    09 Giant Cypress DX, 89 Schwinn Cruiser Supreme
    Posts
    379
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No one EVER needs any password info from you.
    Any email that asks for a password is a scam.
    Set phasers to butt-whup!

  9. #9
    The Rock Cycle eofelis's Avatar
    Join Date
    Dec 2005
    Location
    Western Colorado
    My Bikes
    Salsa Vaya Ti, Specialized Ruby, Gunnar Sport, Motobecane Fantom CXX, Jamis Dragon, Novara Randonee x2
    Posts
    1,647
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Kind of along these lines, I just got an email in my work inbox about a virus to watch out for.
    Since many of us order items and get them shipped USPS and Fedex it might be something to watch out for.

    "If you receive an email from the US Post Office or FedEx or some other shipping entity saying something along the lines of “Your package could not be delivered. Please print out the attached invoice…” or “go to www.something.com/... and download your shipping info.” If you run the attachment or download the item, it will install a virus on your computer. The Post Office and FedEx should NEVER send you an email with an attachment, so the easiest way to avoid this is to simply delete the email if you have any doubts about its authenticity. Another easy check is looking at the sender’s email address. If it is not @usps.com or @fedex.com, it is almost definitely a malicious email (the virus sender will sometimes be tricky by having an address that is something like @uspostoffice.co). If you want some more information on this virus technique, please go to this link: http://www.snopes.com/computer/virus/ups.asp. "
    Gunnar Sport
    Specialized Ruby
    Salsa Vaya Ti
    Novara Randonee x2
    Motobecane Fantom CXX
    Jamis Dragon

  10. #10
    Senior Member
    Join Date
    May 2008
    Posts
    2,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Pretty routine to receive emails purporting to from someone I know asking for something. Always a fake. Most times it is just because their email address was picked up somewhere. BUT....sometimes if is because you downloaded a Trojan that has uploaded your address book or contact list. Or, if you keep your contact info in the "cloud" that server has been compromised.

    It is wise to be careful with passwords. But, these other methods attack you as well. So, keeping your head out and multiple malware applications frequently scanning is wise also.
    It is better to smell the flowers than taste the roots.

  11. #11
    Time for a change. stapfam's Avatar
    Join Date
    Jan 2004
    Location
    6 miles inland from the coast of Sussex, in the South East of England
    My Bikes
    Dale MT2000. Bianchi FS920 Kona Explosif. Giant TCR C. Boreas Ignis. Pinarello Fp Uno.
    Posts
    19,915
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just had the same but someone is In London

    Source was from The BFN50+ backup group.
    How long was I in the army? Five foot seven.


    Spike Milligan

  12. #12
    Senior Member
    Join Date
    Jul 2011
    Location
    Raleigh, NC
    My Bikes
    2012 Motobecane (BikesDirect) Immortal Force; 2011 (?) Civia Bryant Gates Carbon Belt Drive (upgraded to Alfine 11 and Gates CenterTrack)
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by donheff View Post
    +1. If you are using that password elsewhere change it fast. Someone with access to your email may be able to find a lot of info on you leading them to other accounts. Hopefully you have been able to access your email account and change your email password?
    Just as an example, if someone has your email password, they probably have your email password, and a list of online stores at which you've made purchases in the recent past, since most stores send a confirmation email when you make a purchase.

    If you have used the same password to make purchases, then they pretty much have full access to your accounts at those online stores.

    Though I doubt that many phishers go to that much trouble, if they have your email account, they may have enough info to guess the answers to some of the common "security" questions - mother's maiden name, etc.

    Here's my strategy:

    1. Low Security password - used for forums, etc. where I don' really care if it gets hacked.
    2. Online Purchase password - used for nothing but online purchases.
    3. Email password - used only for email.
    4. Online Banking password - highest security, changed regularly. My password at work ages out at a fixed interval. Every time I change my work password, I change my Online Banking password.

  13. #13
    rebmeM roineS JanMM's Avatar
    Join Date
    Jan 2006
    Location
    Indiana
    My Bikes
    RANS V3, RANS V-Rex, RANS Screamer
    Posts
    11,545
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Dear Retro Grouch ,
    I am Writing to inform you that International MonetaryFund (IMF) Instructed Western Union to release your 2011 Email promoAward Wining Sum of ($1.5Million Dollars USD,($1.500,000.00) through western union, Note that the maximum amount you will be receiving each day starting fromtomorrow is $5000.00 daily until the funds is completely transferred to you.


    KINDLY CONTACT WESTERN UNION DIRECTOR:FRANK LATASHA
    E-mail: SCAMMER@HOTMAIL

    Also Reconfirm your full information to them below as soon as you receive this message.
    YOUR NAME----------------------
    YOUR COUNTRY-------------
    YOUR TELEPHONE-------------
    OCCUPATION-----------------
    BIKE FORUMS PASSWORD-------------
    EMAIL PASSWORD-------------

    Congratulations!
    IMF Secretary,
    John Egobia.
    RANS V3 (steel), RANS V-Rex, RANS Screamer

  14. #14
    Senior Member
    Join Date
    May 2008
    Posts
    2,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just in time for a good example we received an email from "DHL.com/tracking" telling us we had a parcel we needed to pick up. It gave us a link to click on that would give us the nearest DHL office and how to arrange pick up. It also gave us a tracking number.

    Being the trusting soul that I am I went to dhl.com directly from the browser, not the furnished link. Sure enough there is a dhl.com. Sure enough there is a place to check on tracking. So far seems legit. But, the DHL web site is a bit confusing so the easy thing to do is go back to the email and use that link.

    But, again being a trusting soul intead of using the email link I entered the furnished Tracking Number in the DHL web site I got on my own. I was astounded! I was surprised! It was not a valid DHL tracking number!

    A scam that relies on the recipient being too lazy to check it? Or, did someone make a mistake and my parcel is languishing in a warehouse somewhere?
    It is better to smell the flowers than taste the roots.

  15. #15
    Senior Member
    Join Date
    Dec 2005
    Location
    Brighton, UK
    My Bikes
    Rocky Mountain Solo, Specialised Sirrus Triple (quick road tourer), Santana Arriva Tandem
    Posts
    1,546
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My wife had the same phish.

    Sent to all her email address book contacts.

    The message was plausible, because she visits London often, and loses stuff often! It was implausible to those who know her well because she's pretty accurate with grammar and the fraudulent message wasn't - but not everyone in her address book knows her that well.

    The irritation was that her email account now belongs to the fraudster, and her attempts to regain control of it is treated as a hack! So, she couldn't mass message her addressbook, had to try to remember everyone and their addresses from a new account. Not easy

    If you google the phone number the fraudsters use, you'll probably get the exact wording of the fraudulent message. Most are very well known and have been around for years

  16. #16
    Senior Member PaPa's Avatar
    Join Date
    May 2003
    Location
    Idaho
    Posts
    496
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Regarding passwords;

    Age frequently interferes with selecting a secure password. Obviously, because we're more likely to forget... even the simple ones. Here's what I do;

    (the following example is copied from, https://www.grc.com/haystack.htm ) which also provides further details about this technique)

    "Which of the following two passwords is stronger,
    more secure, and more difficult to crack?

    D0g.....................

    PrXyc.N(n4k77#L!eVdAfp9

    You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!"

  17. #17
    Semper Fi, A way of life. qcpmsame's Avatar
    Join Date
    Jan 2008
    Location
    Pensacola, Florida
    My Bikes
    CAAD 10 4
    Posts
    6,662
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry to read you got phished. I get the scam emails asking for personal information all the time. Don't even open them. I change all of my passwords regularly and keep track of them on a private information sheet that is locked away. Just because I am paranoid doesn't mean they aren't out to get me.

    Bill
    "I Can Do All Things Through Christ Who Strengthens Me" Philippians 4:13

  18. #18
    Senior Member gear's Avatar
    Join Date
    Sep 2004
    Location
    North shore of Mass.
    Posts
    2,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikepwagner View Post
    Just as an example, if someone has your email password, they probably have your email password, and a list of online stores at which you've made purchases in the recent past, since most stores send a confirmation email when you make a purchase.

    If you have used the same password to make purchases, then they pretty much have full access to your accounts at those online stores.

    Though I doubt that many phishers go to that much trouble, if they have your email account, they may have enough info to guess the answers to some of the common "security" questions - mother's maiden name, etc.

    Here's my strategy:

    1. Low Security password - used for forums, etc. where I don' really care if it gets hacked.
    2. Online Purchase password - used for nothing but online purchases.
    3. Email password - used only for email.
    4. Online Banking password - highest security, changed regularly. My password at work ages out at a fixed interval. Every time I change my work password, I change my Online Banking password.
    I would add:
    Have more than one email account, they are free. Have one to give to businesses, one for personal emails, one for web sites (like forums).
    Personally I don't get using an email account from your ISP, you have a mess to deal with should you switch ISP's.

  19. #19
    Senior Member
    Join Date
    Jul 2011
    Location
    Raleigh, NC
    My Bikes
    2012 Motobecane (BikesDirect) Immortal Force; 2011 (?) Civia Bryant Gates Carbon Belt Drive (upgraded to Alfine 11 and Gates CenterTrack)
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gear View Post
    I would add:
    Have more than one email account, they are free. Have one to give to businesses, one for personal emails, one for web sites (like forums).
    Personally I don't get using an email account from your ISP, you have a mess to deal with should you switch ISP's.
    The simple answer to the ISP issue is to buy a domain from GoDaddy, and create an email address in that domain. Then use that email address for all your email, and forward the email to whatever ISP you are using (or gmail).

    I bought mikepwagner.net (and .com, and .org). So my email address is mikepwagner@mikepwagner.net - and I can forward that email to wherever I want.

    I set this up before I moved from RoadRunner, and it worked seamlessly. As long as I pay my $5.99/year (or whatever the price is) no matter what I do with ISPs, my email address will remain mikepwagner@mikepwagner.net.

  20. #20
    Senior Member
    Join Date
    May 2008
    Posts
    2,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One other thing to consider, especially about ISP email accounts, is the way the ISP processes passwords. One I'm aware of cuts its' password checking at 8 characters. A person can enter any long password they wish. The site only checks the first 8 characters. You may think you have a nice, secure, 20 character password when, in fact, you don't.
    It is better to smell the flowers than taste the roots.

  21. #21
    Senior Member gear's Avatar
    Join Date
    Sep 2004
    Location
    North shore of Mass.
    Posts
    2,131
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikepwagner View Post
    The simple answer to the ISP issue is to buy a domain from GoDaddy, and create an email address in that domain. Then use that email address for all your email, and forward the email to whatever ISP you are using (or gmail).

    I bought mikepwagner.net (and .com, and .org). So my email address is mikepwagner@mikepwagner.net - and I can forward that email to wherever I want.

    I set this up before I moved from RoadRunner, and it worked seamlessly. As long as I pay my $5.99/year (or whatever the price is) no matter what I do with ISPs, my email address will remain mikepwagner@mikepwagner.net.
    Or use a free online account like yahoo or gmail.

  22. #22
    Senior Member
    Join Date
    Jul 2011
    Location
    Raleigh, NC
    My Bikes
    2012 Motobecane (BikesDirect) Immortal Force; 2011 (?) Civia Bryant Gates Carbon Belt Drive (upgraded to Alfine 11 and Gates CenterTrack)
    Posts
    523
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gear View Post
    Or use a free online account like yahoo or gmail.
    Right now, I redirect to gmail. But I may not always do that. If I decide I don't like google's privacy policies, etc, then I just redirect mikepwagner@mikepwagner.net to some other account. I don't have to inform anyone of the change - mikepwagner@mikepwagner.net will continue working.

    Note that these are note "free" - you are selling them the data in your email in exchange for various services. Right now I a happy to make that deal, but I may not always feel that way.

    In addition, the idea is that it is a "lifetime" email address.

    My college offered a lifetime email address for free - but that was after I bough the domain.

  23. #23
    Senior Member
    Join Date
    May 2008
    Posts
    2,373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually, when all is said and done, their is only one way not to be scammed: Be suspicious, very suspicious. Even then you will probably get fooled occasionally. The variety of attacks on our money is so vast and some so complicated that it is pretty hard to know all the tricks and traps.

    I have done some literature research on marketing as practiced by retailers. The essence is that large amounts of money and time are spent understanding human psychology and then using that knowledge to entice people to buy whether they need the product or not. These little internet scams are penny ante compared to that.
    Last edited by HawkOwl; 11-17-11 at 10:57 AM.
    It is better to smell the flowers than taste the roots.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •