[ExI] nasty hijacking of mygmailaccount...extropian.pharmer at gmail.com
Harvey Newstrom
mail at HarveyNewstrom.com
Fri Jun 19 23:38:03 UTC 2009
"Emlyn" <emlynoregan at gmail.com> wrote,
> Harvey, are you around, got any comments on basic online identity
> security?
Of course.
First, never give them your username and password. If they are really the
system admins, they already have super-root access and can do anything they
want. There is no technical need for them to get your password, because the
root password will get them into your account anyway.
Second, it doesn't matter how grammatically correct the messages are. Yes,
it is true that many are written by people who don't know english very well.
But there are plenty of english-speaking scammers as well. Also, it is
trivial for them to duplicate a real website or a real e-mail, so it looks
exactly perfect just like a real message from whoever they claim to be. The
best ones have graphics, logos, and verbiage identical to the real messages,
with only a single line or two added in to get your password.
Third, never send your password over e-mail anyway. It goes in clear text
and can be gotten by scammers. Even if there were some reason that your
bank or ISP really needed your password, they shouldn't ask for it over
e-mail. You should call them directly and give it to them over the phone.
Don't call the number in the e-mail, look up your own ISP or bank on your
own, and call the number that you have determined really belongs to your ISP
or bank. Then when you try to find someone to give your password to, they
should tell you that they would never ask for your username and password.
(This third paragraph is only to catch people who ignore paragraphs 1 and
2!)
--
Harvey Newstrom <www.HarveyNewstrom.com>
More information about the extropy-chat
mailing list