[ExI] nasty hijacking of mygmailaccount...extropian.pharmer at gmail.com

Harvey Newstrom mail at HarveyNewstrom.com
Fri Jun 19 23:38:03 UTC 2009

"Emlyn" <emlynoregan at gmail.com> wrote,
> Harvey, are you around, got any comments on basic online identity 
> security?

Of course.

First, never give them your username and password.  If they are really the 
system admins, they already have super-root access and can do anything they 
want.  There is no technical need for them to get your password, because the 
root password will get them into your account anyway.

Second, it doesn't matter how grammatically correct the messages are.  Yes, 
it is true that many are written by people who don't know english very well. 
But there are plenty of english-speaking scammers as well.  Also, it is 
trivial for them to duplicate a real website or a real e-mail, so it looks 
exactly perfect just like a real message from whoever they claim to be.  The 
best ones have graphics, logos, and verbiage identical to the real messages, 
with only a single line or two added in to get your password.

Third, never send your password over e-mail anyway.  It goes in clear text 
and can be gotten by scammers.  Even if there were some reason that your 
bank or ISP really needed your password, they shouldn't ask for it over 
e-mail.  You should call them directly and give it to them over the phone. 
Don't call the number in the e-mail, look up your own ISP or bank on your 
own, and call the number that you have determined really belongs to your ISP 
or bank.  Then when you try to find someone to give your password to, they 
should tell you that they would never ask for your username and password. 
(This third paragraph is only to catch people who ignore paragraphs 1 and 

Harvey Newstrom <www.HarveyNewstrom.com>

More information about the extropy-chat mailing list