E-Mail Password Threat

p.s. Agree that it looks like someone may have sold some of your info. I would change all of your online passwords, as well.

You might want to encode an identifier in your password for each password that you use.
If someone displays your password, you will know where (which site) it came from.

Very timely topic. I've been receiving these emails for about three months. First of all, they say your email password was hacked. The password they are showing NEVER was used for my email. I was used several years ago for a specialty vehicle forum that I was a member of that got hacked. So, I knew where that breach came from.

My email provider has a server level spam catcher where you can block emails form specific countries or senders. It also has a setting that allows me to block emails from a specific domain such as @domain.com, net, org, etc. I also noticed that the subject line had repeated strings. My provider allows me to enter subject strings or partial strings. I now have effectively blocked 99% of those emails.

You've no doubt noticed that the sentence structure in the emails is crude and full of false information. Yes, you should change passwords for any site where the hacked password is used.

Here is a link to a site where you can enter a password to see if it has been hacked. It is very accurate and somewhat scary: https://haveibeenpwned.com/Passwords.

I talked with the retired IT manager where I worked. He suggested getting a password vault manager.

I try to keep things out of their view but if someone locks up my computer, I will just start over. There is nothing on there that they can use against me and any shopping I do is secured by the Credit Card up to a lot. I do not have any real information on any of my computers. I don't have my address or telephone number, Bank, other financial organizations, nothing, I hope. I can replace all my computers for less than a grand and screw with them on the old ones, could be fun to give phony crud to them like the AG of CA's email or the Govs or Police chief or a porta-potty rental firm. But I'd most likely call the big three credit cheat companies and freeze everything and have my computer hard drive demolished and change everything.

Come to think about it, I;m going to set everything up now including new passwords and user names. I'm going to use ficticious names for all my new accounts and tell any retailer that if they don't like it to provide insurance covering my butt.

What I'm not going to do is worry about it.

jolooote wrote:
Exactly what worries me. How DID they know one of my Passwords???

Because you used it on another site that was hacked.

Exactly what worries me. How DID they know one of my Passwords???

Pirate wrote:
How would they know one of his passwords?

Also, don't use free 'Open' WiFi networks without a VPN service. It's possible for MiM to extract credentials even if using encrypted browser connection.

Pablos Holman, a top hacker who gives talks on security, built a Hackerbot robot looking something like a operator-less Segway with a tablet attached. It targets Open WiFi users, rolls up along side them displaying their passwords. :B

There's a funny 1-minute interview with Pablos about his Hackerbot here.

lmpres wrote:
Go change your passwords...

Agree, if you still have access, change your password immediately. Use mixed letters, numbers, and symbols at least 12 characters. According to our monthly enterprise security meeting, it can 'now' takes aprox. 52 years to crack. The former recommendation of 8 mixed characters for passwords can now be cracked in minutes.

They irritate me, but they can't hurt me.

I got this about a month ago and again last week The password quoted was one that I used but was an older one I no longer use...but if I did still use it I would change it on the sites that I used it. I use several passwords and keep track in an address book....