Economy We always hear about buying stuff online but warning change your email password

[PEB]

I follow a lot of security related issues online and email is being compromised far worst then it ever has been so whatever your email service I would recommend changing your password or even changing your service. It's not worth having a break in of your email core of almost every transaction. The level of sophistication of email hackers are rising to levels never seen before from areas like Thailand, Bangladesh, India and eastern Europe is approaching levels never seen before till recently.

Many of this areas are former impoverished areas getting greater and greater access to technology and using it for all the wrong reasons. The attacks use far more complex and global methods that have been and continue to be refined at a rate people have never experienced. Service providers are somewhat to blame for the problem because they are outsourcing more and more of their core services to Countries at the core of the issue. This used to be China and Russia leading this charge now developing Countries are using sophisticated tools and bots "that are not just for buying 1000's of graphic cards lol" but breaking systems that are in some cases over a decade old "Corporations are cheap not interested in building more security in their software".

This is just a heads up as people begin to buy more and more online getting your transactions secure had never been more important even credit card companies are provide free credit checks in some cases to improve security on their end. It's really that bad right now.

 

[PEB]

Here is an interesting article about the threat I just pulled up about the issue.

https://www.techrepublic.com/article/hackers-for-hire-target-victims-with-cyber-espionage-campaign/

"
Cybercrime is an activity that increasingly is being farmed out to third-party players. Such threats as ransomware, phishing, and malware are now available as services that can be bought and sold on the Dark Web. A new type of campaign that involves cyber espionage is the latest example of a cybercrime being perpetrated by people for hire.

"

https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced

• CostaRicto targets are scattered across different countries in Europe, Americas, Asia, Australia and Africa, but the biggest concentration appears to be in South Asia (especially India, Bangladesh and Singapore), suggesting that the threat actor could be based in that region, but working on a wide range of commissions from diverse clients.
  
  
• The command-and-control (C2) servers are managed via Tor and/or through a layer of proxies; a complex network of SSH tunnels are also established in the victim’s environment. These practices reveal better-than-average operation security.
  
  
• The backdoor used as a foothold is a new strain of never-before-seen malware – a custom-built tool with a suggestive project name, well-structured code, and detailed versioning system. The earliest timestamps are from October 2019, and based on the version numbers, the project appears to be in the debug testing phase. It’s not clear as of now if it’s something that the threat actors developed in-house or obtained for exclusive use as part of beta testing from another entity."

 

[Cid]

I have a ridiculously long passwords that even I struggle to remember so I save them to a word document on my desktop.

 

[PEB]

I have a ridiculously long passwords that even I struggle to remember so I save them to a word document on my desktop.

True but it's always good even with long and really long passwords to change them from time to time because we are talking about actors who have been using tools that break security protocols on the email servers.

 

[Headkicktoleg]

I have a ridiculously long passwords that even I struggle to remember so I save them to a word document on my desktop.

There are apps and programs that are made for storing your passwords that are very secure. Much better to switch to that than a word doc. A lot of them will also automatically generate and randomized password and auto fill

 

[reveler]

set up multifactor security on your email address itself.

e.g., a text to your mobile phone if someone tries to get into your email account.

if your email service doesnt offer mobile phone multifactor, move to a service that does.

 

[tonni]

Let them try, I'd just contact the cyber police.

 

[Damien Karras]

There are apps and programs that are made for storing your passwords that are very secure. Much better to switch to that than a word doc. A lot of them will also automatically generate and randomized password and auto fill

I was just going to ask if it would be worth installing a password manager as a browser extension

 

[Damien Karras]

My wife is the worst at passwords. She uses dictionary words or the name of her kids and she only started adding year number or year of birth. It is a fight just to get her to add a special character. I told her she is just waiting for someone to break into her accounts

 

[Falsedawn]

There are apps and programs that are made for storing your passwords that are very secure. Much better to switch to that than a word doc. A lot of them will also automatically generate and randomized password and auto fill

That's arguable. Password vaults are good for central management but also horrible because it's a single point of failure. Any time something leaves your local machine, assume it's at risk.

In the internet age, the safest "password vault" is actually the ol post it note on the computer if you can assure your physical security. Next I'd go with an encrypted zip drive with passwords enclosed. That keeps your data local and secure. Next I'd go password vaults.

Where password vaults may be useful to people is in ease of use. Changing passwords is work, and vaults will automate it. Keep in mind that a third party is managing your information though. How secure the platform is is ultimately how much you trust their name.

 

[Misfit23]

I use a password vault for everything non bank related.