|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
6 Sep 2021, 09:16 AM | #1 |
Senior Member
Join Date: Oct 2006
Posts: 100
|
Gang Extracts Cash From 100k Inboxes Daily
So, how does FM protect it's users from this scam?
https://krebsonsecurity.com/2021/09/...inboxes-daily/ |
6 Sep 2021, 07:33 PM | #2 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,722
|
Three quick thoughts on this scheme. First, it depends on stolen passwords. If you use long, random, and unique passwords for each account that would require them to have actually hacked into Fastmail (or your other email provider) directly. Second, if you don't use IMAP and can turn off IMAP access, that would block them from logging in easily. Third, I can't remember the last time I received a gift card via email--I'm not sure I ever have received one that way. I can recall sending a gift card to someone once. Is that a common thing to be done?
|
7 Sep 2021, 09:18 AM | #3 |
The "e" in e-mail
Join Date: Oct 2002
Location: Holon, Israel.
Posts: 4,837
|
FastMail allows IMAP (and several other services) to be accessed using an "app password" that is generated by Fastmail and is a quite random complex string, so it would not be in any of the lists of compromised passwords these people use to access email accounts.
|
7 Sep 2021, 09:43 AM | #4 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,926
|
2FA and App Passwords improve security
Fastmail allows you to make use of two methods of improving the security of your login credentials.
Go to the Settings>Password & Security page of your Fastmail account.
Last edited by n5bb : 7 Sep 2021 at 09:49 AM. |
7 Sep 2021, 05:16 PM | #5 |
The "e" in e-mail
Join Date: May 2003
Location: mostly in Thailand
Posts: 3,090
|
To add to Bill's excellent advice above, look carefully at methods you allow to recover a lost account password. This can be a nasty security weakness. In particular, be aware that methods that rely only on access to your mobile phone are often unsafe. There are ways criminals are, in many cases, able to get a sim card that misappropriates your mobile phone number.
|
7 Sep 2021, 07:35 PM | #6 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,722
|
My guess, based on acting as tech support for family and friends, is that there is an infinite supply of victims who don't utilize even the most basic security advice: very simple passwords that are easy to guess, no 2FA, repeated use of the same password, even sharing of passwords with others. I don't know how many times I have heard someone say something like,"They'll never guess my password," which indicates to me they only have one password they use for everything. When I try to educate them to at least use different passwords on different sites and maybe even try a password manager that is way too inconvenient. On the other hand, I have only met a couple of people in person who have ever been the victim of an online scam, and it usually had to do with visiting a scammy website without thinking or clicking a link in an obviously scammy email.
|
Thread Tools | |
|
|