The importance of multi-factor authentication
-
Today my girlfriend has learned the hard way why you need to keep an eye on your personal digital foot-print. I am guessing that she was part of that massive Yahoo data breach from mid-2016 where they nabbed around a billion records. They managed to hijack her yahoo account. With that, they then managed to get logged into her Sprint account. Once they got into Sprint, they then proceeded to order 4 iPhone 7's and then had them shipped here, some empty storefront in Orlando, Florida. I guess the phones are already in S. America ready for sale to Argentinian tourists. In short order I had her Yahoo account secured again but her cell phone account is locked down. This all could have been avoided if she switched over to their two-factor authentication like I did when they started offering it. Some digital lessons are painful to learn :doh: :sigh:
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
Today my girlfriend has learned the hard way why you need to keep an eye on your personal digital foot-print. I am guessing that she was part of that massive Yahoo data breach from mid-2016 where they nabbed around a billion records. They managed to hijack her yahoo account. With that, they then managed to get logged into her Sprint account. Once they got into Sprint, they then proceeded to order 4 iPhone 7's and then had them shipped here, some empty storefront in Orlando, Florida. I guess the phones are already in S. America ready for sale to Argentinian tourists. In short order I had her Yahoo account secured again but her cell phone account is locked down. This all could have been avoided if she switched over to their two-factor authentication like I did when they started offering it. Some digital lessons are painful to learn :doh: :sigh:
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Either that or don't give details of your entire life over to a fruggin' web-site. Signed, Someone whose name is not Mark Wallace
I wanna be a eunuchs developer! Pass me a bread knife!
-
Either that or don't give details of your entire life over to a fruggin' web-site. Signed, Someone whose name is not Mark Wallace
I wanna be a eunuchs developer! Pass me a bread knife!
I always stress to other people that you can never be too careful with your personal information online. Alas, even if you are careful, it doesn't always protect you. All of my person information was nabbed in this data breach, OPM Hack[^]. The information they got was the complete documentation gathered by federal investigators for secret and top secret security clearances, which is basically your whole life, for 20+ million civilian and military personnel.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
Either that or don't give details of your entire life over to a fruggin' web-site. Signed, Someone whose name is not Mark Wallace
I wanna be a eunuchs developer! Pass me a bread knife!
...and stop using Yahoo. :^)
Jeremy Falcon
-
Today my girlfriend has learned the hard way why you need to keep an eye on your personal digital foot-print. I am guessing that she was part of that massive Yahoo data breach from mid-2016 where they nabbed around a billion records. They managed to hijack her yahoo account. With that, they then managed to get logged into her Sprint account. Once they got into Sprint, they then proceeded to order 4 iPhone 7's and then had them shipped here, some empty storefront in Orlando, Florida. I guess the phones are already in S. America ready for sale to Argentinian tourists. In short order I had her Yahoo account secured again but her cell phone account is locked down. This all could have been avoided if she switched over to their two-factor authentication like I did when they started offering it. Some digital lessons are painful to learn :doh: :sigh:
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Foothill wrote:
Once they got into Sprint, they then proceeded to order 4 iPhone 7's
I wonder if I could somehow tell my bank/credit card company that they should automatically assume my account has been compromised if they ever see a transaction sending money to Apple. Because that should never happen, no matter how small the amount.
-
Foothill wrote:
Once they got into Sprint, they then proceeded to order 4 iPhone 7's
I wonder if I could somehow tell my bank/credit card company that they should automatically assume my account has been compromised if they ever see a transaction sending money to Apple. Because that should never happen, no matter how small the amount.
I wish that were possible. Sprint has made it rather easy for customers to manager their account and order new phones all from one simple interface. It also has the side effect of making it rather easy to order new phones and have them shipped anywhere in the U.S. once the account is compromised.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
...and stop using Yahoo. :^)
Jeremy Falcon
If it didn't take so much effort and money* to set up a private email server, I would have done it eons ago. * Unless someone can point me to an open source SMTP server hosting suite
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
If it didn't take so much effort and money* to set up a private email server, I would have done it eons ago. * Unless someone can point me to an open source SMTP server hosting suite
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Not sure if this sarcasm, but there are open source SMTP/MTA products out there. Although they have a learning curve.
Jeremy Falcon
-
Not sure if this sarcasm, but there are open source SMTP/MTA products out there. Although they have a learning curve.
Jeremy Falcon
I don't mind the learning curve. I do know the extra costs for private servers (hardware, static I.P., etc...) can become prohibitive.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
I don't mind the learning curve. I do know the extra costs for private servers (hardware, static I.P., etc...) can become prohibitive.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Ah, gotcha.
Jeremy Falcon
-
I wish that were possible. Sprint has made it rather easy for customers to manager their account and order new phones all from one simple interface. It also has the side effect of making it rather easy to order new phones and have them shipped anywhere in the U.S. once the account is compromised.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Right. I'm still genuinely wondering though whether anyone's actually given the idea of blacklisting a legitimate vendor more than a casual thought. I'll never give Apple any money. My folks will never buy anything from Amazon. Etc. Anyone wanting to change their minds should go through a whitelisting process that requires papers to be signed in person at said bank.
-
...and stop using Yahoo. :^)
Jeremy Falcon
My broadband provider in the UK is Sky (the firm that made Microsoft rename it's Sky Drive to One Drive) and they used to use gmail is their underlying provider (who does a resell option on their platform so it's all on the sky domain and branded like Sky), but they moved to Yahoo a few years back so all of UK's Sky customers are in this boat too through no real fault of their own.
-
If it didn't take so much effort and money* to set up a private email server, I would have done it eons ago. * Unless someone can point me to an open source SMTP server hosting suite
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
If you get any kind of web hosting it usually comes with an SMTP\POP3\IMAP server you can use and self-administer. There are also loads of mail-only providers too if you look. However if your password is "password123", or "gandalf" or the same password you use on an unrelated site that got hacked then your email is no more secure that using yahoo.
-
Foothill wrote:
Once they got into Sprint, they then proceeded to order 4 iPhone 7's
I wonder if I could somehow tell my bank/credit card company that they should automatically assume my account has been compromised if they ever see a transaction sending money to Apple. Because that should never happen, no matter how small the amount.
Ha, I've learned that some credit cards are MUCH better at detecting fraud than others. In the past 5 years, the family has lost 6 credit cards due to corporate fraud (Home Depot, Target, etc). Last year, I'm pretty sure a gas pump / station was skimming cards (and I'm careful about this) and got our main card. $1800 worth of iTunes purchases later (all in 3-4 days), every single transaction went through. CC company was not happy when I called them. "Are you sure you did not make these purchases?" yeah, right. On the other hand, my business cc company calls me at the slightest whim.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
-
Ha, I've learned that some credit cards are MUCH better at detecting fraud than others. In the past 5 years, the family has lost 6 credit cards due to corporate fraud (Home Depot, Target, etc). Last year, I'm pretty sure a gas pump / station was skimming cards (and I'm careful about this) and got our main card. $1800 worth of iTunes purchases later (all in 3-4 days), every single transaction went through. CC company was not happy when I called them. "Are you sure you did not make these purchases?" yeah, right. On the other hand, my business cc company calls me at the slightest whim.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
why do people freak out about entering a credit card number on amazon, and not have a problem handing their actual card to a waiter at a restaurant who takes it away and pokes it into a machine to generate your charge slip? They could also poke it into another machine to copy the stripe and image the card number including the cvv on the back of the card - and when they get ripped of for charges in Hong Kong or whatever probably blame it on "on-line transactions"
Sin tack ear lol Pressing the any key may be continuate
-
why do people freak out about entering a credit card number on amazon, and not have a problem handing their actual card to a waiter at a restaurant who takes it away and pokes it into a machine to generate your charge slip? They could also poke it into another machine to copy the stripe and image the card number including the cvv on the back of the card - and when they get ripped of for charges in Hong Kong or whatever probably blame it on "on-line transactions"
Sin tack ear lol Pressing the any key may be continuate
I had my CC compromised in restaurants twice -- nope, couldn't prove it, but everything pointed to the server being the culprit. Since then I pay cash in restaurants unless it's a situation where the CC does not leave my sight.
-
I always stress to other people that you can never be too careful with your personal information online. Alas, even if you are careful, it doesn't always protect you. All of my person information was nabbed in this data breach, OPM Hack[^]. The information they got was the complete documentation gathered by federal investigators for secret and top secret security clearances, which is basically your whole life, for 20+ million civilian and military personnel.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
And to think, before that I was cagy about giving up my phone number for store loyalty cards. Every time I STIG software or a database I wonder: WTF OPM DCO?
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
-
I had my CC compromised in restaurants twice -- nope, couldn't prove it, but everything pointed to the server being the culprit. Since then I pay cash in restaurants unless it's a situation where the CC does not leave my sight.
-
I've refused a free meal on my birthday in a restaurant where the catch was that I had to hand in my drivers license for scanning.
Never heard of that before, but like you, I'd refuse.
-
Ha, I've learned that some credit cards are MUCH better at detecting fraud than others. In the past 5 years, the family has lost 6 credit cards due to corporate fraud (Home Depot, Target, etc). Last year, I'm pretty sure a gas pump / station was skimming cards (and I'm careful about this) and got our main card. $1800 worth of iTunes purchases later (all in 3-4 days), every single transaction went through. CC company was not happy when I called them. "Are you sure you did not make these purchases?" yeah, right. On the other hand, my business cc company calls me at the slightest whim.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
I have set a threshold with Discover. I get an email for any transaction over that threshold. Immediately. Lou "The trouble with children is that they are not returnable."
