Was I hacked?

[ubuysa]

What a polite way of putting “you fooked up”.

[emoji23][emoji23]


Sent from my iPhone using Tapatalk

It could have been anyone who has access to the PC remember. Phishing attacks can be very soohisticated and you sometimes have to be very vigilant to spot them.

My rule on our computers and phones is that we never ever click links in emails. We always visit the actual website and do whatever is necessary through that. We also never click on any attachment in any email that we have not explicitly requested.

I can run my email client in a sandbox and I'll do that if there's an attachment in an email that I think we need. In the sandbox any malware that results can't affect the real PC.

 

[marklcfc]

No one has access but me though. I had no notifications about viruses or anything either

 

[ubuysa]

No one has access but me though. I had no notifications about viruses or anything either

Is it possible that on a busy day you could have clicked on a link in a phishing email without realising? It's very easily done.

 

[marklcfc]

Is it possible that on a busy day you could have clicked on a link in a phishing email without realising? It's very easily done.

Possibly, I keep getting emails from Paypal that don't look genuine. Would that give away all these details though?

 

[ubuysa]

Possibly, I keep getting emails from Paypal that don't look genuine. Would that give away all these details though?

They could be it. If you clicked on links in these fake looking 'PayPal' emails you could easily have invited malware in that looks for userids and passwords etc.

 

[Bhuna50]

and if they found a text file / excel file with them in .... payday

 

[TonyCarter]

I used to know someone who had all her passwords written down in a physical notebook

You know my dad too then?

 

[marklcfc]

I've found out what happened

123RF data breach: Hacker steals 8.3m user records from internal server

A hacker recently stole over 8.3 million user data records from 123RF after breaching a server owned by its parent company Immagine Group.

www.teiss.co.uk

 

[Bhuna50]

If you were affected by this then they should have contacted you anyway to say your details were included. If you are registered with them and your details were included in that breach then they are obliged to notify you and that article is a week old.

Perhaps a complaint to ICO.

Have you clicked on links relating to emails from 123RF? It maybe they were the phishing attempts knowing you were a registered member or something.

At least the complete wipe will hopefully have sorted yourself out - just be careful going forward.

Did you check your bank accounts / cards for any erroneous payments too - just in case?

 

[marklcfc]

I remember I got the email, but I don't click links in emails and ended up ignoring it as I'm always wary about things like that. To be honest I must not have visited the site in 10 years and couldn't even remember what it was. But by the time I got the email I'd say alot of damage was done.
Admittedly the password I used on that site was used on the social sites they got into but this doesn't explain the Amazon thing as my Amazon was a completely different email / password to the one they got from that site. Seems like I'll never know what happened with that, started on the 13th when the data breach was though.

All bank accounts are ok when I checked.

 

[Bhuna50]

So was it an email notifying you of the breach?

That's good then if they did.

At least you have an idea - Re your Amazon - did you perhaps use that email address as a secondary email / recovery email address on Amazon - I know sometimes you can set up two or three emails on sites so if you cant access one then it will recover email or start the process on your other email addresses held.

 

[Gavras]

Not sure if mentioned in the thread, however it is best practice to have more than one email address.

for example, using an email address for your facebook, LinkedIn And Then using same email address for Amazon is just increasing your risks,

If you must have Social Media accounts, have a Social Media email

then have an Email address for Amazon.

depending on how you want to manage it, you could have more than Social Media and Payment emails, you could have multiple social media email addresses and say 1 for Amazon, 1 for Bank.

obviously these are with 2FA where site / application allows.

It’s also worth looking at https://haveibeenpwned.com/

as it will potentially let you know if your email or other details have been leaked - such as if you shop with North Face

Cyber Security Today – Retailer North Face hacked, Facebook users tricked and a warning from BlackBerry | IT World Canada News

Today's podcast reports on a hack at outdoor retailer North Face, how Facebook users are being tricked and a warning from BlackBerry about a hacker-for-hire group

www.itworldcanada.com

Your email address will be shared by sites where you enter it.

Use the same email address everywhere means those accounts are vulnerable.

Use the same password everywhere with same email address..........

 

[Gavras]

<cough> Never done anything remotely like that myself....honest

Hopefully not the one you use with Capcom - Resident Evil etc....

Things Aren't Looking Good For Capcom - SVG

Capcom has become the latest major video game company to fall victim to a large-scale hack. Earlier this month, the company reported (translation via IGN) that a cyber attack had been launched against it, but that there was no evidence of any stolen data. Capcom has recently posted an newer update.

www.svg.com

 

[Bhuna50]

Not sure if this is good practice or not but I have my own domain (for the purposes of this example, say @ domain.co.uk)

Whenever I sign up with a company / website or place orders anywhere, I always use the name of the company for my email address and have a randomly set password (remembered in RoboForm).

So for example if I registered with Amazon it would be: Amazon @ domain.co.uk
PCSpecialist - my email would be pcspecialist @ domain.co.uk

etc

This way then, I also know if any companies are selling my details on because if I start getting emails to my Amazon @ email address from ABC Limited, then I know they have either hacked my email address or Amazon have sold it on.

That way then I also start to get an idea of when I may need to change my passwords - for example, I started getting various emails to my adobe @ email address so immediately checked and changed email address and passwords there.

 

[SpyderTracks]

Not sure if this is good practice or not but I have my own domain (for the purposes of this example, say @ domain.co.uk)

Whenever I sign up with a company / website or place orders anywhere, I always use the name of the company for my email address and have a randomly set password (remembered in RoboForm).

So for example if I registered with Amazon it would be: Amazon @ domain.co.uk
PCSpecialist - my email would be pcspecialist @ domain.co.uk

etc

This way then, I also know if any companies are selling my details on because if I start getting emails to my Amazon @ email address from ABC Limited, then I know they have either hacked my email address or Amazon have sold it on.

That way then I also start to get an idea of when I may need to change my passwords - for example, I started getting various emails to my adobe @ email address so immediately checked and changed email address and passwords there.

That's superb practice imho.

 

[Bhuna50]

Remember as well if you get erroneous emails from known companies, stick in a subject access request to them to see exactly what details they do hold about you.

I did this to one company addressing me by my name and found out where they got my information from - fortunately in this case it was from a company that they had purchased / saved from going bust, but forgot to tell people so they amended their processes to ensure they had peoples permission to hold their details and contact me.

I complained to one company that I had asked to be removed from their distribution list and all my details to be removed as well but they carried on emailing me - resulted in me getting a nice £150 voucher to spend on their website LOL

 

[Bhuna50]

Forgot to add - even when in a shop now if you are asked if they can email you the receipt / or ask if you want to register for emails - just give them [shop] @ domain.co.uk as your email address then too - eg Halfords ask so they I get emails from them to halfords @ ….

then you can also see what offers you get through and if you choose to go on and de-register, you know they are at fault if you still get emails to you at that email address from them...

 

[Gavras]

Not sure if this is good practice or not but I have my own domain (for the purposes of this example, say @ domain.co.uk)

Whenever I sign up with a company / website or place orders anywhere, I always use the name of the company for my email address and have a randomly set password (remembered in RoboForm).

So for example if I registered with Amazon it would be: Amazon @ domain.co.uk
PCSpecialist - my email would be pcspecialist @ domain.co.uk

etc

This way then, I also know if any companies are selling my details on because if I start getting emails to my Amazon @ email address from ABC Limited, then I know they have either hacked my email address or Amazon have sold it on.

That way then I also start to get an idea of when I may need to change my passwords - for example, I started getting various emails to my adobe @ email address so immediately checked and changed email address and passwords there.

Yep that’s really good way.

I do it as well with some things.

When dealing with other companies, especially if short term contract / consulting etc I create burner accounts.

For personal use I tend to just have multiple email addresses.

the key thing is having something in place, there are various approaches, some do nothing...

 

[ubuysa]

Not sure if mentioned in the thread, however it is best practice to have more than one email address.

for example, using an email address for your facebook, LinkedIn And Then using same email address for Amazon is just increasing your risks,

If you must have Social Media accounts, have a Social Media email

then have an Email address for Amazon.

depending on how you want to manage it, you could have more than Social Media and Payment emails, you could have multiple social media email addresses and say 1 for Amazon, 1 for Bank.

obviously these are with 2FA where site / application allows.

It’s also worth looking at https://haveibeenpwned.com/

as it will potentially let you know if your email or other details have been leaked - such as if you shop with North Face

Cyber Security Today – Retailer North Face hacked, Facebook users tricked and a warning from BlackBerry | IT World Canada News

Today's podcast reports on a hack at outdoor retailer North Face, how Facebook users are being tricked and a warning from BlackBerry about a hacker-for-hire group

www.itworldcanada.com

Your email address will be shared by sites where you enter it.

Use the same email address everywhere means those accounts are vulnerable.

Use the same password everywhere with same email address..........

I completely agree. I use five emails addresses, the one I'm registered with on here is my 'public' address and only used for registering on websites.