Difference between revisions of "TN2"
(2 intermediate revisions by the same user not shown) | |||
Line 15: | Line 15: | ||
* making promises too good to be true. |
* making promises too good to be true. |
||
− | Note that sophisicated scams try to convince you they know everything about you. They use your email address. They may know a password |
+ | Note that sophisicated scams try to convince you they know everything about you. They use your email address. They may know a password from some other site that has been breached. |
== What Should I Do? == |
== What Should I Do? == |
||
− | In most cases, the best thing to do is ignore the email. Your address was probably mass generated by the spammer or |
+ | In most cases, the best thing to do is ignore the email. Your address was probably mass generated by the spammer, or leaked from some other site. Don't worry. Your email address is not a secret and there is no security implication to it being public. |
Don't try and reply to the scam. The sender's address is probably fake or misappropriated. If you somehow succeed, you are just [https://www.ted.com/talks/james_veitch_this_is_what_happens_when_you_reply_to_spam_email guaranteeing more spam]. |
Don't try and reply to the scam. The sender's address is probably fake or misappropriated. If you somehow succeed, you are just [https://www.ted.com/talks/james_veitch_this_is_what_happens_when_you_reply_to_spam_email guaranteeing more spam]. |
||
Line 28: | Line 28: | ||
The most effective things you can do are: |
The most effective things you can do are: |
||
* Choose hard to guess passwords. Random and long is good. |
* Choose hard to guess passwords. Random and long is good. |
||
+ | * Only generate passwords locally. Don't trust online services that offer to this. |
||
* Use a different password for each account. You don't want to lose everything becuase some lousy social networking site got breached. |
* Use a different password for each account. You don't want to lose everything becuase some lousy social networking site got breached. |
||
Latest revision as of 14:32, 12 July 2020
Email Scams
Beware! There are many email scams and they are always evolving. The major reasons that email is attractive to scammers are:
- it is insanely cheap to spam millions or even billions of accounts,
- it is easy to pretend to be someone else (although this is getting harder), and
- it is easy to hide your tracks by using burner or subverted email infrastructure.
How Do I Recognise a Scam?
Scams are the same online and offline. The scammer wants to take something valuable from you. Some key tells are:
- demanding money (including virtual currencies),
- creating a sense of urgency or panic,
- attempting to embarrass or blackmail you,
- asking for or using your personal information (including passwords!), and
- making promises too good to be true.
Note that sophisicated scams try to convince you they know everything about you. They use your email address. They may know a password from some other site that has been breached.
What Should I Do?
In most cases, the best thing to do is ignore the email. Your address was probably mass generated by the spammer, or leaked from some other site. Don't worry. Your email address is not a secret and there is no security implication to it being public.
Don't try and reply to the scam. The sender's address is probably fake or misappropriated. If you somehow succeed, you are just guaranteeing more spam.
Thinking About Passwords
You really don't want a scammer breaking into your email account. For one, they will use your account to hurt others. Worse still, they may use information in your account against you in a targeted attack. These are not nice people.
The most effective things you can do are:
- Choose hard to guess passwords. Random and long is good.
- Only generate passwords locally. Don't trust online services that offer to this.
- Use a different password for each account. You don't want to lose everything becuase some lousy social networking site got breached.
Modern browsers can generate and remember passwords so you don't have to.