[Elecraft] Email DANGEROUS EMAIL

Dave New, N8SBE n8sbe at densbe.com
Wed Feb 15 13:15:50 EST 2023 

Fred,

I might agree with you on this, except the email was sent to a targeted 
email list that the original owner was subscribed to.  That smells like 
the original owner's email was hacked, and the hacker went through his 
contact list, sending emails to targets more likely to respond.

That, and the original email owner was/is using an AT&T/Bell email 
service, which is notorious for getting hacked.  My sister had such an 
email service, and after repeated hacks finally wised up and moved to 
another email provider.

Having said that, the great majority of SPAM I receive is from Gmail 
accounts.  It seems that it is dead simple for spambots to subscribe to 
thousands of GMail addresses, making them up as they go along.  It's 
like playing 'wack a mole' to blocklist all the GMail SPAM my catchall 
inbox gets.

The best advice is to NEVER use the same password on more than one web 
account, and in particular, your email account needs to be protected 
with multi-factor authentication.  If a hacker gets control of your 
email account, they can then see EVERY other account you have, and also 
use that account to 'recover password by sending an email'.  If you have 
ANY other choice for multi-factor authentication than an SMS text 
message (your phone number can be social engineered out from under you 
in a targeted attack) or email message, please choose it.  I like 
accounts that offer things like one-time-password generators based on an 
authenticator app on your smartphone, or that can use a YubiKey (or 
other Fido2 compatible device), that I always carry on my key chain.  
Lastly (or actually firstly) use a password vault, and have it generate 
random, long passwords for each of your sites you have accounts with.  
The better vaults run on all the platforms you use, and have a 
'dead-man' feature so your spouse/SO can ask for access, and if you 
don't block it in some set time period, they get access.  Saves a ton of 
time and grief if one of a couple passes away.

73,
-- Dave, N8SBE

On 2023-02-14 16:57, Fred Jensen wrote:
> Ummm ... be careful to not overplay this.  "Hacked your email" is
> usually taken to mean "breaking into your email client."  That's not
> really what is going on.  Our email addresses permeate the Internet
> and are fairly easy to harvest.  Likewise, forging a fake originator's
> address when sending an email, even making it look like it was sent
> thru a list, is equally easy.  These annoying emails are essentially
> harmless unless you take them as true, buy gift cards, and pass out
> the card numbers. Just delete them.
> 
> Same thing is true for the phone calls ... "Your Amazon purchase for
> nine hundred fifty three dollars is ready to ship.  Press 1 to
> confirm, press 2 to cancel."  Both 1 and 2 are the same, they connect
> you to the scam boiler room where you will be cajoled into coughing up
> your CC #.  Just hang up.
> 
> And, just a heads up:  The IRS does not accept gift cards for the back
> taxes you don't actually owe.  Nor is the Sheriff going to appear in
> your driveway in 20 minutes or the electric company going to turn off
> your electricity in half an hour if you don't send the gift card #'s. 
> Remember the International "J" signal JHU: "Just Hang Up."
> 
> 73,
> 
> Fred ["Skip"] K6DGW
> Sparks NV DM09dn
> Washoe County
>

More information about the Elecraft mailing list