In data venerdì 5 febbraio 2021 03:06:23 CET, Doug McGarrett ha scritto:
On 2/4/21 1:55 AM, Simon Becherer wrote:
Am 03.02.21 um 20:08 schrieb Doug McGarrett:
3. In the last two days have received email stating that an order was received from me to Amazon for a $3000 camera, and that it would be delivered Wednesday, along with a phone number to cancel the order. I did not place such an order, and called Amazon to straighten this out, which they did. It had my full name on it. I forget if it had my house address.
1) i would be very carefully with such mails. IF this mail IS a fake YOU call fake people (not the real amazon people) and (maybe) give them the rest of your personal data (bank account or password or something else) -> I would never answer to such a mail. i would read carefully and then SEARCH OUTSIDE the mail for a contact. here in germany its not normal that you get a PHONE number from amazon. so i would say you where falling in their trap.
Well, I did not talk to anyone at that phone number, I called Amazon. So I do not give any bank information over the internet, I won't even deal with my banks over the net. It is, however, obvious that I have to provide real entities with my credit card number and address and phone number. A couple of times there has been something suspicious about a credit charge and I follow that up right away. I have had bills cancelled and cards replaced, which the credit card companies are very helpful in doing.
only idea i have is now to hope you have NOT give them any account information (bank, or amazon passwords) (real support people will never ask you about this type of information) you could with google try to search for this phone number. sometimes such numbers are know for spam or other bad things.
2) your full name could come from maybe this list (if somebody read here) or some OTHER computer who has your emailadress and mail was hacked, or some marketplace or something else was hacked. i receive sometimes mails from people i know, but the mail is not from them. and i am pretty sure (never 100%) that nobody up to now has hacked my systems. SOMEWHERE a emailadressbook was hacked where i and some other contacts of me where in. you could go to
and follow the instructions.
I Have vaguely heard of that operation, and I will follow it up. Twice I have received mail purpoting to be from someone I know, but that always gave itself away one way or another, and I have informed the people who were impersonated so they could take whatever action they thought was desirable.
therefore you could see if your data is inside a !!KNOWN!! hacker list. (of course with this you will not know if your computer was hacked.)
3) !!!!for security reasons, change NOW imidiately zour login data for amazon!!!!! and if you use the same combination of password and loginname somewhere else, change all !!! -> NEVER use same password and login name by different accounts!!!!
4) there are usb boot sticks for download from known anti-virus sides avira f-prot mcaffee (only examples, not checked if they still offer it for free) with this you could boot a possible infected system and search for KNOWN virus - OF COUSRSE you should donwload and safe to stick this on a computer who is sure not infected.
Yes, good idea! I hadn't thought about running an AV routine from an external source. I will have to follow up on that.
5) if you receive a file inside a mail you are not sure it is free of maleware you could upload it to www.virustotal.com (and if only one scanner reports a problem i would not open the file. i receive about one time a week mails with pretty new viruses. sometimes (1 or 2 times last year) i am the first who uploaded this type of file (maybe the virus is known inside the file) but the file itself in this combination was never uploaded before. and there are always only a hand full scanners who detect it. ( a couple of weeks later mostly the rate increased)
I don't think I've ever received a file inside a mail, even from family, unless it was obvious what it referred to. And if it was NOT from family, I would certainly not open it.
Thank you for your interest. You have definitely given me some thigs to think about and some steps to take. --doug
simoN
You should use Amazon with U2F (which can be Nitrokey (nitrokey.com) or yubikey (yubikey.com) or even, less (much less) save with sms 2nd Factor token on cell phone. This makes it very difficult even for malware to interfere and remember: passwords are a thing of yesterday (actually of middle ages, it seems). You can put activate this once you have your hardware token (or tokens one for you an your wife) in Settings of amazon. Works very well, although their implementation does currently not allow to avoid password all together (like the very good setup of mailbox.org does). So you put your password and after a window ask you for the one time password that is generated on you hardware token, is always different and cannot be extracted. I guess that is what you would like. On the website of nitrokey you find a neat explanation and can see the offer, to get a deeper understanding. Currently I switched to the use of U2F with at least 5 commercial sites. Unfortunately the trains services and banks in Germany are dispiriting for their delay and their tendency to discharge responsibility of fraud to the user. They just "downplay it". So the main part of the sites working with a good U2F are US or CH. And German webmail sites. But it takes moment. SMS token: bear in mind that identity theft is also often done with withdrawal of control over the own mobile phone number and that annihilates the protection of the second factor. So were offered you should prefer U2F over token.