If anyone has Dennis' contact number could you drop him a message and let him know his email has been hacked.
I have been getting some weird and wonderful emails that are quite suspect.

Thanks.

Me too, scammers.

I replied to the scammer writing Hello Dennis, when are you going to pay me that £500 you still owe me? I never heard back from them though...

I got facebook request from Dennis, out of the blue as I don't think he knows me, but we do have a couple of friends in common.
Has his FB been hacked as well?

I've been getting them as well. Previous ones have been from "odd" email addresses, but I've had the same email twice this week from a sky.com address:
Hi there
I need a favour from you. I'd appreciate if you could email me back.
Yours sincerely.

Dennis Kenyon

I have been in touch with Dennis in the past, but even so, I replied with some questions for him that only he would know, but have received no reply.

Yeah I got one too, and it was from an Dennis' email account...Looks like his email account is compromised.

This is why you should have a different, long and jumbled password on all your online accounts.

Yeah I got one too, and it was from an Dennis' email account...Looks like his email account is compromised.

This is why you should have a different, long and jumbled password on all your online accounts.

denis Is aware and he does have a problem with his computer affecting his email

the offending scam emails are not from him they also use a email address which is not dennis,s please don’t reply as you may get compromised

Dennis has been in touch with me - I presume to ask about this problem.

Rob

Over the years a number of internet sites have been compromised, this continues today.
If your details were borrowed from any of these places then they have copies of older passwords which is why you need to change them with some regularity.
You can go to: https://haveibeenpwned.com
Enter your email address and it will search a list of known compromises that affect you.

Surely the problem with replying to these scams is that's exactly what they want you to do...it confirms your email address is valid and in use - and available for hacking...

Ignore suspect emails, do reply!

And, as so many have done, let the victim know asap.

Surely the problem with replying to these scams is that's exactly what they want you to do...it confirms your email address is valid and in use - and available for hacking...

.

The hacker has access to Dennis' email inbox so already knows that the email addresses are valid.


Ignore suspect emails, do reply!

And, as so many have done, let the victim know asap.

These two lines self contradict - the reply address actually is Dennis' email address.

Note that when sending an email through SMTP the sender can set any From: address they like. So if you get a SPAM email supposedly from a friend, it is unlikely to be coming from their email account. Instead it is from the spammers email account, using a forged from address.

Yes, but you can usually tell from the headers where it really came from. The reply-to on the email was back to Dennis' email address - I expect that the hacker has changed the password and now simply owns Dennis' email account.

Yes, but you can usually tell from the headers where it really came from. The reply-to on the email was back to Dennis' email address - I expect that the hacker has changed the password and now simply owns Dennis' email account.

Indeed.
They already have peoples details, it is a case of using it and accessing via stale passwords.
You can't be compromised by replying to an email.
In some cases a simple phishing email is used to have someone believe their account has been accessed, people get a fright and unknowingly enter their passwords and email on a fake site.
This is very common and email fraud has become rife.
victims are often older gentleman who aren't as tech savvy and are more likely to get flustered.

If you run your pointer over the web addresses in these mails you can see they are from suspect domains.

I also received the email to 'Undisclosed recipients' and it is definitely from Dennis' personal address. Anyone taken in by

Hi there,

I need a favour from you. I'd appreciate if you could email me back.



Yours sincerely.

Dennis Kenyon

shouldn't be allowed to use the internet :p

I also received the email to 'Undisclosed recipients' and it is definitely from Dennis' personal address. Anyone taken in by



shouldn't be allowed to use the internet :p
Shouldn’t be allowed to use respiratory oxygen.
I.M.H.O.
David

Hallo good guys and perhaps gals .... I think Adam Faith once sang "Poor Me" .... having already spent two days sending mails to seven hundred friends & customers, I'm beginning to appreciate how he felt. Yes - some fraudster has hacked my e-mail account and has sent scam mails to every contact on my computer ... being a little over 800. 95% of you tell me they spotted an obvious scam-mail. 99% thought the mail at least suspect. Sadly one of our brethren succumbed and arranged the required Amazon vouchers to be paid. (As I write, we may have been able to cancel this one) I'm told the scummy scammer has been in total command of my computer and can see every mail entry or site visited. (Fortunately my few small weaknesses are not illegal) At this stage I need to apologise for the inconvenience to the affected Pruners and friends. My computer Whizz Kid has trawled through both PCs and changed everything ... especially passwords, so hopefully now all back to normal. With the help of one pilot mate I may have been successful in tracking down a guilty party. We arranged for him to reply to the second scam mail saying he wanted to help Dennis Kenyon by sending money ... but would need the necessary bank details. And the idiot scammer has obliged ... a TSB bank. This bank info has been passed to the fraud section of my local Police. The DI tells me IF the man is UK based he will get him. BUT in many fraud cases a UK visiting student is offered a 10% commission for the use of his bank on all monies received, He tells me that the department would need to deal with this sort of fraud several times a day! They don't have the man power, So there dear Gents is where things currently sit. The only comfort I am having is chatting with old mates I haven't seen for ages. If any of you experienced IT experts have further advice for me and other PPruners - please do so. God bless and best wishes Dennis Kenyon.

Interested in what anti-virus/internet security you had that let the scumbag in?

Interested in what anti-virus/internet security you had that let the scumbag in?

you would be surprised how much conventional AV software will allow a dodgy program to be installed.

Dennis, how do we know that it's really you? :8:}:cool:

Dennis, how do we know that it's really you? :8:}:cool:

$100 in amazon vouchers and you’ll get an answer via email :}

Hi again ... I was using the Norton security. Now changed. Not sure how one establishes identity on here, but those who know me and my writing style won't have much trouble. The only lesson I've learned from this episode is .... there's nothing we can do!
The Police tell me that these attempted scams are mostly based in India, China and West Africa. I can mostly spot incoming scams but this one simply invaded my PC and raised the scam mails in my name. BW to all. Dennis K.
.

Thanks Dennis. Norton, wow, I would have expected that to be pretty secure. Scary.

This whole thing is quite possibly not down to a virus/malware that Norton or any other malware tool could prevent.

It could well be that some website that Dennis has an account and password at, was hacked and his password and email details stolen. Then, if Dennis has the same password for his email and other accounts, the game is on.

You can't trust websites to protect your information, including passwords. This is why your passwords should be unique to each site. This means that you need to remember hundreds of passwords, which is basically impossible. To get around this you can use password managers (I use LastPass), and use your password manager to generate strong passwords unique to each site, and if possible, use two factor authentication (2FA) on web accounts.

im just so broke assed poor, getting scammed isnt a problem for me.
If anyone takes my identity, they can take my debts too.
thanks in advance

Note that when sending an email through SMTP the sender can set any From: address they like. So if you get a SPAM email supposedly from a friend, it is unlikely to be coming from their email account. Instead it is from the spammers email account, using a forged from address.

Those are easy to spot as the reply to address is never the same.
Any proper email system can detect forged addresses as there are mechanisms that identify it originates from an unauthorised IP address.
The majority of email compromises, Like Dennis', take control through phishing campaigns that spoof their ISP/email provider communications.
You see it all the time for banks, well known email service like 365 or big ISP's like sky.

A popular one will warn you of unauthorised access on your account and asks you to log in to verify it is correct. There are variations on the theme.
It is becoming less popular to install bad software as that is much easier to detect these days.

Sky seems to be the old yahoo email service, who have more holes than an old pair of knickers.
Would be the last service I would rely on for secure email.
You'd be better off with google or a personal 365 account.

Hotmail, Yahoo or AOL accounts are particular red flags to scammers. This is exacerbated if they know you to be elderly.

Without getting into specifics, compromised accounts, hacking and “SMTP spoofing” are three different things; the latter varies in danger in correlation to the IT savviness of the average person in your contacts database.

Some Notes:

- have a “real” email account with your own domain (sub £10 and will take you 10minutes to set up

- have separate email addresses for personal/business/public use (personal is friends/family; public is buying a pair of socks off the internet)

- avoid the “Mom & Pop” security software variants such as Norton or McAfee

- use a VPN when on public Wi-Fi

- never log into your internet banking over public Wi-Fi

- don’t put your whole address book on any web-based email system (Gmail included)

- back up all your stuff - ALWAYS

Though Dennis’ problem seems a short-term inconvenience, over the past years I have seen two instances where an individual’s business was ruined by such problems (which could have easily been guarded against). One instance was a gentleman about 65-70 years old who had retired from a senior role with a large international firm and had a consultancy in his given sector. He had the usual AOL email problem and was effectively shut down for four weeks – from which he never recovered.

They're still at it, Dennis Kenyon

Spam today from [email protected] :rolleyes:

"Thanks Dennis. Norton, wow, I would have expected that to be pretty secure. Scary."

I would be very careful even with so-called "security software" - the more they try to scare you into buying it the more suspicious you should be. When I used to fix computers for a living (in another life) almost the fist question if anyone brought a dead computer in was "have you been using Norton?"

Phil

RMK - why are Norton and Mcafee no good? Which would you recommend?

RMK - why are Norton and Mcafee no good? Which would you recommend?

Either Kaspersky www.kaspersky.co.uk (http://www.kaspersky.co.uk) or ESET www.eset.com (http://www.eset.com).

I concur with Paco’s anecdote on Norton, I’ve been similarly told by the corporate computer repair company I use that Norton and McAfee problems account for a large part of their repair business.

The most recognised or marketed name/brand is often not the best – this is particularly true for Norton/McAfee. They are what I deem “bloatware” i.e. software that is designed in a manner that they just throw a mass of code at the problem instead of seeking the best solution.

Not to get into Jingoism/Xenophobia/Stereotypes, but what I call bloatware is common in many American software packages. The background to these software coding styles is the example of the American kid writing software on the latest machine with newest/fastest chips and access to the highest bandwidth as his backdrop. Conversely, his (say) Ukrainian counterpart is using a machine/chip one chip model behind and has much slower bandwidth; so he learns to write his code as “lean” as possible. The end result, when you compile the code of both the American and Ukrainian software coder and put them on the best machines available, the latter’s software just screams in comparison.

For an aviation example, we’ve all seen documentaries on American fighter jets where they take such pride in the mere size of the software utilised. I was watching one this week where the guy was standing next to their new latest/greatest jet and saying "this aircraft has 90 million lines of code" – that really doesn’t matter when the pilot has to call the team with laptops just to get the damn thing started.

Thanks RMK - I'll give kaspersky a go. I used Norton many years ago which let a virus in and I'm not sure Mcafee hasn't done similar since then.

Crab, I’ve used Kaspersky since 1998 (the company started in 1997); I’ve never had a problem with it.

For a “full blown” clean (if I think I may potentially have a problem) my routine is to run:

- Glary Utilities (to clear out all cache, cookies and other general rubbish)
- Kaspersky (full scan)
- Malwarebytes
- AdwCleaner
- ESET Online
- HitMan Pro

This may seem overkill, but I may only need to do something like this once a year or two - I should stay off those kind of websites

For easy/fast backup, I use Acronis True Image www.acronis.com (http://www.acronis.com) which I run daily – it’s a single click to backup all your stuff.

RMK, that list is bull dust. Just go google next-gen endpoint protection. Look for those that do non-malware protection and aren’t signature based.

All my files are backed up. Should I get a virus which my antivirus, AVG, can't cope with, twice in fifteen years, I just clean the hard drive with a military spec cleaner, reload and carry on.

RMK, that list is bull dust. Just go google next-gen endpoint protection. Look for those that do non-malware protection and aren’t signature based.

Nearly every name above has an "end-point" offering. Kasperky's is: https://www.softwareadvice.com/security/kaspersky-endpoint-security-select-profile/

With a fuller understanding, you'd know it is more for corporate networks as opposed to use on a single computer or laptop.

You seem to have merely dropped a "big word" into the conversation and then run away.

I don't work in IT; fill us in if you have something of interest.

Try Crowdstrike for endpoint protection

All overkill, nowdays. There's perfectly adequate firewall, virus, malware and ransomware protection that comes for free and configured by default with Windows10. Using anything else IMNSHO is just adding complexity and complexity means holes.

For enterprises, it's a different story.

One trick is to dual boot with the same operating system - the first one fails, go to the other. Another is to create a D: drive and move all your data to it (and the paging file), then copy it off to another hard drive regularly, keep it in your pocket. If Windoze falls over, you then don't lose it, as it places your data on the C: drive which is lost if you have to reformat it. All I use extra these days is F-Prot.

Best solution is to stay as far away from anything Microsoft as possible, it is the most complete and utter ****e!

If built in OS anti-virus were clothes, it would be like walking around in only your undies all day.
The nature of attacks has/is changing and the days of just looking for "a virus" has passed.
Applications have exploits and can be used to gain access to your infomation, signature-based software does not detect this.
Consumer endpoint protection lags what is in the commerical space because there is an inherant complexity to good security that is beyond the grasp of most mere mortals.
ESET is probably the best of the normal lot, Cylance has some additional capability to address the more creative style of attacks.
If you've never had a false positive then your security probably isn't any good.
No software will solve the problen on its own, you need layers, one of which is common sense and not loading or clicking on anything you see because it looks legit.
The best measure you can take is enabling multi-factor authentication on all your services that permit it, so devices are forced to authenticate at regular intervals and any new attempts require approval from a mobile-based authenticator app (google and Microsoft have one, among others) or via a OTP text sent to your phone.
This is a good prevention and early warning method.
Belt and braces.
Most people don't properly backup their devices (to secure locations - dropbox not included) and have their lives (photos etc) on them, which is valuable data.
Everyone is affected by this, every service you use is constantly under some form of attack and everyones details have already been stolen from 1 or more known attacks.

Folks, do your research *properly*, don't take IT advice from pilots, and don't take flying advice from IT geeks.

What about those who are both? :)

One trick is to dual boot with the same operating system - the first one fails, go to the other. Another is to create a D: drive and move all your data to it (and the paging file), then copy it off to another hard drive regularly, keep it in your pocket. If Windoze falls over, you then don't lose it, as it places your data on the C: drive which is lost if you have to reformat it. All I use extra these days is F-Prot.

Phil,
As you always have, you impress with your knowledge. I lost you at the "dual boot" statement.

Being a non computer wizard, and will always be, after many years of seeing the caption of windoze encountering an "unexpected error" and do I want to report it to Microsoft (FFS) I left windoze and went to IOS, 10 years later and have NEVER had a problem, NEVER. Changed computers 3 times, everything transfers, so simple. Plus not seen any windoze shops for assistance, like Apple does (for free most times).

I hear you - but when I used to service Macs I found that they had as many problems in different ways - for a techie the problem is that they don't let you mess with anything - at least with other systems you can timker. But you're quite right, Macs work more often than not, but they have less control over the hardware these days (they used to design everything). I would have changed myself, but when they say that some types of software work seamlessly across platforms, I can never quite believe them - and Microsft are the worst. If you've ever wondered why you have to reboot a Windoze machine in mid-afternoon it's because Word, etc do not hand the memory back after you've closed them down and the total available gets less and less over the day. Go figure.

Dual booting means have two operating systems on the same hard drive and you make a choice when the machine starts. In my case I have Windows loaded twice - an old trick I learned with NT.

Here's a graphic to add to Paco's description:

https://cimg7.ibsrv.net/gimg/pprune.org-vbulletin/720x720/windowsmac1_cd134267318ed3a105650a1fc5f6741f5b37dfa7.jpg

Here's a graphic to add to Paco's description:

https://cimg7.ibsrv.net/gimg/pprune.org-vbulletin/720x720/windowsmac1_cd134267318ed3a105650a1fc5f6741f5b37dfa7.jpg
My Mac is not as sophisticated as that one, was wondering what the red button is for, probably reboot, I want one...........

Well, since we opened that can of worms.
I am a developer in my second life. Years ago, when Apple changed to Intel, I switched too, because frankly I hate to tinker with operating systems, but sometimes I have to. My list of preferences are: A Mac for developing and other work and if I need a Windows machine, Parallels or VMWare for a Windows instance works like a charm. Especially since I don't have to use a preload with all the crapware. The hours I lost getting rid of Norton Antivirus on IBM or Lenovo machines. A Windows directly from Microsoft is way better than any preload. The pro version that is. Not the home version.
Macs just work and when I need to tinker with it; if you know your shell, you can do almost anything with them. It is a Unix after all with most of the bells and whistles. But Apple could make a more modern desktop, but otherwise I like it.
For servers, Linux is the way to go. I deliberately avoid any software that requires Windows Servers. It just isn't worth the hassle. Desktop Linux is just not my piece of cake.
Windows 10 is the first version, I like in a long time (started with Windows 2 a rather used DOS). It is the most stable in a long time, but still spaghetti code unfortunately. My daughter uses a Surface Pro for compatibility reasons in school and that is a great piece of kit. But I had to tinker with it more than with my Mac in many years. Now that she knows the shell to restart or kill services, I am less in demand.
Mobile is iOS only here. Just to avoid the whole security problems of Android and the crapware of for example Samsung and apart from an iPhone 5 with a very hot battery, every single machine I ever owned from Apple still works and is in use. And that iPhone was used for parts to make another one work again. This text is written on a almost 11 years old MacBook Pro and it still does the trick for most of what I do. Some software does not work anymore on it and it is time to change, but since I have Timemachine, changing to a new Mac will be painless. Something like Timemachine is the one crucial piece of software I miss from Microsoft. It really is a game changer for me, because I had my share of HDD crashes and on a Mac, Timemachine just gives me a peace of mind.
Yes, there are disadvantages to not using all the Microsoft stack, but I can live with that.
My way to avoid security problems are: Every software I do not need anymore gets deleted. That is much easier on a Mac than on a Windows machine.
I try to avoid any "cool" software from obscure sources. If you stick with the AppStore, you should be fine.
I do not use Facebook.
My browsers are on the highest security setting and most of the time I deny all the cookies. Trackers are blocked, as are adds (afap).
And I don't use Facebook. Even my shadow account is now gone. To get even, Facebook deleted my WhatsApp account, too. (Just kidding, I don't know why WhatsApp it was deleted but I am good with that).
Never ever Facebook or Google logins either. Zoom just found out about the Facebook SDK.
Google only for things that are not important.
Until now, I had no problems, apart from the occasional phone call from a fellow with a heavy accent from Microsoft Security, who wants to talk about the virus on my computer.
The funniest moment was, when I told him, that I knew about the virus, since I had written it for them, I now he should finally pay up, what we agreed to.
On other occasions I was insulted quite a bit, when I told them after a while of trying to make me do things, that my Mac did not have a windows key.
I am happy with a Mac. If you like to tinker with computers, Macs are not the way to go. I don't.

What about those who are both? :)

That makes you a jack of all trades but a master of none, my friend! :-)

(me too)

Just received another email from:
[email protected]

Mighty

Is that another one to add to your private collection ?

Rotorbee - Believe it or not I am still using Multiuser DOS here...... :)