Dennis Kenyon
Join Date: Nov 2002
Location: Ross-on-Wye
Posts: 282
Likes: 0
Received 0 Likes
on
0 Posts
Dennis Kenyon scammed
Hi again ... I was using the Norton security. Now changed. Not sure how one establishes identity on here, but those who know me and my writing style won't have much trouble. The only lesson I've learned from this episode is .... there's nothing we can do!
The Police tell me that these attempted scams are mostly based in India, China and West Africa. I can mostly spot incoming scams but this one simply invaded my PC and raised the scam mails in my name. BW to all. Dennis K.
.
The Police tell me that these attempted scams are mostly based in India, China and West Africa. I can mostly spot incoming scams but this one simply invaded my PC and raised the scam mails in my name. BW to all. Dennis K.
.
This whole thing is quite possibly not down to a virus/malware that Norton or any other malware tool could prevent.
It could well be that some website that Dennis has an account and password at, was hacked and his password and email details stolen. Then, if Dennis has the same password for his email and other accounts, the game is on.
You can't trust websites to protect your information, including passwords. This is why your passwords should be unique to each site. This means that you need to remember hundreds of passwords, which is basically impossible. To get around this you can use password managers (I use LastPass), and use your password manager to generate strong passwords unique to each site, and if possible, use two factor authentication (2FA) on web accounts.
It could well be that some website that Dennis has an account and password at, was hacked and his password and email details stolen. Then, if Dennis has the same password for his email and other accounts, the game is on.
You can't trust websites to protect your information, including passwords. This is why your passwords should be unique to each site. This means that you need to remember hundreds of passwords, which is basically impossible. To get around this you can use password managers (I use LastPass), and use your password manager to generate strong passwords unique to each site, and if possible, use two factor authentication (2FA) on web accounts.
Thread Starter
Note that when sending an email through SMTP the sender can set any From: address they like. So if you get a SPAM email supposedly from a friend, it is unlikely to be coming from their email account. Instead it is from the spammers email account, using a forged from address.
Any proper email system can detect forged addresses as there are mechanisms that identify it originates from an unauthorised IP address.
The majority of email compromises, Like Dennis', take control through phishing campaigns that spoof their ISP/email provider communications.
You see it all the time for banks, well known email service like 365 or big ISP's like sky.
A popular one will warn you of unauthorised access on your account and asks you to log in to verify it is correct. There are variations on the theme.
It is becoming less popular to install bad software as that is much easier to detect these days.
Sky seems to be the old yahoo email service, who have more holes than an old pair of knickers.
Would be the last service I would rely on for secure email.
You'd be better off with google or a personal 365 account.
Last edited by Bell_ringer; 20th Feb 2020 at 11:11.
Join Date: Aug 2008
Location: London
Posts: 231
Likes: 0
Received 0 Likes
on
0 Posts
Hotmail, Yahoo or AOL accounts are particular red flags to scammers. This is exacerbated if they know you to be elderly.
Without getting into specifics, compromised accounts, hacking and “SMTP spoofing” are three different things; the latter varies in danger in correlation to the IT savviness of the average person in your contacts database.
Some Notes:
- have a “real” email account with your own domain (sub £10 and will take you 10minutes to set up
- have separate email addresses for personal/business/public use (personal is friends/family; public is buying a pair of socks off the internet)
- avoid the “Mom & Pop” security software variants such as Norton or McAfee
- use a VPN when on public Wi-Fi
- never log into your internet banking over public Wi-Fi
- don’t put your whole address book on any web-based email system (Gmail included)
- back up all your stuff - ALWAYS
Though Dennis’ problem seems a short-term inconvenience, over the past years I have seen two instances where an individual’s business was ruined by such problems (which could have easily been guarded against). One instance was a gentleman about 65-70 years old who had retired from a senior role with a large international firm and had a consultancy in his given sector. He had the usual AOL email problem and was effectively shut down for four weeks – from which he never recovered.
Without getting into specifics, compromised accounts, hacking and “SMTP spoofing” are three different things; the latter varies in danger in correlation to the IT savviness of the average person in your contacts database.
Some Notes:
- have a “real” email account with your own domain (sub £10 and will take you 10minutes to set up
- have separate email addresses for personal/business/public use (personal is friends/family; public is buying a pair of socks off the internet)
- avoid the “Mom & Pop” security software variants such as Norton or McAfee
- use a VPN when on public Wi-Fi
- never log into your internet banking over public Wi-Fi
- don’t put your whole address book on any web-based email system (Gmail included)
- back up all your stuff - ALWAYS
Though Dennis’ problem seems a short-term inconvenience, over the past years I have seen two instances where an individual’s business was ruined by such problems (which could have easily been guarded against). One instance was a gentleman about 65-70 years old who had retired from a senior role with a large international firm and had a consultancy in his given sector. He had the usual AOL email problem and was effectively shut down for four weeks – from which he never recovered.
Chief Bottle Washer
Join Date: Nov 2000
Location: White Waltham, Prestwick & Calgary
Age: 72
Posts: 4,155
Likes: 0
Received 29 Likes
on
14 Posts
"Thanks Dennis. Norton, wow, I would have expected that to be pretty secure. Scary."
I would be very careful even with so-called "security software" - the more they try to scare you into buying it the more suspicious you should be. When I used to fix computers for a living (in another life) almost the fist question if anyone brought a dead computer in was "have you been using Norton?"
Phil
I would be very careful even with so-called "security software" - the more they try to scare you into buying it the more suspicious you should be. When I used to fix computers for a living (in another life) almost the fist question if anyone brought a dead computer in was "have you been using Norton?"
Phil
RMK - why are Norton and Mcafee no good? Which would you recommend?
Join Date: Aug 2008
Location: London
Posts: 231
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by [email protected]
RMK - why are Norton and Mcafee no good? Which would you recommend?
I concur with Paco’s anecdote on Norton, I’ve been similarly told by the corporate computer repair company I use that Norton and McAfee problems account for a large part of their repair business.
The most recognised or marketed name/brand is often not the best – this is particularly true for Norton/McAfee. They are what I deem “bloatware” i.e. software that is designed in a manner that they just throw a mass of code at the problem instead of seeking the best solution.
Not to get into Jingoism/Xenophobia/Stereotypes, but what I call bloatware is common in many American software packages. The background to these software coding styles is the example of the American kid writing software on the latest machine with newest/fastest chips and access to the highest bandwidth as his backdrop. Conversely, his (say) Ukrainian counterpart is using a machine/chip one chip model behind and has much slower bandwidth; so he learns to write his code as “lean” as possible. The end result, when you compile the code of both the American and Ukrainian software coder and put them on the best machines available, the latter’s software just screams in comparison.
For an aviation example, we’ve all seen documentaries on American fighter jets where they take such pride in the mere size of the software utilised. I was watching one this week where the guy was standing next to their new latest/greatest jet and saying "this aircraft has 90 million lines of code" – that really doesn’t matter when the pilot has to call the team with laptops just to get the damn thing started.
Thanks RMK - I'll give kaspersky a go. I used Norton many years ago which let a virus in and I'm not sure Mcafee hasn't done similar since then.
Join Date: Aug 2008
Location: London
Posts: 231
Likes: 0
Received 0 Likes
on
0 Posts
Crab, I’ve used Kaspersky since 1998 (the company started in 1997); I’ve never had a problem with it.
For a “full blown” clean (if I think I may potentially have a problem) my routine is to run:
- Glary Utilities (to clear out all cache, cookies and other general rubbish)
- Kaspersky (full scan)
- Malwarebytes
- AdwCleaner
- ESET Online
- HitMan Pro
This may seem overkill, but I may only need to do something like this once a year or two - I should stay off those kind of websites
For easy/fast backup, I use Acronis True Image www.acronis.com which I run daily – it’s a single click to backup all your stuff.
For a “full blown” clean (if I think I may potentially have a problem) my routine is to run:
- Glary Utilities (to clear out all cache, cookies and other general rubbish)
- Kaspersky (full scan)
- Malwarebytes
- AdwCleaner
- ESET Online
- HitMan Pro
This may seem overkill, but I may only need to do something like this once a year or two - I should stay off those kind of websites
For easy/fast backup, I use Acronis True Image www.acronis.com which I run daily – it’s a single click to backup all your stuff.
Thread Starter
RMK, that list is bull dust. Just go google next-gen endpoint protection. Look for those that do non-malware protection and aren’t signature based.
All my files are backed up. Should I get a virus which my antivirus, AVG, can't cope with, twice in fifteen years, I just clean the hard drive with a military spec cleaner, reload and carry on.
Join Date: Aug 2008
Location: London
Posts: 231
Likes: 0
Received 0 Likes
on
0 Posts
With a fuller understanding, you'd know it is more for corporate networks as opposed to use on a single computer or laptop.
You seem to have merely dropped a "big word" into the conversation and then run away.
I don't work in IT; fill us in if you have something of interest.
All overkill, nowdays. There's perfectly adequate firewall, virus, malware and ransomware protection that comes for free and configured by default with Windows10. Using anything else IMNSHO is just adding complexity and complexity means holes.
For enterprises, it's a different story.
For enterprises, it's a different story.
Join Date: Nov 2000
Location: White Waltham, Prestwick & Calgary
Age: 72
Posts: 4,155
Likes: 0
Received 29 Likes
on
14 Posts
One trick is to dual boot with the same operating system - the first one fails, go to the other. Another is to create a D: drive and move all your data to it (and the paging file), then copy it off to another hard drive regularly, keep it in your pocket. If Windoze falls over, you then don't lose it, as it places your data on the C: drive which is lost if you have to reformat it. All I use extra these days is F-Prot.