Scam email aimed at motorhomers from Kate McCristall (1 Viewer)

[StephandJohn]

DO NOT CLICK ON THE KATE CRYSTAL EMAIL HIGHLIGHTED BELOW

We received a suspicious email this morning from katemccristall@sky.com saying "Hi, Hope you are safe and well. Do you order from amazon"

This was obviously a scam so we googled the email address which is in fact the contact for a real Kate McCristall who runs the Motorhome Club. We rang her and Mick McCristall but got no answer so rang another Director who confirmed she has had her email hacked. We suggested we put this on motorhomefun and he asked us to do so. We have not had contact with the Motorhome Club for years so it is likely the people who have hacked the account may have quite a substantial list of contacts to send this scam email to. We also sent the email to Amazon's spoofing department as advised for them to investigate.

If you are on other forums please spread the word.

 

[Cable33232]

Fun times are ahead for Kate trying to unpick the damage.

Now would be a good time to remind people that email passwords need to be secure and not easily guessable. (i.e., personal info that is shared on social media or other public places).

I only say this as I know a few people are not as skilled as others on this forum with computer stuff.

Here is a blog about using 3 random words for passwords (like the location-finding app) - https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0

 

[Brains]

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

There are three main logins that should NEVER have shared password.
Financial institutions,
Government websites.
Email accounts.

If you use the same password for your email account as you do for a login to another site. Then if that site gets hacked your email services is likely compromised. From that they can imitate you to get into your banking and other sensitive info.
They may also just remain silent and watch the incoming and outgoing emails looking for an opportunity to scam you some other way.

Her @sky.com email account was not hacked. She used a shared password on a site that was compromised elsewhere.

 

[Brains]

I have over 300 passwords
I don't actually know what any of them are
They are all unique
They are all minimum 14 random characters (Good for 200 million years ....currently)

I use a password vault (a password manager)
I only need to remember one password to access my vault

It's a app that works on PC and phone
The passwords are stored in a secure computer somewhere in the world
It can work offline if I wish.

There are a number of vaults, some are free with limited facilities, most you pay a subscription.

LastPass
NordPass
1password
Keeper
RoboForm
Dashlane
Norton
Avira

Are all good.

 

[TheMachMan]

I have over 300 passwords
I don't actually know what any of them are
They are all unique
They are all minimum 14 random characters (Good for 200 million years ....currently)

I use a password vault (a password manager)
I only need to remember one password to access my vault

It's a app that works on PC and phone
The passwords are stored in a secure computer somewhere in the world
It can work offline if I wish.

There are a number of vaults, some are free with limited facilities, most you pay a subscription.

LastPass
NordPass
1password
Keeper
RoboForm
Dashlane
Norton
Avira

Are all good.

But what happens if someone gets your password for the vault?

^{_{Subscribers  do not see these advertisements}}

 

[Brains]

But what happens if someone gets your password for the vault?

That password is only held in my head
It is never written down
Not even my wife knows what it is (and I don't know hers either)
(In the event of death or a forgotten master password there is a backup that the vault company can use)

The only ways someone is going to get that password is by looking at my screen in when I'm out and about (difficult and I doubt I do than more than once a month), or, by hacking my laptop and reading keystrokes (which as it's activated on my top bar would be difficult.)

Bottom line:
Like all security, all you are trying to do is make your fortress look more impregnable from outside, so that they go next door instead.

 

[Gromett]

I have over 300 passwords
I don't actually know what any of them are
They are all unique
They are all minimum 14 random characters (Good for 200 million years ....currently)

I use a password vault (a password manager)
I only need to remember one password to access my vault

It's a app that works on PC and phone
The passwords are stored in a secure computer somewhere in the world
It can work offline if I wish.

There are a number of vaults, some are free with limited facilities, most you pay a subscription.

LastPass
NordPass
1password
Keeper
RoboForm
Dashlane
Norton
Avira

Are all good.

this is the way to do it in my opinion.

The only improvement you could make would be to use a 2 factor authentication method preferably not one that is phone based. I use a YubiKey for mine.

 

[Chris]

I got that email in work today.

I am on a date tonight with Kate and she is paying.

Well I might be at first because her bank card isn’t working so I have given her my bank details, but she will pay me back.

Cracking looking woman

^{_{Subscribers  do not see these advertisements}}

 

[Boringfrog]

this is the way to do it in my opinion.

The only improvement you could make would be to use a 2 factor authentication method preferably not one that is phone based. I use a YubiKey for mine.

Do I need one of these? I do all my banking online via Android phone/tablet.