The Entrepreneur Forum | Startups | Entrepreneurship | Starting a Business | Motivation | Success

GOLD! Take Your Computer Security Seriously! YOU Are At Risk!

Become a Fastlane INSIDER to view the forum ad free.

GMSI7D

Gold Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Jan 27, 2016
993
1,859
547
42
Lyon, France
unless you are not connected to the internet, it is impossible to be absolutely safe.

for example, the NSA can do whatever it wants with your phone and computer because its technology is light years ahead of public technology.

so you should have a second PC with nothing important on it to do business and never visit websites outside your working online .

it means no video game online or things like that

only professional things.
 
Last edited:
OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
Thanks for the wake up call, and I hope your situation gets cleared up quickly.
Unlikely. It seems I'm going to be out for the entire amount. Don't think my stop payment is going to go through. Sucks, but it is what it is.

This caused some added issues, since one of the payments was sent to an inactive account (which I did not remove in time) with a $0 balance.

Since you travel quite often, yes you absolutely need to keep your security top notch. You're a target. A VPN while travelling is a good start.

I have a previous history of losing quite significant amounts of money (much more than J) due to not complying with more advanced security measures.
Is this a story you want to tell? How did that happen?

A Linux machine for online banking sounds like it's the way to go. There's so many routes someone can take into your computer, it's quite frightening.
 
  • Like
Reactions: NFT

devine

Bronze Contributor
Read Millionaire Fastlane
Apr 16, 2015
761
128
0
Russia
Is this a story you want to tell? How did that happen?

A Linux machine for online banking sounds like it's the way to go. There's so many routes someone can take into your computer, it's quite frightening.
I got hacked two times, first one was via ipv6 exploits. The second (I won't tell all the steps and all the details due to harm it can cause) one involved quite a decent personal research, social engineering a 3d person, hacking his *won't mention software name* account and just completely clearing me out.

Always use whois privacy on all your domain names. Avoid using your real name as long as you possibly can. Don't ever mention anywhere how much money you make or give any hint on it, until you're 200% positive you can handle that.
You will be found. You will get hacked. And this is not the worst that can happen.
 

Gary

Elevatin' the Celebratin'
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Mar 18, 2011
129
360
192
San Diego
www.theaclounge.com
I didn't think it would happen to me.

...

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

...
As a LastPass user, I still hadn't created a new strong, random 16 character password for PayPal; I was still using the same one I've had for the last year. Thank you for the alert. I just updated my Paypal password with the LastPass engine.
 
OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
The second (I won't tell all the steps and all the details due to harm it can cause) one involved quite a decent personal research, social engineering a 3d person, hacking his *won't mention software name* account and just completely clearing me out.
Sounds like you were targeted.

Social engineering is how several famous Youtubers (who earn 5-6 figures monthly) got hacked.

Nothing will stop a particularly motivated hacker unless you have the protection of a sovereign government. And even then, it's not enough!

Several people here, some of which have a LOT to lose... have given out enough personal information in order for someone to carry out successful social engineering.

And once your business gets to a size where a hack could effect others... you need to get insurance.

I know that I'm sounding like a paranoid Penny here, but the truth is that many, MANY people have lost many times more than I have. You NEED to protect yourself.

Prevention is the best medicine: those are your habits. If you are careful enough, you are extremely unlikely to be a victim. How do you browse? What do you download? What websites do you use? Is your phone number available for all to know? Are your passwords strong and unique for every single service you use? Do you often use unsecured networks to log on while travelling, without using a VPN?

Protection is your next best thing. Anti-virus, firewalls, VPNs, 2-factor authentication, encrypted traffic, key scramblers, security notifications, and more.

All in all, keep a low profile. Treat the Internet like the ghetto. Don't look rich, don't incite fights, and don't do illegal shit. If no one knows who you are, you won't be specifically targeted. In my case, I got had because I had trusted a file that I should not have.

Try not to worry about it too much, though.
 

amp0193

Legendary Contributor
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
May 27, 2013
2,631
11,303
2,454
United States
@The-J or anyone else:

In light of this discussion, does anyone know of a good service/program of storing customer CC info? I have retailers who pay for orders over the phone. I input their info directly into the Shopify payment processor. Shopify doesn't save their info for future use, encrypted or otherwise. I don't want to keep a file of this info on my computer, for obvious reasons.

What's a good solution people are using?
 

SweetTooth

Bronze Contributor
Read Millionaire Fastlane
Speedway Pass
Nov 20, 2014
166
295
179
Did Paypal get 2 step authentication? Because when I tried a few months ago they didn't have it. Which is one of the dumbest, most ignorant, stupid idiotic things NOT to have for an account that literally has full control of my bank account.
 

SweetTooth

Bronze Contributor
Read Millionaire Fastlane
Speedway Pass
Nov 20, 2014
166
295
179
@The-J or anyone else:

In light of this discussion, does anyone know of a good service/program of storing customer CC info? I have retailers who pay for orders over the phone. I input their info directly into the Shopify payment processor. Shopify doesn't save their info for future use, encrypted or otherwise. I don't want to keep a file of this info on my computer, for obvious reasons.

What's a good solution people are using?
Stripe supposedly has something like this that destroys Paypal.
 

Become a Fastlane INSIDER to view the forum ad free.

SweetTooth

Bronze Contributor
Read Millionaire Fastlane
Speedway Pass
Nov 20, 2014
166
295
179
Sounds like you were targeted.

Social engineering is how several famous Youtubers (who earn 5-6 figures monthly) got hacked.

Nothing will stop a particularly motivated hacker unless you have the protection of a sovereign government. And even then, it's not enough!

Several people here, some of which have a LOT to lose... have given out enough personal information in order for someone to carry out successful social engineering.

And once your business gets to a size where a hack could effect others... you need to get insurance.

I know that I'm sounding like a paranoid Penny here, but the truth is that many, MANY people have lost many times more than I have. You NEED to protect yourself.

Prevention is the best medicine: those are your habits. If you are careful enough, you are extremely unlikely to be a victim. How do you browse? What do you download? What websites do you use? Is your phone number available for all to know? Are your passwords strong and unique for every single service you use? Do you often use unsecured networks to log on while travelling, without using a VPN?

Protection is your next best thing. Anti-virus, firewalls, VPNs, 2-factor authentication, encrypted traffic, key scramblers, security notifications, and more.

All in all, keep a low profile. Treat the Internet like the ghetto. Don't look rich, don't incite fights, and don't do illegal shit. If no one knows who you are, you won't be specifically targeted. In my case, I got had because I had trusted a file that I should not have.

Try not to worry about it too much, though.
If you feel very strongly about your online security to the point that you could lose a lot of your money and possibly other peoples money, then you might want to consider hiring an ex or current hacker to attack you. If you have a vulnerability, they'll find it and tell you how to fix it.

 

Touseyd

New Contributor
Jun 29, 2016
6
7
20
31
its so funny i found this thread because i got an email last night someone tried to hack into my google play account. google stopped the login and i changed my password, my contact phone number. feeling very paranoid now....
 

TheNextTrump

Bronze Contributor
Read Millionaire Fastlane
Jun 7, 2012
102
148
144
Omaha, NE.
Crazy timing, I spent a few hours yesterday updating all of my accounts tied to finances.

It's truly scary how easy it is for people to hack your accounts and take you to the cleaner. Sorry to hear about your experience OP, and thank you for sharing some knowledge on the subject.

I updated all user names and accounts, all different long and unique.

I also transferred all accounts to a new email that I dedicated strictly for finances, which will only be used for those accounts.

Do you guys think its dumb to have ONE solo email connected to all finance accounts? Or should I have individual emails for each separate account?

-My thought was, as long as I don't use it for anything else it should be fine....

Also used any second and third step authentication's that were available. Pin codes, phone verifications etc.

_______________________________

Lastly, I've dedicated 2 smaller credit cards that will be used for any scenario where I feel at risk. Which both have a credit limit that CANT BE BREACHED lol.


---Here I thought I was a paranoid nut, but this tech safety shiz is the real deal. Never worried about it until I had some coin, now its a super big deal.

Stay safe out there my friends, and be stupid cautious when using cards ANYWHERE, skimmers are literally popping up around every corner.
 

devine

Bronze Contributor
Read Millionaire Fastlane
Apr 16, 2015
761
128
0
Russia
Do you guys think its dumb to have ONE solo email connected to all finance accounts? Or should I have individual emails for each separate account?
-My thought was, as long as I don't use it for anything else it should be fine....
Get two accounts here: https://protonmail.com
Provide first email address only when it's absolutely necessary. No cloudflare/moz/etc paid accounts here.
Second one is for paid cloudflare/moz/etc services.
 
Last edited:

amp0193

Legendary Contributor
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
May 27, 2013
2,631
11,303
2,454
United States
Did Paypal get 2 step authentication? Because when I tried a few months ago they didn't have it. Which is one of the dumbest, most ignorant, stupid idiotic things NOT to have for an account that literally has full control of my bank account.
I added it yesterday. It prompted me for a security code via text today when I logged in.
 
OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
Small update:

I got a little less than half of the money bank after a stop payment. Paypal told me that I should be able to get some more of the money back, as well, as I cancelled the payment pretty quickly and it still shows up as cancelled.

I went ahead and formatted my drive, did a clean install, updated even more of my passwords.

I even went and bought a Chromebook that I plan to use SOLELY for money transfers and online transactions.

Why Chromebook:
  • It uses a non-Windows OS with practically zero market share
  • It's heavily limited in its use
  • Most storage lies on the Cloud
  • I'll never, EVER use it for browsing or downloading!
  • It's cheap (paid $180 CAD for it lmao)
I also plan to make a separate Lastpass account for the Chromebook, same deal: 2 step with a password reprompt every session.

My new rule: new passwords every 3 months, at least.

Another thing I'm considering is USB keys, at least for some of my logins.

By the way, keep in mind that many of your banks are NOT SECURE, don't have 2-factor, and allows instantaneous transfers without so much as a password prompt or a notification. You could get robbed blind and never know until your statement comes.

Also, if you have a Windows computer, turn ON the PIN function. (What, are you nuts?) No, I'm not nuts. It allows easier access to your machine, but not so easy access to your Microsoft account. Best of all, the PIN doesn't allow brute forcing, you only get 5 tries before it prompts for a password. (You'll also probably not be well suited to remember a really long password string that you use to get into your machine)

Next time I travel, I'll be getting a VPN service and probably just gonna pay it month by month. Might even want to use it for my next payment, although HTTPS does a pretty good job.
 

Brandon Parker

All or nothing
Speedway Pass
Apr 16, 2015
34
67
118
22
Anchorage, AK
One very very simple thing you left out is.... keep your shit updated. Especially browsers. Many exploits come from things like Firefox, Chrome plugins, Flash player, etc. Whether you are running sudo apt-get upgrade or on Windows, figure out how to keep your system up to date consistently.

Also, https everywhere. It's a chrome plugin that automatically makes every connection to a website secure. It's super easy to install.

Thanks for this post, I've been slipping on the security aspect. I seem to think Linux will protect me forever, but it won't. Getting a VPN right now. Also, the Lastpass thing is brilliant. I use the same password for everything and now that I think about it, if somebody got that password, I'd be pretty F*cked.
 
OP
OP
The-J

The-J

Legendary Contributor
EPIC CONTRIBUTOR
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Aug 28, 2011
3,471
7,812
1,736
Ontario
Solid thread. No one takes security serious until they're the victim of a crime such as this. Great advice in here bud.
That's the sad thing. MJ talks a lot in his book about due diligence. Pretty much all the examples in the book actually happened... to HIM.

I think everyone has some sort of twinge of "It'll never happen to me", no matter what it is. Thank god it was only $1200, and I got a fair bit of that back. What if I had gotten completely cleaned? What if they got access to my Stripe account and changed the payment recipient?

It's funny how we experience these kinds of things and it isn't until it's too late that we decide to do something about it.
 

Become a Fastlane INSIDER to view the forum ad free.

MJ DeMarco

Administrator
Staff member
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
Jul 23, 2007
28,613
96,596
3,751
Fountain Hills, AZ
getUnscripted.com

TheNextTrump

Bronze Contributor
Read Millionaire Fastlane
Jun 7, 2012
102
148
144
Omaha, NE.
Yup, and a huge market with tons of opportunity.
I couldn't agree more, and if I can come up with a pursuable solution, I'm diving in.

It's been a growing concern of mine, and while taking the steps I felt were "safe enough" (which weren't nearly enough)
I can't tell you how many times I thought "why is this still such a major issue in 2016?"

Were damn near, fully converted to digital currency using (cards, internet banking, paypal, shopping online etc) yet when it comes to safety and securing those funds its like the wild wild west.
 

amp0193

Legendary Contributor
EPIC CONTRIBUTOR
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Summit Attendee
Speedway Pass
May 27, 2013
2,631
11,303
2,454
United States
So, if you think you're not an idiot, let me run you through a checklist of things you must have.



1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.



2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.



3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.



4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.



5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.



6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).



7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)



8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.



After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.



However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)



Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.



Protect your a$$.

Done Today:

1). Got an annual subscription to Webroot. 3 devices for $29.99 first year. My wife goes all over the internet and downloads torrents, so this is going on both computers.

2) 2fa enabled on paypal/google.

3-4) Changed to 20char passwords on every site using Lastpass

5) Firewall through Windows and Webroot. Firewall turned to Maximum Security on Router (it was on "moderate" before). Ran the firewall through the 5 tests at ShieldsUp!!! and got rid of a vulnerability it found.

6) Will add CC into Lastpass as I come across forms going forwards.

7) Enabled PIN mode on computer. I couldn't find a 2nd factor solution for PC to iPhone. None appear to exist. Only phone to mac, and some complicated android to PC solutions. Opportunity for someone here to make one...

8) No backdoors that I could find.

9) Installed HTTPS Everwhere Plug-in that someone mentioned


* I will get a Chromebook Later and set up as others have suggested.

Thanks @The-J
 

SquatchMan

Gold Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Dec 27, 2016
451
1,626
468
Nowhere
Bumping this thread.

Lots of value in here.

I'll add my tidbit. I have a very unique last name, so I use a variation of my middle name on any social media or online presence. I hate having it so that if you Google my first+last name you can find everything out about me.

Some things I obviously can't escape though. Like voter registration or business registration. I try to use a PO Box for as much stuff as I can though.
 

loop101

Silver Contributor
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Mar 3, 2013
623
961
363
For the ultra-paranoid, likes reporters who can be put to death in certain countries, there is Linux-based "Qubes OS". It is what Edward Snowden uses. I'm not sure how realistic it is to use it as a daily driver.

Qubes OS

Similar to Qubes, you can use Virtual Machine's to containerize your activities. If you are a gamer who downloads a lot of risky "mods", you could do your banking/shopping inside a VM. Your games would still run fast, but your private data would be somewhat safe. If you just browse high-risk sites (*cough* pornhub *cough*), you could do that inside a VM. Qubes uses Linux Containers for everything.
 

daru

Bronze Contributor
I've Read UNSCRIPTED
Speedway Pass
Feb 11, 2017
166
279
176
Earth
So there is a potential market for a banking only super secure computer? Should be doable with something like beaglebone black and OpenBSD pretty cheap but very robust. Altough somewhat slow but in this case it's actually a good thing so that you don't start using that machine for other stuff online.

For "better" passwords: xkcd: Password Strength
 

Doubly_Frank

New Contributor
Jul 26, 2017
6
17
15
Ho Chi Minh City, Vietnam
Wow, this is a great thread! I've taken a keen interest in computer security this year:
  • I've been using a password manager for six months and have my drives protected by Bit Locker on Windows and File Vault on Mac.
  • I use a dice ware passphrase for my password manager and have a separate complex, relatively high entropy password for my personal computer.
  • I generally stay away from any site without SSL encryption.
  • Everything that has two-factor authentication available is turned on and I use touch-ID on my 6S for everything that allows it.
  • I have AVG running on all computers at the moment (will likely upgrade to a better program in the near future).
All that said, I think I need to seriously up my game. I have an account (and the application installed) with VyprVPN, but it's not active. I also could do a much better job with encryption. So I guess some next steps for me will be to:
  • Activate and use the VPN (this is a little difficult because I need to find a way to get more money to my US accounts from VN to pay for it).
  • Update and improve the encryption I'm currently using (and increase firewall protection)- I'll need to do some research into this in the near future.
  • Look into running VMs when accessing more sensitive data.
  • Do a focused search on possible backdoors and vulnerabilities in my current set-up.
As much of a risk as there always is- and as important as it is to take all precautions possible- I still feel somewhat safe knowing I've taken the precautions I have so far. Most, if not all, ITT are much more secure than the majority of the general public.
 

jmusic

Meep.
FASTLANE INSIDER
Read Millionaire Fastlane
I've Read UNSCRIPTED
Speedway Pass
Mar 4, 2015
139
239
164
39
I'm surprised that no one has yet mentioned using BitCoin for paying for the VPN. I actually do NOT use LastPass for financial sites (though I need to update/upgrade those passwords) because to me LastPass itself seems like an extremely attractive target for hackers.

I've been considering moving to Linux (or maybe BSD) wholesale for my web development stuff and other coding that I'm getting into, and after reading this thread I will proceed with a dual boot (there are a few Windows apps that do not have acceptable substitutes for me and don't run properly when virtualized).

Things to think about:
1. Full disk encryption (including Linux swap partitions) for both Linux and Windows.
2. VM within Linux with all the IDEs installed (I suspect those could present large security holes).
3. Root Linux partition should be ultra secure with general purpose stuff virtualized.

Virtualization is also NOT a holy grail:

VUPEN Method Breaks Out of Virtual Machine to Attack Hosts | SecurityWeek.Com

Similar to Qubes, you can use Virtual Machine's to containerize your activities. If you are a gamer who downloads a lot of risky "mods", you could do your banking/shopping inside a VM. Your games would still run fast, but your private data would be somewhat safe. If you just browse high-risk sites (*cough* pornhub *cough*), you could do that inside a VM. Qubes uses Linux Containers for everything.
Bad idea. Your root OS could have a keylogger and any passwords you enter into your high security VM could still be logged.

Edit: Also, the brand of computer matters...

Spy agencies ban on Lenovo PCs due to backdoor vulnerabilities
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Monthly conference calls with doers
Ideas needing execution, more!

Join Fastlane Insiders.

Top Bottom