The Entrepreneur Forum | Financial Freedom | Starting a Business | Motivation | Money | Success

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

Join over 80,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.

Free registration at the forum removes this block.

Take Your Computer Security Seriously! YOU Are At Risk!

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
519%
May 29, 2013
1,876
9,728
Went through this thread so many times. Instead of taking any preventive measures, I bashed it off:

"Nah. It won't be me".
"BS. I'm a power user."
"Screw all this victims."

Now, I have to start my 2k Likes Facebook Page from scratch.

I too thought this years ago.

Luckily I have never "lost" anything like a site or page or something else. But over the years as I got more and more emails from great services that blocked attempts from someone else logging into my account from odd geo locations, wrong passwords, etc and blocked my account, I became concerned.

A couple times a year, I might write that off as "expected".

A couple times a month, is something totally different.

Data is being stolen and shared much more now than 3-4 years ago. It's just going to get worse.

Just a couple days ago, I got an email where someone tried to log into a crypto account I never used. They used the wrong password enough times to block the account. Again, I got lucky. But what about the weaker sites that don't block attempts, or don't warn you about it?

What about the sites they do get into and you never know about it?

I finally had to cave and just accept that being a Power User, "it wont happen to me", etc just isn't good enough. The weak chain in the link isn't you or me, it's sadly the banks and 3rd parties we work with.

And once that data is grabbed, it's shared on the web with millions having the potential to look at it. Then it's re-shared hundreds of times more. There is no defense for that other than trying to make it harder on criminals by changing passwords ( front end attacks ) and freezing credits ( back end attacks ), etc.

A lock on a bike just keeps an honest person, honest. If someone really wants your data, nothing will stop them. All we can do is try to keep the lower level criminals at bay with our methods.

.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.
Last edited:

ApparentHorizon

Platinum Contributor
Speedway Pass
User Power
Value/Post Ratio
301%
Apr 1, 2016
942
2,836
Greenville, SC
Take other people's security with your information seriously, as well.

I just found out about Privacy.com, where you can get virtual credit cards. If one of them gets compromised, just shut it down and create a new one. Instead of waiting for one from your bank, then having to change all of your automatic payments on 20 different sites.

Downside is the rewards suck/non-existent.

But if you're buying a couple of things here and there, that are only on non-verified sites, this is great. Ex. Website plugins.
 

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
519%
May 29, 2013
1,876
9,728
a few days ago I went to the bank.

i have a habit of checking my balance on my cell phone via their secure app at my bank so I know whats in the account before I go in. I tried to log in and it said no user was found with that username and password. I tried a few more times thinking I did the password wrong. Still nothing.

i finally reset the password and was able to get in and do what I needed at the bank.

when i got home, i logged in from my desktop to see what was up potentially. Same error again when I tried to log in now from home.

had to reset the password yet again.

once able to get in, i roamed the security settings and found out a linux device had been logging into my account daily 3-4 times a day at the same exact times every day for the past 90 days. It could have been more but the logs only went 90 days back.

I dont use linux to log into stuff, but I do use it on development servers I have. by the timestamps being the same, it looked like some cron job script was running and logging into my account. I checked the ach/wire/widthdrawl logs and nothing ever came out of my account ever. I do check balances a lot so I know nothing came out I seen before. Could it be some long forgotten app like quicken or mint or something else accessing my account I forgot about years ago? Maybe..

I changed my username and password and pin and have checked every day since and the linux machine is no longer logging in.

I have also had my credit frozen/paused/on hold for months now so I know I am good there too.

I've never gotten a login error before, but it just reaffirms what I have put in this thread before about changing not only passwords, but usernames too and how it isn't really me and you that are the security issue, but possibly other 3rd parties that have our data.

And yes, Im one of those people using VPN's for secure data transfer when I am out and about in public and have all the security settings and more in use to prevent people trying to see my data when I leave the house.

.
 

tommyz7

New Contributor
FASTLANE INSIDER
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
100%
Jun 30, 2018
19
19
Posts here are quite old but I wonder if any of you guys would consider crypto as a solution. Hear me out.

Long story short:
You can use a hardware wallet with USD stable coin and spend money directly from that wallet. This separates money management from your computer and removes the risk of viruses, unauthorized transactions etc.

I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?


Long story for those not familiar with crypto.

The device - let's call it a wallet :)
33514
You can connect it to your phone or computer with Bluetooth. It works right away like a headset.

How do I transfer USD to my wallet?
Ask someone to send you USD directly from their wallet. Alternatively, you can go to currency exchange like Uphold and exchange your bank USD to digital USD. and transfer USD to your wallet. This process is like going to ATM and depositing cash into your account, only digital. From now on, you are the only person in the world that can access and spend this money. I mean it, no hacker, no bank, no government can take it. They really can't, I know because they tried many times already :)

How can I spend the money?**
You go to any website and do your shopping as usual. At checkout, you connect your wallet to your computer. A payment request will be automatically sent to your wallet, check the amount, and confirm if everything is ok. That's it, paid, done.

What if I have a Virus on my computer?
The approval process happens inside the device so even if you have a virus on your computer, it cannot pull your key from the device. It's never recommended but you can use it on a computer with a virus present with no worries.

What if someone steals my wallet like they do with Credit Cards?
With this particular wallet, it's impossible as your wallet key is stored on the device itself and it never leaves it. It's never sent to a merchant nor to your computer so there is nothing to steal. Without that key, your money cannot be accessed.

What if I lose my wallet?
When you start the wallet for the first time, you need to write down 12 random words that the wallet generates for you. This is your way to recover the wallet if you lose a physical device. Keep them on paper in a safe place just in case! Remember, on paper, it's impossible to hack paper :)

No 2 factor authentication?
The wallet itself is already 2 factor authenticator itself. Forget SMS, emails. It's already proven you can hack accounts even with 2FA enabled so why bother.

What about passwords?
Ahh, passwords, forget about passwords, you no longer need them. You can set a PIN for your wallet if you want, tho.

It's all already available except spending.
**that part is still missing from the puzzle.

Again, I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Lyinx

Silver Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
128%
Oct 28, 2019
581
742
Lancaster County, PA
Posts here are quite old but I wonder if any of you guys would consider crypto as a solution. Hear me out.

Long story short:
You can use a hardware wallet with USD stable coin and spend money directly from that wallet. This separates money management from your computer and removes the risk of viruses, unauthorized transactions etc.

I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?


Long story for those not familiar with crypto.

The device - let's call it a wallet :)
View attachment 33514
You can connect it to your phone or computer with Bluetooth. It works right away like a headset.

How do I transfer USD to my wallet?
Ask someone to send you USD directly from their wallet. Alternatively, you can go to currency exchange like Uphold and exchange your bank USD to digital USD. and transfer USD to your wallet. This process is like going to ATM and depositing cash into your account, only digital. From now on, you are the only person in the world that can access and spend this money. I mean it, no hacker, no bank, no government can take it. They really can't, I know because they tried many times already :)

How can I spend the money?**
You go to any website and do your shopping as usual. At checkout, you connect your wallet to your computer. A payment request will be automatically sent to your wallet, check the amount, and confirm if everything is ok. That's it, paid, done.

What if I have a Virus on my computer?
The approval process happens inside the device so even if you have a virus on your computer, it cannot pull your key from the device. It's never recommended but you can use it on a computer with a virus present with no worries.

What if someone steals my wallet like they do with Credit Cards?
With this particular wallet, it's impossible as your wallet key is stored on the device itself and it never leaves it. It's never sent to a merchant nor to your computer so there is nothing to steal. Without that key, your money cannot be accessed.

What if I lose my wallet?
When you start the wallet for the first time, you need to write down 12 random words that the wallet generates for you. This is your way to recover the wallet if you lose a physical device. Keep them on paper in a safe place just in case! Remember, on paper, it's impossible to hack paper :)

No 2 factor authentication?
The wallet itself is already 2 factor authenticator itself. Forget SMS, emails. It's already proven you can hack accounts even with 2FA enabled so why bother.

What about passwords?
Ahh, passwords, forget about passwords, you no longer need them. You can set a PIN for your wallet if you want, tho.

It's all already available except spending.
**that part is still missing from the puzzle.

Again, I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?
Isn't this basically 2FA with a USB/smart key? you could do the same thing with a credit card and a smart USB key?

I don't carry a wallet on me (I have a shop on my property) so when I go to buy something online, I have all my accounts setup online or if I need my credit card info, it's written on a paper in my desk.

I get an email for every transaction, if I don't recognize it I would deny the transaction in near-real time.

Even my business credit cards all have emails print out within seconds of being processed, just in case they ever get stolen so I don't get a shock at the end of the week.

I hope my cards never get stolen, but I'm realistic, it's just a matter of time until I have a bad actor website that shares the info. If/when that happens, I'll be on it and deny the charges and they will have problems with my card company.

Much more convenient than having to plug/unplug, but I do see the benefits.
 

tommyz7

New Contributor
FASTLANE INSIDER
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
100%
Jun 30, 2018
19
19
Isn't this basically 2FA with a USB/smart key? you could do the same thing with a credit card and a smart USB key?

I don't carry a wallet on me (I have a shop on my property) so when I go to buy something online, I have all my accounts setup online or if I need my credit card info, it's written on a paper in my desk.

I get an email for every transaction, if I don't recognize it I would deny the transaction in near-real time.

Even my business credit cards all have emails print out within seconds of being processed, just in case they ever get stolen so I don't get a shock at the end of the week.

I hope my cards never get stolen, but I'm realistic, it's just a matter of time until I have a bad actor website that shares the info. If/when that happens, I'll be on it and deny the charges and they will have problems with my card company.

Much more convenient than having to plug/unplug, but I do see the benefits.

I'd say it's more like having a whole swiss bank in your pocket, not just 2FA :)

The above is just one of the possible solutions. Similarily as you have your credit cards setup, you could set up a crypto wallet in your browser or phone and pay wherever you want. The above example is the ultimate security but you can trade a little bit of that for a little bit of convenience with a mobile wallet.

The big difference is that with credit cards, you are being reactive. You are basically sitting and waiting to be attacked because that's how credit cards are designed. Every time you shop, you open access to your account and nothing can be done about that. With crypto wallets, however, you are being proactive. No one ever can access your account except you and payments do not expose your security. You pay it like good old cash, just digital.
 

Lyinx

Silver Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
128%
Oct 28, 2019
581
742
Lancaster County, PA
you might like this Privacy — Seamless & Secure Online Card Payments
it lets you set up single or multiple use credit cards, which pull $$$ from your regular banking account like a regular credit card... but you can turn it off whenever you feel like it :)
each card can be setup for one vendor
or you can set up a miscellaneous use card for one of the children with a maximum spend of $25/month for purchases.
Really weird, I went unto Amazon last night and this device that you had on your post showed up in my suggested field
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

bence03.02

New Contributor
Read Unscripted!
User Power
Value/Post Ratio
150%
Mar 22, 2021
4
6
Cyber Security Professional here, my list for hardening your machine that I came up with on the spot:
  1. Use a password manager. LastPass is fine, guard the file with your life :) Opensource cloud solutions like bitwarden are fine as well. Fully generated, different passwords everywhere, 19-25 characters long, it will auto-type, so you don't have to worry about it.
  2. Use MFA (Multi Factor Authentication) where you have sensitive data and you can. Time based One Time Password (TOTP) is the best, it is usually under the "Google authenticator" option. SMS is not really secure TBH, but it's more than nothing.
  3. Encrypt your hard drive. If your machine/laptop gets stolen at least nobody can access your data!
    1. Windows users: use Bitlocker, it is only available for Pro and better unfortunately...
    2. Linux: Encrypted LVM when installing
    3. Mac users: Check encryption when installing
  4. Regular updateson software that often accesses risky environments, some to keep in mind:
    1. Browser. A browser exploit is no fun, basically you open a website and they are in your machine. UPDATE
    2. Operating system
    3. PDF/Image/Document viewer/editor software
    4. Media players
  5. This is a hard one: only run trusted software. By trusted I mean it was downloaded from the official site and the site is "trusted", like Microsoft or other big company. I would never run an executable downloaded from freeportableprograms.com or something like that :) Torrents apply here.
  6. Run an Anti Virus softwarefor Windows/Mac maybe on the phone.
    1. But do not trust a file just because it did not find it dangerous. AV evasion is not that hard if the attacker is not a script kiddie.
  7. A good firewall that I can recommend is "Little snitch", it notifies for outgoing connections as well and you can deny/allow them. It is annoying at first though.
  8. Keep backups of the files that you need.
    1. If you get a ransomware, you don't need to pay them to decrypt your files, yay
  9. If you are suspecting of being infected, revoke all network access ASAP (phisically unplug the ethernet cable and turn off the WiFi), try to save your data without infecting the new machine and reinstall your operating system.
    1. You do not have to microwave the RAM though like in Mr. Robot
  10. Cover your cameras, unplug external microphones.
  11. Change your passwords every once in a while.
  12. Also, reinstall your machine every once in a while (once a year is not that much).
  13. If you are concerned about your USB drive's data, encrypt it:
    1. For linux users: LVM encrypted partition
    2. For windows Pro and above users: Bitlocker
    3. For anybody: Veracrypt (a free software)
    4. There are other solutions on the market with PIN locked encrypted devices.
  14. Be aware of scammers and social engineers, scam mails are getting more and more sophisticated. (eg. phishing link in the attached PDF which is hosted under windows.net to steal your MS account, it's crazy)
  15. Learn the difference between HTTP and HTTPS. If you use HTTP everything (passwords provided in the side included) can be seen by peers between you and the website. If you use WiFi, then everybody in the WiFi network can sniff your traffic and read it. If the WiFi is not password protected, they don't even need to be connedted and they can just sniff your traffic undetected.
  16. Treat WiFi with WEP protection as WiFi with no password. WPA2 is fine.
  17. Keep in mind, that a VPN does not mean that it's encrypted. Most of the time it is. But it is only encrypted between you and the VPN server, it is for sure not any more encrypted between the VPN server and the web server than default.
  18. Try to use the same third party payment system when using your card for payment (e.g. PayPal), Try not providing your card details to any random website, use the third party option when possible.
  19. If the site is really sketchy, use a virtual disposable card. Revolut has a free solution called "disposable card" which can be used only once, then it gets destroyed and another one will be generated for you.
  20. Your card should be disabled by default and be enabled when used (balance this to be convenient, I do not disable my phisical card, but I do disable the virtual cards that I use on the internet)
  21. Turn off contact-less payment on your card by default. If your bank do not allow it, store it in an RFID blocker, you get 10 of them for like $1 on Aliexpress. They look like this:
    1. 1625962747141.png
    2. There are more expensive wallets with the same function, they are fine as well.
  22. Don't do stupid sh!t
    1. Do not store your passwords in weird places like in self sent emails (I used to do that in high school)
I am starting to run out things to say :) I can rant about privacy as well, I am not an enthusiast about it, but I keep that in mind. Hit me up if you are interested!
 

EmotionEngine

Silver Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
212%
Sep 15, 2020
239
507
United States
BTW. If you're on Windows 10 now, make sure you update. The update is ready as of 7/9 if it didn't auto prompt you on taskbar. Type in "Windows Update" next to start button and click it. Check for updates.

 
G

Guest84834

Guest
Thankfully I use linux and don't execute shitty EXEs from Unknown sites.
If you really want security while travelling, buy a USB. Fine, if you already have one. Install TAILS on your usb and boot to it. Don't use any personal info while travelling. Only use Firefox for personal credentials. Use Tor for non sensitive things. These are all built in inside TAILS. TAILS changes your IP so that it won't be possible to trace back to you (except the ISP can see if you are using VPN or TOR). Use VPN if you want your hardearned cash to go down the drain. Always use open source software. Don't visit HTTP only sites. If you want a really good password manger, there are only two: Keepass or Bitwarden. Bitwarden is simple to use. If you are using Lastpass or any other stupid managers, you can simply export your passwords in a csv file and import it into Bitwarden. You can keep both lastpass and bitwarden. If you use bitcoin for purchases, use Electrum wallet - also built in app inside TAILS.

Quit Windows. It's is the source of all computer-borne illnesses. Install linux. Like right now.
Go here :

Install fedora workstation
Read the freaking documentation.
Don't follow youtube videos.

Double check if you are at the right sites. Bookmark all the sites you use, and don't use search to find a website. Example, you know that you are on the original paypal site if you see the bookmarked icon. Aside from that. Just use common sense.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.
G

Guest84834

Guest
Thankfully I use linux and don't execute shitty EXEs from Unknown sites.
If you really want security while travelling, buy a USB. Fine, if you already have one. Install TAILS on your usb and boot to it. Don't use any personal info while travelling. Only use Firefox for personal credentials. Use Tor for non sensitive things. These are all built in inside TAILS. TAILS changes your IP so that it won't be possible to trace back to you (except the ISP can see if you are using VPN or TOR). Use VPN if you want your hardearned cash to go down the drain. Always use open source software. Don't visit HTTP only sites. If you want a really good password manger, there are only two: Keepass or Bitwarden. Bitwarden is simple to use. If you are using Lastpass or any other stupid managers, you can simply export your passwords in a csv file and import it into Bitwarden. You can keep both lastpass and bitwarden. If you use bitcoin for purchases, use Electrum wallet - also built in app inside TAILS.

Quit Windows. It's is the source of all computer-borne illnesses. Install linux. Like right now.
Go here :

Install fedora workstation
Read the freaking documentation.
Don't follow youtube videos.


Double check if you are at the right sites. Bookmark all the sites you use, and don't use search to find a website. Example, you know that you are on the original paypal site if you see the bookmarked icon. Aside from that. Just use common sense.

EDIT: Don't use antivirus. Does more harm than good.
 

EmotionEngine

Silver Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
212%
Sep 15, 2020
239
507
United States
EDIT: Don't use antivirus. Does more harm than good.

I'll have to disagree with that and I've worked in tech for large companies 20 years. It really depends on what software you're using.
 

Kevin88660

Platinum Contributor
FASTLANE INSIDER
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
118%
Feb 8, 2019
3,432
4,059
Singapore
A good old fashion practice is to link your debit and credit card to an account with less deposits and keep all your other cash saving in another account.

Be safe than to be sorry. Only the paranoid will survive.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

nothingness

I make great coffee
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
203%
Mar 3, 2021
147
298
UK
Brute forcing is extremely easy, to combat it you just need a solid password.

How Long Would it Take to Crack Your Password? Find Out! - Randomize

Type in a similar password or your own and see how long it will take to brute force it.

Make sure your numbers are in a random sequence and your letters are also uppercase and lowercase.

As long as your password is decent brute forcing shouldn't be a problem.
You don't need to do all that. Just a three letter passphrase will do. No capitals, no numbers, though they do make it more difficult.
For example
gamerfearkangaroo:
Screenshot 2022-02-15 at 15-19-29 How Long Would it Take to Crack Your Password Find Out - Ran...png
A note about bitlocker, sometimes it goes wrong. I have btc on a hdd I encrypted with Bitlocker and despite knowing the password, it says it's wrong.
 

Attachments

  • Screenshot 2022-02-15 at 15-21-21 How Secure Is My Password Password Strength Checker.png
    Screenshot 2022-02-15 at 15-21-21 How Secure Is My Password Password Strength Checker.png
    38.2 KB · Views: 1

basedzoomer

Contributor
Read Fastlane!
User Power
Value/Post Ratio
91%
Feb 7, 2022
32
29
If you travel around with a laptop..

Full Disk Encryption is A MUST! Protects your laptop when it's stolen by thieves. (e.g. scamsters who try to swipe your belongings at airports)

Keep your laptop off when carrying it around. (After following prev step.) [DO NOT DISREGARD THIS STEP AS thieves will be able to break into a suspended/sleeping laptop :rofl: but not one which is full disk encrypted & turned off.]

If your laptop is not new, securely erase your hdd/ssd(how? interenet search) before doing full disk encryption on it. Else your prev data will be revealed to the person who steals it.

If it's a brand new laptop, FDE from the start. Think of it as some kind of burglar insurance :rofl:.
 

I Am I Said

Bronze Contributor
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
118%
Sep 14, 2017
126
149
Canada
I can already tell you did not treat your computer well. You had tons of random software, most of which, you probably got tricked into downloading, and then you never took the effort to clean your computer.
nonsense.

consider this, just happened on my network.

We lock everything up very tight, users have no admin rights on their PCs, constant virus scans, no software unapproved, etc.

But we're a very good target. Busy, profitable, just big enough, privately owned, growing fast, etc. Being targeted trumps every possible precaution.

Our A/R user got email-bombed. Over 1000 spam in 2 minutes. One OCD IT technician (beyond reproach: he part owns the business) went through every email and found the one that was being hidden: a confirmation from a customer that they had received our instructions to change banking information.

Obviously, we never sent the email they were confirming receipt of.

Scanning email headers revealed that the spoofed address was one character different than our domain. That domain was registered in Vietnam 5 months ago. It's unique enough to be useful for no other purpose.

We have mfa on every MS365 account. Our A/R user went back and checked every login. Nothing strange. We checked MS365 logs. Surprise! They were disabled a few days earlier.

Conclusion: despite excellent practices, mfa, all kinds of precautions, somebody got into our MS365 account. Then they monitored our email, and chose a customer - or more, we're still investigating - and brute-forced THEIR email, and spoofed an email from us, 30 minutes after we sent our banking info.

Here's the thing: neither my user nor my customer are capable of installing software on their computers. We use mfa. Customer doesn't, and didn't have a good password - but they were targeted BECAUSE we were targeted.

And then I read this:


We're still investigating, but it looks like this is how they got us.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Red.P-901

New Contributor
User Power
Value/Post Ratio
18%
Aug 30, 2022
11
2
I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.
1) Use linux or a *BSD (excluding MacOS)

2) Don't use google authentificator, use Aegis instead

3) This is the MINIMAL requirement: *FKddg0p+4Ot!fQP@y=p$

4)
Windows/Linux: keepassxc
Android: keepassxd
IOS: keepassium

5) OpenBSD

6) Lastpass got hacked

7)If you are really paranoiac, unplug the ethernet cable

8) Don't use Windows
 

vladikcm

Contributor
FASTLANE INSIDER
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
107%
Jul 2, 2022
56
60
Spain
Try Bitwarden for password management. It is free and Open Source. Great post!
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Kevin88660

Platinum Contributor
FASTLANE INSIDER
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
118%
Feb 8, 2019
3,432
4,059
Singapore
I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.
One good old school way is to limit the amount of money in the account that is linked at your card.

Any account that is linked to debit/credit card is inherently high risk.

Always set transaction limit too.

Always set two FA.

There are two ways to get your money out.

1)Bank Account login
2)Card authorization

Generally method 1 has much security measures inbuilt and 2FA mandated by the bank.
 

Iso

New Contributor
User Power
Value/Post Ratio
123%
Aug 1, 2021
13
16
I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.
Never thought about closing backdoors and blocking background processes normally I don't use autofill because I am afraid I'll get used to it so much I just forget my password when I need to type it.
 

MattR82

Gold Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
178%
Oct 4, 2015
1,394
2,480
41
Brisbane
1) Use linux or a *BSD (excluding MacOS)

2) Don't use google authentificator, use Aegis instead

3) This is the MINIMAL requirement: *FKddg0p+4Ot!fQP@y=p$

4)
Windows/Linux: keepassxc
Android: keepassxd
IOS: keepassium

5) OpenBSD

6) Lastpass got hacked

7)If you are really paranoiac, unplug the ethernet cable

8) Don't use Windows
Lastpass got hacked? Sheeeeiitt I hadn't heard that. It's something I've always been a bit worried about and even though I love LP, I won't recommend it to friends just in case something goes wrong.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

DuncDad

Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
User Power
Value/Post Ratio
87%
Jul 8, 2016
86
75
56
Brute forcing is extremely easy, to combat it you just need a solid password.

How Long Would it Take to Crack Your Password? Find Out! - Randomize

Type in a similar password or your own and see how long it will take to brute force it.

Make sure your numbers are in a random sequence and your letters are also uppercase and lowercase.

As long as your password is decent brute forcing shouldn't be a problem.
Sounds like a good thing, and mostly I agree EXCEPT places like PayPal only allow 20 character passwords, I try to make mine in the 90-100 character range
 

DuncDad

Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
User Power
Value/Post Ratio
87%
Jul 8, 2016
86
75
56
I have been thinking about using Lastpass.
My doubt - Is it safe to save password in lastpass? Whats your experience with them?

I am a little worried that Lastpass authorities can one day use all passwords they have and become trillionaires lol
I have used LastPass as well as LastPass Authenticator for many years. I have never had a problem. I do not know pretty much any og my passwords as they all 90-100 characters long, where allowed.
 

DuncDad

Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
User Power
Value/Post Ratio
87%
Jul 8, 2016
86
75
56
I think it is a little like covid, everyone will get hacked at some point. To make it harder you need better passwords AND 2FA for sure.

Now for the kicker - who has access to your 'digital estate' when you die?
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

MattL

Bronze Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
211%
Jan 31, 2014
83
175
32
Finland
I think it is a little like covid, everyone will get hacked at some point. To make it harder you need better passwords AND 2FA for sure.

Now for the kicker - who has access to your 'digital estate' when you die?
There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.
- John Chambers, Cisco's CEO

Another good tip is to change the username or email account instead of focusing on passwords. For important stuff, have one email account that you don't use for anything else. Just sign up for that one service with it and then leave it be.
 

piano

Trying to find the right notes
FASTLANE INSIDER
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
252%
Sep 21, 2022
452
1,140
Germany
Good to know, gonna take each action when I actually have a single cent on my pc some day
 

football4life

Contributor
Read Fastlane!
User Power
Value/Post Ratio
97%
Oct 16, 2022
32
31
Brute forcing is extremely easy, to combat it you just need a solid password.

How Long Would it Take to Crack Your Password? Find Out! - Randomize

Type in a similar password or your own and see how long it will take to brute force it.

Make sure your numbers are in a random sequence and your letters are also uppercase and lowercase.

As long as your password is decent brute forcing shouldn't be a problem.
Do you have a Macbook? I heard Macbooks are good for protecting your security
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Guest post submissions offered HERE.

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top