Take Your Computer Security Seriously! YOU Are At Risk!

[Deleted52191]

So true, it can happen to anyone. Great job at listing out the necessities to protect yourself @The-J. I would definitely recommend using LastPass to anyone looking for password protection software. It integrates directly with your browser and has the option to auto-fill your login information. Two-step authentication is a great feature to setup and enable as well for banking, social media, and anywhere else that stores any private data.

 

[LeoistheSun]

Did I mention PIA because its what I use: Anonymous VPN Service From The Leaders | Private Internet Access

Microsoft Defender is prob the best Antivirus if your using Win 10.

I also use Keepass (its encrypted) password database.

Ultimate Windows Tweaker

This has been shown to be ineffective.

If you want to use Linux, I recommend Kali Linux (its pretty secure)

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Penetration testers (aka ethical hackers) keep their versions very secure. Its also updated all the time. But any version of Linux will do. Preferably non-Ubuntu (if you dont trust Corporations).

 

[ruzara5]

It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

Yes. We live in a wonderful computer world. Full of scary thingys. And ever evolving masses of chewy nasty bits. Okay. Trying to add a little odd humor. Under personal computer usage. Always have a quality virus and malware cleaner protector. Keep it up to date. Include 'tough passwords on all you internet related logons both locally and over 'secure connections' Make the passwords 'strong or strongest'. IF it is something vital, important. Have a separate pc device. And only use it for certain important connections and logon operations on the internet. When NOT in use. Take is physically OFF the internet. AKA unplug the CAT5 cable. Place it in a safe place. This will decrease your threshhold for being hacked, spiked, and spoofed. Amidst other things. Remember you ARE your a first point of being more and most secure and safe.
Some instances of remote access that are interesting is to be aware of the latest methods used. One is the use of 'official email alerts' like the use of apple or other major brands that request you to 'click on the link below'. Can relate to the MAC and IP address. They grabbed it all the way from 'so called' Barcelona Spain and displayed the ip in the email. Location for the original and actual ip started in WA state. USA. Simply. That ip did change. That dynamic effect. Along with a good scrubbing malware cleaner. Interesting times we live in. Be safe.

 

[Victor152]

Do that, too. Trouble is, anyone can record you when you're on a Skype call (or any kind of call). So accept that responsibility, and be careful with whom you share your screen. I don't quite understand much of it myself, but apparently, there's metadata that can be used to help identify your machine and your IP address.

The big key, though, is no single point of failure.

Lastpass offers 2 factor authentication, and idle time-outs. You need both. If someone gets access to your device, and somehow knows your master password, they should still be unable to get into your password vault.

Not only that, if someone is able to get your phone's SIM and load your phone onto theirs, they should not be able to know your password

Do that, too. Trouble is, anyone can record you when you're on a Skype call (or any kind of call). So accept that responsibility, and be careful with whom you share your screen. I don't quite understand much of it myself, but apparently, there's metadata that can be used to help identify your machine and your IP address.

The big key, though, is no single point of failure.

Lastpass offers 2 factor authentication, and idle time-outs. You need both. If someone gets access to your device, and somehow knows your master password, they should still be unable to get into your password vault.

Not only that, if someone is able to get your phone's SIM and load your phone onto theirs, they should not be able to know your passwords.

For most people, if someone is able to get access to both your phone AND your computer (not too difficult if they're on the same network!), you're right F*cked. The chances of that happening are very, very low.

2 factor protects you from most executables (trojans, etc.) as well as from password leaks. Strong, unique passwords protect you from password leaks and brute force attacks.

Here's something to remember, though: a truly motivated hacker CAN get your sh*t. The most motivated hackers use social engineering to find the weakest link in the chain: stupid humans with access to your accounts.

I dont know if you can still see the ip of the person you are friends on skype but it for sure was possible some time ago.
I tried with my cousin and it worked

 

[TheCj]

I think the whole have a strong password thing is kind of a joke.

Most of these hackers attack larger database's and get 1000's or millions of passwords and info at one time. So doesn't matter if you have the most difficult password in the world, it's reduced to 1's and 0's somewhere, and that's the easiet place to get the password.

Just like seeing people worried and cover there pin code at atm's and gas stations. Meanwhile the actual threat is the atm machine or card reader itself has been compromised.

Yes it's good to have good passwords. It is better to limit exposure to an attack so not having your paypal account linked to a larger account etc... Or using credits card since they offer better protection when your account is compromised. I know lots of people don't realize the huge inconvenience and possible loss between getting money stolen from a debit card vs credit card. Debit card theft will require the bank to investigate and if they see that the money was stolen using your pin number you are most likely out of luck if you get anything back at all. This is all after they investigate checking camera's etc.. which can take time. As opposed to credit card theft one call they will go over the fraudulent charges, issue you a new card and off you go.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[100ToOne]

Strong passwordS. As in, different passwords for each site.

The real threat is not just getting one account hacked, it's a hacker getting access to your password, running your email address through a tool that searches websites that have an account with that address, then trying that one password in every site (and successfully breaking in).

You can't prevent data breaches, and you can't fix another business's security, but you can minimize the damage done.

Great point.

A few friends of mine used to actually hack other people's computers back in the day, through Trojans and social engineering. And let me tell you there's a million ways to hack you once they put you in their mind. ESPECIALLY if you're just a normal non-tech guy. Which to be honest is most of the human race. So the point @The-J makes is very true. Whilst it's extremely hard to let them out, you can make sure that once they're in you take the least damage.

Another point from personal experience: Anti-viruses only catch threats which were usually made by "noobs" or old binding techniques...the more experienced will make sure it will never be detected by any Anti-Virus app...they even use VirusTotal to test their files lol...

And I'm just talking about normal teenage computer fanatics...
Imagine some U.S or Russian hacking geniuses out there...

 

[SquatchMan]

Bump this...

What else is everyone using?

I am going through a big security upgrade. I have been the laziest person on earth about this. I had like 3 reused crappy passwords for 100 different services. I even had a google home (wiretap). I decided I needed to take this way more seriously.

I recently got NordVPN, which I try to use most of the time on browsing devices. When I get fiber soon, I will install Nord on the router.

I use Lastpass to make like 30+ character passwords. I am changing my old 5 year old passwords to these new lastpass passwords as I log into these services.

I force Firefox to forget everything and log me out of everything every time I close it. I use a 2 factor authenticator on several services that allow for it, I am adding more daily as I use them.

I have the regular Windows Defender that comes with 10 Pro.

I switched out my text message app with Signal a while back which is only as good as your network of peers that also have it.

Wow. Forgot about this thread. It looks like you got everything covered.

iPhone has the best phone security by far. It's not even close.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Kak]

Wow. Forgot about this thread. It looks like you got everything covered.

iPhone has the best phone security by far. It's not even close.

I have not heard this!

What makes an iphone more secure than say a flagship samsung?

 

[SquatchMan]

I have not heard this!

What makes an iphone more secure than say a flagship samsung?

A few things. Android has a laxer app store, less frequent updates, and they transmit phone data to Google (easier to intercept). It's pretty much accepted in the security industry that iOS has the best security. I've never seen anyone say otherwise.

However, I doubt it truly matters unless you have top-secret information.

You can see for yourself by comparing the price of zero-day exploits for iOS.

ZERODIUM - How to Sell Your Zero-Day (0day) Exploit to ZERODIUM

ZERODIUM is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research. Our platform allows security researchers to sell their 0day (zero-day) exploits for the highest rewards.

www.zerodium.com

 

[ApparentHorizon]

https://haveibeenpwned.com/

 

[Lyinx]

Posts here are quite old but I wonder if any of you guys would consider crypto as a solution. Hear me out.

Long story short:
You can use a hardware wallet with USD stable coin and spend money directly from that wallet. This separates money management from your computer and removes the risk of viruses, unauthorized transactions etc.

I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?


Long story for those not familiar with crypto.

The device - let's call it a wallet
View attachment 33514
You can connect it to your phone or computer with Bluetooth. It works right away like a headset.

How do I transfer USD to my wallet?
Ask someone to send you USD directly from their wallet. Alternatively, you can go to currency exchange like Uphold and exchange your bank USD to digital USD. and transfer USD to your wallet. This process is like going to ATM and depositing cash into your account, only digital. From now on, you are the only person in the world that can access and spend this money. I mean it, no hacker, no bank, no government can take it. They really can't, I know because they tried many times already

How can I spend the money?**
You go to any website and do your shopping as usual. At checkout, you connect your wallet to your computer. A payment request will be automatically sent to your wallet, check the amount, and confirm if everything is ok. That's it, paid, done.

What if I have a Virus on my computer?
The approval process happens inside the device so even if you have a virus on your computer, it cannot pull your key from the device. It's never recommended but you can use it on a computer with a virus present with no worries.

What if someone steals my wallet like they do with Credit Cards?
With this particular wallet, it's impossible as your wallet key is stored on the device itself and it never leaves it. It's never sent to a merchant nor to your computer so there is nothing to steal. Without that key, your money cannot be accessed.

What if I lose my wallet?
When you start the wallet for the first time, you need to write down 12 random words that the wallet generates for you. This is your way to recover the wallet if you lose a physical device. Keep them on paper in a safe place just in case! Remember, on paper, it's impossible to hack paper

No 2 factor authentication?
The wallet itself is already 2 factor authenticator itself. Forget SMS, emails. It's already proven you can hack accounts even with 2FA enabled so why bother.

What about passwords?
Ahh, passwords, forget about passwords, you no longer need them. You can set a PIN for your wallet if you want, tho.

It's all already available except spending.
**that part is still missing from the puzzle.

Again, I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?

Isn't this basically 2FA with a USB/smart key? you could do the same thing with a credit card and a smart USB key?

I don't carry a wallet on me (I have a shop on my property) so when I go to buy something online, I have all my accounts setup online or if I need my credit card info, it's written on a paper in my desk.

I get an email for every transaction, if I don't recognize it I would deny the transaction in near-real time.

Even my business credit cards all have emails print out within seconds of being processed, just in case they ever get stolen so I don't get a shock at the end of the week.

I hope my cards never get stolen, but I'm realistic, it's just a matter of time until I have a bad actor website that shares the info. If/when that happens, I'll be on it and deny the charges and they will have problems with my card company.

Much more convenient than having to plug/unplug, but I do see the benefits.

 

[tommyz7]

Isn't this basically 2FA with a USB/smart key? you could do the same thing with a credit card and a smart USB key?

I don't carry a wallet on me (I have a shop on my property) so when I go to buy something online, I have all my accounts setup online or if I need my credit card info, it's written on a paper in my desk.

I get an email for every transaction, if I don't recognize it I would deny the transaction in near-real time.

Even my business credit cards all have emails print out within seconds of being processed, just in case they ever get stolen so I don't get a shock at the end of the week.

I hope my cards never get stolen, but I'm realistic, it's just a matter of time until I have a bad actor website that shares the info. If/when that happens, I'll be on it and deny the charges and they will have problems with my card company.

Much more convenient than having to plug/unplug, but I do see the benefits.

I'd say it's more like having a whole swiss bank in your pocket, not just 2FA

The above is just one of the possible solutions. Similarily as you have your credit cards setup, you could set up a crypto wallet in your browser or phone and pay wherever you want. The above example is the ultimate security but you can trade a little bit of that for a little bit of convenience with a mobile wallet.

The big difference is that with credit cards, you are being reactive. You are basically sitting and waiting to be attacked because that's how credit cards are designed. Every time you shop, you open access to your account and nothing can be done about that. With crypto wallets, however, you are being proactive. No one ever can access your account except you and payments do not expose your security. You pay it like good old cash, just digital.

 

[Lyinx]

you might like this Privacy — Seamless & Secure Online Card Payments
it lets you set up single or multiple use credit cards, which pull $$$ from your regular banking account like a regular credit card... but you can turn it off whenever you feel like it
each card can be setup for one vendor
or you can set up a miscellaneous use card for one of the children with a maximum spend of $25/month for purchases.
Really weird, I went unto Amazon last night and this device that you had on your post showed up in my suggested field

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[EmotionEngine]

BTW. If you're on Windows 10 now, make sure you update. The update is ready as of 7/9 if it didn't auto prompt you on taskbar. Type in "Windows Update" next to start button and click it. Check for updates.

Microsoft's Windows security flaw is a big deal. Here's what you can do about it | CNN Business

Microsoft's latest security vulnerability could have a lingering impact both on consumers and businesses at a time when many around the world are already on high alert for disruptive cyber attacks.

www.cnn.com

 

[Guest84834]

Thankfully I use linux and don't execute shitty EXEs from Unknown sites.
If you really want security while travelling, buy a USB. Fine, if you already have one. Install TAILS on your usb and boot to it. Don't use any personal info while travelling. Only use Firefox for personal credentials. Use Tor for non sensitive things. These are all built in inside TAILS. TAILS changes your IP so that it won't be possible to trace back to you (except the ISP can see if you are using VPN or TOR). Use VPN if you want your hardearned cash to go down the drain. Always use open source software. Don't visit HTTP only sites. If you want a really good password manger, there are only two: Keepass or Bitwarden. Bitwarden is simple to use. If you are using Lastpass or any other stupid managers, you can simply export your passwords in a csv file and import it into Bitwarden. You can keep both lastpass and bitwarden. If you use bitcoin for purchases, use Electrum wallet - also built in app inside TAILS.

Quit Windows. It's is the source of all computer-borne illnesses. Install linux. Like right now.
Go here :

Fedora Linux

An innovative platform for hardware, clouds, and containers, built with love by you.

getfedora.org

Install fedora workstation
Read the freaking documentation.
Don't follow youtube videos.

Double check if you are at the right sites. Bookmark all the sites you use, and don't use search to find a website. Example, you know that you are on the original paypal site if you see the bookmarked icon. Aside from that. Just use common sense.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[Kevin88660]

A good old fashion practice is to link your debit and credit card to an account with less deposits and keep all your other cash saving in another account.

Be safe than to be sorry. Only the paranoid will survive.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[nothingness]

Brute forcing is extremely easy, to combat it you just need a solid password.

How Long Would it Take to Crack Your Password? Find Out! - Randomize

Type in a similar password or your own and see how long it will take to brute force it.

Make sure your numbers are in a random sequence and your letters are also uppercase and lowercase.

As long as your password is decent brute forcing shouldn't be a problem.

You don't need to do all that. Just a three letter passphrase will do. No capitals, no numbers, though they do make it more difficult.
For example
gamerfearkangaroo:

A note about bitlocker, sometimes it goes wrong. I have btc on a hdd I encrypted with Bitlocker and despite knowing the password, it says it's wrong.

 

[basedzoomer]

If you travel around with a laptop..

Full Disk Encryption is A MUST! Protects your laptop when it's stolen by thieves. (e.g. scamsters who try to swipe your belongings at airports)

Keep your laptop off when carrying it around. (After following prev step.) [DO NOT DISREGARD THIS STEP AS thieves will be able to break into a suspended/sleeping laptop but not one which is full disk encrypted & turned off.]

If your laptop is not new, securely erase your hdd/ssd(how? interenet search) before doing full disk encryption on it. Else your prev data will be revealed to the person who steals it.

If it's a brand new laptop, FDE from the start. Think of it as some kind of burglar insurance .

 

[Red.P-901]

I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.

1) Use linux or a *BSD (excluding MacOS)

2) Don't use google authentificator, use Aegis instead

3) This is the MINIMAL requirement: *FKddg0p+4Ot!fQP@y=p$

4)
Windows/Linux: keepassxc
Android: keepassxd
IOS: keepassium

5) OpenBSD

6) Lastpass got hacked

7)If you are really paranoiac, unplug the ethernet cable

8) Don't use Windows

 

[Red.P-901]

ecure source (AUR)

The AUR is not a secure source

 

[Kevin88660]

I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.

One good old school way is to limit the amount of money in the account that is linked at your card.

Any account that is linked to debit/credit card is inherently high risk.

Always set transaction limit too.

Always set two FA.

There are two ways to get your money out.

1)Bank Account login
2)Card authorization

Generally method 1 has much security measures inbuilt and 2FA mandated by the bank.

 

[Iso]

I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.

Never thought about closing backdoors and blocking background processes normally I don't use autofill because I am afraid I'll get used to it so much I just forget my password when I need to type it.

 

[MattR82]

1) Use linux or a *BSD (excluding MacOS)

2) Don't use google authentificator, use Aegis instead

3) This is the MINIMAL requirement: *FKddg0p+4Ot!fQP@y=p$

4)
Windows/Linux: keepassxc
Android: keepassxd
IOS: keepassium

5) OpenBSD

6) Lastpass got hacked

7)If you are really paranoiac, unplug the ethernet cable

8) Don't use Windows

Lastpass got hacked? Sheeeeiitt I hadn't heard that. It's something I've always been a bit worried about and even though I love LP, I won't recommend it to friends just in case something goes wrong.

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[DuncDad]

Brute forcing is extremely easy, to combat it you just need a solid password.

How Long Would it Take to Crack Your Password? Find Out! - Randomize

Type in a similar password or your own and see how long it will take to brute force it.

Make sure your numbers are in a random sequence and your letters are also uppercase and lowercase.

As long as your password is decent brute forcing shouldn't be a problem.

Sounds like a good thing, and mostly I agree EXCEPT places like PayPal only allow 20 character passwords, I try to make mine in the 90-100 character range

 

[DuncDad]

I have been thinking about using Lastpass.
My doubt - Is it safe to save password in lastpass? Whats your experience with them?

I am a little worried that Lastpass authorities can one day use all passwords they have and become trillionaires lol

I have used LastPass as well as LastPass Authenticator for many years. I have never had a problem. I do not know pretty much any og my passwords as they all 90-100 characters long, where allowed.

 

[DuncDad]

I think it is a little like covid, everyone will get hacked at some point. To make it harder you need better passwords AND 2FA for sure.

Now for the kicker - who has access to your 'digital estate' when you die?

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

[piano]

Good to know, gonna take each action when I actually have a single cent on my pc some day

 

[football4life]

Brute forcing is extremely easy, to combat it you just need a solid password.

How Long Would it Take to Crack Your Password? Find Out! - Randomize

Type in a similar password or your own and see how long it will take to brute force it.

Make sure your numbers are in a random sequence and your letters are also uppercase and lowercase.

As long as your password is decent brute forcing shouldn't be a problem.

Do you have a Macbook? I heard Macbooks are good for protecting your security

 

Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.