The Entrepreneur Forum | Financial Freedom | Starting a Business | Motivation | Money | Success

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

Join over 80,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.

Free registration at the forum removes this block.

Take Your Computer Security Seriously! YOU Are At Risk!

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
I didn't think it would happen to me.

A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.

Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.

That's impossible, I said. I wouldn't do that. I would know!

"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."

I kept saying "F*ck Paypal" over and over, until I realized what had happened.

My computer was hacked.

I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.

All I know, is that I was vulnerable... and they got me.

It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.

After several virus scans with different software, I found out that I was, indeed, infected.

I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.

Yes, YOU are at risk.

I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.

You, however, might not be so lucky.

I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?

Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.

The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.

My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.

So, if you think you're not an idiot, let me run you through a checklist of things you must have.

1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.

2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.

3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.

4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.

5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.

6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).

7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)

8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.

After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.

However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)

Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.

Protect your a$$.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

nradam123

Silver Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
165%
Mar 14, 2016
413
682
33
I have been thinking about using Lastpass.
My doubt - Is it safe to save password in lastpass? Whats your experience with them?

I am a little worried that Lastpass authorities can one day use all passwords they have and become trillionaires lol
 

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
I am a little worried that Lastpass authorities can one day use all passwords they have and become trillionaires lol

Lastpass encrypts your password database and stores it on their cloud servers. It's impossible to recover if you forget your master password; even Lastpass can't do it for you. Your master password encrypts your database on your local computer, and is not stored on LastPass's database.

Change your master passwords often.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.
G

GuestUser450

Guest
I have been thinking about using Lastpass.
My doubt - Is it safe to save password in lastpass? Whats your experience with them?

I am a little worried that Lastpass authorities can one day use all passwords they have and become trillionaires lol

I like lastpass (logmein is parent co.)

Nothing is completely safe but I feel better with a paid service over a free one. Incentives.
 

amp0193

Legendary Contributor
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
445%
May 27, 2013
3,625
16,133
United States
Protect your a$$.

I'm not doing any of these things, except I have 2-factor auth on google, and added it on Paypal after reading your post yesterday.

Thanks for the easily digestible list.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
Tape over mics and camera.

Do that, too. Trouble is, anyone can record you when you're on a Skype call (or any kind of call). So accept that responsibility, and be careful with whom you share your screen. I don't quite understand much of it myself, but apparently, there's metadata that can be used to help identify your machine and your IP address.

The big key, though, is no single point of failure.

Lastpass offers 2 factor authentication, and idle time-outs. You need both. If someone gets access to your device, and somehow knows your master password, they should still be unable to get into your password vault.

Not only that, if someone is able to get your phone's SIM and load your phone onto theirs, they should not be able to know your passwords.

For most people, if someone is able to get access to both your phone AND your computer (not too difficult if they're on the same network!), you're right F*cked. The chances of that happening are very, very low.

2 factor protects you from most executables (trojans, etc.) as well as from password leaks. Strong, unique passwords protect you from password leaks and brute force attacks.

Here's something to remember, though: a truly motivated hacker CAN get your shit. The most motivated hackers use social engineering to find the weakest link in the chain: stupid humans with access to your accounts.
 

tspzo

New Contributor
Read Fastlane!
User Power
Value/Post Ratio
156%
Jul 31, 2016
9
14
New York
All my passwords are unique for each site, and they're all diceware phrases. You roll dice and the numbers correspond to random words, symbols and numbers, forming a sentence. For example, "Timid @ cement 1776 gag you're beaches" is easier to memorize than a random string of characters. No password left on your clipboard and it's a strong one, good luck brute forcing that.
I've got a win10 drive with nothing valuable on it I don't care what happens to it. I've got a separate manjaro drive for important stuff, I like manjaro because you get a lot of tools with the installation and if you need more you get them from a secure source (AUR) and the benefit of not being susceptible to windows malware although it's by no means a tight ship.
Here's something to remember, though: a truly motivated hacker CAN get your shit. The most motivated hackers use social engineering to find the weakest link in the chain: stupid humans with access to your accounts.
People who think their systems are impenetrable are the ones who are victimized the most. Maybe they do have decent software, but the peace of mind that comes with it makes them prime targets for social engineering.
There's a guy named Derren Brown who made a video where he'd simply ask strangers to count from 0 to 10 and then guessed their phone passcode based on the ways those people pronounced the numbers. They didn't realize they'd given away their passcode. I can't find the video, but here's one where he pays for stuff with blank paper.
He maintains that this is done on the unsuspecting and skeptical. Prime targets.
 

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
All my passwords are unique for each site, and they're all diceware phrases. You roll dice and the numbers correspond to random words, symbols and numbers, forming a sentence. For example, "Timid @ cement 1776 gag you're beaches" is easier to memorize than a random string of characters. No password left on your clipboard and it's a strong one, good luck brute forcing that.
I've got a win10 drive with nothing valuable on it I don't care what happens to it. I've got a separate manjaro drive for important stuff, I like manjaro because you get a lot of tools with the installation and if you need more you get them from a secure source (AUR) and the benefit of not being susceptible to windows malware although it's by no means a tight ship.

People who think their systems are impenetrable are the ones who are victimized the most. Maybe they do have decent software, but the peace of mind that comes with it makes them prime targets for social engineering.
There's a guy named Derren Brown who made a video where he'd simply ask strangers to count from 0 to 10 and then guessed their phone passcode based on the ways those people pronounced the numbers. They didn't realize they'd given away their passcode. I can't find the video, but here's one where he pays for stuff with blank paper.
He maintains that this is done on the unsuspecting and skeptical. Prime targets.]

If you don't use a password manager, passphrases are the way to go (with added special characters). There are good and bad passphrases, though.

Good:
  • Phrases of seemingly random words
  • A list of important things in your life
  • The last names of 5 celebrity crushes spelled backwards
Bad:
  • Song lyrics (X.gonna.give.it.to.ya)
  • Movie or TV casts (Mchale.Jacobs.Brie.Glover.Brown)
  • A list of important people in your life (Mum.Dad.Rover.Sister.Brother)
It's good to keep in mind that you're very, very unlikely to be brute forced.

What's more likely to happen is you having some sort of trojan on your computer. (Actually, what's most common is losing your phone or your computer, and if that happens, someone should NOT be able to have access to your bank accounts, your business correspondence, or your personal information!)

Some important additional notes on 2-factor authentication:
  • People who know your 2 factor authentication number are able to get access to your phone. It's not easy, but it's possible.
  • People who know your recovery e-mail can turn off your 2-factor authentication and leave you blind.
The solution: A burner phone and a safety e-mail. Neither of these should EVER be used for any correspondence of any kind, nor should they EVER be given out to anyone. They should also not be in your name. (The e-mail one is easy enough: the burner phone is a little harder. But get your grandma to open up a phone for you, and you pay the bill with a Walmart money card that you transfer money into every month.)

I went a little overboard with my security. I now have a computer logon password that is a random string and more than 20 characters. But F*ck it!

The key is having no SINGLE point of failure. Someone has access to your computer? They can't get access to shit without your phone. Someone remotes into your phone? Oh, they don't know any of your passwords and can't log into anything. Someone gets both? They need to know your master passwords. Someone gets all of it? Well, you're somewhat F*cked, but since you have a safety e-mail, you can stop a lot from happening and you're not going at it blind. Someone steals your safety e-mail and burner phone, too? Can't get access to anything? Well, they just did the Internet equivalent of coming into your house in full SWAT gear, guns drawn, and tied you up. That takes quite a bit of work. The chances of that happening to you are slim, but you still need to be prepared.

Make it as difficult as possible to get access to your phone and computer, even if they have it in front of them.

Nobody in the world is unhackable. Not even the President of the United States. Think like a hacker and plan your security around that.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

devine

Gold Contributor
Read Fastlane!
Apr 16, 2015
761
1,446
Russia
Jay, one small advice that helped me personally:
Get yourself a brand new phone and brand new laptop exclusively for all activities where money is involved.
Trust me, it's worth it.

I know people who got their accounts, with 2-step-authentification (!!!), hacked with help of GSM operators, so take care.
 
Last edited:

MJ DeMarco

I followed the science; all I found was money.
Staff member
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
445%
Jul 23, 2007
38,025
169,143
Utah

Vitom

Bronze Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
149%
Jul 18, 2016
71
106
31
Virginia Beach
Jay, one small advice that helped me personally:
Get yourself a brand new phone and brand new laptop for all activities where money involved.
Trust me, it's worth it.

I know people who got their accounts, with 2-step-authentification (!!!), hacked with help of GSM operators, so take care.


and sell the old ones to some unfortunate soul.
 
G

GuestUser450

Guest
You on a MAC or PC?
I use both. PC desktop, Mac laptop that will probably be replaced with a surface something, if not a chromebook.

Big Apple user, love the hardware but their bugs and mistakes don't build confidence. Weird to say but windows seems more secure right now, they're doing a lot of things right.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Ninjakid

Platinum Contributor
Speedway Pass
User Power
Value/Post Ratio
217%
Jun 23, 2014
1,936
4,206
Buddy Guy Eh
Don't open attachments or click on links from emails you don't know. If your device gets loaded with a rootkit, you're F*cked.

Jay, one small advice that helped me personally:
Get yourself a brand new phone and brand new laptop exclusively for all activities where money is involved.
Trust me, it's worth it.

I know people who got their accounts, with 2-step-authentification (!!!), hacked with help of GSM operators, so take care.
This is actually solid advice.
 

Tiger TT

Bronze Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
198%
Dec 25, 2015
141
279
41
I would like to add this:

* Use your phone's internet connection instead
of a public wifi whenever you can.

As far was I know, this is safer than using a
VPN + public wifi combination.
 

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
You on a MAC or PC?

PC, Windows 10.

PCs are more vulnerable than Macs, however Macs are still vulnerable.

Get yourself a brand new phone and brand new laptop exclusively for all activities where money is involved.
Trust me, it's worth it.

100%. You need a burner phone. A burner computer, I hadn't thought of that. It's excellent advice, especially if you do a lot of downloading.

Someone can get you, and all they need to know is your full name and your phone number. With a little bit of social engineering (basically calling your phone provider and claiming to be you), they can have YOUR SIM sent to their house.

Don't believe me? It happened to several Youtubers with over 1M subscribers. One of them is planning to sue Verizon over what happened... however, it wasn't only Verizon that did this.

* Use your phone's internet connection instead
of a public wifi whenever you can.

As far was I know, this is safer than using a
VPN + public wifi combination.

Public Wifi can never be guaranteed to be safe. If you have the amount of data to support it, then using data is a safer option.

I never do any money transfers or anything like this using my phone's applications.

Just wanted to add: physical security keys. Get one.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

Justin Gesso

Bronze Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
134%
Jun 4, 2014
122
164
Colorado
Great thread. Sorry this happened to you.

Recently, my parents got hit with a ransomware-like virus. Basically, it encrypted most files on their computer, including photos, videos, Office documents, etc.. Their backup was a local USB hard drive. Unfortunately, the virus also went out to that and locked up their backups.

They never got the prompt to pay the ransom and receive an unlock key, which meant they lost their entire digital life.

About 10 years of photos...gone.

All of the files they put together over that time...gone.

My mom was working on a book for the last 3 years and was almost done. That got wiped out, but we found a few older versions she had sent in email.

Basically, this was absolutely devastating and they felt robbed. They would have paid a huge amount to get these personal files back.

We had numerous people (including some of my A-class software engineer buddies in India) try to recover their files with no luck.

My Security Recommendations as a Result:

  1. Follow the things already mentioned here in this thread, namely Lastpass, password best practices, Google 2FA.
  2. Test your backup and recovery solution.
  3. Use multiple backup solutions, including cloud.
  4. In the postmortem of this event, it was determined the virus came in through a shared Microsoft Word doc. Since my parents were using Office 2007, they were vulnerable. So...don't use end-of-support software. They've since upgraded to Office 365. Use cloud apps where possible.
A simple solution is to go Chromebook + cloud apps with solid password practices.
 

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
Recently, my parents got hit with a ransomware-like virus. Basically, it encrypted most files on their computer, including photos, videos, Office documents, etc.. Their backup was a local USB hard drive. Unfortunately, the virus also went out to that and locked up their backups.

They never got the prompt to pay the ransom and receive an unlock key, which meant they lost their entire digital life.

Ransomware is the most dangerous virus threat out there today. If you get hit with ransomware at the wrong time, like while writing a thesis or while building a software program, you could be F*cked.

The key with ransomware is backups. As you said: local (on your hard drive), peripheral (on an external hard drive), and cloud (on the Internet) backups, as well as a consistent backup schedule. Keep whatever you're working on separate from your disk image backups. Google Drive, Dropbox, these things are excellent for backing up files.

---

Computer security, in general, is made up of 'common sense' rules that should be followed. Protect your a$$ with tools and security measures, of course, but nothing beats good habits.

Some everyday habits to keep your computer security strong:
  1. Be careful what you download. You might want to steer clear of strange torrents, or strange files delivered by a client or customer. If you're suspicious of a file, don't open it. And, before you open anything, hit it with a virus scan like Malwarebytes.
  2. Be careful of what sites you visit. Keep your visited sites to a minimum. Even sites linked to on Reddit could be unsafe.
  3. Don't click on ads. Use an Adblocker (uBlock Origin is excellent). I know a lot of us, including myself, are in the ad business. But it's better to be safe than sorry.
  4. Clean your computer regularly. CCleaner is excellent for this.
  5. Back up your computer regularly.
 

ilrein

Silver Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
153%
Oct 1, 2012
390
597
32
That's quite unfortunate.

But I can already tell you did not treat your computer well. You had tons of random software, most of which, you probably got tricked into downloading, and then you never took the effort to clean your computer. I can slightly empathize, as most decent malware will resist being deleted. But every instance in my life where I was sure I had some illicit software installed on my computer, I went to the ends of the Earth to remove it. Regardless of the initial difficulties designed to prevent such actions. I must have been 12 when I learned about booting into Safe Mode in order to Add/Remove Programs. On Mac, you need to identify which applications are malicious and then
kill -9 PROCESS_ID

Of course, hindsight is 20/20, and I'm sure you beat yourself up more than anyone else would. 1200, all in all, is a pretty inexpensive lesson. Treat your computer like a third arm. There should be no blotches. You should recognize a malign tumour instantly.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

The-J

Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
264%
Aug 28, 2011
4,198
11,076
Ontario
That's quite unfortunate.

But I can already tell you did not treat your computer well. You had tons of random software, most of which, you probably got tricked into downloading, and then you never took the effort to clean your computer. I can slightly empathize, as most decent malware will resist being deleted. But every instance in my life where I was sure I had some illicit software installed on my computer, I went to the ends of the Earth to remove it. Regardless of the initial difficulties designed to prevent such actions. I must have been 12 when I learned about booting into Safe Mode in order to Add/Remove Programs. On Mac, you need to identify which applications are malicious and then

Of course, hindsight is 20/20, and I'm sure you beat yourself up more than anyone else would. 1200, all in all, is a pretty inexpensive lesson. Treat your computer like a third arm. There should be no blotches. You should recognize a malign tumour instantly.

I've fixed countless computers. I've removed tons of viruses. I did this shit for money back in high school, and I still got caught unaware.

Many zero-day threats remain undetected for some time. You are not immune. No one is.

I actually did not have tons of random software. I don't install much software. I don't do a lot of Internet piracy (not like I used to). I don't have a single cracked program on my computer, not a single keygen, nothing of the sort.

I don't play very many online games. The only programs I use on a regular basis are Skype, Office programs, Chrome, and Slack.

There's not a single Task Manager process currently running that I do not recognize.

I'll likely end up doing a clean install on this computer.

I really don't know what you're trying to prove with your post?
 

ilrein

Silver Contributor
Read Fastlane!
Speedway Pass
User Power
Value/Post Ratio
153%
Oct 1, 2012
390
597
32
I've fixed countless computers. I've removed tons of viruses. I did this shit for money back in high school, and I still got caught unaware.

Many zero-day threats remain undetected for some time. You are not immune. No one is.

I actually did not have tons of random software. I don't install much software. I don't do a lot of Internet piracy (not like I used to). I don't have a single cracked program on my computer, not a single keygen, nothing of the sort.

I don't play very many online games. The only programs I use on a regular basis are Skype, Office programs, Chrome, and Slack.

There's not a single Task Manager process currently running that I do not recognize.

I'll likely end up doing a clean install on this computer.

I really don't know what you're trying to prove with your post?

Truthfully, this would be the first instance of such an occurrence I've heard where the end user has a reasonable amount of security awareness. A bit scary, I suppose.
 

Ultra Magnus

Bronze Contributor
Read Fastlane!
Read Unscripted!
Speedway Pass
User Power
Value/Post Ratio
194%
Oct 9, 2015
94
182
Thanks for the heads-up, men.

I didn't click "like/thanks" on some of the posts because although valuable, they made me feel uneasy. Especially that con man paying with sheets of blank paper in New York (thank heavens for the fat guy getting out of a BMW i8 thread in the funnies section, did wonders to clear my mind).

It appears that the best course of action for securing online business activities is to get a cheap netbook with a LAN port (for wired connections only), then install Linux and the other apps and safety precautions that posters in this thread recommended. Get all the games, CAD software and everyday use stuff on your proper computer with less hardcore security to protect your sanity. As a matter of course, your business and private bank accounts should also be separate.

A burner phone is a great idea, but it might be a total PITA to pull off in today's world of ubiquitous "anti-terrorist" government spying.

How about TOR for browsing? I'm not much of an expert in computer security, but it makes your device almost untraceable, right? Does that help in terms of not getting your money stolen? I've never used it because it's supposed to make your connection slower.
 
Dislike ads? Remove them and support the forum: Subscribe to Fastlane Insiders.

devine

Gold Contributor
Read Fastlane!
Apr 16, 2015
761
1,446
Russia
Thanks for the heads-up, men.

I didn't click "like/thanks" on some of the posts because although valuable, they made me feel uneasy. Especially that con man paying with sheets of blank paper in New York (thank heavens for the fat guy getting out of a BMW i8 thread in the funnies section, did wonders to clear my mind).

It appears that the best course of action for securing online business activities is to get a cheap netbook with a LAN port (for wired connections only), then install Linux and the other apps and safety precautions that posters in this thread recommended. Get all the games, CAD software and everyday use stuff on your proper computer with less hardcore security to protect your sanity. As a matter of course, your business and private bank accounts should also be separate.

A burner phone is a great idea, but it might be a total PITA to pull off in today's world of ubiquitous "anti-terrorist" government spying.

How about TOR for browsing? I'm not much of an expert in computer security, but it makes your device almost untraceable, right? Does that help in terms of not getting your money stolen? I've never used it because it's supposed to make your connection slower.
TOR is quite tracable, it's just harder to trace your steps.

For any money transfers I use a clean KIS-protected laptop with DNS encryption > direct cable-connection with IPv6 disabled > VPN > bank software 2-step authentification from clean cellphone with single-purpose sim-card > virtual keyboard.
I have a previous history of losing quite significant amounts of money (much more than J) due to not complying with more advanced security measures. I do quick shopping from an account with ~500$ transaction limit from my regular devices so I don't lose too much.
For any communications I need to be completely safe within - I use a Telegram messanger with a sim-card that is registered to a non-existing person.

That is very basic measures to stay safe, if you deal with really serious stuff - it's worth hiring a specialist to setup a more protected enviroment for you.
 
Last edited:

JasonR

Maverick
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
User Power
Value/Post Ratio
544%
May 29, 2012
2,102
11,425
Las Vegas
@The-J - this is a well timed post. Thank you. I take computer security very seriously, especially since I am constantly traveling, but I probably don't do enough.

I use 1Password for all of my passwords, and have strong passwords on all of my financial and business accounts.

I use a VPN (Cloak for Mac) when I'm not on a "safe" network. All of my traffic in and out is encrypted.

I don't carry my "main" wallet with my business debit card. I carry my personal checking account card, and smaller limit credit card, which I keep small balances in.

Perhaps I need to open a secondary paypal account solely for Paypal (I hate Paypal but there are some situations where I have to use it).

The biggest thing that scares me is someone managing to get into my business accounts, as that's where the damage could be done. I think I'll start paying for anything on Credit Cards, and keep the business debit cards locked up safely.

Thanks for the wake up call, and I hope your situation gets cleared up quickly.
 

Post New Topic

Please SEARCH before posting.
Please select the BEST category.

Post new topic

Guest post submissions offered HERE.

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top