GIVING IT ALL AWAY
-
- Posts: 689
- Joined: Mon Sep 20, 2010 11:57 am
- Location: costa brava spain
- Contact:
GIVING IT ALL AWAY
Don't give anybody your password means as follows:
NEVER, NEVER, NEVER click on a link inside an email and then login.
By logging in you are "GIVING" your password.
If you have saved any of your passwords in your PC, pad or phone you will automatically GIVE your password when you login.
None of the authentic sites ask you to login via an email.
They ask you to login by the standard method.
These guys can clone the "look" of any site they want. They don't need to be super hi-tech.
NEVER, NEVER, NEVER click on a link inside an email and then login.
NEVER, NEVER, NEVER click on a link inside an email and then login.
By logging in you are "GIVING" your password.
If you have saved any of your passwords in your PC, pad or phone you will automatically GIVE your password when you login.
None of the authentic sites ask you to login via an email.
They ask you to login by the standard method.
These guys can clone the "look" of any site they want. They don't need to be super hi-tech.
NEVER, NEVER, NEVER click on a link inside an email and then login.
- kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
Re: GIVING IT ALL AWAY
Yes they do. In fact most of them have a link which will take you to your dashboard via a login.costabravarent wrote: None of the authentic sites ask you to login via an email.
-
- Posts: 689
- Joined: Mon Sep 20, 2010 11:57 am
- Location: costa brava spain
- Contact:
- kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
Well for me that would be Airbnb, Flipkey, Holiday Lettings, Homeaway, Homelidays, Abritel, Housetrip, Ownersdirect, Spain Holiday.costabravarent wrote:Then name them and shame them, Kev.
I haven't found any that don't contain links in the email which would take you to their site and then require you to login.
Think also about this:
If you "save your password" in your browser, then it saves the password associated with THAT website.
When you click on a link in an email that takes you to a "login screen", then if the login page is a phishing page - i.e. not the legitimate login, then your remembered password will not be pre-filled.
Its a big red warning to look carefully at the URL - the address at the top of the page.!
Mind you, this assumes you're careful when choosing to let the browser save your password.
If you "save your password" in your browser, then it saves the password associated with THAT website.
When you click on a link in an email that takes you to a "login screen", then if the login page is a phishing page - i.e. not the legitimate login, then your remembered password will not be pre-filled.
Its a big red warning to look carefully at the URL - the address at the top of the page.!
Mind you, this assumes you're careful when choosing to let the browser save your password.
** Richard
PIMS: Holiday Rental Management system
They say we learn from our mistakes. That makes me a genius !
PIMS: Holiday Rental Management system
They say we learn from our mistakes. That makes me a genius !
-
- Posts: 689
- Joined: Mon Sep 20, 2010 11:57 am
- Location: costa brava spain
- Contact:
You're right folks. I thought I might provoke that response.The bulk of our friendly listing sites are leaving the side door wide open. You have named them. Doubt if you've shamed them.
I usually respond by clicking reply in Hotmail, bypassing the dashboard of the holidayletting site. If I want to respond via the site or to accept a booking I go in the front door.
So given all the problems of people stealing passwords, you must surely all agree with my Never-never suggestion.
If you always enter a site by the front door you are much less likely to be scammed.
I think it's important for all of us that the door is closed to the scammers. If you are in the habit of clicking on links you are W-I-D-E open to being clobbered.
You are, like I said, giving away your password each time. The only way to be sure is to open up the site in the toolbar and login. Of course it takes a few seconds more but would you seriously click on a link that said it was your bank?
Of course not so why do it on letting sites.
I usually respond by clicking reply in Hotmail, bypassing the dashboard of the holidayletting site. If I want to respond via the site or to accept a booking I go in the front door.
So given all the problems of people stealing passwords, you must surely all agree with my Never-never suggestion.
If you always enter a site by the front door you are much less likely to be scammed.
I think it's important for all of us that the door is closed to the scammers. If you are in the habit of clicking on links you are W-I-D-E open to being clobbered.
You are, like I said, giving away your password each time. The only way to be sure is to open up the site in the toolbar and login. Of course it takes a few seconds more but would you seriously click on a link that said it was your bank?
Of course not so why do it on letting sites.
- kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
Hotmail for business use, now there's a security risk.
Unless you have a normal Email program setup to use the MIME protocol with your Hotmail account, it means you are going into your business Email account always using your web browser. This vastly increases the chances of your Email account being compromised due to a phishing attack.
Many of these providers now use 2-step verification but not all users will enable it and it does reduce the convenience.
I would put money on the fact that most "hacked" email accounts are due to users being tricked into revealing account details while using a web based interface.
I was contacted last week by the friend of a client who had had his Hotmail account hacked. He had lost several years worth of Emails as well as contacts and was asking if I could help. I couldn't of course.
Unless you have a normal Email program setup to use the MIME protocol with your Hotmail account, it means you are going into your business Email account always using your web browser. This vastly increases the chances of your Email account being compromised due to a phishing attack.
Many of these providers now use 2-step verification but not all users will enable it and it does reduce the convenience.
I would put money on the fact that most "hacked" email accounts are due to users being tricked into revealing account details while using a web based interface.
I was contacted last week by the friend of a client who had had his Hotmail account hacked. He had lost several years worth of Emails as well as contacts and was asking if I could help. I couldn't of course.
-
- Posts: 689
- Joined: Mon Sep 20, 2010 11:57 am
- Location: costa brava spain
- Contact:
I'm not trying to be clever here so if you're trying just to be so geeky and clever I lie down and play dead!
It really is important that the average punter like me can find a way through all this guff to feel reasonably safe. Talking about MIME protocols is frankly for the birds. Get back down to earth.
Look at this post and see what the poor guy is saying.
viewtopic.php?t=25707
He's not alone. Is LMH just a private club for smartasses or do we try to help each other.
Scamming is the big enemy. I'm saying "never click on a link in an email and enter your password". Am I right? Or is it all about MIME protocols? Come on guys?
It really is important that the average punter like me can find a way through all this guff to feel reasonably safe. Talking about MIME protocols is frankly for the birds. Get back down to earth.
Look at this post and see what the poor guy is saying.
viewtopic.php?t=25707
He's not alone. Is LMH just a private club for smartasses or do we try to help each other.
Scamming is the big enemy. I'm saying "never click on a link in an email and enter your password". Am I right? Or is it all about MIME protocols? Come on guys?
Hmmm - a bit harsh there CBR - Kevs helping in his usual way; a way that most of us really appreciate. You need to add some emoticons in your posts to give away your "tone". You come over as being a smartass!!costabravarent wrote:I'm not trying to be clever here so if you're trying just to be so geeky and clever I lie down and play dead!
It really is important that the average punter like me can find a way through all this guff to feel reasonably safe. Talking about MIME protocols is frankly for the birds. Get back down to earth.
Look at this post and see what the poor guy is saying.
viewtopic.php?t=25707
He's not alone. Is LMH just a private club for smartasses or do we try to help each other.
Scamming is the big enemy. I'm saying "never click on a link in an email and enter your password". Am I right? Or is it all about MIME protocols? Come on guys?
"Write something, even if it's just a suicide note"
"There is no human problem which could not be solved if people would simply do as I advise"
"As for my amnesia, I've had it as long as I can remember"
Real name: Steve
Gender: Male
"There is no human problem which could not be solved if people would simply do as I advise"
"As for my amnesia, I've had it as long as I can remember"
Real name: Steve
Gender: Male
- kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
Quite often I don't understand what people talk about in a forum but I don't jump up and down in a tantrum. The rest of the post should be understandable to any non technical person. I'm neither trying to be clever nor geeky but simply pointing out where the risks are.
Let me explain the same thing again but without the use of one particular word which seemed to cause so much distress.
When you log into any system online you are giving away your password. This is 100% correct. However, there are two ways you could log into a system.
1. You can do it yourself, manually typing at your keyboard
2. You could let a software program do it for you, either 100% automatically or semi automatically with a little nudge from a human.
1. Humans are well know for making mistakes and being tricked into doing things they never intended. You might know your password without writing it down but are you sure it's really the correct site that you are logging into today? What if it were a clone with a subtle difference in URL (URL=web address)? Would you notice?
2. A software program has to be programmed by the human at the start but will then repeat the exact same action again and again. You can't trick it into logging into the wrong site unless you reprogram it. Although still possible to change the program, the chances of it happening are so much smaller.
Which is most likely to go wrong? Which is the biggest security risk? Hackers do not guess your passwords, they steal them by tricking humans into giving them away. Lots of clever social tricks to make you lose your guard and give it away. Such tricks don't work on computer programs.
Let me explain the same thing again but without the use of one particular word which seemed to cause so much distress.
When you log into any system online you are giving away your password. This is 100% correct. However, there are two ways you could log into a system.
1. You can do it yourself, manually typing at your keyboard
2. You could let a software program do it for you, either 100% automatically or semi automatically with a little nudge from a human.
1. Humans are well know for making mistakes and being tricked into doing things they never intended. You might know your password without writing it down but are you sure it's really the correct site that you are logging into today? What if it were a clone with a subtle difference in URL (URL=web address)? Would you notice?
2. A software program has to be programmed by the human at the start but will then repeat the exact same action again and again. You can't trick it into logging into the wrong site unless you reprogram it. Although still possible to change the program, the chances of it happening are so much smaller.
Which is most likely to go wrong? Which is the biggest security risk? Hackers do not guess your passwords, they steal them by tricking humans into giving them away. Lots of clever social tricks to make you lose your guard and give it away. Such tricks don't work on computer programs.
-
- Posts: 689
- Joined: Mon Sep 20, 2010 11:57 am
- Location: costa brava spain
- Contact:
Nobody's jumping up and down but I have absolutely not a scooby what you're talking about with MIME protocols.
Marks, on the other hand, talks about the "big orange button" that invites you to click on a link.
Simple people like me understand big orange buttons and if somebody says "don't click on it" we're into things that Joe Bloggs can understand.
I started this thread saying that we should not click on these juicy buttons. We should open the website that we want to be in via a route that we previously know to be secure. Then, and only then, we can login.
So to all you guys who are smarter than us in IT matters (absolutely firm in my seat, no jumping up. down or sideways) just answer my question.
Am I right? Should we avoid these login invitations that come through emails? I say don't put your password into anything that has come from a link in an email. If you do this you are giving away your password information without knowing who is receiving it. Am I right? Simple question.
Marks, on the other hand, talks about the "big orange button" that invites you to click on a link.
Simple people like me understand big orange buttons and if somebody says "don't click on it" we're into things that Joe Bloggs can understand.
I started this thread saying that we should not click on these juicy buttons. We should open the website that we want to be in via a route that we previously know to be secure. Then, and only then, we can login.
So to all you guys who are smarter than us in IT matters (absolutely firm in my seat, no jumping up. down or sideways) just answer my question.
Am I right? Should we avoid these login invitations that come through emails? I say don't put your password into anything that has come from a link in an email. If you do this you are giving away your password information without knowing who is receiving it. Am I right? Simple question.
- kevsboredagain
- Posts: 3207
- Joined: Sat Jan 20, 2007 9:32 am
- Location: France
- Contact:
Even typing in the website name and logging in has it's risks. People make mistakes when typing and hackers know this. It's quite common to see domains bought which will be landed on when you mistake a website address.
I could buy www.homeawy.co.uk, clone the front page and grab your login. Still feel safe?
I could buy www.homeawy.co.uk, clone the front page and grab your login. Still feel safe?