A good amount of money has been stolen from my bank account bypassing the double factor authentication.

ZioMario said:
Sometime ago I've bought a refurbished mobile phone and today I would like to use it for the home banking. Now,it happened an odd thing,that I never seen before. When I tried to one of my emails,I've seen the message before :

ibb.co

20251026-085422 hosted at ImgBB

Image 20251026-085422 hosted on ImgBB
ibb.co ibb.co

it says that I should confirm my email address and microsoft will send a verification code to an email address that I don't know. I've immediately thought that I've been hacked.

Instead,using another phone I'm able to login in the email box and I don't see that message. But I still see it on the first one.

What happens ?
Click to expand...
One very good argument to never buy refurbished, always get brand-new phone.
 
eternal_noob said:
Neither does security.
Click to expand...

No money no party. Without money,the problem of the security does not arise at all. You seem paranoic. You never think that in the world there aren't only hackers. You seem to live in a distopic world like 1984. This is your culture broth. And I should admit that this mindset is useful these days.
 
I admit that the probability of a keylogger in the microwave is probably low. But not on your computer; you seem to install some pretty strange stuff, judging by your threads here.
 
eternal_noob said:
I admit that the probability of a keylogger in the microwave is probably low. But not on your computer; you seem to install some pretty strange stuff, judging by your threads here.
Click to expand...

I agree. It seems to me like a battle between the cat and the mouse. I see odd behaviors despite me repeatedly changing FreeBSD systems, passwords and performing reinstallations.
 
The advice I feel like giving you is not to immediately think about the oddest situations, but to first evaluate simpler situations and once these have been discarded, then all that remains is to evaluate more complex ones. Anyway I keep getting a Google alert telling me a third-party app I use has been hacked and passwords have been exposed,but it doesn't tell which one it is.
 
cy@ said:
Running your own mail server is irrelevant. What is relevant is using an MUA that allows you to look at the full list of SMTP headers. I use exmh2, sometimes nmh or claws-mail. All let me look at the SMTP headers.

My phone, which receives a subset of the emails (through some procmail rules) uses an app that allows me to inspect headers.

My wife uses Outlook and I use Outlook at $JOB. You can also inspect SMTP headers with Outlook, albeit it's a PITA and difficult to read. But it can be done.

Most webmail presentations don't give one that option. One can be easily fooled.

BTW, I also run my own SMTP server but it's not for the reason one might think. My reason at the time was I was still learning this stuff (30 years ago) so setting up an SMTP server was a good exercise. There is the added benefit that the server admin who has access to my emails is not some person in some remote city. It's me. But that was an afterthought. My reason at the time was to get my feet wet. I continue to use the SMTP server in my basement because it just works. Why mess with something that just works? It has no bearing on whether I as a human can eyeball any SMTP headers for legitimacy.
Click to expand...
Running my own mail server is not irrelevant because I can decide myself what to filter (and what to not filter) at the server level which can't be done with an external mail provider. And I can choose which MTA to run.
 
facedebouc said:
Running my own mail server is not irrelevant because I can decide myself what to filter (and what to not filter) at the server level which can't be done with an external mail provider. And I can choose which MTA to run.
Click to expand...
Hmm. You don't need an SMTP server to do any filtering. You can filter using procmail, nmh's slocal or any MUA that can filter. Sure you can use an SMTP server to filter but other client-based tools such as the ones listed will also do the job.

Don't tell people they need to become propeller heads when they don't need to.

BTW, one can also filter using firewall rules. For instance, using fail2ban. But people don't need to run their own firewall or SMTP server to get the same result you (or I) do. **

** I do filter (at home) using procmail, spamassassin, postfix and fail2bin (maintaining an ipfilter tree pool). But that's only because I'm a propeller head. People don't need this. For that matter at $JOB I use the filtering facilities in Outlook. And I don't manage the company's Exchange server. Nobody at the company does. Microsoft manages it for us. I get the same job done with Outlook there. ;)

Please don't scare people into building their own infrastructure when more user-friendly options exist.
 
You must log in or register to reply here.
Back
Top