Jump to content

Questions about e-mail, accounts on various websites and other general Qs


kexas

Recommended Posts

Hello,

Today I logged into one of my e-mails (*@myself.com, which you can obtain on mail.com) which I barely use (last logged into it probably few months ago), but foolishly on my side it is linked with accounts on various websites which link to other websites/apps I use and some of them I had payments through (like Steam, some game/software bundle sites, Discord, my other e-mails might be traced etc.and now I have to go through the tedious process of changing my e-mail address on multiple accounts).
Checking Spam folder I found a ransom letter (the "saveyourself" one). Naturally I was alarmed, since the password in the letter matched the one of that e-mail. Obviously, the sender(s) don't have anything on me, since, as written in the letter I don't "satisfy" myself in front of my computer, my webcam is covered at all times and I've been using Malwarebytes Premium for years now. Still it is quite unpleasant. I performed a threat scan just in case (also performing root-kit scan just in case now, which is taking longer than I expected). This is how I ended up in this forum now. After searching "webcam" I saw that a couple of topics had been created already about identical letters. However, my questions will not be directly about this particular letter, but rather more general.

In one of the topics regarding this letter it was suggested to check https://haveibeenpwned.com/. Obviously the one ransom letter was found in was "pwnd". But so did my 2 other "main" ones. Including Gmail (funnily enough one of the breaches was MB forum).
Anyway, this leads to these questions.
Is it better to have more e-mail accounts, or fewer (or even 1)?
Obviously I should use different passwords everywhere. But what about logins? Should I use a different login on every website/app?
Personal details I enter on various websites should be fake whenever possible, I presume?
Creating accounts on online stores (like Amazon, E-bay, Aliexpress, local ones and alike). Is it okay to have an account (which obviously will have to have my real details, including my address) or should I use "guest" accounts whenever it is possible?
Malwarebytes Web[somethingDon'tRememberExactly] extension. Should I use it and is there any benefit to me using it if I already have Malwarebytes Premium?
VPN. Should I use it? If yes, when should I use it? If yes, which ones could be considered best/safest ones (I was looking into Windscribe)?

Not sure if I asked everything I wanted to initially - spent a while typing this out.

Regards,
kexas

Link to post
Share on other sites

Q: Is it better to have more e-mail accounts, or fewer (or even 1)?

Have as many as you want or as few as you want.  It is not better or worse.  It is whatever works for you,


Q: Obviously I should use different passwords everywhere. But what about logins? Should I use a different login on every website/app?

Yes.  Reduce victimization by being less predictable.


Q: Personal details I enter on various websites should be fake whenever possible, I presume?

Enter NO personal details.


Q: Creating accounts on online stores (like Amazon, E-bay, Aliexpress, local ones and alike). Is it okay to have an account (which obviously will have to have my real details, including my address) or should I use "guest" accounts whenever it is possible?

Guest when possible and don't store Credit Card with the site.  When possible, don't even create an account.


Q: Malwarebytes Web[somethingDon'tRememberExactly] extension. Should I use it and is there any benefit to me using it if I already have Malwarebytes Premium?

Yes.  They are no longer Beta and act on web sites other than what Malwarebytes Premium does.


Q: VPN. Should I use it? If yes, when should I use it?

Yes.  But the VPN provider must be fully vetted as what you are blocking others from seeing, THEY ( the VPN provider ) will see.  VPNs are only needed if you use a mobile platform and jump onto Public WiFi.

Q: If yes, which ones could be considered best/safest ones (I was looking into Windscribe)?

I don't have an answer but I am sure another responder will.

 

 

Edited by David H. Lipman
Link to post
Share on other sites

Thanks for the reply.

What about PayPal? Is it safe to pay via PayPal?

Regarding MB web extension, it's description notes that it has "Advertising/tracker protection". I take it this function is analogical to the ad-blocking extensions (like AdBlock or uBlock Origin, which I am currently using) and therefore, if I would choose to use MB Browser Guard, uBlock would be redundant?

Link to post
Share on other sites

Thanks for the replies, guys. I've recently got a sudden urge to be more careful and "cleaner". I wonder if my bank or others would find it weird if my mother "mother" would suddenly change her maiden name...

P.S. (Time elapsed since I've started root-kit scan is over 2 hours now 😫).

Link to post
Share on other sites

1 minute ago, kexas said:

Thanks for the replies, guys. I've recently got a sudden urge to be more careful and "cleaner". I wonder if my bank or others would find it weird if my mother "mother" would suddenly change her maiden name...

P.S. (Time elapsed since I've started root-kit scan is over 2 hours now 😫).

If it was a "custom" scan it will take a LONG time. I would just run a "threat" scan with rootkits enabled.

Link to post
Share on other sites

7 minutes ago, Porthos said:

If it was a "custom" scan it will take a LONG time. I would just run a "threat" scan with rootkits enabled.

It was. I already performed a threat scan and only afterwards after viewing the report I noticed root-kit scan wasn't enabled.

In the meantime my mouse started convulsing, which means it's time to change the battery and brings another question.
I usually by cheap mice or earphones. Is there any danger in buying the cheapest equipment by non-top brands made in China?

And another question comes to my mind: I have some files/folders with multiple files on my computer which I don't remember neither where they came from, nor what they are. Is there a way to find out what those files are?

Link to post
Share on other sites

Q:  I usually by cheap mice or earphones. Is there any danger in buying the cheapest equipment by non-top brands made in China?

Maybe....  Depends on the vendor.  Buy only through a well known, established, vendor.  Buying cheap products from a "fly by night" would pose a greater risk.


Q:  And another question comes to my mind: I have some files/folders with multiple files on my computer which I don't remember neither where they came from, nor what they are. Is there a way to find out what those files are?

That's too broad a question to answer.  It would depend upon where those files/folders are located, what the File Types are ( Documents, Media, Executable, etc ) and the file dates may bring clarity to the question.

 

Link to post
Share on other sites

Not media. Either in "Downloads" folder or folders created by me. Various file types (one is without extension). But they won't be very relevant and I wouldn't lose much if I just deleted them. Although one folder got me curious - it is some program and "Date modified" of every file is 1994-xx-xx. There are 2 "readme" files: README.BAT (which I won't be opening of course) and READ.ME. Is it safe to open the .ME file with Notepad (and is it safe in general to open files with notepad, like files with no extension)?

Another topic. Keyloggers. Any reliable way to protect yourself from them or detect them? Long time ago somewhere I found a program called KL-Detector. It's very basic - detects if log files are created. 

Link to post
Share on other sites

Going back to "Save Yourself" letters, is it possible to see when your letter has been viewed like they claim?

Looking through my e-mail I received the letter in I don't see that there would have been any activity. There isn't much direct and quick value to be gained in that e-mail, apart from a few game bundles I have purchased and they would be under $10 each in value, but they haven't been touched either.

Link to post
Share on other sites

Very, very, conditional.

The sending email client can mark the email to receive a "Delivery Notification" and/or a "Read Receipt".  The email system and the email client may act on them or they may not.  By default the email  recipient client software will deny "Read Receipt" and depending on the email client the recipient may get a message to the effect of (paraphrased ) "The sender has requested a Read Receipt, do you accept?". It is totally up to the system of the email recipient if a "Delivery Notification" is generated or not.  Most do not.

Link to post
Share on other sites

  • Root Admin
18 hours ago, kexas said:

Thanks for the replies, guys. I've recently got a sudden urge to be more careful and "cleaner".

 

I highly recommend watching the following video - I've not used Qubes yet myself by I do have Red Hat Linux which it too uses the open source version of

 

Video Tours of Qubes OS
Micah Lee presents "Qubes OS: The Operating System That Can Protect You Even If You Get Hacked"
https://www.qubes-os.org/video-tours/

 

Link to post
Share on other sites

2 hours ago, AdvancedSetup said:

I highly recommend watching the following video - I've not used Qubes yet myself by I do have Red Hat Linux which it too uses the open source version of

 

Video Tours of Qubes OS
Micah Lee presents "Qubes OS: The Operating System That Can Protect You Even If You Get Hacked"
https://www.qubes-os.org/video-tours/

Thank you for suggestion. Although this will have to be for the future. I'm not savvy enough right now.

Are e-mail clients a vulnerability?

By the way, files from 1994 are Elder Scrolls: Arena.

Link to post
Share on other sites

Email clients aren't a vulnerability.  Yes, certain email client software may fall to a software vulnerability that may be exploitable but they are few and far between and there is a myriad of email clients.

The true vulnerability is the email recipient themselves.  Many forms of malicious emails use Social Engineering which is the human exploit.  The vulnerability is falling for a Phishing email or, what we were previously discussing, a sextortion email.  The vulnerability is the susceptibility for falling for Social Engineering ploys.

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.