Jump to content
kexas

Questions about e-mail, accounts on various websites and other general Qs

Recommended Posts

Hello,

Today I logged into one of my e-mails (*@myself.com, which you can obtain on mail.com) which I barely use (last logged into it probably few months ago), but foolishly on my side it is linked with accounts on various websites which link to other websites/apps I use and some of them I had payments through (like Steam, some game/software bundle sites, Discord, my other e-mails might be traced etc.and now I have to go through the tedious process of changing my e-mail address on multiple accounts).
Checking Spam folder I found a ransom letter (the "saveyourself" one). Naturally I was alarmed, since the password in the letter matched the one of that e-mail. Obviously, the sender(s) don't have anything on me, since, as written in the letter I don't "satisfy" myself in front of my computer, my webcam is covered at all times and I've been using Malwarebytes Premium for years now. Still it is quite unpleasant. I performed a threat scan just in case (also performing root-kit scan just in case now, which is taking longer than I expected). This is how I ended up in this forum now. After searching "webcam" I saw that a couple of topics had been created already about identical letters. However, my questions will not be directly about this particular letter, but rather more general.

In one of the topics regarding this letter it was suggested to check https://haveibeenpwned.com/. Obviously the one ransom letter was found in was "pwnd". But so did my 2 other "main" ones. Including Gmail (funnily enough one of the breaches was MB forum).
Anyway, this leads to these questions.
Is it better to have more e-mail accounts, or fewer (or even 1)?
Obviously I should use different passwords everywhere. But what about logins? Should I use a different login on every website/app?
Personal details I enter on various websites should be fake whenever possible, I presume?
Creating accounts on online stores (like Amazon, E-bay, Aliexpress, local ones and alike). Is it okay to have an account (which obviously will have to have my real details, including my address) or should I use "guest" accounts whenever it is possible?
Malwarebytes Web[somethingDon'tRememberExactly] extension. Should I use it and is there any benefit to me using it if I already have Malwarebytes Premium?
VPN. Should I use it? If yes, when should I use it? If yes, which ones could be considered best/safest ones (I was looking into Windscribe)?

Not sure if I asked everything I wanted to initially - spent a while typing this out.

Regards,
kexas

Share this post


Link to post
Share on other sites
Posted (edited)

Q: Is it better to have more e-mail accounts, or fewer (or even 1)?

Have as many as you want or as few as you want.  It is not better or worse.  It is whatever works for you,


Q: Obviously I should use different passwords everywhere. But what about logins? Should I use a different login on every website/app?

Yes.  Reduce victimization by being less predictable.


Q: Personal details I enter on various websites should be fake whenever possible, I presume?

Enter NO personal details.


Q: Creating accounts on online stores (like Amazon, E-bay, Aliexpress, local ones and alike). Is it okay to have an account (which obviously will have to have my real details, including my address) or should I use "guest" accounts whenever it is possible?

Guest when possible and don't store Credit Card with the site.  When possible, don't even create an account.


Q: Malwarebytes Web[somethingDon'tRememberExactly] extension. Should I use it and is there any benefit to me using it if I already have Malwarebytes Premium?

Yes.  They are no longer Beta and act on web sites other than what Malwarebytes Premium does.


Q: VPN. Should I use it? If yes, when should I use it?

Yes.  But the VPN provider must be fully vetted as what you are blocking others from seeing, THEY ( the VPN provider ) will see.  VPNs are only needed if you use a mobile platform and jump onto Public WiFi.

Q: If yes, which ones could be considered best/safest ones (I was looking into Windscribe)?

I don't have an answer but I am sure another responder will.

 

 

Edited by David H. Lipman

Share this post


Link to post
Share on other sites

Thanks for the reply.

What about PayPal? Is it safe to pay via PayPal?

Regarding MB web extension, it's description notes that it has "Advertising/tracker protection". I take it this function is analogical to the ad-blocking extensions (like AdBlock or uBlock Origin, which I am currently using) and therefore, if I would choose to use MB Browser Guard, uBlock would be redundant?

Share this post


Link to post
Share on other sites
2 minutes ago, kexas said:

if I would choose to use MB Browser Guard, uBlock would be redundant?

I use both. They will block different things.

Share this post


Link to post
Share on other sites
4 minutes ago, kexas said:

What about PayPal? Is it safe to pay via PayPal?

I personally do NOT trust Paypal and will NEVER use them !

Share this post


Link to post
Share on other sites

I personally never had issues with paypal. There are some sites that only accept it.

Paypal is my "merchant account" for my business for over 10 yrs.

But a simple search online will have plenty of reasons not to use it. It is personal choice.

Share this post


Link to post
Share on other sites

Thanks for the replies, guys. I've recently got a sudden urge to be more careful and "cleaner". I wonder if my bank or others would find it weird if my mother "mother" would suddenly change her maiden name...

P.S. (Time elapsed since I've started root-kit scan is over 2 hours now 😫).

Share this post


Link to post
Share on other sites
1 minute ago, kexas said:

Thanks for the replies, guys. I've recently got a sudden urge to be more careful and "cleaner". I wonder if my bank or others would find it weird if my mother "mother" would suddenly change her maiden name...

P.S. (Time elapsed since I've started root-kit scan is over 2 hours now 😫).

If it was a "custom" scan it will take a LONG time. I would just run a "threat" scan with rootkits enabled.

Share this post


Link to post
Share on other sites
7 minutes ago, Porthos said:

If it was a "custom" scan it will take a LONG time. I would just run a "threat" scan with rootkits enabled.

It was. I already performed a threat scan and only afterwards after viewing the report I noticed root-kit scan wasn't enabled.

In the meantime my mouse started convulsing, which means it's time to change the battery and brings another question.
I usually by cheap mice or earphones. Is there any danger in buying the cheapest equipment by non-top brands made in China?

And another question comes to my mind: I have some files/folders with multiple files on my computer which I don't remember neither where they came from, nor what they are. Is there a way to find out what those files are?

Share this post


Link to post
Share on other sites

Q:  I usually by cheap mice or earphones. Is there any danger in buying the cheapest equipment by non-top brands made in China?

Maybe....  Depends on the vendor.  Buy only through a well known, established, vendor.  Buying cheap products from a "fly by night" would pose a greater risk.


Q:  And another question comes to my mind: I have some files/folders with multiple files on my computer which I don't remember neither where they came from, nor what they are. Is there a way to find out what those files are?

That's too broad a question to answer.  It would depend upon where those files/folders are located, what the File Types are ( Documents, Media, Executable, etc ) and the file dates may bring clarity to the question.

 

Share this post


Link to post
Share on other sites

Not media. Either in "Downloads" folder or folders created by me. Various file types (one is without extension). But they won't be very relevant and I wouldn't lose much if I just deleted them. Although one folder got me curious - it is some program and "Date modified" of every file is 1994-xx-xx. There are 2 "readme" files: README.BAT (which I won't be opening of course) and READ.ME. Is it safe to open the .ME file with Notepad (and is it safe in general to open files with notepad, like files with no extension)?

Another topic. Keyloggers. Any reliable way to protect yourself from them or detect them? Long time ago somewhere I found a program called KL-Detector. It's very basic - detects if log files are created. 

Share this post


Link to post
Share on other sites

Anything in your Profile Downloads and you don't know about, just delete.

Keyloggers ==> Malwarebytes.

Share this post


Link to post
Share on other sites

Going back to "Save Yourself" letters, is it possible to see when your letter has been viewed like they claim?

Looking through my e-mail I received the letter in I don't see that there would have been any activity. There isn't much direct and quick value to be gained in that e-mail, apart from a few game bundles I have purchased and they would be under $10 each in value, but they haven't been touched either.

Share this post


Link to post
Share on other sites

The extortion email is a fraud.  What they claim is a fraud.  Just delete them.

 

Share this post


Link to post
Share on other sites

I understand that this is fraud - I'm not worried about this particular e-mail.

I was wondering if it's possible in general to see when a letter you have sent has been read?

Share this post


Link to post
Share on other sites

Very, very, conditional.

The sending email client can mark the email to receive a "Delivery Notification" and/or a "Read Receipt".  The email system and the email client may act on them or they may not.  By default the email  recipient client software will deny "Read Receipt" and depending on the email client the recipient may get a message to the effect of (paraphrased ) "The sender has requested a Read Receipt, do you accept?". It is totally up to the system of the email recipient if a "Delivery Notification" is generated or not.  Most do not.

Share this post


Link to post
Share on other sites
18 hours ago, kexas said:

Thanks for the replies, guys. I've recently got a sudden urge to be more careful and "cleaner".

 

I highly recommend watching the following video - I've not used Qubes yet myself by I do have Red Hat Linux which it too uses the open source version of

 

Video Tours of Qubes OS
Micah Lee presents "Qubes OS: The Operating System That Can Protect You Even If You Get Hacked"
https://www.qubes-os.org/video-tours/

 

Share this post


Link to post
Share on other sites
2 hours ago, AdvancedSetup said:

I highly recommend watching the following video - I've not used Qubes yet myself by I do have Red Hat Linux which it too uses the open source version of

 

Video Tours of Qubes OS
Micah Lee presents "Qubes OS: The Operating System That Can Protect You Even If You Get Hacked"
https://www.qubes-os.org/video-tours/

Thank you for suggestion. Although this will have to be for the future. I'm not savvy enough right now.

Are e-mail clients a vulnerability?

By the way, files from 1994 are Elder Scrolls: Arena.

Share this post


Link to post
Share on other sites
Posted (edited)

Email clients aren't a vulnerability.  Yes, certain email client software may fall to a software vulnerability that may be exploitable but they are few and far between and there is a myriad of email clients.

The true vulnerability is the email recipient themselves.  Many forms of malicious emails use Social Engineering which is the human exploit.  The vulnerability is falling for a Phishing email or, what we were previously discussing, a sextortion email.  The vulnerability is the susceptibility for falling for Social Engineering ploys.

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar

Share this post


Link to post
Share on other sites

Or opening attachments that you are not expecting and are not 100% sure about.

Share this post


Link to post
Share on other sites

Some websites offer logging in with other existing accounts of other websites instead of creating a new account. For example logging in with your Google account, Facebook etc.

Is that safe or is it better to create a separate account?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.