Jump to content

For some reason, everybody wants my accounts

Chel

By Chel
in The Lounge

 Share

Recommended Posts

Chel

Chel

Posted
Posted

Hello. In the past 2 weeks, I have gotten countless emails from Steam, Google, Twitter, Instagram, and a whole bunch of other sites regarding either requesting a password change, or blocking a sign in to my account. I had none of these emails in the past, but now apparently everyone wants access to my various accounts. What should I do? I've already changed passwords, put two-factor authentication on, made fake accounts with similar names and passwords (to try and fool them), but why are they targeting me, of all people, me?

Link to comment
Share on other sites
Geonovast

Geonovast

Posted
Posted

Are you sure they're legit?  When you changed your passwords, did you go to the sites separately, or did you click on links in the emails?

Even if you think it's legit, when you get an email from something like that wanting you to do something on your account, always go to the site and log in as normal - never click the link inside the email.

Link to comment
Share on other sites
Chel

Chel

Posted
  • Author
Posted
1 hour ago, Geonovast said:

Are you sure they're legit?  When you changed your passwords, did you go to the sites separately, or did you click on links in the emails?

Even if you think it's legit, when you get an email from something like that wanting you to do something on your account, always go to the site and log in as normal - never click the link inside the email.

I check the email sender and it's the official ones (like accounts.google.com and steam)

If it was a scam then it would have like 'The Google Team' (www.marketingdirect.com/google-team-password-fake) or something

10 minutes ago, Kerbart said:

Are all those logins with your email? Either someone got a password associated with your email and is now trying all options.

Or someone else just got an email address very similar to yours and makes a typo.

I've linked most of them to my gmail account

Link to comment
Share on other sites
Superfluous J

Superfluous J

Posted
Posted

Yeah it's pretty common practice when someone gets a user/password for a site, to try it on every popular site to see if it hits. If it doesn't they wasted like 4 milliseconds and if it does they could be starting a chain that will end with them emptying your bank account. So it's totally worth it to brute force hundreds of sites for each user/password they get, seeing how many people use the same password across many sites.

Link to comment
Share on other sites
YNM

YNM

Posted
Posted (edited)
9 hours ago, The_Cat_In_Space said:

I have gotten countless emails from Steam, Google, Twitter, Instagram, and a whole bunch of other sites regarding either requesting a password change, or blocking a sign in to my account.

1. Check whether these reports are legitimate. (see on the source address.)

2. Change ALL your passwords, ensure you use a fairly long one (but you can remember it) and ensure every single one of them is different.

Hint : try to use a common pattern among them (but only you understand it). In-jokes or extra obscure reference or whatever.

Also, at least make sure your main e-mail password has no connection to any other password that you have.

EDIT : Lastly, try to change the password from the account control (https://account.google.com/), and not from anywhere else.

Edited by YNM
Link to comment
Share on other sites
Shpaget

Shpaget

Posted
Posted
5 hours ago, The_Cat_In_Space said:

I check the email sender and it's the official ones (like accounts.google.com and steam)

That is NOT a proof that the emails were official.

Spoofing (faking) the email sender is trivial.

Check any link (hover over it and take a look at lower left corner, browsers usually display full link address there) in those emails to see if they lead to proper sites or not. If the links are not leading to proper sites and you used them to log in or change password, your accounts have been compromised.

Link to comment
Share on other sites
James Kerman

James Kerman

Posted
Posted

For the last month or so I have been getting bombarded with both gmail notifications (although the addresses do not originate from google and I don't have a gmail account) and social media messages from an undisclosed site (i.e. account profiles being unlocked for me and "people" requesting hook ups) even though this forum is the only social media I participate in.  I have not opened any of these emails and blocked them from my account as I believe them to either be phishing attempts or containing malicious code/attachments with no ill effects.

Link to comment
Share on other sites
YNM

YNM

Posted
Posted
51 minutes ago, James Kerman said:

I have been getting bombarded with gmail notifications (although the addresses do not originate from google and I don't have a gmail account) ...

Huh ? Shows up in your actual e-mail or on the phone or something ?

Link to comment
Share on other sites
James Kerman

James Kerman

Posted
Posted
3 minutes ago, YNM said:

Shows up in your actual e-mail

Yeah, mostly they go to junk mail but the odd one gets through to my inbox.  Most are from "the google team or gmail team" but the addresses are random if I hover over the sender:


RjuQzhX.png

 

It's slowed down to a trickle since I started blocking them and I have not seen any "confirmation email" of a new account setup so I assume it's a spam campaign.

Link to comment
Share on other sites
Green Baron

Green Baron

Posted
Posted (edited)
10 hours ago, The_Cat_In_Space said:

Hello. In the past 2 weeks, I have gotten countless emails from Steam, Google, Twitter, Instagram, and a whole bunch of other sites regarding either requesting a password change, or blocking a sign in to my account. I had none of these emails in the past, but now apparently everyone wants access to my various accounts. What should I do? I've already changed passwords, put two-factor authentication on, made fake accounts with similar names and passwords (to try and fool them), but why are they targeting me, of all people, me?

I personally have none of these accounts, but i can imagine that there is no incident that could make all your accounts require a password change, or even a single one. So these mails are definitely phishing mails and there is probably not even a purpose directed against you, just an algorithm got your email address and is now doing its "regular" checks with them. Once you have clicked the links in the mails and entered passwords, these passwords are now filed elsewhere in a database.

I do not open emails if i don't know where they are from. No serious business i know of sends official emails requesting password change, that is most surely malware/phishing of sorts. I do not have a steam account and when i play KSP (rarely any more) i cut the connection because the newer versions call all over the world when the programm runs.

What you should do ? My opinion: quit facebook, google, twitter, instagram. There is nothing useful in there. And do not open mails when you do not know where they are from. Use a mail service with a good spam detection. Which excludes automatically Google, Yahoo, Microsoft, ....

Am i radical ? I do not think so ... :cool:;)

Edited by Green Baron
Link to comment
Share on other sites
YNM

YNM

Posted
Posted
10 minutes ago, James Kerman said:

Most are from "the google team or gmail team" but the addresses are random if I hover over the sender...

Hence why I said check the full e-mail address and not just the alias.

Even then you want to try and login from incognito mode (so they register differently) and check how does it register, compare with these 'reports'.

6 minutes ago, Green Baron said:

I can imagine that there is no incident that could make all your accounts require a password change, or even a single one.

Rainbow tables.

Link to comment
Share on other sites
YNM

YNM

Posted
Posted
6 minutes ago, Green Baron said:

Oh, they make perfect replicas of the official login pages or whatever. There is no hint at all when just looking at it that it is a fake.

Quote

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a password (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space–time tradeoff, using less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple lookup table with one entry per hash. (...)

In a data breach, that's what you want to be wary of.

Hence changing your password when something fishy is being smelled is one of the right ways of doing them. Obviously through the correct channels.

Link to comment
Share on other sites
Green Baron

Green Baron

Posted
Posted (edited)

Yeah, but there is no point in cracking a hash (there is a lot of open source software out there to do that, just check Kali Linux for instance) when you can simply convince people to shout out their passwords by sending them a phishing mail.

And on some systems the hash itself is enough, if you know where the password hash lives, you may be fine to proceed ...

Edited by Green Baron
Link to comment
Share on other sites
YNM

YNM

Posted
Posted (edited)
40 minutes ago, Green Baron said:

There is no point in cracking a hash (there is a lot of open source software out there to do that, just check Kali Linux for instance) when you can simply convince people to shout out their passwords by sending them a phishing mail.

In which case there are ways for you to induce the proper e-mail notification for comparison. One way is to login through the incognito mode on your browser.

For Gmail account, for instance, this is how they look like :

20181015_161748.png

If your google notification was different, then it might be a phishing scam.

If it's legitimate then you have to take evasive actions.

In any case, better safe than sorry.

 

EDIT : It appears that other online services (I still have Facebook) is a lot less sensitive to these prompts.

Well, so much for a tech company.

Edited by YNM
Link to comment
Share on other sites
James Kerman

James Kerman

Posted
Posted
13 hours ago, The_Cat_In_Space said:

What should I do?

You could try using this service to see if your account has been compromised in a data breach: https://haveibeenpwned.com/ 

Apparently Gmail records the last 10 logins along with your current session in "Last account activity”.  It shows the location, IP, method, and time when your Gmail was last accessed so you can check to see if there is unusual activity and also allows you to sign out any other running sessions before you change your password.  You should also check the email forwarding page to see if your email is being forwarded to any other addresses.

Link to comment
Share on other sites
Chel

Chel

Posted
  • Author
Posted (edited)
9 hours ago, James Kerman said:

You could try using this service to see if your account has been compromised in a data breach: https://haveibeenpwned.com/ 

Apparently Gmail records the last 10 logins along with your current session in "Last account activity”.  It shows the location, IP, method, and time when your Gmail was last accessed so you can check to see if there is unusual activity and also allows you to sign out any other running sessions before you change your password.  You should also check the email forwarding page to see if your email is being forwarded to any other addresses.

It says page not found when I click on it

EDIT: I just clicked on the homepage, put in my email address, and it said No pwnage found. Yay?

Edited by The_Cat_In_Space
Link to comment
Share on other sites
James Kerman

James Kerman

Posted
Posted
19 minutes ago, The_Cat_In_Space said:

No pwnage found. Yay?

That's a good thing.  If your gmail account is not showing unauthorized activity you should be OK - the vast majority of these attacks rely on "social engineering" to get a foothold into your digital life.  If you have clicked any links within these suspect emails you should also scan your machine with a good antivirus and antimalware program like https://www.malwarebytes.com/lp/sem/au/ just to be sure. 

Another thing you could do is contact your phone service provider (I'm assuming your 2 factor identification uses your phone as the secondary) and make sure there have been no attempts to request a sim swap.

I can't program a microwave but I am a long time reader of the blog https://krebsonsecurity.com/.  Brian Krebs is a very well regarded internet security reporter and always includes best practice information about these issues.

Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...