Serious Discussion How do you respond to Suspicious emails, Unauthorised logins, and other activities that were not you?

[Ink]

What's your response time to suspicious emails, and unauthorised logins for your web accounts?

Feel free to explain your reasoning for extreme cases such as on Vacation or in a Teams meeting.

 

[MuzzMelbourne]

I administer my son's business website and regularly recieve unauthorised login attempt advice.

These attacks are ALWAYS directed at Wordpress stuff and, thankfully, never succesful, but it gives credence to reports that banks etc. are attacked millions of times per day.

Scary really...

 

[Dave Russo]

Fake PayPal e-mails and Amazon(your account has been suspended) have been for me the most prevalent, also a occasional Netflix request, for same baloney

 

[Xeno1234]

For me, since I’m seeing a few weird logins and stuff I just change the password. My parents on the other hand literally couldn’t care less as long as it isn’t financial information and I try to adopt that mindset because stuff happens and you can’t always control it. I don’t think I get many spam emails either. I don’t think I’ve actually ever seen one.

I don’t check emails though really. I was hacked 10 months ago and found out about it now.

 

[Digmor Crusher]

For me, since I’m seeing a few weird logins and stuff I just change the password. My parents on the other hand literally couldn’t care less as long as it isn’t financial information and I try to adopt that mindset because stuff happens and you can’t always control it. I don’t think I get many spam emails either. I don’t think I’ve actually ever seen one.

I don’t check emails though really. I was hacked 10 months ago and found out about it now.

I would suggest that you check them more often or else your going to get in trouble one day.

 

[ErzCrz]

Of course, act on it straight away.

I have set a default password expiry date set in my password manager so they're changed regularly

 

[Xeno1234]

I would suggest that you check them more often or else your going to get in trouble one day.

I probably will check them more often speaking as I’m in the midst of recovering from getting hacked. I need to get gmail on my actual PC instead of just where I search it up.

Currently I’m ensuring there isn’t a malware infection since somehow there’s weird logins despite 2FA. I’m 99% sure the pc is clean though since the malwarebytes forums checked it out but I’m checking it out here aswell.

 

[oldschool]

What's your response time to suspicious emails,

If they're obvious and make it to my inbox, I mark them as "Spam". Lately I've had a few sneak through the spam filter. Mostly offers of free gifts, "really great deals", etc.. Guess my one breached email username has finally hit wider distribution. If any are more difficult to ID then I go to the bookmarked site to double check.

and unauthorised logins for your web accounts?

Haven't had any.

 

[simmerskool]

I don't get too many, but last week I got an email from a company I had never heard of telling me that some vague product I had not ordered was being shipped. The email was sent to an anonymous duck email acct I sometimes use. Email addressed me as "William" not my name, and package was being delivered somewhere in UK, I'm in USA. Even had Royal mail tracking number, which I checked -- appeared real. Then received several more emails tracking the status of the package. Never could determine if it was a scam, or a real William made a typo in his @duck address, perhaps some snafu with duck server, or if I was a real target. I was getting emails from that company and also from the real Royal mail tracker. So I deleted that duck address. Also never got that package I usually investigate quickly.

 

[Victor M]

Last week I received a email from something like ...human-resources.services . it said you have to register with the service using your internal email address and password. And warned that your next pay day will be using this and you have to sign in before then. But pay day is tomorrow and it didn't jive. And the link provided used a http address instead of https. Verified with the receptionist and confirmed that it was a phish. Lots of employees got that. Flawless English, no grammatical mistakes, and used my real name. Pretty cool phish. The attackers did some recognizance homework. Looks like our company is being targeted.

 

[SumTingWong]

Last week I received a email from something like ...human-resources.services . it said you have to register with the service using your internal email address and password. And warned that your next pay day will be using this and you have to sign in before then. But pay day is tomorrow and it didn't jive. And the link provided used a http address instead of https. Verified with the receptionist and confirmed that it was a phish. Lots of employees got that. Flawless English, no grammatical mistakes, and used my real name. Pretty cool phish. The attackers did some recognizance homework. Looks like our company is being targeted.

My community college email inbox also getting fake emails too and they are able to use my community college email domain.