Internet scam/internet security. Should I be worried?

[keithmac]

Wait! So I am supposed to go to a website I know nothing about and GIVE them a list of my various email addresses? I can't possibly imagine a way that could be abused......

Thought exactly the same while reading that!.

 

[keithmac]

Thing is they have a huge database of active email addresses, even if they personally don't sell them it's got to be a juicy target for hackers/ spammers?.

 

[dodgy]

Wait! So I am supposed to go to a website I know nothing about and GIVE them a list of my various email addresses? I can't possibly imagine a way that could be abused......

You can trust Troy Hunt at HaveIbeenpwned, he's big at Microsoft and widely respected and trusted in the infosec community.

 

[swee'pea99]

You can trust Troy Hunt at HaveIbeenpwned, he's big at Microsoft and widely respected and trusted in the infosec community.

But is it really Troy? It could be some acne-scarred Russian football hooligan masquerading as Troy. Fake moustaches are easy to come by...

 

[nickyboy]

The spelling is a red herring. There are loads of far more sophisticated scams out there, with perfect spelling and very convincing use of specific details, e.g. mentioning mutual friends/colleagues by way of introduction. Often the sender details look like they've come from legitimate contacts/organisations.
Moral of the story, beware of everything and never click on an attachment unless you are 100% sure. Especially attachments that you haven't asked for. If they need you to visit their website use your usual url, the one that you would use if it was you initiating the enquiry.

Apparently the dodgy spelling is intentional. It's a way to weed out the relatively sophisticated so you're left with those who can't spot the spelling mistakes who are perceived by the fraudsters as being more gullible (sorry to all the intelligent dyslexics)

 

[bruce1530]

haveibeenpwned is a legit site.

Sophos have done a write-up on this particular malware - https://nakedsecurity.sophos.com/20...-your-name-and-home-address-heres-what-to-do/

and ActionFraud (part of city of London police) have issued an alert. http://www.actionfraud.police.uk/ne...ndly-fraudster-email-scam-in-three-days-mar17

 

[I like Skol]

So having deleted the email on Thursday it is a good to find I haven't wiped something important!

 

[HF2300]

In the last two weeks I applied for a job through online job agency Indeed and I have a suspicion (that I am about to go and investigate) that they may have plastered my CV all over the internet......

I'm still getting unwanted emails from recruitment agencies 5 years since I put my cv up on agency sites. Once the info is up there it's pretty much impossible to remove. If I ever need to do this again, I'll be much more careful about what info I include in a cv, and set up an email account for the purpose etc.

I've never - despite pressure from recruiters, careers coaches etc. - put a CV up on Indeed, Monster or similar sites exactly because they're a bit known for leaking data; and I don't generally register or apply through those sites either. In (almost) all cases you can find the same vacancy advertised on the recruiter's or company's own site by copying a distinguishing sentence from the job ad and pasting it into a search engine.

You can add +whatever onto it and you will still receive the email. So if your email is MyName@gmail.com you can send an email to MyName+cyclechat@gmail.com or MyName+RecruitmentAgency@gmail.com or MyName+facebook@gmail.com and they all come through to your MyName@gmail.com account..

Can you use it like that to create one off logins?

It's pretty much what I do, unless it's something important I do a +site on the end of it. Annoyingly though, some sites don't accept the use of + in an email address for some reason.

It also throws some sites in other ways. For example, say with eBay you register with myname+eBay@gmail.com. eBay or a user send you something that requires an action or reply; a question from a buyer, for instance. If you try to respond from your email account eBay will block it as not from an authorised address - the email header doesn't show the +eBay bit and eBay don't recognise it as the same address.