You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
My aged Dad's old talktalk email account has been hacked again (his actual PC is secure). I've gone in removed the redirects and rules, changed passwords, added my email as extra verification. Is there anything else I should do (other than move him to Gmail)?
I also have one of the redirect email accounts...what can I send them to make their life less fun today?
what can I send them to make their life less fun today?
The biggest mistake you can make is thinking you're smarter than hackers and scammers. Its a mulitibillion dollar industry for a reason.
The only thing you should do is hand information to the authorities.
And this....
The biggest mistake you can make is thinking you’re smarter than hackers and scammers. Its a mulitibillion dollar industry for a reason.
It's organised crime. Don't draw attention to yourself.
Probably not what you want to hear but could he cope (being aged) with 2 factor or multi factor authentication?
It's kind of a nessesary evil for anything important.
The other thing to consider is how he might be being hacked.. Is he clicking on dodgy links in spam or fake emails and entering his info, getting scam phone calls... Is his computer compromised with malware etc?
Revenge is a waste of time... May aswell scream into the void... These operations are run like sweat shops and play a pure volume of numbers game to find victims...
Check his computer carefully for anything dodgy... A popular way in, is to convince or trick the user into installing remote desktop access software, for example.
All of what he just said.
any person doing this for monetary gain will have countless barriers to hide their identity, the redirect email address will be disposable. and potentially logged into from masked IP's.
You aren't doing anything as a 1 up, unless you are in the field of expertise yourself.
Close that account down.
Bitwarden and a random generated password for everything, 2 factor the important stuff, use a separate authenticator app.
Takes a while but once it's done, it's done. Since moving from Lastpass I've actually practiced what I preach as it's convenient. If you have Apple just use Keychain, it's the same thing really.
Your time would be better spent running a malware checker over his PC, making sure all the malware protections on his browser are activated, perhaps with ublock added for more protection, and strengthening all his passwords/setting up 2-factor authentication where appropriate. If you think that he is vulnerable to scams I guess you could even set yourself up as admin on his machine so that he can't make installs himself.
MFA all the things. There is no reason, if the site supports it, that you should not use MFA. Google Authenticator or similar and just train your father to use that and check that the site he is access really is the right site. And use a different password for every site, not the same one. You may need a password manager to help with that though.
I'm not going to go down the rabbit-hole of token theft from browser iframes, that's a problem that you may see, but as long as you have security settings enabled to include things like "warn me if there is a new browser/device trying to access this account", you may be able to minimise that risk.
Everyone up there ^^^ has given good advice too but, in all honesty, it's always a reactive game. If they get access to the account again, they'll change the recovery mail anyway. Make all the improvements you can; you just need to be harder to crack than the next person.
There's a couple of people on Youtube who do this, string phone scammers etc along and all the while they're hacked into the scammers own PC or CCTV system or something. Sometimes it's led to arrests but usually it's only a bit of fun that ultimately leads nowhere. You really have to be an expert to even think of attempting something like this and even then it's a tiny drop in the bucket that affects... nothing, at the end of the day. 🙁
I know I keep shamelessly pimping my blog, but I gain nothing from it (I can't even see the web stats). I wrote about this, maybe it will help:
https://blueteamhackers.com/old-mcdonald-had-a-password-m-f-m-f-a/
https://blueteamhackers.com/password-smashword/
You really have to be an expert to even think of attempting something like this
Yeah.
As others have said, this is big business. There was a time where stringing along a scammer was a fun sport. There was a website called something like "419 Eater" where the site owner would have Nigerian idiots posing for a photo with a slice of toast on their head or something. The thinking being, aside from hilarity, that the more of their time you waste the less time they'll have to do someone else over.
Those days are gone. This is organised crime. You are dealing with operations run by professional criminals and you are not the one who knocks. Some are nation state actors. The last thing you want to do is become of special interest to them.
Another factor is a lot of these operations are now using slave labour in their scamming sweatshops, stringing along a scammer is probably making life worse for someone who already has a far far worse life than you can imagine.
Don't engage just report it to the professionals and let them deal with it.