Such stupidity

[Gonz]

Look at the poor writing of this email I got & wonder (aloud if you must) why anyone gets taken in

Dear PayPal Client!

Having provided the constant support and check of your billing data on file with PayPal we managed to discover a little error in it. You can use you card only for the purpose of identification, the charge at will is impossible. This very type of user’s identification lets PayPal! store a safe place to make a purchase, manage the verification of your account data. Setting up a seller account needs valid debit or credit card and verification of account data. In case of automatic payments the charge of credit card usually lasts 5-7 days after getting the invoice. Confirm the necessary information. Mind that your account can be invalid for non-payers and your responsibility may include costs accepting.

To entry the confirmation page you should click here


Be sure, you’ve made right choice paying attention to this matter. Sorry for any inconveniences but we woul! d like you to understand that it is just a safe way of your account protection. Please understand that this is a security measure meant to help protect you and your account.

 

[tonksy]

I know! One of the posters that is a member of a private sellers group I am a member of just got her account hacked, they diverted all her payments to a different account. I didn't have the nerve to ask her if she knew how it happened. I wonder if it was one of these phishing emails.

 

[Professur]

As always, forward (with headers) to [email protected]. You can't arrest someone without evidence.

 

[Professur]

I know! One of the posters that is a member of a private sellers group I am a member of just got her account hacked, they diverted all her payments to a different account. I didn't have the nerve to ask her if she knew how it happened. I wonder if it was one of these phishing emails.

Strong passwords. I frankly don't care how bad someone's memory is. Random capital letters, numbers and special characters will protect your account.

0Tc@Eb4Y will not get hacked, ever.

 

[Inkara1]

It will NOW!

 

[Luis G]

0Tc@Eb4Y will not get hacked, ever.

Actually that's not a strong password. A dictionary based attack could guess it relatively fast.

On the other hand something like:
$ffGA9)=/2wp5#.!Kn0

is a winner

 

[Professur]

Two spaced numbers will fall to a dictionary attack? I don't thing so, Tim.

 

[Luis G]

But I bet Eb4Y is a dictionary word. In fact, most words in 1337 5p34k should be dictionary words.

 

[Professur]

Throwing in the capitals would thrash that.

That's not to say that your version isn't stronger than mine. But mine is strong ... without the need to write it down and leave it where it can be collected by the cleaning staff.

 

[Luis G]

Of course a pure dictionary attack might get fooled, but a dictionary based attack won't.

 

[Professur]

Of course a pure dictionary attack might get fooled, but a dictionary based attack won't.

To paraphrase the Cisco seminar on security I attented "there's no such thing as an unbreakable password. You're not going to stop a determined hacker with resources."

Your goal today is to stop the script kiddies. They're not like the hackers of 10 years back. They're bored nintendo players. They're not looking for work.