A reader is having a heckuva time with her online accounts:
Cyn, had my eBay & email accounts hijacked in the last few days. Also, my husband’s eBay account had his email address changed. It’s really a mess to get it all straightened out.
First day, I received an eBay email that showed an item I did not bid on and offered similar items. Got with eBay and changed PW and was assured nothing was charged to my account.
The second day I received an email that I had made a $49.99 purchase at iTunes store from my iPhone and that if I did not respond they would continue billing me monthly. That one took a bit of grief to get settled, but got it cleared up. The tech told me that the ‘from’ line was an indicator it was a phishing effort. (Live & learn).
The third day my husband was unable to get into his eBay account. The investigation indicated his email address in his account was changed, so his attempts to access account didn’t work. So much going on it drives you crazy. Anyway, we both got accounts straightened, changed all passwords involved and added 2nd verification to the accounts.
My question is: Every time an account is accessed, a box at the bottom comes up – do you want (the site) to remember your password, and or sign in. You should never do that right? Also, when finished with any account, especially email, PayPal, you should actually log out, right? Not just shut down the pc with the accounts open?
The emails you received are definitely phishing attempts. Showing your purchases and attempts to get into your account or saying you’ve been subscribed to some type of service is a common way to trick people into clicking on malicious sites. You did the right thing. Never follow the links in those emails. If you think there’s a problem with your account, open up a browser and check it out. Activating two-factor authentication is definitely the way to go.
If nothing was charged to your husband’s eBay account, it is possible that he might have accidentally reset his email information or you happened to interrupt a bad actor in the process of hacking his account.
Here’s my opinion about allowing your browser to remember your password. It’s more secure if you don’t, just in case someone gets into your computer or gets your account information for the browser if you allow those passwords to be shared across devices. However, if you only use your computer at home and it’s you and your spouse, you’re pretty safe doing that. Especially if you have two-factor authentication enabled.
Logging out is safer. But again, if it’s just you at home on a home PC, that’s not likely the way crooks are going to get at your account. They are more likely to use phishing attempts like the ones you spotted or to hack the servers of the businesses where you have accounts.
Another great one! Thank you!