WARNING: Phishing attack to steal your OF password

dsio
Posts
33,162
Likes
37,894
There is another attempt going around to steal account passwords, if you see an email like this, DO NOT click on it, as it is a scam.

The ONLY place to ever type your password is Omegaforums.net and make sure you type it yourself into the address bar.

To protect your account PLEASE also turn on TFA using the option in the top right, it prevents these attacks from succeeding.

This is an example of the scam email in question:

7B6D852D-ED7E-4ADA-9E2F-CB318FA481A9.jpeg
 
DaveK
Posts
5,081
Likes
15,684
When buying & selling we have our mailing addresses and often phone numbers (for customs purposes) and other sensitive stuff in our private mailboxes on OF. TFA is really important to keep this safe. Thanks for introducing TFA to the forum 👍

We have badges for paid subscriptions, and it would be great to, instead or in addition, have badges for those with TFA enabled
 
dsio
Posts
33,162
Likes
37,894
DaveK DaveK
When buying & selling we have our mailing addresses and often phone numbers (for customs purposes) and other sensitive stuff in our private mailboxes on OF. TFA is really important to keep this safe. Thanks for introducing TFA to the forum 👍

We have badges for paid subscriptions, and it would be great to, instead or in addition, have badges for those with TFA enabled
We had actually discussed that its a bit tricky to implement but its on our list, something like a padlock or something proving that an account has been secured, it will also be a pre-requisite before long to have TFA in able to use the sales section which will probably upset a few but it makes such a big difference in terms of protection.
 
wristpirate
Posts
1,240
Likes
3,833
Will an account with TFA be unhackable? Or does it simply reduce the chance of an account being hijacked?

I've enabled it on mine. But just curious how secure a padlock logo on an avatar will be and whether to be completely trusted
 
dsio
Posts
33,162
Likes
37,894
wristpirate wristpirate
Will an account with TFA be unhackable? Or does it simply reduce the chance of an account being hijacked?

I've enabled it on mine. But just curious how secure a padlock logo on an avatar will be and whether to be completely trusted
Email based TFA is very strong but ultimately only as strong as your security on your email account (hopefully you will have TFA enabled on your email also).

Authenticator app based TFA using Authy or Google Authenticator on your phone is practically impossible to compromise, they would have to physically obtain your phone so in terms of attacks like this, it is effectively 100%.

You can check out this article here posted by @oddboy in the other TFA thread which explains how TFA via a rotating secure token or app is the absolute best method and the gold standard.

https://www.google.com/amp/s/techcrunch.com/2019/05/20/google-data-two-factor-security/amp/
 
wristpirate
Posts
1,240
Likes
3,833
Thanks @dsio

Just checked and Google Authenticator gets poor reviews on iTunes store. Microsoft Authenticator seems to get the best rating over the most reviews too
 
dsio
Posts
33,162
Likes
37,894
wristpirate wristpirate
Thanks @dsio

Just checked and Google Authenticator gets poor reviews on iTunes store. Microsoft Authenticator seems to get the best rating over the most reviews too
Yea I personally don’t like Google Authenticator, Microsoft’s is better IMO but Authy by Sendgrid has a more intuitive user interface to me so I use that
 
C
Posts
1,579
Likes
15,222
wristpirate wristpirate
Will an account with TFA be unhackable? Or does it simply reduce the chance of an account being hijacked?

I've enabled it on mine. But just curious how secure a padlock logo on an avatar will be and whether to be completely trusted

Speaking as someone whose career is in cybersecurity, the word "unhackable" should be avoided, because basically nothing is. There are several MFA exploits / vulnerabilities out there, from browser flaws to application flaws. It does make it far less likely you'll be hacked, however. An MFA attack is technical, more complex, and currently is only likely to be encountered if you or your company is being specifically targeted by a skilled threat actor or organization.
 
dsio
Posts
33,162
Likes
37,894
C ChiefMark
Speaking as someone whose career is in cybersecurity, the word "unhackable" should be avoided, because basically nothing is. There are several MFA exploits / vulnerabilities out there, from browser flaws to application flaws. It does make it far less likely you'll be hacked, however. An MFA attack is technical, more complex, and currently is only likely to be encountered if you or your company is being specifically targeted by a skilled threat actor or organization.
Exactly right, the aim is just to use the most robust approach possible which is an ever moving target but for our use case and level of risk, App based MFA is about as good as you can get.
 
C
Posts
1,579
Likes
15,222
dsio dsio
Exactly right, the aim is just to use the most robust approach possible which is an ever moving target but for our use case and level of risk, App based MFA is about as good as you can get.
100%
 
dsio
Posts
33,162
Likes
37,894
Another example of the phishing attacks… pretending to be a PM notification

D5DF86C8-A085-4897-B969-24C7C6C2924D.jpeg
 
Sign up or log in to reply...