My mom’s credit card, bank, and identity have been hacked multiple times. I suspect it stems from an email breach at yahoo if gmail. She uses her yahoo/gmail accounts for everything.

Can you smart people recommend a more secure email service?

I suspect it's more likely her PC is 0wn3d seven ways from Sunday.

ETA: I say this because I doubt she's passing CC info, or any sensitive bank info, or her SSN over email. If she is: She ought not. Unless one really knows how to tell, it's far, far too easy for bad actors to impersonate legitimate businesses. I've seen some that made even me look twice, and I'm a very experienced "IT guy." This is why legitimate email will never ask for such things.

I use Sitestar.net with no problems, around $22. a month.

I use ProtonMail, it’s encrypted but not so sure it would resolve her issues?

quote:

Originally posted by fwbulldog:
My mom’s credit card, bank, and identity have been hacked multiple times. I suspect it stems from an email breach at yahoo if gmail. She uses her yahoo/gmail accounts for everything.

Can you smart people recommend a more secure email service?

It’s exponentially more likely that her computer is compromised, with a keylogger/virus than that gmail or Yahoo have been hacked.

I’d recommend a fresh install of the OS, avoiding any odd websites or Facebook links, and changing her passwords at least quarterly. Paired with a good antivirus, she should be in much better shape.

As stated- Could be an email hack. But why would she send all that personal information via email and to who?

More likely it's her use of and actions on the PC.

The best tools in the world are worthless if they click on the link.

Also go over basic safety and security on the Internet.

How did you come to a conclusion that her email was breached?

Google has two factor authentication. Turn it on. Problem solved. No more people "hacking" into her email.

But, chances are, it's not that someone is getting into her email and using it to get into her accounts. She's probably getting phished.

Millions of people use Gmail. The weakness isn't the email, the weak link is your mom. She's probably has poor password hygiene and also regularly hands her passwords out to the bad guys when they ask.

Things she should do:

1) Stop using the same password everywhere. When someone hacks the database at the knitting website (that is running forum software that hasn't been updated in 5 years) and gets her password, it shouldn't be the same password she uses at her bank.

2) Stop giving your password to the bad guys. This usually comes in the form of phishing emails. Bad guys send her an email that looks like it's coming from the bank, she clicks on the link, and it sends her to a website that looks like the bank (but isn't). She punches in her password, and now the bad guys have her password.

3) Two-Factor Authentication. On everything. Change the settings on your email and bank website so that each time she logs in from a new machine, it requires her to punch in a code that is sent to her via text message.

4) Realize that unauthorized charges can be made using credit card numbers that are skimmed from brick-and-mortar stores.

What they said... ^

Yahoo is no less secure than the others in these ways, and that's not how such breaches generally work. Her machine is or was compromised, I'd wager as well, and/or she has at some point fallen for some flavor of Social Engineering and so on. If they're "in her email" it's because they have sorted out the password, not because they "broke in" to the email.

Yep. 99% chance your mom is the problem, but FWIW, +1 for ProtonMail for secure web-based email.

-Rob

Just so we're clear, secure email is to prevent unauthorized third parties from intercepting the email while it transits from point to point. It does not help your mom if she gives her passwords to people unintentionally or if she can't tell the difference between legit emails and phishing emails.

quote:

Originally posted by ensigmatic:
I've seen some that made even me look twice, and I'm a very experienced "IT guy."

If I have any doubt about an email (and have not already deleted it outright), I always view the source of the email. It's all in plain text, including all of the headers. I've caught some that appear very legitimate in the Inbox, but the source reveals it came from some server ending in .jp, .cn, .ru, or some such.

quote:

Originally posted by henryaz:
If I have any doubt about an email (and have not already deleted it outright), I always view the source of the email. It's all in plain text, including all of the headers.

The email client I use on my computers does that by default. I only go to HTML or whatever if there's clearly images, I trust the source, and I want to see them.

Plus I use tagged addresses for everybody. So if it claims to come from "X", and it wasn't sent to the tagged address I gave to "X", I know it definitely did not come from "X". Checking the headers is merely confirmation.

Too bad so many sites don't handle normally tagged email addresses, some mail systems don't properly deliver to tagged addresses, and few people know about them. This is a solution that would go a long way, and it's not being widely-used.

quote:

Originally posted by ensigmatic:
The email client I use on my computers does that by default. I only go to HTML or whatever if there's clearly images, I trust the source, and I want to see them.

Is this email client available to the general public or just commercial/professional users? Would be interested to know more if publicly available. Thanks.

quote:

Originally posted by ensigmatic:
Too bad so many sites don't handle normally tagged email addresses, some mail systems don't properly deliver to tagged addresses, and few people know about them.

I gave up on tagging years ago, when so many web stores refused to accept the address as valid ("invalid character", which of course it is not).

quote:

Originally posted by Tailhook 84:

quote:

Originally posted by ensigmatic:
The email client I use on my computers does that by default. I only go to HTML or whatever if there's clearly images, I trust the source, and I want to see them.

Is this email client available to the general public or just commercial/professional users? Would be interested to know more if publicly available. Thanks.

Generally available: claws-mail. But there may be a problem with rendering HTML in current releases. A plug-in is used, and I believe I read they may have dropped support for it due to lack of maintenance.

quote:

Originally posted by henryaz:

quote:

Originally posted by ensigmatic:
Too bad so many sites don't handle normally tagged email addresses, some mail systems don't properly deliver to tagged addresses, and few people know about them.

I gave up on tagging years ago, when so many web stores refused to accept the address as valid ("invalid character", which of course it is not).

I run my own mail server. I put a rule in there that treats "_" the same as "+". Problem solved.

That being said: Idiot web designers

Thanks ensigmatic.