Pages in topic:   [1 2] >
Cyberattacked: what should I do to be safe again?
Thread poster: María C Turri
María C Turri
María C Turri  Identity Verified
Argentina
Local time: 08:28
Member (2019)
English to Spanish
Feb 8, 2021

Hello, everyone. On Saturday, I downloaded a piece of malicious software by mistake and, even though I turned the laptop off as soon as I noticed, pyrates got hold of all the passwords I had stored in my Google account. So far, they stole money from PayPal and tried on Skrill and Transferwise, as well as my local bank. I have set up 2 steps authentication for everything I could now but still, I don't feel safe, plus I have an awful lot of new passwords to remember.

Do you have any
... See more
Hello, everyone. On Saturday, I downloaded a piece of malicious software by mistake and, even though I turned the laptop off as soon as I noticed, pyrates got hold of all the passwords I had stored in my Google account. So far, they stole money from PayPal and tried on Skrill and Transferwise, as well as my local bank. I have set up 2 steps authentication for everything I could now but still, I don't feel safe, plus I have an awful lot of new passwords to remember.

Do you have any suggestions? I was using a Gmail account because I couldn't afford anything better, but now that things are improving for me I think I need to invest. And certainly, a new antivirus, for Windows Defender is not enough. Could you recommend me a good one?

I know I should have thought about this before, and believe me that I'm mortified enough, so please be kind in your responses.
Collapse


Christopher Schröder
Beatriz Ramírez de Haro
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 11:28
Danish to English
+ ...
Antivirus Feb 8, 2021

It must be really frustrating.

As for the money stolen from PayPal, you should report it as a fraudulent transaction and ask them to reverse it, since you didn't authorise it.

As for security software, I can warmly recommend Webroot SecureAnywhere, which has kept me safe for many years and doesn't consume a lot of resources or cause conflicts with legitimate software.
... See more
It must be really frustrating.

As for the money stolen from PayPal, you should report it as a fraudulent transaction and ask them to reverse it, since you didn't authorise it.

As for security software, I can warmly recommend Webroot SecureAnywhere, which has kept me safe for many years and doesn't consume a lot of resources or cause conflicts with legitimate software.

https://uk.pcmag.com/antivirus/36570/webroot-secureanywhere-antivirus

How did you get tricked into downloading the virus?
Collapse


expressisverbis
 
María C Turri
María C Turri  Identity Verified
Argentina
Local time: 08:28
Member (2019)
English to Spanish
TOPIC STARTER
Got tricked, yes Feb 8, 2021

The first thing I did when I noticed the problem was report it to PayPal. They say "the transaction matches my previous behavior (?)" and they don't see any problems with it, so they won't reimburse me. It's a transaction made to a Gmail account (the first in my PP history) and it's called "loan" (quoting marks included). This is what made me feel most insecure because I'm increasing the amounts I receive by PP and it's really frustrating to see that money go away just like that!

Th
... See more
The first thing I did when I noticed the problem was report it to PayPal. They say "the transaction matches my previous behavior (?)" and they don't see any problems with it, so they won't reimburse me. It's a transaction made to a Gmail account (the first in my PP history) and it's called "loan" (quoting marks included). This is what made me feel most insecure because I'm increasing the amounts I receive by PP and it's really frustrating to see that money go away just like that!

Thank you for the Antivirus recomendation, I'll give it a look!
Collapse


 
Recep Kurt
Recep Kurt  Identity Verified
Türkiye
Local time: 14:28
Member (2011)
English to Turkish
+ ...
What you can do to minimize the risks Feb 8, 2021

1- Use strong passwords for all your accounts
2- Use a password manager to generate strong passwords/keep track of your accounts (Roboform)
3- Don't download stuff from sites you don't know. Don't click on links you are not sure about. Don't install software that you don't know. Do a little research first.
4- Always a good idea to have a good antivirus+firewall. There are plenty of choices (Kaspersky, Eset, Avast etc.)


expressisverbis
Victoria Britten
Emanuele Vacca
 
Jo Macdonald
Jo Macdonald  Identity Verified
Spain
Local time: 12:28
Member (2005)
Italian to English
+ ...
Your answers are already in your questions Maria Feb 8, 2021

You just need two passwords.
1. A low security one for less important things like Proz, facebook, Google login for example you can let your browser save if you want so you don't have to login again every time.
2. A high security one for money matters like the bank, Paypal, and anything else you want more security on. This can be a more secure password, but the most important thing is you never give it to anyone and especially never tell your browser or Google or any other program or
... See more
You just need two passwords.
1. A low security one for less important things like Proz, facebook, Google login for example you can let your browser save if you want so you don't have to login again every time.
2. A high security one for money matters like the bank, Paypal, and anything else you want more security on. This can be a more secure password, but the most important thing is you never give it to anyone and especially never tell your browser or Google or any other program or web site/service to remember it, so every time you have to login again. This goes for your smartphone too.
You can also set your browser to delete all cookies (including passwords) every time you close it and choose which one not to delete.
2-step authentication is good and banks should require this for bigger transactions.
Obvious I know, but don't download and install hijack malware, click on dubious links in strange mails, etc. open/run/install .exe or image files sent as attachments.

Personally I don't think you need another malware prog because I'm sure it will ask you "Do you want to save this password to save having to logon again next time?" and if you answer "Yes", which you shouldn't if it's a high security logon, you'll be in the same position you were before with money spending passwords saved in a Googly account, vulnerable to anyone who hijacks that account with those passwords saved in it. Don't use a "login with Google or facebook" option for anything important, their security is just an annoyance (to users) must be laughable to hackers.



[Edited at 2021-02-08 13:41 GMT]
Collapse


María C Turri
expressisverbis
Emanuele Vacca
 
Victoria Britten
Victoria Britten  Identity Verified
France
Local time: 12:28
French to English
+ ...
Password manager Feb 8, 2021

A passport manager does all the remembering for you (except the master password you use to access it !). It will also generate a random, secure password for each website if you ask it to, which means serious damage limitation even if someone does manage to get their hands on one of your passwords.

I'm no expert, but I'm satisfied with the one I use: Dashlane. That said, I only use it for my PC: I believe they charge for syncing between devices. Worth having a look around for which b
... See more
A passport manager does all the remembering for you (except the master password you use to access it !). It will also generate a random, secure password for each website if you ask it to, which means serious damage limitation even if someone does manage to get their hands on one of your passwords.

I'm no expert, but I'm satisfied with the one I use: Dashlane. That said, I only use it for my PC: I believe they charge for syncing between devices. Worth having a look around for which best suits your purposes/budget.

[Edited at 2021-02-08 13:43 GMT]
Collapse


Jean Dimitriadis
María C Turri
expressisverbis
Emanuele Vacca
 
Jean Dimitriadis
Jean Dimitriadis  Identity Verified
English to French
+ ...
Use a password manager Feb 8, 2021

One of the best things you can do security-wise is to use a Password manager, to safely store all your passwords.

To unlock the password manager and retrieve your passwords, you only need to remember a single password, called the "master password". Of course this one needs to be super secure. Try to come up with a long phrase (maybe from a book you like, so that you can remember it easily), maybe adding a special character and/or numbers. Above anything, the strength o
... See more
One of the best things you can do security-wise is to use a Password manager, to safely store all your passwords.

To unlock the password manager and retrieve your passwords, you only need to remember a single password, called the "master password". Of course this one needs to be super secure. Try to come up with a long phrase (maybe from a book you like, so that you can remember it easily), maybe adding a special character and/or numbers. Above anything, the strength of a password lies in it's length, not it's variety.

password_strength

Typically, a password manager helps you not only securely store your passwords, but also *generate new secure and unique passwords*.

A password manager is then useful in that it remembers the passwords for you, so you can use complex ones like KLaxCzfiEKjgSiwxy3* (just an example). Make sure you create different passwords for each site.

Especially for important accounts, such as your email account, and money-related accounts, check about how to improve your account security.

For Google, you can use this Security Checkup: https://myaccount.google.com/security-checkup?hl=en

You can also enable 2FA (Two factor security) for important accounts.

I use Bitwarden (on my computer and on my phone) as my password manager, but you can find others too.

Edit: Sorry for duplication of effort, I see other colleagues have already chimed in while I was writing my post!

Edit2: I disagree with Jo Macdonald on one point. The email account security (Gmail in this case) needs to be the highest possible, not low. If an attacker can access your email account, they may be able to reset your other passwords too…

[Edited at 2021-02-08 13:47 GMT]
Collapse


Victoria Britten
María C Turri
expressisverbis
Jo Macdonald
Marina Taffetani
Maria Pia Giuseppina Nuzzolese
Laura Kingdon
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 11:28
Danish to English
+ ...
Typical PayPal Feb 8, 2021

María C Turri wrote:

The first thing I did when I noticed the problem was report it to PayPal. They say "the transaction matches my previous behavior (?)" and they don't see any problems with it, so they won't reimburse me. It's a transaction made to a Gmail account (the first in my PP history) and it's called "loan" (quoting marks included).


That's par for the course with PayPal. I rarely use them. So many people have reported such problems with them.

Do check their user agreement for your rights in such a situation and also your national regulations for payment services, and escalate this, using PayPal's complaints procedures.


expressisverbis
Tina Vonhof (X)
 
María C Turri
María C Turri  Identity Verified
Argentina
Local time: 08:28
Member (2019)
English to Spanish
TOPIC STARTER
of course Feb 8, 2021


I rarely use them. So many people have reported such problems with them.

Do check their user agreement for your rights in such a situation and also your national regulations for payment services, and escalate this, using PayPal's complaints procedures.


I certainly will, even though nothing good may come out of it. Can I ask you what do you use instead of PayPal? Is any of those services more reliable?


 
María C Turri
María C Turri  Identity Verified
Argentina
Local time: 08:28
Member (2019)
English to Spanish
TOPIC STARTER
Agreed! Feb 8, 2021


Edit2: I disagree with Jo Macdonald on one point. The email account security (Gmail in this case) needs to be the highest possible, not low. If an attacker can access your email account, they may be able to reset your other passwords too…

[Edited at 2021-02-08 13:47 GMT]


That was exactly what happened to me. They ended up resetting my homebanking account. Luckily, I was fast enough to secure that money. Thank you, Jean. It really helps to have exhaustive explanations since cybersecurity is clearly not one of my strong areas.


expressisverbis
Jo Macdonald
Jean Dimitriadis
 
Jo Macdonald
Jo Macdonald  Identity Verified
Spain
Local time: 12:28
Member (2005)
Italian to English
+ ...
Excellent point Jean Feb 8, 2021

María C Turri wrote:


Edit2: I disagree with Jo Macdonald on one point. The email account security (Gmail in this case) needs to be the highest possible, not low. If an attacker can access your email account, they may be able to reset your other passwords too…

[Edited at 2021-02-08 13:47 GMT]


That was exactly what happened to me. They ended up resetting my homebanking account. Luckily, I was fast enough to secure that money. Thank you, Jean. It really helps to have exhaustive explanations since cybersecurity is clearly not one of my strong areas.


Bitwarden looks good too.


expressisverbis
Jean Dimitriadis
 
Thomas T. Frost
Thomas T. Frost  Identity Verified
Portugal
Local time: 11:28
Danish to English
+ ...
Alternatives Feb 8, 2021

María C Turri wrote:


I rarely use them. So many people have reported such problems with them.

Do check their user agreement for your rights in such a situation and also your national regulations for payment services, and escalate this, using PayPal's complaints procedures.


I certainly will, even though nothing good may come out of it. Can I ask you what do you use instead of PayPal? Is any of those services more reliable?


Since I'm in the EU, all eurozone clients pay me by money transfer in euros. That's free and secure, but of no use to you.

From the US, I use TransferWise. Fees are extremely low and it's a reliable company. But the service they offer depends on the country involved, so you'd need to check what's available for your country. If you can use TransferWise, note that you can also receive EUR and GBP payments through them.

Don't give up with PayPal yet. I got scammed once, and PayPal, true to their reputation, did nothing to help. But I ended up finding a flaw in their procedures and told them I was going to complain to the financial regulator. Then they paid up.


expressisverbis
María C Turri
 
Tina Vonhof (X)
Tina Vonhof (X)
Canada
Local time: 05:28
Dutch to English
+ ...
Me too Feb 8, 2021

Thomas T. Frost wrote:

María C Turri wrote:

The first thing I did when I noticed the problem was report it to PayPal. They say "the transaction matches my previous behavior (?)" and they don't see any problems with it, so they won't reimburse me. It's a transaction made to a Gmail account (the first in my PP history) and it's called "loan" (quoting marks included).


That's par for the course with PayPal. I rarely use them. So many people have reported such problems with them.

Do check their user agreement for your rights in such a situation and also your national regulations for payment services, and escalate this, using PayPal's complaints procedures.


Paypal suggested to me that I contact the 'seller' (i.e. the hackers!) - that was the last thing I wanted to do of course. I was extremely lucky in a way because I had a very small balance on PP at the time, so that the charge was put through to my credit card. I then contacted the bank and they were the ones who took action and eventually managed to get my money back.


María C Turri
 
Samuel Murray
Samuel Murray  Identity Verified
Netherlands
Local time: 12:28
Member (2006)
English to Afrikaans
+ ...
@María Feb 8, 2021

María C Turri wrote:
I have an awful lot of new passwords to remember.


Use randomized 16-character passwords (a different one for every new site or service), and use a password manager to remember them. You need a strong master password for the password manager, too, but that's the only password that you would need to remember. And if you use a password manager that is also web-based, it means you can access your passwords from anywhere. And if you use one that has an app for your phone, you can unlock the passwords using your fingerprint, so it's a lot less hassle because you don't need to type in your master password all the time. Most password managers have a feature whereby they generate a new password for you on demand, or whenever you visit a new site or service.

I use Bitwarden, because it's free and it works on Android as well as my own computer, but really there are many fine products and they often don't cost much, e.g. Dashlane, 1Password and LastPass. If you have your passwords saved in the password manager, hackers can't get to it even if they compromise your entire computer. The only way they can get your passwords is if you reveal your master password.

(You also have to set your browser not to remember passwords, so that the password manager is the one that remembers them.)


María C Turri
 
María C Turri
María C Turri  Identity Verified
Argentina
Local time: 08:28
Member (2019)
English to Spanish
TOPIC STARTER
Thanks! Feb 9, 2021

Samuel Murray wrote:

(You also have to set your browser not to remember passwords, so that the password manager is the one that remembers them.)


Thank you, Samuel! I absolutely love that feature. It definitely helps me be extra-careful without making me waste so much time.

It was great to ask all of you here, you've been amazingly helpful. Thank you very much!


 
Pages in topic:   [1 2] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Cyberattacked: what should I do to be safe again?






Trados Studio 2022 Freelance
The leading translation software used by over 270,000 translators.

Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop and cloud solution, empowering you to work in the most efficient and cost-effective way.

More info »
Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

Buy now! »