Help, scammers attacking my email

[MountainBuck]

You may want to run your email address through:

Have I Been Pwned: Check if your email has been compromised in a data breach

It will tell you if your email has been involved in a data breach. The site has a strong reputation for ethical standards and data privacy.

 

[ericm979]

It sounds like the OP's problem isn't spam, it's that someone has possibly gotten into their email account. That's a bigger problem than spam (which should be mostly taken care of by the mail provider).

The attacker may have just compromised the email account password or they may have installed malware on your computer and gotten the email password that way.

You can first change the password on the email account and set up two factor auth. If the attacks continue then look to cleaning up your computer of any malware (and resetting the email account password again).

The other possibility is that the attacker doesn't have your email address and they are just firing off password change requests (via a program) to use the auto-reply mails to annoy you.

If they do have your email account password they may try to impersonate you to people in your address book and ask for money or other things of value.

Your passwords should be long random strings generated and managed by a password manager. Lastpass has had security problems for many years and has shown an unwillingness to fix them. I suggest 1password.

 

[masscity]

My DSL provider stops about 99% of my junk mail and sends them to me in an email. The email will have anywhere from 1 to 45 in it. I look at them to see if anything is ok, then blacklist the rest with on click.

In the last couple of months I've received three emails from Paypal that look perfectly real(probably AI), but the reason I knew they were a scam is that Paypal never sends me any email like that.

 

[Oaktree]

Your passwords should be long random strings generated and managed by a password manager. Lastpass has had security problems for many years and has shown an unwillingness to fix them. I suggest 1password.

I'm a bit wary of password managers, all eggs in the same basket should their servers get hacked. I just keep mine in a text file on my computer.

 

[ericm979]

I'm a bit wary of password managers, all eggs in the same basket should their servers get hacked. I just keep mine in a text file on my computer.

The right way to implement a password manager is to encrypt the passwords locally before they are uploaded. If the encryption is strong it won't matter if the server gets hacked. Without the master key the passwords aren't recoverable without spending far more than they're worth. Designing systems like that has been much of my work for the last 25 years and I can tell a good design and implementation from a bad one.

Keeping passwords in a file locally prevents network and server attacks but does not work when attackers get access to your machine. Which is not unknown.

Keeping them on post-its stuck to the monitor is secure against network and server attacks and is even secure against attackers who gain access to your machine. It only fails when the attacker is in the room with the monitor.

Both don't work well if you have more than one device.

 

[t1kilo]

Unless you have accounts at any of those websites sending you password reset emails, I wouldn’t get too excited. You really have no idea of whether or not those password reset emails are being sent from the vendors website unless you check the email header information. More likely, those are phishing attempts, and clicking on the link in the email will take you to a site that is impersonating the legitimate site. If you enter your info there, then they got you. Look at the url in your browser address bar to be certain. Another way is to hover over the link if you’re using a desktop mail client, and it will show you the url provided in the email.

I would suggest that since this is for your business, use a business class filtering system that checks not only incoming email, but also outgoing. If your email account would be compromised and start sending out spam, the filters would catch it and prevent it before it becomes a big problem. Of course this all depends on what provider you use for email.

Without knowing a lot more details, everything any of us post here is pure conjecture. By the way, I’ve made my living in IT the past 40 years, so I have a little experience with this.