"Two-Factor Authentication" saved my bacon!!

Discussion in 'Stolen Radios, Scams and Rip-Offs' started by W7UUU, May 19, 2019.

ad: L-HROutlet
ad: l-rl
ad: L-MFJ
ad: Subscribe
ad: MessiPaoloni-1
ad: K5AB-Elect-1
ad: Left-2
  1. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    In light of the "hacked account" scam of this morning - and all the many others we have seen reported - I thought I would share what happened to one of my Gmail accounts a week ago...

    I use "Two-Factor Authentication" there as well - if a new device logs into my Gmail account, I get a text and have to supply a code to Gmail to actually enter my email from that account. I use the same system here at QRZ - works identically. Anyone trying to log into my QRZ account from an unknown device will need to have my cell phone to retrieve the authentication code, just like at Gmail.

    Last Saturday I was having coffee, I got a text and an email at the same instant - both from Gmail "Two-Factor Authentication" - the text was the 6-digit access code, and the email read, "You're attempting to log into your Gmail account from an unknown device - please enter the 6 digit code that has been sent to you".

    The hacker had HACKED MY PASSWORD - he got that far, but the fact he did not have my cell phone gave him no way to go further. Of course, I immediately changed my old fairly-simple password to a very very strong one.

    But if you've not turned on Two-Factor Authentication both here at QRZ and on your email account(s) if they offer it, you're not as safe as you could be. You can turn it on at your account page.

    Scammers are getting very very clever....

    Dave
    W7UUU

    upload_2019-5-19_9-46-57.png
     
    N4THC, WB5THT, ND6M and 1 other person like this.
  2. KA9JLM

    KA9JLM Ham Member QRZ Page

    It may not be that they hacked your password, But they tried to login using your user name.

    Gmail is good about sending warnings about strange login attempts.

    Have you connected any google enabled devices recently ?
     
    KA0HCP and AG5DB like this.
  3. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Pretty sure you do NOT get the "confirmation text" if you don't have the password.... you have to enter the password correctly for it to be sent.

    Dave
    W7UUU
     
  4. KA9JLM

    KA9JLM Ham Member QRZ Page

    I have, When my wife tried to log into my account. She guessed and the password was wrong. It was a new Android phone.

    There are a lot of scams that yank your password by having you log into a fake login page. The warning email is spoofed.

    Thank goodness that scam got killed on QRZ. It was here for a long time.

    People that store their password in the cloud get hacked most often.

    The cloud is a hackers dream sandbox.
     
    WB5THT and AJ4GQ like this.
  5. AJ4GQ

    AJ4GQ Ham Member QRZ Page

    You just got one, didn't you?
     
  6. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Not sure what you mean. No I did not just get a confirmation code.

    Dave
    W7UUU
     
  7. N0TZU

    N0TZU Platinum Subscriber Platinum Subscriber QRZ Page

    Slightly OT but I was on a trip last week and google search thought I was a hacker or spam bot and made me do Captchas three times over a few days. I’m guessing it was because I was using VPN all the time at many different free WiFi locations.
     
    W7UUU likes this.
  8. W7UUU

    W7UUU Super Moderator Lifetime Member 133 Administrator Volunteer Moderator Platinum Subscriber Life Member QRZ Page

    Very likely. I had the same thing when I traveled to a state I've never been and never logged in any device before. For a couple of days I had to reconfirm with Captchas as well.

    Dave
    W7UUU
     
    N0TZU likes this.
  9. AJ4GQ

    AJ4GQ Ham Member QRZ Page

    Ooops. That was not intended for you, nor did it have anything to do with QRZ. Sorry.
     
  10. KA9JLM

    KA9JLM Ham Member QRZ Page

    Those are only good for robots, Are you a robot ?

    I hate those. They are old school. And help you get locked out of your own account.

    IP address is what keys a "Scam Likely"
     
    WD4IGX likes this.

Share This Page