It's password update day!

**Easto** · 11-11-21, 08:59 AM

I got a call from our realtor and she said she got a really weird email from me. All she said was that it didn't make any sense. The first thing I thought was that my email account may have been hijacked. I asked several other people if they had received anything suspicious from me recently and everyone came back with a "no". Granted, this may just be a problem on her end but since I have a ton of free time this morning I'm going to be changing all our email and network (including router) passwords. I'm not really too worried about any of my internet passwords being hijacked since I do not use the same password twice there's little chance that if someone gets one of them they would be able to exploit any other accounts.

**Philip** · 11-12-21, 06:44 AM

And all that time I thought that email with MadDoc's secretary was sent from him... jk.

Ask her to look at the headers of the email (or forward them to you), that's where it can become apparent where it is actually coming from. People spoof emails all the time, but server paths/IPs are in the headers. It could actually be her account/PC that's being compromised.

Other than that seems you know what you're doing (not reusing emails, etc.)

***YeOldeStonecat*** · 11-12-21, 07:38 AM

Nothing wrong with due diligence and changing the passwords regularly anyways....but, Realtors are heavily targeted (my wife is a Realtor)...they could have been watching HER account (or his?)...noticed emails to you, and just picked your name to "spoof".

Anyways, good, unique passwords are one thing, but passwords are only as secure as a flimsy screen door. Multi Factor Authentication (MFA) is what you want on ALL....ALL....you online accounts. MFA is the secure thick steel bank vault door!

**Easto** · 11-12-21, 08:33 PM

I use MFA on any sites that offer it.

Philip: I was going to ask her to send me the headers but I just thought I drop it and thank her for letting me know. I still might but I'm sure they're erased by now.

**Easto** · 11-13-21, 09:19 AM

What I find very weird is that some sites like Expedia who have actually had a breach in the past do not offer any 2FA. Even Marriott rewards does not offer it in a standard account.