Jump to content
Why become a member? ×
Please Support Basschat

Reverb.com website - SCAM??

TheGreek

By TheGreek,
in General Discussion

 Share

Recommended Posts

ped Grand Master

ped

Posted
Posted
1 hour ago, EMG456 said:

It should be said that the padlock only confirms that communications between your browser and the site in question are encrypted and therefore private. It doesn't check whether the site is genuine or not.

Scammers can set up a site which is secured and looks like the real thing but isn't, using, say a slightly misspelled URL - www.reverbs.com?- which you might not notice. 

Always check the URL for authenticity and consistency with the company's domain if you are in any doubt.

Yes there's always more to it. Always read the small print!

Link to comment
Share on other sites
MartinB Experienced

MartinB

Posted
Posted

There's a particularly sneaky variation on this where letters from different alphabets that look similar are substituted. Take a look at the following links (but don't click on them!).

https://www.basschat.co.uk
https://www.bаsschat.co.uk

They look the same, right? But the a's in the second one are not the Latin letter a, but the Cyrillic letter а. In many fonts they look very very similar, if not identical. If you're not using a touchscreen, moving your mouse over the second link might show you the Latin-ised URL where you'd actually end up if you clicked on it - some browsers are helpful like that, but not all. Again, please don't click on that second link! I don't know what's at the other end 😅

If an email tries to get you to urgently follow a link, don't - type in the URL yourself.

(This is called an https://en.wikipedia.org/wiki/IDN_homograph_attack, if you're feeling geeky 🤓 )
 

  • Like 2
  • Thanks 3
Link to comment
Share on other sites
woodyratm Experienced

woodyratm

Posted
Posted
7 hours ago, EMG456 said:

It should be said that the padlock only confirms that communications between your browser and the site in question are encrypted and therefore private. It doesn't check whether the site is genuine or not.

Scammers can set up a site which is secured and looks like the real thing but isn't, using, say a slightly misspelled URL - www.reverbs.com?- which you might not notice. 

Always check the URL for authenticity and consistency with the company's domain if you are in any doubt.

This and the post about not trusting what you see is 100%.

I'm honestly considering sending my CV to Reverb. Fun fact, the email said they resolved it quickly... Average cyber attack takes over 300 days to detect. I was going to do some reading into this breach and see what caused it but totally forgot. 

Link to comment
Share on other sites
adamg67 Proficient

adamg67

Posted
Posted (edited)

For anyone who doesn't know about it, this is very handy for any of the major data leaks / scrapes: Have I Been Pwned

It's a legit site that tells you if your email address is in any of the known data breaches and so is out there for hackers to try against other sites. Mine was in there from the LinkedIn and Adobe breaches, the passwords used were relatively unique so not too many to change to make sure all was well. I think some services like Experian are now providing the same thing. For obvious reasons it doesn't tell you the associated passwords but you can look up passwords separately as well. It tells you which data breaches the email is on so you if you do use the same password for a few things you should know which one(s) to change.

This is why it is such a good idea to use different passwords for everything. Hackers don't try and hack your bank or your email, they hack big sites that aren't as well protected (what can you really lose if LinkedIn gets hacked), grab the usernames and passwords (yes, they should be encrypted but they aren't always can can still be brute force cracked if they are) and then try them against your email and your bank.

Actually email is the big one, since password resets rely on your email. Use something very unique for your email.

Edited by adamg67
  • Like 1
Link to comment
Share on other sites
msv Newbie

msv

Posted
Posted

These days with cyber security it is best to change your password often. I don't click on any email links personally but I do change passwords monthly using a strong password generator, put them all in notepad, print it for the month and repeat. Never save your password in your browser.

  • Haha 1
Link to comment
Share on other sites
lemonstar Experienced

lemonstar

Posted
Posted (edited)

@msv At @dannybuoysuggestion a while back I switched from using the free version of LastPass to bitwarden - an open source project; I think it's excellent software - I have it working across Win7, Android and iOs - I find it very easy to use - it generates and saves all the passwords - I think it's far better to use software designed for the purpose than to make up your own system using ad hoc tools. If you have very strong passwords - why change them so regularly? As @adamg67suggests - register your email addresses with Have I Been Pwned - I have 30+ email addresses for my own reasons and all are registered with the site. 

The level of organisation and effort that goes into hacking is enormous and these guys are skilled and knowledgeable - i wrote advanced real-time embedded control software (and other stuff) for 25 years - (to save my company from being bent over backwards by a software supplier I and another engineer spent 18 months part-time hacking a proprietary database format to get "our" data out that we wanted to use (export) to use with the software design tool that we had designed to replace the software we were using and paying 10k pa for - the software supplier wanted to charge us £30k for software tools to do that) so you see people go to incredible lengths when it is worth it. IMHO l'm afraid that keeping passwords in a text file is something hackers will have been looking at for decades - the days of using passwords you remember have been over for along time.  

Edited by lemonstar
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...