Big Dipper said:
so some little shit head has been hacking into my things stealing hundreds of dollars and taking my accounts. I just got even more emails regarding password changes, so I wanted to say here that if this account gets hacked and they start shit talking don't believe anything, just in case. i wish i could find that fucker and take their hands.
You should have a phone number on the back of your debit or credit card that you can call; they have a chain of command that ascertains based on the context of the call so they'll more than likely patch you to their fraud department or give you a number to call said department. If your credit card was used by the thief, then ask them to both CANCEL it and to get a NEW CARD NUMBER. You may need to visit your home branch that the account is physical/legally held at for that to happen though. That's important because the manager/financial advisors have authority to modify your accounts and might need the physical file directly to make changes (boxes to check, signatures to take from you, etc).
As for your emails, most emails (or even popular websites) nowadays come with a security feature that lets you attach 2FA (two factor authentication). This is essentially a second password that you have to input before acquiring access to the account. Its pretty tedious to install but if done correctly it will seriously stonewall most hack attempts as it is far more difficult to brute force than a static password. There are some 2FA apps that exist that aren't adware (or cloud based), something like AEGIS could help you. If you download any, I would avoid doing so on GOOGLE PLAY, get something like F-DROID to browse for one.
1. Download an authenticator app. Avoid cloud based authenticators (such as Authy).
2. Open your email page and navigate to wherever the security section is and look for 2FA, hopefully its available.
3. E-mail will likely provide a QR code to scan with your phone or give you a manual key string to input on the 2FA app itself.
4. On your phone the 2FA app will have a SCAN QR CODE or ENTER MANUALLY when adding a new key string, pick one.
5. Once you scanned the qr code or added the key string you can repeat the process for other accounts / e-mails. TEST ALL OF YOUR ACCOUNTS TO MAKE SURE 2FA WORKS PROPERLY.
6. Once you are done adding 2FA to your emails / other accounts; Go back to each of your email / other accounts and make sure account retrieval for SMS is turned off. This can bypass both your password and 2FA as spoofing a duplicate phone number is easier to do than brute forcing through 2 passwords, 1 of which changes on avg every 20 seconds. If the hacker knows your phone number its game over. Instead use backup codes provided by the email service, print them and keep them in a safe location.
7. Go back to the 2FA app on your phone and look for an option to EXPORT VAULT. Encrypting the vault is recommended. You don't want to forget the encryption password.
8. Attach phone to any personal computer you might have, then drop the vault onto a separate USB key. You can also get a USB adapter (USB TYPE C MALE TO USB ADAPTER FEMALE) so the phone can read directly into a usb key (although the usb itself may need to be formatted for your phone's OS to actually make use of it at which point if you can do that might as well use the PC itself anyways). Place the usb key in a safe location.
Import vault into a desktop authenticator during periods when your phone is not accessible (such as if it decides to brick up on you). If you can manage to emulate your phone's OS, that's even better. Enabling 2FA comes with the con of NEEDING your phone or the desktop (if a desktop version even exists) to access your accounts. But it provides excellent security in return.
![Voice of Enki [JG]](/data/avatars/m/0/84.jpg?1705131368){kind=avatar}
