Computer question for the Geeks

[Rick Prentice]

I have a question for you Geeksters I recently listed an item on Craigslist. A day later someone replied by email and it came to me through the craigslist hidden email feature. They asks some normal questions and asked for some additional pictures. I replied with the answers to their questions and also sent 2 additional pictures.

Now with their recent email reply, which seems to be coming direct from them(not through craigslist) it seems they are probably a scammer. They gave the usual -----------------I'm out of town and will have someone stop and pick it up------------------they want to pay with paypal if I give them my paypal info-------.

Now I'm ticked for being so easy. I turned off the home router and I'm working from the tablet router right now. My question is this-----Can they get into my home computer with the IP Address info and my sent picture properties. I'm curious how these low-lives actually hack into stuff.

Thanks for your replies,
Rick

[Rick Prentice]

And NO, I didn't give any account information.

[Barnyard]

Rick, you should be fine. You never gave them any info. I think they just wanted your Pay Pal info.

I usually turn off the email option on Craigslist. I give them my phone number with the note that I take calls only and no text messages. If they really want whatever your selling they will call you.

[Rick Prentice]

Rick, you should be fine.

Is that the same as "you might be fine"

[Buzzard Wing]

Probably OK.... once they respond to the Craigslist ad it is 'from' their email address to yours. When you respond it's 'from' your email address. That's just the way it works, not like eBay where they want you to go through their 'message system'. Always good to have up to date 'virus' and firewall software.

When it comes to pictures there are some bits of information that go along with it... most are not too important (type of camera, date, etc) but some are, it could have your name, lat/long etc. Right click a picture and look at 'properties' to get an idea.

I treat anything on Craigslist carefully. You NEVER know who you are dealing with, it is a con-mans dream come true. Still, tough to beat the price and coverage.

[Rick Prentice]

OK, answers like "should be OK" and "probably OK" scare me. I'd like to know exactly what info a hacker needs to get into someones computer

Thanks though,
Rick

[Barnyard]

Rick, you should be fine.

Is that the same as "you might be fine"

Yes, the only difference is it takes longer to type "should" than it does to type "might" because of the letter count.

Actually, I will rephrase that and say, "I wouldn't worry about it". They just want your paypal info so they can siphon off your retirement funds. Just don't give that info.

[John *.?-!.* cub owner]

It sounds normal to me, except for paypal. All they need to pay you via PAYPAL is the email address you use on Paypal,, nothing else, (some people use a separate email just for Payapl). When you replied to their inquiry your email went straight to them, not via Craig's list, and that is how they replied directly to you, all they did was click reply. You can verify that by looking in your email sent box. There is no way to be 100% sure you are not compromised when doing anything on the internet, with the right programs and enough time they can get into almost anything, but normally an individuals paypal account is not usually worth the effort. A good internet security program with firewall is pretty much a necessity on home computers now.

[Rudi]

Rick:

I turned off the home router and I'm working from the tablet router right now. My question is this-----Can they get into my home computer with the IP Address info and my sent picture properties. I'm curious how these low-lives actually hack into stuff.

The simple answer is not a chance. So they know you IP... no big deal. Not a hard thing to figure out. If you are concerned about someone knowing your IP, you do have a defense there - your IP is most likely dynamic so it will change probably every 21 days or so. If you really are concerned call your ISP and ask them to force an IP change which they will do, although it is not necessary. Second, even if they get your IP they then have to figure out what router you have - make/model etc. That isn't going to be easy as there is really no way for them to get that info as it is not broadcast. Third a router is actually a firewall. A Firewall is designed to keep out potential threats. Also, to get into your network they would have to figure out what your encrypted pass phrase is. And that will take a lot of brute force - essentially bombarding your router with massive amounts of queries hoping to stumble on the correct phrase. That ain't likely to happen as it can be costly both in time and resources to do that. Those resources are used for high value targets. Most routers today utilize 128 bit Encryption. That level of encryption is impossible for most hackers to crack. Also even if they have the directory structure of your hard drive - without access to your network there is no way to access that info. Usually that info isn't transmitted anyways as once you upload a file the only property that is available to them to look at is the actual .jpg file info and not where it originated. That part of the data string is truncated/removed.

Since my days in the Navy, I haven't worried about my home network security because I understand the encrypt/decrypt process. Even back in the day - the 70's and 80's we used to joke that it would take NSA's Super Cray's a millenium to crack some of the codes that were used way back then, which are kinda equivalent to today's security measures. We have always used "very strong" passwords and I recommend them. If you have a strong or very strong password, I wouldn't worry about it.

However, by turning off your router you are making your tablet less secure than it was. The router is not only your best line of defense, it really is your only line of defense and having two routers -- house router and the tablet router (if it does have a router) is rather good because you then have two levels of encrypted defense.

Where the danger lies is in the phishing attempts that these creeps use to dupe unsuspecting folks into giving them the information that they want. Ok.. so they ask for you paypal account to pay you with... no big deal -- all they need is your email address or whatever your paypal account is tied to, to send you the money. You don't need to send them your password. And you don't let the item out of your possession until the item is paid for in your paypal account - which then only you can access unless there is a conflict resolution problem and then only paypal can attach those funds.

Now talking about passwords - I hope your password is at least "very strong" which would mean a combination of 8-16 or 24 letters and figures. Something like that would be very difficult if not impossible to bust as the permutations would be inestimably huge.

Also like , if you respond from your email account to one of these forwarded "hidden address" emails from craigslist, then your email is no longer hidden. If you respond through eBay or ( craigslist - I assume is the same as eBay) then your email is still "hidden".

Good online security practices are an excellent way to give peace of mind, so practice those. If there are obvious phishing attempts - forward those attempts to say spoof@paypal.com. They will respond with either yup it is a phishing attempt or no, this is an actually member. I have not had a real member response once from paypal in all the years I have been on-line and on and other commercial sites.

[Dale Shaw]

I always turn off the e-mail function also. I also add extra spaces in the phone number to prevent the automatic use of the phone #. If someone wants what I have for sale, then a little effort on their part is worth the prize.