Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[miauw62]

1. Change password.
2. Stop worrying.

That reminds me of the time when gmail said somebody logged into my account from Korea. South Korea.

[Starver]

Even the almighty Google can't now about every illicit landline laid across (or under[1]) the DMZ, so maybe it was the NKs.


As much already said, I don't think there's any account hacking going on (unless you're seeing messages read/removed from the download queue it's hard to be sure, but... yes, change password (after checking any "secondary method to contact and reset password with" setting hasn't been messed with) and move on), and the most likely 'upper-quartile' worst case scenario is that someone who happens to have your email address (a contact or a friend, or someone who has seen it published somewhere random, or possibly someone who was aiming for gibberish but fell upon your actual address by accident) has decided to make an account and use your address for it.

If it's anything like a particular browser-based game I've gotten myself into, which I have now had a "You have not yet confirmed your email address yet" sort of thing on the post-login screen for the last two years, the person registering has no intention or need to access your mail to activate the whole thing, it's just a throwaway thing to perhaps disguise the fact that they're playing two or more accounts on a game whose policies ask that you don't have more than one.  (My own reasons for ignoring the registration process in that example is just pure laziness and that (for this game, at least) it appears I really don't have to do anything to unlock the game[2].  And as I have unlimited[3] addresses on the domain(s) that I own, there'd be nothing to stop me faking a number of separate personalities were I so inclined to do so.)


So.. yeah...  if there's any malicious intent in the email (and it doesn't look like it), then you can avoid being 'caught' by just not clicking on the link, thus not admitting to the existence of your email address even (technically the lack of a "no such user/server" mail would confirm you exist, but there are enough black-holes and unmonitored accounts that it shouldn't stand out as any more valid than your average unwatched account).

If it's web-bugged (and your client doesn't already do what 99% of mail clients do, or at least claim they do, which is not try to download pictures until/unless you've asked for them specifically or white-listed the sender), then you've nothing more to lose now than the first time you opened it, in the "yes, I'm a fat juicy target for an imminent spamming campaign" stakes.


But (based on little but my own experience, which may never been particular omniscient, but has quite a bit of net usage history behind it) I fall back to the "don't worry about it" camp.  I think even the password changing advice is overkill, but changing passwords regularly is always[4] a good idea, anyway so I wouldn't actually say anything against that.

I doubt you'd spot anything suspicious, following this mail, that you wouldn't have spotted without it.  If any given black-hat is good at what they do, they'd already be past all your defences anyway and this isn't going to be part of his or her plan.  The more incompetent ones will slip up in other ways.  So, as always, be alert.  (Your country needs 'lerts'!)



[1] "Coal mines", hur hur..

[2] And, yes, I am buggered if I lose control of my account on there, given I can't get a password reset/etc.  It's not worth worrying about.

[3] Well, massively large, even while finite.  I tend to register with different pre-@ address names in different places so that I can easily sort business from pleasure, and if any address becomes spammed-to I can make a decision about whether to go so far as to blackhole the mail or merely shove it into a "check less frequently" semi-junk folder.  And whether to inform the only legitimate users of that address that there is a problem, assuming that they've not been... indiscreet.  I black-listed a job-search site's missives, once, due to receiving an "advertise your business!" spam via the address I had registered to look for a (better) job!  Mis-targeting almost by a full 180 degrees, or what?!?

[4] Save for on the Friday before going on holiday.  Try to change a password on a day you'll be needing to use it a number of times (assuming you eschew "remember my password" options in your browser, of course), but certainly on a day that you expect to be using it again the day after, and a few consecutive ones after that, if at all possible.  Get your brain used to it.  Assuming you don't just write it down somewhere, if that's your bag.

[itisnotlogical]

I got about 20 similar emails from "Blizzrd" [sic] requesting that I stop selling my Diablo III account or I would face legal action. It's nothing to worry about, just block it with all the rest of the crap.

[miauw62]

I don't think it was in NK. Do people in Best Korea even HAVE computers? Or are they spying on me?

[10ebbor10]

I don't think it was in NK. Do people in Best Korea even HAVE computers? Or are they spying on me?

Yeah they do. I think the latests guesses are that there about a 1000 who have unrestricted acces to the internets.