downloading emails on phone on public wifi. Safe?

silvercar
silvercar Posts: 46,946 Ambassador
Academoney Grad Name Dropper Photogenic First Anniversary
in Techie Stuff
If I'm abroad and in a hotel/ cafe with passworded wifi and access the wifi on my iPhone, my email accounts update automatically and new emails download from the passwords already saved on the phone.

How easy is it for a fraudster to access the email passwords?

Part 2 is that there is an email from the credit card company whose CC I then use to pay the bill in the hotel/ cafe. Enabling a fraudster to link credit card name and number with email address.
I'm a Forum Ambassador on The Coronavirus Boards as well as the housing, mortgages and student money saving boards. I volunteer to help get your forum questions answered and keep the forum running smoothly. Forum Ambassadors are not moderators and don't read every post. If you spot an illegal or inappropriate post then please report it to forumteam@moneysavingexpert.com (it's not part of my role to deal with this). Any views are mine and not the official line of MoneySavingExpert.com.
«1

Comments

  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Name Dropper First Anniversary First Post Photogenic
    silvercar wrote: »
    How easy is it for a fraudster to access the email passwords?.


    Almost impossible - certainly not something you need to worry about

    silvercar wrote: »
    Part 2 is that there is an email from the credit card company whose CC I then use to pay the bill in the hotel/ cafe. Enabling a fraudster to link credit card name and number with email address.


    Dont worry
  • silvercar
    silvercar Posts: 46,946 Ambassador
    Academoney Grad Name Dropper Photogenic First Anniversary
    I should say that this is what actually happened. Someone gained access somehow to my email account and then somehow managed to get access to a credit card that is linked to that email address! I’m just trying to work out how that happened and the email over WiFi seemed the most likely given that I had been abroad and used hotel WiFi extensively. The card was then used as some sort of verification to open an online store card (UK) and order goods. I’m just trying to work out how it happened.
    I'm a Forum Ambassador on The Coronavirus Boards as well as the housing, mortgages and student money saving boards. I volunteer to help get your forum questions answered and keep the forum running smoothly. Forum Ambassadors are not moderators and don't read every post. If you spot an illegal or inappropriate post then please report it to forumteam@moneysavingexpert.com (it's not part of my role to deal with this). Any views are mine and not the official line of MoneySavingExpert.com.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Name Dropper First Anniversary First Post Photogenic
    How do you know someone got access to your email account ?


    Unless you actually typed in your password (or your phone autofilled in a logon form) for your email account and sent it over the unencrypted wifi then there is no mechanism for it to have happened in this way.


    If the phone is linked to the email account (ie always logged in) then you didnt lose your password via this route.


    The most common way BY FAR for this kind of thing to have happened is that these details got tricked/ socially engineered out of you either by a convincing caller, or much more commonly, a cloned website.


    The rougue wifi could have been set to redirect say the gmail logon page to a copy and then could have hoovered your details. But as you say you didnt type them then this isnt the case here.


    Just to be clear, when you say your phone stays logged into your email account, do you mean that, or do you mean that is saves and sends the password each time you log in ?
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Name Dropper First Anniversary First Post Photogenic
    The hotel will have access to your card details, the hotel will have your email address.


    Do you use the same password for your email that you use for anything else ?
    Because if i were going to try to attack you in this way then that is the first thing i would try


    ie i would try to log into your email account using the password you set up for the "free" wifi (which i would be able to see) etc etc
  • spadoosh
    spadoosh Posts: 8,732 Forumite
    Name Dropper Photogenic First Anniversary First Post
    silvercar wrote: »
    I should say that this is what actually happened. Someone gained access somehow to my email account and then somehow managed to get access to a credit card that is linked to that email address! I’m just trying to work out how that happened and the email over WiFi seemed the most likely given that I had been abroad and used hotel WiFi extensively. The card was then used as some sort of verification to open an online store card (UK) and order goods. I’m just trying to work out how it happened.

    How do you know the email is involved at all?

    It seems a long winded way of going about it. I doubt your emails display the full card number so what could they have ascertained from your emails?

    Itd be much easier for someone comitting fraud to just clone your card whilst it was being used for a transaction or to simply just copy the card details that are printed on it.

    To access your emails to get your details (which probably wouldnt have enough on their anyway ) through wifi in a hotel in a foreign country to then set up an account based in the UK just doesnt seem like the most plausible explanation.
  • silvercar
    silvercar Posts: 46,946 Ambassador
    Academoney Grad Name Dropper Photogenic First Anniversary
    My phone downloads my emails automatically ie the password is stored on the phone, I didn’t type it in.

    Email password is totally different to credit card account passwords.

    I know that the email was accessed from a new device and hacked because there was an email to the account sayinga different device had been used to access and the password was changed. Hassle to get back in and change it again.

    I know the credit card online account was hacked because the credit company could see that. They could also see that someone had succeeded in opening a store account and paying with the credit card. Unbelievably once the card was stopped they had tried to gain access again - further emails sent asking for verification codes etc before I spotted that the email account had been compromised.

    All virus checked laptops etc are fine and other email accounts on the same computers are fine.

    Just want to work out how they managed to gain access.
    I'm a Forum Ambassador on The Coronavirus Boards as well as the housing, mortgages and student money saving boards. I volunteer to help get your forum questions answered and keep the forum running smoothly. Forum Ambassadors are not moderators and don't read every post. If you spot an illegal or inappropriate post then please report it to forumteam@moneysavingexpert.com (it's not part of my role to deal with this). Any views are mine and not the official line of MoneySavingExpert.com.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Name Dropper First Anniversary First Post Photogenic
    silvercar wrote: »
    My phone downloads my emails automatically ie the password is stored on the phone, I didn’t type it in..
    Ok good - then we know your email account was not compromised in this way
    silvercar wrote: »
    Email password is totally different to credit card account passwords.
    ..
    You misunderstand me


    What i am asking is if your email password is the same as other passwords you use regularly.
    What i am trying to get at, is if you used the same password that you use for your email account anywhere else ?


    For instance, if you were asked to create an account to use the hotel wifi, would you have used the same password that you use for your email account ?


    Or , for example, if you were asked to review the hotel on a website, but first asked to create an account, would you have used the same password that you use for your email ?

    silvercar wrote: »
    I know that the email was accessed from a new device and hacked because there was an email to the account sayinga different device had been used to access and the password was changed. Hassle to get back in and change it again.

    I know the credit card online account was hacked because the credit company could see that. They could also see that someone had succeeded in opening a store account and paying with the credit card. Unbelievably once the card was stopped they had tried to gain access again - further emails sent asking for verification codes etc before I spotted that the email account had been compromised.

    All virus checked laptops etc are fine and other email accounts on the same computers are fine.

    Just want to work out how they managed to gain access.


    This has probly been brewing for some time and is unlikely to be related to use of unsecured wifi (apart from what i have typed above).
    These things take time to set up and execute and dont happen in one swift move like the news and movies would have you believe.


    They probly had your email address and password for a long time while collecting other information.
    Like i said, this almost always begins with you entering your credentials into a rogue/copy site.


    You wont have even noticed because all it will do when it has pinched your credentials, is display a "wrong password" message, and then forward you to the genuine site, where you proceed to log in correctly and never realise anything dodgy has happened.


    To keep safe in future
    1. dont re-use password for different stuff
    2. Make sure any site where you are typing credentials is genuine (check the address bar)
    3. Dont follow links in emails / dont trust company phone numbers in emails
    4. Dont plug in any USB sticks that you are unsure of the source of
    5. If using public wifi, if you must physically type a password, make sure the prefix of the site is HTTPS
    6. Do regular virus and malware scans


    Moving on, change your passwords using a trusted computer, chalk this up to experience and ensure to follow the points above in future and you will be fine
  • silvercar
    silvercar Posts: 46,946 Ambassador
    Academoney Grad Name Dropper Photogenic First Anniversary
    What i am asking is if your email password is the same as other passwords you use regularly.
    What i am trying to get at, is if you used the same password that you use for your email account anywhere else ?

    yes. loads of places, but not for the credit card website which has and had a fairly unique password.
    For instance, if you were asked to create an account to use the hotel wifi, would you have used the same password that you use for your email account ?

    That didn't happen, was just given the wifi password or it was my hotel room number and surname.
    You wont have even noticed because all it will do when it has pinched your credentials, is display a "wrong password" message, and then forward you to the genuine site, where you proceed to log in correctly and never realise anything dodgy has happened.

    I see what you mean, though I generally avoid clicking on links, but possible.
    Moving on, change your passwords using a trusted computer, chalk this up to experience and ensure to follow the points above in future and you will be fine

    Thanks.
    I'm a Forum Ambassador on The Coronavirus Boards as well as the housing, mortgages and student money saving boards. I volunteer to help get your forum questions answered and keep the forum running smoothly. Forum Ambassadors are not moderators and don't read every post. If you spot an illegal or inappropriate post then please report it to forumteam@moneysavingexpert.com (it's not part of my role to deal with this). Any views are mine and not the official line of MoneySavingExpert.com.
  • AndyPix
    AndyPix Posts: 4,847 Forumite
    Name Dropper First Anniversary First Post Photogenic
    silvercar wrote: »
    yes. loads of places, but not for the credit card website which has and had a fairly unique password. .


    Then this is how it started.


    Treat your email password a ssecurely as your bank password
    As you have learned the hard way, a hacker having access to your email account can lead to financial loss.
    Because they can then "pretend to be you" for all intents and purposes, which is how they have performed this attack.


    Change your email password to one that you do not use anywhere else.
    Remember, you often sign up to stuff using your email address (news websites, coupon sites etc etc etc)
    Now if you use the same password that you use for your email account for this, then you can see that a 3rd party can easily access your email account.


    Although email accounts are generally secure, the same cant be said for all these other sites and their employees.


    Hope all that helps
    Andy
  • were
    were Posts: 632 Forumite
    I mentioned in another post that I repaid someone's PC. think the disk had crashed due to mistreatment.

    In recovering the data found the guys have an app that phoned home via email. The text messages were credit cards numbers with all the details and email addresses and captured his keystokes.

    Knowing the owner on a personal level I asked him about them and eventually the grey cells started to work, and by now these were old cards.

    He actually pinned the event to staying at the Heathrow Hilton on one night as that is when the txt file were dated and he remember having internet trouble too.

    Think it was a man in the middle? Also I have to say this was about 10 years ago.

    A vpn would have stopped the software being installed.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.1K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.7K Spending & Discounts
  • 235.2K Work, Benefits & Business
  • 607.9K Mortgages, Homes & Bills
  • 173K Life & Family
  • 247.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards