Reply
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply

Re: Protecting against malware

elastella
Community Guru
Ela K Member Since: Feb 9, 2015
21 of 30

@Preston H wrote:

Rene: There are many people who don't have cell phones.

It's not that complicated. And it's not something I evangelize.

 

When I'm away from my desk, whether it's because I'm at the gym or riding my bike or at a theater or just out running errands, I can't be reached. And I can't go online. It's really a great thing.

 

I just feel like I'm online and "connected" enough as it is.


And I am sure you are. 

 

Don't change that approach. I am trying to get there.

I am already pretty good at ignoring my smartphone Smiley Wink

i_titarenko
Active Member
Igor T Member Since: Feb 2, 2016
22 of 30

Please, keep in mind, that using cell phone for authentication is not always safe for some people and in some countries.

https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/

versailles
Community Guru
Rene K Member Since: Jul 10, 2014
23 of 30

@Igor T wrote:

Please, keep in mind, that using cell phone for authentication is not always safe for some people and in some countries.

https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/


 Right. However, with tools such Google Authenticator, the SMS vulnerability goes away. But then, one needs not only a cell phone but a smartphone.

-----------
"Where darkness shines like dazzling light"   —William Ashbless
afifield
Community Guru
Amanda F Member Since: Aug 8, 2015
24 of 30

This was a suggestion I made the other day as someone tried to invite me and had a file attachment that had a virus. So I started thinking about those who have had their accounts hacked into, had payment method changed, and then money stolen.

 

Why not have a video verification when a payment method is added? Not many people often change their payment method, so you could detect when someone tries to change it, and have a message pop up on the website like it did for profile verification that leads you to have a skype chat to see its really the account holder and have it so that account holder must acknowledge that they want the payment method changed as requested. If the account holder doesn't respond, but the account on a tempory hold and don't allow the payment method to be added. That way, the hacker can't change the payment method at all therefore making the accounts safer. I know most freelancers hate the video verification, but I personally would like the option at the very least to do this so I know my account payments are secure. 

petra_r
Community Guru
Petra R Member Since: Aug 3, 2011
25 of 30

@Amanda F wrote:

Why not have a video verification when a payment method is added?


 Why not have a video verification when a payment method is added AND when the request to add payment method is executed from a "different to usual" IP address?"

 

That would avoid the majority of false positives

afifield
Community Guru
Amanda F Member Since: Aug 8, 2015
26 of 30

Yeah that's a great idea and it would prevent the hacking of payment accounts. I personally liked the video verifications because I really felt that upworks were truely trying to make sure I am the true account holder and I am not faking anything. This would do the same for the protection of payment methods. 

researchediting
Community Guru
Douglas Michael M Member Since: May 22, 2015
27 of 30

As a practical matter, my iPad with Google Hangouts/Voice handles most 2FA requests; most of "my" sites also offer an email option for receiving the code. It's also my home phone, and my preferred outside phone where there's WiFi.

My dumb phone gets used for logistics when I'm out of range of WiFi. Because of some family responsibilities I've taken on, I may have to upgrade. Google Fi?  Hmmm.

djnygaard
Active Member
Debbie N Member Since: Apr 26, 2017
28 of 30

Hello Garnor,

I realize this posting is old now, but I wanted to share information regarding a file I downloaded yesterday that ended being malware. . . and put a phishing trojan virus on my system.

 

I received a message regarding an invitation for a job titled: "need technical writing for estore". There was a file attached that the post mentioned had information about the company and more details about the job.

 

The file was a zip file (factory.zip), and as is my habit I scanned the file before I opened it. Windows Defender and Malware did not find a problem with the zip file. When I opened the Word file to check it out it created a bad trojan virus on my computer. It took me the rest of yesterday and part of this morning to eliminate the virus.

 

Not sure how you can check for these things, but I would say a little more checking would be appreciated by the Upwork community.

 

~~ Debbie

kochubei_valeria
Community Manager
Valeria K Community Manager Member Since: Mar 6, 2014
29 of 30

Thank you for letting us know, Debbie. We'll have the job you are referring to reviewed and proper actions taken.

~ Valeria
Upwork
ifegwu-okenwa
Active Member
Ifegwu O Member Since: Feb 23, 2021
30 of 30
Thanks for the information and the guide provided. - Ifegwu Okenwa.