There is another attempt going around to steal account passwords, if you see an email like this, DO NOT click on it, as it is a scam.

The ONLY place to ever type your password is Omegaforums.net and make sure you type it yourself into the address bar.

To protect your account PLEASE also turn on TFA using the option in the top right, it prevents these attacks from succeeding.

This is an example of the scam email in question:

 

This thread has details on how to enable TFA:

https://omegaforums.net/threads/adm...a-is-now-available-for-added-security.138893/

 

We had actually discussed that its a bit tricky to implement but its on our list, something like a padlock or something proving that an account has been secured, it will also be a pre-requisite before long to have TFA in able to use the sales section which will probably upset a few but it makes such a big difference in terms of protection.

 

Email based TFA is very strong but ultimately only as strong as your security on your email account (hopefully you will have TFA enabled on your email also).

Authenticator app based TFA using Authy or Google Authenticator on your phone is practically impossible to compromise, they would have to physically obtain your phone so in terms of attacks like this, it is effectively 100%.

You can check out this article here posted by @oddboy in the other TFA thread which explains how TFA via a rotating secure token or app is the absolute best method and the gold standard.

https://www.google.com/amp/s/techcrunch.com/2019/05/20/google-data-two-factor-security/amp/

 

Yea I personally don’t like Google Authenticator, Microsoft’s is better IMO but Authy by Sendgrid has a more intuitive user interface to me so I use that

 

Exactly right, the aim is just to use the most robust approach possible which is an ever moving target but for our use case and level of risk, App based MFA is about as good as you can get.

 

Another example of the phishing attacks… pretending to be a PM notification