In response to an advisory from eBay that I needed to change my password on that Website and all others on which I used it, I changed my Verizon password, and within an hour I got a phishing e-mail, my very first one ever, that purported to be from Verizon.
When you responded to that advisory, did you go to eBay by clicking on a link in the message? If so, you might have gone to a site that only pretended to be eBay, but used the opportunity to harvest both your old and new passwords.
No. The advisory was a link within eBay itself (There's apparently one on every eBay page at the moment.) that took me through what eBay considers a safe reset procedure.
Why on earth would you be using the same password on any other site? If you were using the same password on eBay and Verizon before, the bad guys can now try both the old and new eBay passwords on your Verizon account, and probably succeed.
Although, a phishing attack does not need to know your passwords. It only needs to know your name and an email address. A fraudulent eBay pretender could have harvested those too.
Or, it could just be coincidence. Post hoc ergo propter hoc is a logical fallacy so old and so pervasive, and so persuasive as well, that it even merits its own Latin name.
Call it naive, but my approach to passwords has always been that I use unique, strong p/w's at Websites at which I'm at risk for money or critical information, and repeated, weak, i.e. easy to remember, passwords at others.
Even if bad guys get hold of my eBay user ID and p/w, what's my risk? Unless I'm foolish enough to use the same p/w for both eBay and PayPal (which, I assure you, I'm not), all they can do is create an annoyance by buying stuff and not paying, which, I'm willing to bet, is not their intent.
The same goes for most of the other Websites at which I've got accounts... Bad guys can buy stuff and not pay, or they can attempt to discredit me by posting unacceptable stuff, but they can't really harm me, nor will they even bother trying, because there's nothing, i.e. no $, to be gained.
I concede that my Verizon p/w should have been stronger despite the fact that I've got absolutely no information of even the least bit of value on verizon.net (Ok, so maybe you desperately want to learn my mother's maiden name.
), and I've now changed it.
So, back to my question: After I changed my eBay p/w I logged into my main and four subsidiary Verizon e-mail accounts and changed their p/w's, and shortly thereafter I got the phishing e-mail at my main e-mail address, and how that came about is what I'm wondering. (Note that even if bad guys were involved, they couldn't have harvested the address to which the phishing [ghoti-ing?] e-mail was sent, because it's not the one I use on eBay.)
