Theo wrote:
Chris Green wrote:
But what does "control of your email" mean? Any fool can send an
E-Mail that, unless analysed in considerable depth by someone with a
lot of network/mail expertise, will look as if it comes from 'you'.

Somebody finds out your email password or other login credentials, perhaps
by phishing or hacking an app on your phone. They use this to login to
Gmail / Outlook / whatever mailbox as you (even the webmail on your own
server). Then they go to your online shopping/etc accounts and go 'I forgot
my password' and the password reset message gets sent to the mailbox they
now control. Now they can reset the password to something they chose, and
have a login on your account. For bonus effect, you now can't login to the
account with the old password. As a second defence, they now change the
email address on the account to one they control.

But what do they do once they have access to a shopping account? I
*never* save credit card details there so they won't be able to buy
anything without paying for it themselves. They could see what I've
bought in the past, how exciting!

If they change the email address on the account then it's no longer my
account at all and I care even less what they do with it! :-)

--
Chris Green
·