Dear Community,
I'm sure you've all heard about the so-called phishing. But let's first clarify in general...
Often you will be sent a fake email from a major provider (e.g. Instagram, Facebook, but also banks and credit institutions [e.g. PayPal], shipping companies [e.g. FedEx, UPS], online retailers [e.g. Amazon], but also police services [e.g. Interpol] etc.) with a link in it. The whole email is usually garbage (i.e. spam), because no matter where you click, everything points to the same link, including the "Subscribe" button to unsubscribe.
If you take a look at the sender of the mail, you will see that the sender is not the provider, but another "hacked" sender address (from private individuals to companies, everything is there; just everything that has already been "phished" by third parties).
Partly you are not even in the recipient, but you have only received a copy (CC) or blind copy (BCC), what a big provider would never do!
Unfortunately, this is exactly what very few people look at, although it is your own responsibility to ensure your own account security and check this before you fall for a fake (scam).
After clicking on the link, you will usually land on a homepage that does not correspond to the Internet address of the original provider, but is usually a subdomain with gibberish of numbers and letters. However, this homepage often looks deceptively genuine, and the only indication that it is a fake is just the Internet address in the browser. This is one of many forms of cybercrime.
On this fake website, you will be asked to enter your data: Sometimes login data is requested, other times credit card data, often both.
Once you have entered your data, that's it, because you won't get more than an error message at this point. But the "hacker" has already received your data ... and he can start now.
How does the fraud work?
Once the fake provider (a.k.a. "hacker") has your credentials, he contacts you. His intention is to sell something (e.g. followers on Instagram), to make some other unserious-dubious offer (e.g. "You'll get 1.000 Euro via PayPal if you make videos for us to promote XYZ." - just to get your paypal address) or he comes up with something similar. The fact is that there are no limits to your imagination!
You've probably heard of the "grandson scam" or the currently popular WhatsApp scam; ultimately, all scam in their own way ... and it starts via telemedia.
If the "hacker" is unsuccessful in making contact, he continues with the "exploitation" of the access data. First, he logs into the account and rummages through it for private information. Thus, he looks for clues where you are registered and also tries out your known access data on other websites (including ours). With a little luck, he will also hit the jackpot: Your email address, which will provide him with a lot of additional information and potential websites, possibly including your PayPal address and and and ... with which he can harm you more and more.
Moreover, he often contacts any friends, followers and other contacts. He also tries to spy on their data somehow by spreading his phishing links (often shortened via bit.ly or other short link providers) under false pretenses, where the third parties - out of false trust towards you - also fall into the trap of blind links. And so the domino effect takes its course: one after the other falls for it...
Expropriation of the account & activation of two-factor authentication
When the "thief" has collected all the significant information about you, he goes to the next step: he changes
- your password,
- your e-mail address,
- possibly your cell phone number
- and, if none has been set up, he also activates 2-factor authentication for the account.
He does everything he can to get hold of the account (identity theft).
With the 2FA set up, he now has absolute control over the account, because deactivating the 2FA without accessing the associated end device (e.g. the cell phone with "Google Authenticator" installed) or, alternatively, using backup codes, is only possible via the support of the respective provider. But they refuse to help, even though it is obvious that the two-factor authentication was set up at the time of a remote account access. This is called "professional help" ... Don't! 
However, many providers also send out emails when the password, email address or even mobile number in the account has been changed. This change can often be undone, if you are fast enough. However, you will not get beyond entering the code for the 2-factor authentication (set up by a stranger)!
So what now?
Example: Is there any help from Instagram?
Instagram requires photos from you, which they match with the pictures on your Instagram account. Only if the people in the pictures (you) match, they will help you disable 2FA, but not otherwise!
If you have only ever posted pictures from your games on your Instagram account, or if the account is only based on a virtual character (e.g. from a role-playing game, a control center/spedition, player community, etc.), then you have nothing to match it with.
And it is at this point that you come to the realization that you can say goodbye to the account. The 2-factor authentication set up by the "hacker" prevents you from using your own account. And even though it's your account, you can't prove it the way Instagram wants you to.
And finally ...
When all the information has been extracted from the account and as many third parties as possible have been harmed, the "hacker" often ends up advertising for himself or his partners. As a rule, this involves cryptocurrency (i.e. Bitcoin & Co.), either generating or trading with it ... and not infrequently this is also in connection with online gambling.
In the end, the platform usually completely bans the account (account permanently blocked) due to violation of its own netiquette.
And what does this have to do with the OMSI WebDisk?
Thanks to the good work of our admins, we have also noticed accounts where someone with an IP address from Moldova (where the provider is offshore in nature, i.e. a letterbox company with anonymous crypto-based payment methods) has logged into several user accounts at once.
The admins have blocked all affected users as a precautionary measure, citing "suspicious activity". Some of these users have already been ticketed for unblocking, had to set a new password and - hopefully - learned from it. 
At the same time, the complete IP address block of the provider (called IP range) was blocked in our server, so that in the future no connection to the WebDisk at all, not even to the server, can be established. However, this does not prevent the "hacker" from switching to another offshore provider (they are a dime a dozen) to continue his unscrupulous-illegal activities.
We don't even need to worry about a police report for prosecution, because since anonymity is paramount with offshore providers, it is hardly possible to identify the "hacker" and bring him to justice. Such people operate from anywhere in the world and anonymize themselves by using VPN service providers, with which they connect to their servers and carry out their criminal activities.
However, we will do our best to protect you and help you with your own account and data security.
How do I protect my account?
Even though these tips can be found everywhere on the Internet, we emphasize again:
- It is best to use a separate password for all your website accesses. Yes, it is hardly possible to remember countless passwords, but this is the safest way to ensure that no one can log into umpteen other websites after successfully phishing a password. Especially for the e-mail box and possible banking institutions (incl. PayPal) an alternative password should be used, everything else is simply stupid!
- Don't use such nonsense as a mix of your first name with your date of birth (e.g. Vorname6799 - your own first name with date of birth 06.07.1999) or simply the name of your pet, which you already show and name a million times (e.g. on Instagram)! Better use unpronounceable words, where you still play something with the letters in upper and lower case, a few numbers still on it, best still 1-2 special characters in addition (comma, exclamation mark, percent sign, etc.) and the whole thing in a total length of at least 8 letters / characters / numbers. Thus one would come e.g. on 0msI-wEbdIsk%2015: The first "O" (in Omsi) has been replaced by a zero, all umlauts are capitalized and the rest of the letters are lowercase, between "Omsi-Webdisk" (which itself contains a hyphen as a special character) and the year 2015 (start of the webdisk for the public) there is still a percent sign. Of course, you should not use this password; it is just an example of your own creativity in choosing a password ... and it is also easy to remember.
- So that no third party can activate a 2-factor-authentication in your account, you should activate it YOURSELF! If someone could get your access data, he would still not get beyond the input page of the 2FA code, because he can read and enter this code only with your own terminal (so usually the own cell phone).
- NEVER give out your generated code from the 2-factor authentication to third parties! And not to give out your own access data to third parties probably does not need to be mentioned separately.
