U.S. CitiesCity-Data Forum Index
Go Back   City-Data Forum > General Forums > Science and Technology > Computers
 [Register]
Please register to participate in our discussions with 1.5 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Jump to a detailed profile or search
site with Google Custom Search

Search Forums  (Advanced)
Business Search - 14 Million verified businesses
Search for:  near: 
 
 
Unread 11-29-2010, 11:56 PM
 
Location: Hawaii
1,525 posts, read 1,740,363 times
Reputation: 2592
Default Paypal compromised!

I have a Vista system and have never had any concerns with anyone ripping me off. Well I came home today and when I checked my online banking account there were over 70 paypal transactions on there almost wiping my checking account out.

I called and stopped my account and will do all the reporting ect... What I want to know is how did they infiltrate computer? My firewalls are active, I never give out any info to emails etc...

They started taking the money out of my account via paypal on Friday and Monday morning is when my bank posted all the transactions. They did small amounts but it hit me hard. What happened?
Quick reply to this message

 
Unread 11-30-2010, 12:02 AM
 
11,730 posts, read 21,824,793 times
Reputation: 7030
It likely has nothing to do with your computer. Your PayPal account was hacked, most likely due to a weak password. This is why I have PP linked to a checking account that can't automatically pull money from any of my other accounts.
Quick reply to this message
 
Unread 11-30-2010, 09:44 AM
 
Location: 10110001010110100
5,130 posts, read 5,172,520 times
Reputation: 4031
Pretty much what Escape stated and your thread title hinted on; your PayPal account was hijacked as it seems. Weak password might have been the cause, another possibility is someone -that you might also know- heinous toward you, using educated guesses. cracked your credentials.
More likely case is, you used your PayPal account online and either the site you used it on took advantage of you or that site was hacked and your PP account along with others were compromised.

If you already haven't, contact PP and have them investigate, when, how and by whom these transactions done. If I were you, I would also close the checking account and open another.
Quick reply to this message
 
Unread 11-30-2010, 12:51 PM
 
2,528 posts, read 1,774,917 times
Reputation: 1221
Paypal has password security standards. It's possible your password was "guessed" or cracked, but not the most likely culprit as to how your password got compromised.

The most likely culprit is you were phished. You probably got an email from "Paypal" (note the quotations), clicked on a link in it, were taken to a splash screen that LOOKED like the Paypal site, and inputted your data. In reality, you were at a completely different website and basically just handed your login information over to the phishers.

The good news for you is you aren't liable for the money that's being stolen. The bad news is you might be eating ramen for a few weeks.
Quick reply to this message
 
Unread 11-30-2010, 11:26 PM
 
Location: Hawaii
1,525 posts, read 1,740,363 times
Reputation: 2592
Nope not phished. Anyway I woke up this morning and about 50 of the charges had disappeared (the 27th and 28th). I went to the bank and filled out a dispute on the other 30 or so and will see what happens.

The banker told me that it's more then likely a gang of people not just one person is doing this as she has seen this before. I am somewhat relieved to get some monies back but I hope we catch them. I did contact Paypal the night I discovered it and they emailed me a fax number to send the disputed charges to. I'll let my bank and the police figure the rest of it out.

I took the advice of EC and opened a sole account for online transactions. The banker also advised me to do this. After 4 hours of signing disputes forms and closing my account and opening new ones I am done.

The banker also said that this phenomena with Paypal was common (who'd thunk!). That's why they (we think it was Paypal that rescinded all those payments) took all those charges away. They didn't take all of them away so I will pursue until I get the rest of my money back. I believe Paypal doesn't want people knowing that this type of thing occurs as often as it does.

I am just beat; I have been cybersized or what ever they call getting ripped off online. My password was not common but it also wasn't 23 characters long with bells and whistles either; but you better bet it all it will from now on (and be changed on a regular basis as well).

Thanks for all the responses; I have been robbed at computer point...........and all I wanted for Christmas was peace, happiness, and goodwill.
Quick reply to this message
 
Unread 11-30-2010, 11:33 PM
 
2,528 posts, read 1,774,917 times
Reputation: 1221
It's only common with Paypal insofar as people aren't careful with Paypal.

What you're theorizing happened is someone guessing your password. That's what's called a brute force attack, and they are very rare with web sites like Paypal, because Paypal has intrusion detection systems that notice this sort of thing. When people gain access to a Paypal account, it's because the victim has either inadvertantly supplied the password to a crook, or else has downloaded some form of keylogger which transmitted it to them.

If there's one thing I've learned in the 15 years or so I've been in IT security, it's that, miraculously, never in the history of time has something been compromised as a result of user error. Which I always found kind of funny, because everybody has a lapse in judgment from time to time. Even I've been guilty of it, though thankfully it didn't result in damages.
Quick reply to this message
 
Unread 12-01-2010, 02:23 AM
 
Location: Hawaii
1,525 posts, read 1,740,363 times
Reputation: 2592
Just got off YouTube and there are multiple sellers advertising PayPal hacks and how to make an undetectable keylogger all in the spirit of making free money. Very interesting stuff and very disconcerting.

How is this legal?

Oh nice to meet you 15 years of experience. I'm sorry to disappoint you but I didn't give anybody or any email my password. As technology advances so does the hackware.
Quick reply to this message
 
Unread 12-01-2010, 03:23 AM
 
2,528 posts, read 1,774,917 times
Reputation: 1221
Quote:
Originally Posted by tyvin View Post
Just got off YouTube and there are multiple sellers advertising PayPal hacks and how to make an undetectable keylogger all in the spirit of making free money. Very interesting stuff and very disconcerting.

How is this legal?

Oh nice to meet you 15 years of experience. I'm sorry to disappoint you but I didn't give anybody or any email my password. As technology advances so does the hackware.
And those sellers on Youtube will be glad to take your money...and then not give you anything in return, much like those apps that try to extort a user into paying X dollars to remove a virus that the owner of the virus removal tool injected in the first place. Those Youtube videos are just as much of a scam as the non-antivirus antivirus.

You can believe what you want, but there is absolutely no way somebody cracked your password or magically guessed it. You did something, whether it was download a keylogger or fall for a phishing scam or didn't secure your WAP and fell prey to a man in the middle attack, to provide this information to whomever got into your account. I'll leave that to you to figure out where you failed (I'd recommend starting with a scan of your computer to see what malware you downloaded), but your account being compromised is not Paypal's fault or due to a hole in their security policies. They've got layers of security you've never even heard of. Nor is it the result of some magical piece of "hackware" as you call it, that can mysteriously bypass Paypal's security perimeter to which they went after your 2 or 3 hundred dollars. If there was such an advanced tool at their disposal, they would be hacking Citi or something and taking millions, not your little account. You did something to provide them with low hanging fruit.

Feel free to be in denial in this for as long as you want or try to convince yourself that it was Paypal that fell short and not you, but I'd highly recommend manning up and admitting you screwed up somewhere along the way. The sooner you do, the sooner you can evaluate where you failed and alter your behavior accordingly. The weakest part of any security policy is the end user, and a security policy is only as strong as its weakest link. Since you naively believe what you saw as a result of a 2 second Google search which led you to Youtube, or actually think that Paypal doesn't have IPS systems, ISA's and firewalls to prevent attackers from 'guessing' your password, you're obviously not savvy, and as such have extra work to do in order to protect yourself.

Like I said, don't take it personally. Happens to the best of em. You may think I'm attacking you or belittling you by stating this, but in reality I am trying to help you. If you want to be stubborn and refuse to acknowledge you failed, then that's something for you to deal with. I'm not the one who just spent the better part of a day filling out paperwork and sitting on hold, nor the one who's spending the next few weeks waiting on my money to be returned to me.
Quick reply to this message
 
Unread 12-01-2010, 04:06 AM
 
Location: Hawaii
1,525 posts, read 1,740,363 times
Reputation: 2592
Sorry to keep stepping on that nerve and FYI it was > $4 grand before I put my account on hold. Do you really think I would crumble over a couple hundred (the answer is no).

Thanks X; I really do appreciate everything you have provided. For some reason I believe that you don't believe that; something about your post and the almost cynical way you answer or perhaps it's defensive or maybe I'm reading too much into it; this experience has left me forlorn............anyway please know I do appreciate your responses.

Thanks everyone; looks like I'm not going to get those earrings I've been eyeing for my Christmas gift but hey; all things work out in the end.

Last edited by tyvin; 12-01-2010 at 04:44 AM.. Reason: syntax
Quick reply to this message
 
Unread 12-02-2010, 12:18 PM
 
14,710 posts, read 7,407,744 times
Reputation: 6410
Quote:
Originally Posted by Xanathos View Post
What you're theorizing happened is someone guessing your password. That's what's called a brute force attack.
Just to set the record straight guessing a persons password is NOT considered to be a brute force attack...

In cryptography, a brute force attack or exhaustive key search is a strategy that can in theory be used against any encrypted data[1] by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier. It involves systematically checking all possible keys until the correct key is found. In the worst case, this would involve traversing the entire search space.

An underlying assumption of a brute force attack is that the complete keyspace was used to generate keys, something that relies on an effective random number generator, and that there are no defects in the algorithm or its implementation.

Brute force attack - Wikipedia, the free encyclopedia
Quick reply to this message
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.

Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.


 
Please update this thread with any new information or opinions. This open thread is still read by thousands of people, so we encourage all additional points of view.

Quick Reply
Message:
Over $74,000 in prizes was already given out to active posters on our forum and additional giveaways are planned!

Go Back   City-Data Forum > General Forums > Science and Technology > Computers
Similar Threads

All times are GMT -6.

2005-2014, Advameg, Inc.

City-Data.com - Archive 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25 - Top