Jump to content

Paypal..Warning

Les Brock

By Les Brock
in International Forum

 Share

Recommended Posts

Hybrid_From_Hell

Hybrid_From_Hell

Posted
Posted

Les

This is the sort of thing that bring real "Terror" to my thoughts - a real nightmare for you

Have you ANY ideas how this might of happened ?

Used a Mates PC

Logged in in an internet Cafe

Have the same Password on forums / bank ?

Left yourself logged in

Not had decent firewall etc (sure you have)

I just can't think this is a pure "Accident" so whatever did it scares the beejeeberbers out of me that I may have this "Crack" in security / do the same ?

Thoughts

Nige

PS done the SMS think too ta,

Link to comment
Share on other sites
David Sparkes

David Sparkes

Posted
Posted

I've had so many 'issues' with PayPal recently that I've had to remove it as a payment option on X-Eng!

Is it correct to infer that overall you get less hassle from people who want to pay by Paypal, but can't, than you did with the Paypal users you have detailed?

Re the comment from sean f, I don't see that it's X-Eng task to spend time and money 'trapping' suspect fraudsters. It seems reasonable to take the most commercially viable option, and if this means not using a system that is biased against the seller then I have no difficulty with that.

Dishonoured purchases create a levy on every honest purchaser, pushing the prices up.

D.

Link to comment
Share on other sites
Les Brock

Les Brock

Posted
  • Author
Posted

Les

This is the sort of thing that bring real "Terror" to my thoughts - a real nightmare for you

Have you ANY ideas how this might of happened ?

Used a Mates PC - Nope

Logged in in an internet Cafe - Nope

Have the same Password on forums / bank ? - Nope miles different

Left yourself logged in - No always log out of everything

Not had decent firewall etc (sure you have) - Firewall on Wireless modem and AVG Business edition

I just can't think this is a pure "Accident" so whatever did it scares the beejeeberbers out of me that I may have this "Crack" in security / do the same ? and me I thought I was savvy but obviously not !!

Thoughts

I Wish it hadnt happened to me :lol:

Nige

PS done the SMS think too ta,

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

A friend of mine got taken for nearly £5k on a business account, they hacked his account when he paid for something on line using paypal and then transferred his balance out of the account into into a overseas bank account. Paypal answer, nothing we can do!!! Since then I have used the Verisign login security card/keyring from eBay its safer than the text version, costs around £3.50 (one off payment) makes things easier as not left waiting for a text. It's not easy to find as Paypal push the text service but it is on there somewhere.

Jason.

Link to comment
Share on other sites
Hybrid_From_Hell

Hybrid_From_Hell

Posted
Posted

Thanks Les

If I don't sleep tonight I'll drive over and shoot you as it will be your fault :rofl:

THAT is seriously spooky, juts HOW can an account like yours be hacked ???

Last thought - clutching as you will see at straws - :P - what about network router secured or open

Knowing the answer prob ............ and worried as F***

Nige

PS would also be intewrested in hearing how easy getting all lost monies back - hopefully for you easy ?

Link to comment
Share on other sites
Retroanaconda

Retroanaconda

Posted
Posted

I would imagine a compromised 3rd-party in this case. IE. someone who you bought something from (web shop etc.). Perhaps combined with a Paypal security flaw or exploit, though that is unlikely.

It's usually through social means as FF says that the main exploits occur, but these days everything is so inter-linked and there is so much stored data in the 'chain' that if one link is compromised through poor security suddenly there's a lot of personal data floating about on the internet, be that Paypal details or credit card numbers (PSN anyone?).

Link to comment
Share on other sites
Les Brock

Les Brock

Posted
  • Author
Posted

Nope top all them.......the only games I've played is trying to stop buddy Paypal lol

Nope no hacks/trojans/virus that I have found I only use the lap top at home and the PC at work, which is locked down as tight as Nige's wallet, cant even get on to ebay with that one :(

No torrents etc...

Just go no idea at all, I've changed every pasword that I have :mellow:

Link to comment
Share on other sites
CwazyWabbit

CwazyWabbit

Posted
Posted

Nige,

Hidden wireless SID and WPA2-PSK security .....does that make you feel any better ? :ph34r:

Hidden SSID's can be seen quite easily with the right tools like kismet as the clients basically end up 'broadcasting' the network they connect to.

I assume you aren't but make sure you aren't using the default wireless key for your router as a number of routers have trivially calculated wireless keys that can be found in seconds as they are derived from algorithms taking things like SSID/serial number/mac address as the starting point, as an example one manufacturer based them on a combination of serial number and Jimi Hendrix song http://homepage.eircom.net/~seanmcintyre/broadband.html :blink:

I don't know what your tech level is so please accept my apologies if I'm teaching you to suck eggs.

Link to comment
Share on other sites
mickeyw

mickeyw

Posted
Posted

.

Just go no idea at all, I've changed every pasword that I have :mellow:

Changing passwords on a regular basis is a good precaution. I'm not saying it will save anyone being hacked, but if cached data on insecure networks is to blame it will reduce the risk.

Bluddy scary reading all this. I didn't know about the PP SMS thing so thanks for that tip. And thanks Les for alerting us, I hope you manage to get everything staightened out quickly.

Link to comment
Share on other sites
simonr

simonr

Posted
Posted

To answer a couple of the questions -

Of course, it is fraud - but I have a feeling it's so rife at the moment that the Police would be overwhelmed if they tried to investigate every case. I'm not convinced in all the cases it was the real owner of the PayPal account who was responsible - however PayPal will not give you any information about the case, quoting "Data Protection" - the universal get-out!

My feeling is that since I am giving PayPal 5% of the transaction value - they ought to give me some service! They ought to give me the tools at the very least to decide if a transaction is fraudulent rather than waiting until the goods have been shipped and finding out the hard way.

'Hacking' ( Stealing is the correct word - hacking is something different that the media have confused) peoples account details is easy!

If you are using a public, secured WiFi connection where there are other people logged in, while the gateway into the network is secured, the data you are sending once you are connected is not! On such a network, your computer is picking up everything that everybody is saying - it just chooses not to show you the stuff that is not addressed to you. Given some very simple tools, you can collect usernames & passwords for people on public networks.

The best ones are logins to mail services. Your login info is sent every time you send or receive a mail even if you have not explicitly typed it in. Most people use the same password for most things - so if you log in to their mail account, find an email from PayPal, you then have the PayPal address and a stab at the Password. If you're really lucky, there will be a password reminder - or you ask PayPal for a reminder!

The only (good) solution on a public network is to use a VPN (Virtual Private Network) which you set up between your device and your router at home (there are VPN providers on line too if you don't want to play with your router configuration). This creates a secure, encrypted pipe between the device you are using and your router / VPN provider.

The data then travels from there to the web site etc via the internet as normal. It means that the bit of the journey that is vulnerable (your device to the public WiFi access point) is now secured.

Virtually all smart phones, tablets and PC's have a VPN built in. The web will tell you how to set it up.

post-74-0-18531400-1321955237_thumb.png

These are the two VPN's I have configured. One connects to the router at home and the other to work.

Unfortunately, all the data on public networks is very easy to access. The only network I do not consider public is my own, on my own router. Even those are vulnerable to attack. Given a few hours it's possible to find the password for most wireless networks - so even on my home netwok, I use what's called MAC address filtering which means that only the devices I have registered with the router can connect to it. Even this is not absolutely secure - but good enough for me!

Before anyone says one shouldn't talk about this on a public forum - i.e. how to 'hack' WiFi networks - all the info is in the public domain and you are more secure knowing about it than not!

Si

Link to comment
Share on other sites
CwazyWabbit

CwazyWabbit

Posted
Posted

I agree with you Si making everyone aware of how easy it is helps them to stay safe and as you quite rightly say the only way to stay safe is to use a VPN.

It is even possible to intercept data comms over the mobile networks now, although this requires investment in some hardware (about £1000) where as attacking wifi is possible without spending a penny as all the tools can be freely downloaded.

Link to comment
Share on other sites
Dave W

Dave W

Posted
Posted

There are a few ways of "hacking" a paypal account and any other password "secured" login. The main ones, however, are phishing, brute force attacks and keyloggers. Packet sniffing on WiFi or other networks is certainly possible but there are far easier ways that don't require the criminal to be in the same area as the victim.

Keyloggers are the easiest for the hackers to use. Most people have anti virus installed and think they're protected from malware. Keyloggers can be installed on your machine very easily through compromised web sites (especially if you're using a dodgy browser, such as Insecure Explorer) and Anti Virus software won't pick them up, either when they are installed or when they "phone home" with your data. The best thing about keyloggers, from the criminals POV, is that the first thing most people do when they find their account has been compromised is go onto their computer and change the password, supplying the criminals with the new password at the same time.

In the past I've seen (and notified the site owners) keylogger code installed on a number of compromised web sites, including some of the major 4x4 web sites so don't think you're safe just because you don't spend all your time searching for sites which include livestock and scantily clad young ladies.

Mobile devices open up a whole new arsenal for the criminal fraternity, particularly with the "open" app stores that don't require peer review.

Link to comment
Share on other sites
simonr

simonr

Posted
Posted

Insecure Explorer

;)

I just had an enlightening conversation with one of my friends about security and my post above. He said he does not bother securing his connection because "I hardly ever use it".

I asked if he locks the back door to his house - that he hardly ever uses?

Si

Link to comment
Share on other sites
zardos

zardos

Posted
Posted

Well, I had the fraud team on today.

Someones used my card to set up a Yahoo Wallet (or something similar).

Thing is, it's a brand new card, never used on the internet, so the 3 digit security has never been disclosed!

Back to good old postal fraud then, as the new card was probably not sent in a secure tamper proof envelope and not by recorded delivery.

So somebody could have opened your post, read the numbers and sealed it back up again.

Link to comment
Share on other sites
Hybrid_From_Hell

Hybrid_From_Hell

Posted
Posted

Well, Ta to Lesmond I have SMS'd my accounts

Just to add you can only have ONE account per mobile Number, BUT

you can also (for £20 one off fee) get a SMS Data Card which I have also done

One off fee, you just use it each time for the code

Info on Paypals website, but its not obvious so I thought I would add to here about it

:) Ta Les - some good out of this is a huge amount of peeps here feel a tad safer, and hopefully will be :mellow:

Nige

Link to comment
Share on other sites
David Sparkes

David Sparkes

Posted
Posted

....

In the past I've seen (and notified the site owners) keylogger code installed on a number of compromised web sites, including some of the major 4x4 web sites ....

Dave,

Can you just clarify the bit about keyloggers on websites please?

Is the 'keylogger code' aiming to log incoming data the customer has keyed in, or is it looking to install keylogging software on the Customers PC, then pick up the data from there?

At the suggestion of one of the banks, I have Trusteer Rapport installed on my home PC, and blocking keyloggong is apparently one of its attributes. I'm just interested if someone is apparently collecting my keystrokes at the receiving end.

Cheers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We use cookies to ensure you get the best experience. By using our website you agree to our Cookie Policy

  I accept