My PayPal Account has been Hacked!

ksbman

Flashaholic*
Joined
Dec 15, 2002
Messages
624
Location
Michigander in SeaTac
Monday I received a call from my CC Company about some fraudulent activity. About $500 had been charged, and it wasn't by me. CapitalOne closed that account and is sending me another card.

Today I noticed on my bank account that $500 had been withdrawn yesterday and sent to my PayPal Personal account. I didn't authorize that. Tomorrow's payday and I didn't even have $20 in that account.

I tried to logon to my PP account but the password had been changed. I contacted PP right away.

They said that there has been about 15 transactions today to 3 different e-mail addresses, none of which are mine. He spent 20 minutes reversing those transactions. I have an 'Unauthorized Use of My PayPal Account' form to fill out and was told it would be a couple of weeks before everything would be straightened out and I could use that account again.

I also have to go to my bank today to fill out some forms to get that money back.

Very scary stuff! I do everything right about security except all my various accounts had the same password. That cherry has been popped!

Now all my accounts have passwords that are letters, numbers, characters, and caps. No more words where numbers replace letters that they look like, i.e. o = 0 or i = 1.

So, I won't have a Personal PP account for a few weeks, in case anyone is thinking of having something forwarded and wants to pay that way.
 

daloosh

Flashaholic*,
Joined
Jan 28, 2004
Messages
1,569
Location
New York
Damn, Keith, hope it straightens out OK, but it sounds like you have a good handle on it. Yeah, passwords suck. How can anyone remember a hundred different ones, but out of worry, I changed all mine to different ones some time ago.

My cousin suggests using the same one for all encrypted passwords, where the company can't see your password, and uses different ones for everything else. That cuts down on the clutter.

The thing about changing them all the time is that you need to start writing them all down or keep some other record, and update it all the time, which can compromise your security, or lead you to forget at an inopportune time.

daloosh
 

ksbman

Flashaholic*
Joined
Dec 15, 2002
Messages
624
Location
Michigander in SeaTac
I went to a secure password generator and printed out 50 10-character passwords.

I then made up my own passwords while looking at those examples. That way was a little easier for me than just banging out 10 characters on the keyboard.

What a pain it will be to log in anywhere where I have money, but I guess that's what I should have been doing in the first place. Even the PP Fraud Guy I was talking to said he uses the same password for everything.
 

Orion

Flashlight Enthusiast
Joined
Jun 27, 2002
Messages
1,613
Location
Missouri
If you have a rather obscure password, do you still need to change it every so often? How do they go about hacking your password? I am guessing it isn't anything like luck.
 

snakebite

Flashlight Enthusiast
Joined
Mar 17, 2001
Messages
2,721
Location
dayton oh
most paypal account takeovers are caused by responding to phishing emails.
too much work to dictionary attack a user pword if chosen correctly.did you get a email supposedly from paypal wanting to "update" your info?
 

ksbman

Flashaholic*
Joined
Dec 15, 2002
Messages
624
Location
Michigander in SeaTac
Nope, I never respond to those.

My PP and CC accounts had the same password (as did most everything else), and since the CC was hit first I guess they came from that direction.

My PP account name was just my regular Email address, and it was displayed in two threads here for a few weeks.
 

flashlight

Flashlight Enthusiast
Joined
Apr 25, 2004
Messages
3,554
Location
Republic of Singapore
[ QUOTE ]
Orion said:
If you have a rather obscure password, do you still need to change it every so often? How do they go about hacking your password? I am guessing it isn't anything like luck.

[/ QUOTE ]

It's usually by a stealthy program that you may unknowingly activate by opening spam, unknown .exe, etc files, which records all your keystrokes & websites that you go to, which the hacker then retrieves.
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
When I added my bank card number to my Paypal account, somehow, the 10¢ I had in my Paypal account vanished.
But it was only 10¢, so I didn't raise a stink about it.

As far as passwords, I use intentionally misspelled words and four numerals - numbers of significance that I can remember, such as my BBS software serial numbers from the 1990s and numbers off TV shows.
 

doubleganger

Enlightened
Joined
Apr 18, 2001
Messages
322
Location
northwest MS
What a pain!!

[ QUOTE ]
"It's usually by a stealthy program that you may unknowingly activate by opening spam, unknown .exe, etc files, which records all your keystrokes & websites that you go to, which the hacker then retrieves."

[/ QUOTE ]

Get ZoneAlarm. It's free and won't let anything talk to the internet without your permission.

[ QUOTE ]
"I make my passwords fairly complex. So complex that I can't remember them and have to keep them on a Rolodex."

[/ QUOTE ]

RoboForm keeps all your usernames and passwords encrypted on your own pc and you just have to remember a master password that unlocks all your passwords for your IE session. Free for up to 30 passwords and as far as I can tell has no ad-ware or spy-ware. I really like it. Two clicks takes you to a site and logs you in. Norton has a similar product.
 

brightnorm

Flashaholic
Joined
Oct 13, 2001
Messages
7,160
Never link your PP account to a primary checking account. I set up a separate checking account exclusively for PayPal in which I never maintain a balance of more than a few hundred dollars. I don't worry too much about cc vulnerability because maximum liability is only $50.00. I never transact major $ affairs online and I never keystroke any critical financial data.

OTOH, since we have to give social security numbers to get a cell phone we're potentially screwed anyway.

That's one reason I'm starting to favor a national ID card secured by multiple biometrics, or maybe we should go back to using wampum.

Brightnorm
 

Frenchyled

Flashaholic*
Joined
May 21, 2002
Messages
2,300
Location
Land of Cheese, Frogs and wine
Very sorry to hear that, Keith. /ubbthreads/images/graemlins/frown.gif I hope that you will not lose money /ubbthreads/images/graemlins/smile.gif

Personaly, I use securlock product with a rainbow ikey to store all my internet passwords.
All information on this product are here
One very nice advantage is that you never enter your password with your keyboard /ubbthreads/images/graemlins/thumbsup.gif
 

tiktok 22

Flashlight Enthusiast
Joined
Sep 8, 2002
Messages
1,273
Location
Illinois
For what it's worth, you might want to get ahold of equifax or trans union for a credit report. Also have them put a fraud alert on your account.
 

Avix

Newly Enlightened
Joined
Oct 9, 2003
Messages
199
you don't have to give SSN to get anything, nor can they require it to get a service, thats a federal No No.
 

BF Hammer

Enlightened
Joined
Feb 15, 2003
Messages
481
Location
Wisconsin, USA
The SSN that cellphone companies request is for credit checks, which does pass federal regs. Of course you never will get service without a credit check first, so the SSN is a requirement by secondary means.
 

BC0311

Flashlight Enthusiast
Joined
May 31, 2003
Messages
2,488
ksbman, I am very sorry to hear this. You're handling it alot better than I would.

Britt
 

GoLightly

Newly Enlightened
Joined
May 14, 2004
Messages
19
Rocial security numbers, I visited a phone store. Mentioned a phone number (not mine) and the lady had the name, address, social all on her terminal for me to see.

My purpose was legit but I felt uncomfortable knowing that company has such lax procedures for protecting customer information. Just one bad seed in that company could be selling you out.

Telephones and that company starts with a "T".
 

Sinjz

Flashlight Enthusiast
Joined
Oct 4, 2003
Messages
1,120
Location
six blocks from ground zero - WTC/NYC
Hey ksbman, very sorry to hear about all the crap you now have to deal with. Makes all this online transaction stuff a lot scarier. I'm curious, since you never go to any website via an email link (which is scam #1) do you know how your password was compromised? You sort of hinted that your password already included #'s. Even if they replace similar looking letters, that should make it 100x harder for those dictionary programs to guess. I assume you don't tell anyone your password. Assuming you use a firewall at home and haven't downloaded some trojan I'm guessing maybe you logged into some of these accounts from public terminals? Or worse maybe someone at work has a keylogger on your work computer.... Do you login to these accounts via wi-fi? Let us know, so we can ALL learn from this. Thanks.
 
Top