The Planted Tank Forum banner
1 - 20 of 38 Posts

·
Registered
Joined
·
3,378 Posts
Discussion Starter · #1 ·
I found out today that someone hacked into my Paypal account and made a $650 purchase. It only came to my attention because I just happened to check my bank website for my balance, and when I saw how much was missing I checked my recent transactions and there it was. I then logged into my paypal account and it started prompting me to change my password and how my account had been compromised by a 3rd party.

Sigh.

To Paypal's credit, I admit that they caught the fraud moments after the transaction and reversed it... but what ticks me off is that the transaction was allowed to take place at ALL since the criminal who broke-in added a new shipping address to Indonesia!! How did that not raise a flag? Then on top of that, wtf was this new address doing showing up as a confirmed address? How the hell exactly does Paypal confirm these things?

And now, I had to cancel my credit card, I had to file a fraud claim with my credit union in order to avoid NSF fees for checks I've already written that haven't cleared yet, I have to change all my passwords EVERYWHERE across the internet, the list goes on and on. This sucks.

I have no clue what happened either. My password was FAR from easily guessable. That means that someone had to know it to log in. So how did someone get my password? I've been running virus scans, malware scans, rootkit scans and phishing scans all day long since I found out, and so far my PC has come up clean. Does that mean that Paypal's database got phished? I don't know. All I know is someone TRIED to steal money from me. To buy a f%#*&ng iphone. What a chump.

I wish I had the ability to see paypal's IP logs. So I could track the jerk down. I almost don't believe that there really was an iphone. I almost think that the "seller" was the one who actually broke into my account, and then added an Indonesia address and fake name, just to throw people off the scent.

Anyway, the point of this email is, since I haven't found any evidence of a way that someone phished my password, I'm starting to believe that it was Paypal that was phished, and if so, the rest of y'all might want to change your PP passwords.

Anyway, that is all. Just wanted to share my crappy day.
 

·
Registered
Joined
·
283 Posts
I set my account up almost 10 years ago and since then they now have these devices that synchronize a specific serial number to your account. You press a button on the keychain and it gives a 6 digit code that must be entered along with your password within 30 seconds of it being generated. These are supposed to be the safest way to protect your account.

Cost: $5


https://www.paypal.com/cgi-bin/webs...iven/securitycenter/PayPalSecurityKey-outside


Pic

http://www.coolest-gadgets.com/wp-content/uploads/2007/01/paypal_security_key.jpg


I remember to confirm my home address required me to wait over a week and then verify to very small amounts of money that had been deposited into my account. The ammounts were about 12 cents and 42 cents.

Glad it all worked out for you, some people have issues with Paypal and never get resolution!
 

·
Registered
Joined
·
7,228 Posts
Wow thats terrible.

I'll go change my password tonight as well.

Personally a week ago China tried to steal all my information on my computers but my dad was home and he put a stop to that... He basically banned all china's possible IP addresses from our network.

Maybe you should try the same with all of Asia?
-Andrew
 

·
Registered
Joined
·
1,089 Posts
I made an account specifically for paypal and only hold $200 in it at one time. I transfer money into it from my checking or savings when I need more. This way, if it was accessed without my consent, they would only get less than $200.

I feel for you bro. Can paypal get your money back?
 

·
Registered
Joined
·
868 Posts
Well at least it was paypal. I got to call the FBI. The guy I sold the item to had fake paypal paperwork. Since the item went to Nigeria and the buyer was in Oregon it is also postal fraud. Paypal was of course told of the problem so maybe they can catch the guy. I am out Shipping costs, Live and learn.....
 

·
Registered
Joined
·
3,378 Posts
Discussion Starter · #6 ·
Can paypal get your money back?
Yeah the $650 was put back into my Paypal account moments after it was charged to the bank account, but it's going to take them "several days" to get it put back in my bank account which is where it belongs. So technically I already have the money back, but it's in Paypal form instead of in my checking account.

I have to admit, though, that when I called Paypal the guy was very helpful and friendly, and according to my account when I login, the transaction is already in the works to get it transferred into my bank account at no charge to me, so they really do seem to be helping me here. For what it's worth. That also makes me mad, because I want to be mad at them but they keep redeeming themselves, lol.
 

·
Registered
Joined
·
9,774 Posts
Just went and changed my password. Tried to sign up for their Text based security key but it doesn't work on my phone as they require a 1 in front of the main 10 digits.

Craig
 

·
Registered
Joined
·
316 Posts
Sorry to hear about the issues, but glad they were able to reverse the transactions quickly.

With regards to the "confirmed" part, you confirm your account after you open it. They put a small transaction and you confirm the amount. After that you can change your address to anything I guess.

The Indonesia part should have been a red flag though, and should have triggered a re-verification I would think before money can be sent.
 

·
Registered
Joined
·
85 Posts
what ticks me off is that the transaction was allowed to take place at ALL since the criminal who broke-in added a new shipping address to Indonesia!! How did that not raise a flag? Then on top of that, wtf was this new address doing showing up as a confirmed address? How the hell exactly does Paypal confirm these things?
wow wtf.... :icon_evil:icon_evil:icon_evil:icon_evil:icon_evil:icon_evil:icon_evil
 

·
►◊Ö Ï Ç◊◄
Joined
·
965 Posts
Some people may not know this but there is something out there which is affects Linksys, Dlink and few our home user routers along with your current PC settings. Most people do not change there default password on the router when they set it up. We there is now malicious software than changes the DNS address on the router and your computer get the DNS.
Lets start with DNS well what is it? Well DNS stands for Domain Name System it is like your name to your SSN# Every web site register there domain like google.com or yahoo.com and then assigns a WAN (Wide Area Network) IP address. Well if the DNS IP is not pointing to the correct DNS server it can say that paypal.com which IP address is 66.211.169.65 in real life points to paypal.com 66.211.150.4 which is not the correct IP address. Then the person steals your account information thinking you signed in and paypal page did nothing most people will think oh no big deal site must be down. This is also called DNS cache poisoning.

Some of the bad DNS IP are the following:
85.255.112.114
85.255.112.81 location Ukraine
1.2.3.4

It is very easy to cache a web site and bring it up running on another server with different IP and change the name by one letter.

Check this out----> yahoo.com pages this is cached web page of yahoo from 10/96 to 4/08
 

·
Registered
Joined
·
1,734 Posts
That's incredible! Are all those fake home pages for Yahoo? Seems like there's no way of protecting yourself. For novices that are just lazy users like myself I don't know what protection we can have.
 

·
Registered
Joined
·
3,378 Posts
Discussion Starter · #15 ·
what 3rd party companies or programs are attached to your paypal?
Nothing/no one/nada. Someone simply got ahold of my paypal password and logged in as me. Apparently, paypal themselves caught the fraud, 5 minutes after the money was transferred from me to the "seller" and they somehow determined that a 3rd party that was not me had gained access to my account, so they froze it. This was all done before my first time of even calling them. So when i called them they were all telling me that they were steps ahead of me, and already transferred the money back into my paypal account, and so forth. So yes, they caught it, and I'm happy about that, and I give them credit for it, and for reversing things so quickly. But the real problem here is how someone can add a new address, to Indonesia no less, and then immediately it shows up as confirmed. I don't understand how that can happen.

I still, after numerous scans in normal mode and safe mode, have found no rootkits or other infections on my machine, and I firmly believe this was either an inside job (meaning someone who works for paypal has sold some account info) or their database has been phished/hacked, and they either don't know about that [yet] or haven't told the public about it.

Nonetheless, according to Paypal the money has already been put back in my checking account, but according to my checking account balance I'm still broke. Hopefully by tomorrow it will be back, and I'll have money again...
 

·
Registered
Joined
·
1,089 Posts
Good for you Church!!! Let all be aware of our accounts and the money we have in them. We all work hard for our monies and we should skewer anyone trying to steal it.
 

·
Registered
Joined
·
2,101 Posts
Same thing happened to me a few months ago, the supposed seller hacked paypal logged in as me and sent himself 999.00.
I caught it before anyone did tho as I check my email constantly and saw the charge minutes after it happened. I called my bank first and told them to stop any paypal transactions, changed all my passwords I then called paypal went through a bunch of hassle and finally got that key generator, which they didn't charge me for btw.

The key generator is the only fool proof way for a hack free paypal...
 

·
Registered
Joined
·
3,378 Posts
Discussion Starter · #18 ·
I'm very much considering the keygen, for sure. I've been researching the hell outta that thing.
 

·
Registered
Joined
·
283 Posts
I would strongly recommend it. I have used mine for over 2 years now and if you happen to leave your keys somewhere inconvenient then you can still log in with a bypass question. You have to set this up prior to needing to login without the keygen though.

Although, after enough "bypasses" they send a message asking if you just lost it and would like a new one.
 
1 - 20 of 38 Posts
Top