PayPal HTF?
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: PayPal HTF?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    6

    PayPal HTF?

    So it seems that someone got my PayPal password. I'm asking for your guys' advice because I'm actually pretty stumped on how it was stolen. I'd never fall for a phishing site or email and even If I would, I simply haven't gotten any phishing emails so I've ruled that out. The only thing I know is, I bought something with "Buy It Now" on ebay last night around 11pm. I payed it with PayPal and went to bed. This morning I found that someone had sent themselves a nice amount of money from my PayPal account. The last time I used PayPal before that was a couple weeks ago so I can only assume that this is related to last night's purchase...somehow. I thought maybe I had a trojan or something - which seems unlikely since I use Firefox and I never really download any apps or appZ But I did a full scan with Mcafee and AVG and they found nothing. I NOW have Sunbelt Firewall running and its not detecting any weird outgoing connections. Lastly, my PayPal password was unique and impossible to be guessed and pretty hard to brute-force. I checked if my local DNS had been modified - it doesn't seem to be and I can ping paypal at their real IP.

    Any ideas? I'm pretty perplexed! Unless it's that guy with the binoculars across the street....

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hello fetuz, and welcome to AO.

    I found that someone had sent themselves a nice amount of money from my PayPal account.
    That is called fraud where I come from..... report it to the law enforcement agencies and to paypal.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Quote Originally Posted by fetuz
    So it seems that someone got my PayPal password. The only thing I know is, I bought something with "Buy It Now" on ebay last night around 11pm. I payed it with PayPal and went to bed.
    So did the "Buy It Now" purchase go thru? I'd be wondering if that really was eBay's site I was on. Phishing can be very deceptive. I got caught a couple of years back. Backed out of a site after entering my user name and password but before submitting them. They caught my details anyway. Next day I was apparently the happy seller of a Bo-Flex machine.

    Quote Originally Posted by fetuz
    I thought maybe I had a trojan or something - which seems unlikely since I use Firefox and I never really download any apps or appZ But I did a full scan with Mcafee and AVG and they found nothing. I NOW have Sunbelt Firewall running and its not detecting any weird outgoing connections. Lastly, my PayPal password was unique and impossible to be guessed and pretty hard to brute-force. I checked if my local DNS had been modified - it doesn't seem to be and I can ping paypal at their real IP.
    You the only one using that computer? You might try one of the online scans too.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Hey guys, thanks for the replies. I used Mcafee's online scanner - it didn't find anything. The Buy It Now purchase went through fine and shows up in my ebay and paypal account. I actually made 2 purchases that night. The time that the fraudulent transfer was made was VERY close to the time that I sent the money for the second auction (which has also gone through fine, with item shipped). None of my other accounts have been compromised, so it seems specific to PayPal. I would think if it was a keylogger, other accts would be screwed.
    I'm totally clueless!

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    I have a dumb question. Are you using wireless?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Yea - I'm on wireless with WPA. I guess if someone cracked my wireless, then used some Windows exploit on me, that could be a possibility. Otherwise, just sniffing traffic? Even through https?

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Two things. Even though you're using WPA, your passphrase can still be brute-forced and/or dictionary attacked. Do you have a complex passphrase?

    And
    Otherwise, just sniffing traffic? Even through https?
    Just remember that your HTTPS connection is between your router and the PayPal server. What floats through the air between your computer & your router is only as secure as your passphrase.

    I've never done it but, if they get your passphrase, I'm guessing they could hang out & collect your wireless traffic, then decrypt it.
    Last edited by ShagDevil; June 14th, 2008 at 04:42 AM.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #8
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Quote Originally Posted by fetuz
    None of my other accounts have been compromised, so it seems specific to PayPal. I would think if it was a keylogger, other accts would be screwed. I'm totally clueless!
    Would the other acct's be screwed? Any money in the other acct's? Follow the money.

    Were both auctions via eBay? I'm under the impression Paypal transaction take place without a vendor/seller being privy to acc't details. Any reason to think a vendor/seller perpetrated this thing?

    And are you the only one using that PC? I'd do a search for any recent .exe's or .dll's by datestamp. Go back 2 weeks, maybe a month. Doesn't take long. Compromised PC's usually have new files to reveal.

    http://antionline.com/showthread.php?t=271614
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #9
    Member
    Join Date
    Dec 2006
    Posts
    33
    Confirmed:


    The HTTPS session exists between the computer and the HTTPS server via the router. The HTTPS traffic is simply encapsulated inside the WPA traffic.

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Anyone else feel uneasy?

    Like if someone rips me off I call the police........... unless I already have a pretty good idea, and the answer is too close to home?

    I would start looking for physical devices, a divorce lawyer, and a residential school somewhere in the desert

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Scam Examples
    By foxyloxley in forum Phishing and Cyber Scams
    Replies: 59
    Last Post: July 19th, 2011, 12:55 PM
  2. Paypal Scam
    By 11001001 in forum Phishing and Cyber Scams
    Replies: 6
    Last Post: July 7th, 2005, 10:30 PM
  3. Interesting PayPal Phishy (Where's Phishy?)
    By MrLinus in forum Phishing and Cyber Scams
    Replies: 2
    Last Post: March 20th, 2005, 03:05 AM
  4. Phishy: PayPal - Flagged Account
    By MrLinus in forum Phishing and Cyber Scams
    Replies: 2
    Last Post: February 28th, 2005, 11:40 AM
  5. Paypal Scam.
    By FrameWork in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: May 23rd, 2003, 02:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides