Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: PayPal HTF?

  1. #1
    Junior Member
    Join Date
    Jun 2008
    Posts
    6

    PayPal HTF?

    So it seems that someone got my PayPal password. I'm asking for your guys' advice because I'm actually pretty stumped on how it was stolen. I'd never fall for a phishing site or email and even If I would, I simply haven't gotten any phishing emails so I've ruled that out. The only thing I know is, I bought something with "Buy It Now" on ebay last night around 11pm. I payed it with PayPal and went to bed. This morning I found that someone had sent themselves a nice amount of money from my PayPal account. The last time I used PayPal before that was a couple weeks ago so I can only assume that this is related to last night's purchase...somehow. I thought maybe I had a trojan or something - which seems unlikely since I use Firefox and I never really download any apps or appZ But I did a full scan with Mcafee and AVG and they found nothing. I NOW have Sunbelt Firewall running and its not detecting any weird outgoing connections. Lastly, my PayPal password was unique and impossible to be guessed and pretty hard to brute-force. I checked if my local DNS had been modified - it doesn't seem to be and I can ping paypal at their real IP.

    Any ideas? I'm pretty perplexed! Unless it's that guy with the binoculars across the street....

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hello fetuz, and welcome to AO.

    I found that someone had sent themselves a nice amount of money from my PayPal account.
    That is called fraud where I come from..... report it to the law enforcement agencies and to paypal.


  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Quote Originally Posted by fetuz
    So it seems that someone got my PayPal password. The only thing I know is, I bought something with "Buy It Now" on ebay last night around 11pm. I payed it with PayPal and went to bed.
    So did the "Buy It Now" purchase go thru? I'd be wondering if that really was eBay's site I was on. Phishing can be very deceptive. I got caught a couple of years back. Backed out of a site after entering my user name and password but before submitting them. They caught my details anyway. Next day I was apparently the happy seller of a Bo-Flex machine.

    Quote Originally Posted by fetuz
    I thought maybe I had a trojan or something - which seems unlikely since I use Firefox and I never really download any apps or appZ But I did a full scan with Mcafee and AVG and they found nothing. I NOW have Sunbelt Firewall running and its not detecting any weird outgoing connections. Lastly, my PayPal password was unique and impossible to be guessed and pretty hard to brute-force. I checked if my local DNS had been modified - it doesn't seem to be and I can ping paypal at their real IP.
    You the only one using that computer? You might try one of the online scans too.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Hey guys, thanks for the replies. I used Mcafee's online scanner - it didn't find anything. The Buy It Now purchase went through fine and shows up in my ebay and paypal account. I actually made 2 purchases that night. The time that the fraudulent transfer was made was VERY close to the time that I sent the money for the second auction (which has also gone through fine, with item shipped). None of my other accounts have been compromised, so it seems specific to PayPal. I would think if it was a keylogger, other accts would be screwed.
    I'm totally clueless!

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    I have a dumb question. Are you using wireless?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    Yea - I'm on wireless with WPA. I guess if someone cracked my wireless, then used some Windows exploit on me, that could be a possibility. Otherwise, just sniffing traffic? Even through https?

  7. #7
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    Two things. Even though you're using WPA, your passphrase can still be brute-forced and/or dictionary attacked. Do you have a complex passphrase?

    And
    Otherwise, just sniffing traffic? Even through https?
    Just remember that your HTTPS connection is between your router and the PayPal server. What floats through the air between your computer & your router is only as secure as your passphrase.

    I've never done it but, if they get your passphrase, I'm guessing they could hang out & collect your wireless traffic, then decrypt it.
    Last edited by ShagDevil; June 14th, 2008 at 04:42 AM.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  8. #8
    Junior Member
    Join Date
    Jun 2008
    Posts
    6
    My passphrase is pretty long, brute forcing it would be impressive. Isn't the HTTPS between my browser and the PayPal server? No one on the same network should be able to decrypt my https packets...

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Quote Originally Posted by fetuz
    None of my other accounts have been compromised, so it seems specific to PayPal. I would think if it was a keylogger, other accts would be screwed. I'm totally clueless!
    Would the other acct's be screwed? Any money in the other acct's? Follow the money.

    Were both auctions via eBay? I'm under the impression Paypal transaction take place without a vendor/seller being privy to acc't details. Any reason to think a vendor/seller perpetrated this thing?

    And are you the only one using that PC? I'd do a search for any recent .exe's or .dll's by datestamp. Go back 2 weeks, maybe a month. Doesn't take long. Compromised PC's usually have new files to reveal.

    http://antionline.com/showthread.php?t=271614
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    SC
    Posts
    718
    My passphrase is pretty long, brute forcing it would be impressive
    Does it meet typical complexity requirements? While length is good, mixing in symbols, uppercase/lowercase, & numbers really adds strength. If it's long but, uses standard wording, it can be brute forced.

    Isn't the HTTPS between my browser and the PayPal server?
    The connection between what you see on your monitor & the path it takes to get there can be confusing when you use wireless.

    Computer-->(WPA encrypted traffic)-->wireless router--> Internet

    Basically, there's no HTTPS between your computer and your wireless router. The conversation between your wireless card & your wireless router doesn't use the internet. That's what WPA is for. It encrypts traffic between your computer & your wireless router.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Similar Threads

  1. Scam Examples
    By foxyloxley in forum Phishing and Cyber Scams
    Replies: 62
    Last Post: November 24th, 2018, 10:55 AM
  2. Paypal Scam
    By 11001001 in forum Phishing and Cyber Scams
    Replies: 6
    Last Post: July 7th, 2005, 10:30 PM
  3. Interesting PayPal Phishy (Where's Phishy?)
    By MrLinus in forum Phishing and Cyber Scams
    Replies: 2
    Last Post: March 20th, 2005, 04:05 AM
  4. Phishy: PayPal - Flagged Account
    By MrLinus in forum Phishing and Cyber Scams
    Replies: 2
    Last Post: February 28th, 2005, 12:40 PM
  5. Paypal Scam.
    By FrameWork in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: May 23rd, 2003, 02:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •