-
June 12th, 2008, 10:22 PM
#1
Junior Member
PayPal HTF?
So it seems that someone got my PayPal password. I'm asking for your guys' advice because I'm actually pretty stumped on how it was stolen. I'd never fall for a phishing site or email and even If I would, I simply haven't gotten any phishing emails so I've ruled that out. The only thing I know is, I bought something with "Buy It Now" on ebay last night around 11pm. I payed it with PayPal and went to bed. This morning I found that someone had sent themselves a nice amount of money from my PayPal account. The last time I used PayPal before that was a couple weeks ago so I can only assume that this is related to last night's purchase...somehow. I thought maybe I had a trojan or something - which seems unlikely since I use Firefox and I never really download any apps or appZ But I did a full scan with Mcafee and AVG and they found nothing. I NOW have Sunbelt Firewall running and its not detecting any weird outgoing connections. Lastly, my PayPal password was unique and impossible to be guessed and pretty hard to brute-force. I checked if my local DNS had been modified - it doesn't seem to be and I can ping paypal at their real IP.
Any ideas? I'm pretty perplexed! Unless it's that guy with the binoculars across the street....
-
June 13th, 2008, 06:52 AM
#2
Hello fetuz, and welcome to AO.
I found that someone had sent themselves a nice amount of money from my PayPal account.
That is called fraud where I come from..... report it to the law enforcement agencies and to paypal.
-
June 13th, 2008, 11:15 AM
#3
Originally Posted by fetuz
So it seems that someone got my PayPal password. The only thing I know is, I bought something with "Buy It Now" on ebay last night around 11pm. I payed it with PayPal and went to bed.
So did the "Buy It Now" purchase go thru? I'd be wondering if that really was eBay's site I was on. Phishing can be very deceptive. I got caught a couple of years back. Backed out of a site after entering my user name and password but before submitting them. They caught my details anyway. Next day I was apparently the happy seller of a Bo-Flex machine.
Originally Posted by fetuz
I thought maybe I had a trojan or something - which seems unlikely since I use Firefox and I never really download any apps or appZ But I did a full scan with Mcafee and AVG and they found nothing. I NOW have Sunbelt Firewall running and its not detecting any weird outgoing connections. Lastly, my PayPal password was unique and impossible to be guessed and pretty hard to brute-force. I checked if my local DNS had been modified - it doesn't seem to be and I can ping paypal at their real IP.
You the only one using that computer? You might try one of the online scans too.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
June 14th, 2008, 12:19 AM
#4
Junior Member
Hey guys, thanks for the replies. I used Mcafee's online scanner - it didn't find anything. The Buy It Now purchase went through fine and shows up in my ebay and paypal account. I actually made 2 purchases that night. The time that the fraudulent transfer was made was VERY close to the time that I sent the money for the second auction (which has also gone through fine, with item shipped). None of my other accounts have been compromised, so it seems specific to PayPal. I would think if it was a keylogger, other accts would be screwed.
I'm totally clueless!
-
June 14th, 2008, 01:50 AM
#5
I have a dumb question. Are you using wireless?
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
June 14th, 2008, 04:14 AM
#6
Junior Member
Yea - I'm on wireless with WPA. I guess if someone cracked my wireless, then used some Windows exploit on me, that could be a possibility. Otherwise, just sniffing traffic? Even through https?
-
June 14th, 2008, 04:40 AM
#7
Two things. Even though you're using WPA, your passphrase can still be brute-forced and/or dictionary attacked. Do you have a complex passphrase?
And
Otherwise, just sniffing traffic? Even through https?
Just remember that your HTTPS connection is between your router and the PayPal server. What floats through the air between your computer & your router is only as secure as your passphrase.
I've never done it but, if they get your passphrase, I'm guessing they could hang out & collect your wireless traffic, then decrypt it.
Last edited by ShagDevil; June 14th, 2008 at 04:42 AM.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
June 14th, 2008, 05:38 AM
#8
Junior Member
My passphrase is pretty long, brute forcing it would be impressive. Isn't the HTTPS between my browser and the PayPal server? No one on the same network should be able to decrypt my https packets...
-
June 14th, 2008, 03:20 PM
#9
Originally Posted by fetuz
None of my other accounts have been compromised, so it seems specific to PayPal. I would think if it was a keylogger, other accts would be screwed. I'm totally clueless!
Would the other acct's be screwed? Any money in the other acct's? Follow the money.
Were both auctions via eBay? I'm under the impression Paypal transaction take place without a vendor/seller being privy to acc't details. Any reason to think a vendor/seller perpetrated this thing?
And are you the only one using that PC? I'd do a search for any recent .exe's or .dll's by datestamp. Go back 2 weeks, maybe a month. Doesn't take long. Compromised PC's usually have new files to reveal.
http://antionline.com/showthread.php?t=271614
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
June 14th, 2008, 03:24 PM
#10
My passphrase is pretty long, brute forcing it would be impressive
Does it meet typical complexity requirements? While length is good, mixing in symbols, uppercase/lowercase, & numbers really adds strength. If it's long but, uses standard wording, it can be brute forced.
Isn't the HTTPS between my browser and the PayPal server?
The connection between what you see on your monitor & the path it takes to get there can be confusing when you use wireless.
Computer-->(WPA encrypted traffic)-->wireless router--> Internet
Basically, there's no HTTPS between your computer and your wireless router. The conversation between your wireless card & your wireless router doesn't use the internet. That's what WPA is for. It encrypts traffic between your computer & your wireless router.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
Similar Threads
-
By foxyloxley in forum Phishing and Cyber Scams
Replies: 62
Last Post: November 24th, 2018, 10:55 AM
-
By 11001001 in forum Phishing and Cyber Scams
Replies: 6
Last Post: July 7th, 2005, 10:30 PM
-
By MrLinus in forum Phishing and Cyber Scams
Replies: 2
Last Post: March 20th, 2005, 04:05 AM
-
By MrLinus in forum Phishing and Cyber Scams
Replies: 2
Last Post: February 28th, 2005, 12:40 PM
-
By FrameWork in forum Miscellaneous Security Discussions
Replies: 5
Last Post: May 23rd, 2003, 02:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|