 sj |
||
|
||
Tech: Paypal hacked
|
|
|
Subject: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 01:47 PM Just a warning - I received an email today that I have made a Paypal payment to daniel-jeremy@live.com from Paypal mobile app. I am quite certain that this was not done by me, because I do not HAVE a paypal app on my phone. But the culprit seems to have know what my balance was, and took most of it - only $115. I would advice that people change their paypal passwords and security, because it has clearly been hacked. |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 01:48 PM And if anyone knows who this Daniel Jeremy may be... |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 01:55 PM Interesting that these is a Daneil Jeremy listed as an email scammer at the River College site 10/25/2010 Daniel Jeremy [backup@srv1.bilink.com.br] CONTACT HEADQUARTER WESTERN UNION MONEY TRANSFER |
|
Subject: RE: Tech: Paypal hacked From: Arthur_itus Date: 11 Aug 11 - 01:56 PM Are you sure that the money has been taken out? Most of these emails are just meant to put the frighteners up you, but normally nothing is taken out of your account. I have received quite a few from people saying they have completed my order and the money has been taken from my account. On all occasions it was untrue. Do what my wife does. She always transfers the money out of Paypal and puts it back in for any transaction for buying something. |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 02:05 PM No, this was a genuine paypal email, addressed to me by name, and confirmed by logging into my account (directly, not from an email link). I have changed my security and deleted the credit card from my account now. The hacker must have been able to see my balance, because he left only $3 in the account. So that is all that is now at risk. |
|
Subject: RE: Tech: Paypal hacked From: katlaughing Date: 11 Aug 11 - 02:06 PM Thanks for the warning. I have changed our password. |
|
Subject: RE: Tech: Paypal hacked From: treewind Date: 11 Aug 11 - 02:58 PM The question is: Is it Pavane's password that's been stolen from Pavane, or a whole file full of Paypal user data that's been stolen from Paypal? If the latter, then we should all be changing our passwords, but otherwise we're no more at risk than we were before. |
|
Subject: RE: Tech: Paypal hacked From: olddude Date: 11 Aug 11 - 03:42 PM Yes it is happening a lot, good thing is paypal will reimburse you. I had a friend who they clean out many thousands from her account. Paypal replaced it all ... Paypal is probably the best service on the net I think |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 04:08 PM I don't know how my paypal password might have been stolen directly from me. I have not used it for over a year, and do run anti-virus checks etc. I never open dodgy emails, or go to any dodgy sites, and I have had no indication that I might have picked up any data logging trojans, etc. The person would need my email address, which is not one I ever use to send mail (I always send from a hotmail account), as well as the paypal password. |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 04:12 PM To clarify - that email address is only ever used to receive mail, which is then forwarded to my Hotmail. It is probably several years since I sent a mail from there. I just use it to register with online sites. The chances that someone found it elsewhere, and guessed my password (which is reasonably strong) are quite low, the most likely thing is that someone's site was hacked. |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 11 Aug 11 - 04:39 PM While an individual account can be hacked, or the site of a service can be hacked, recent news reports have been full of reports of add-on aps for phones that contain malware capable of snatching passwords and other information directly from the phones. There have been reports of anti-malware aps(?) and scanners to remove bad aps, but since I still use a tin can and a long binder twine for most of my communications, I haven't paid enough attention to make any suggestions, other than that you check out the phone and anything on it, as well as your own computer(s) and other "possible points of entry" while cleaning things up. If one of your accounts is accessed, the recommendation usually is that you should change all of your passwords at any places where you use one. It's unlikely that you'll be able to find how someone got into your stuff, so all the "possibilities" may need some attention. Most of it is stuff we're all supposed to be doing routinely anyway, but I doubt that there are many of us who don't have at least a few passwords that haven't been changed in years - and even some to places where we have "sensitive information." John |
|
Subject: RE: Tech: Paypal hacked From: Arthur_itus Date: 11 Aug 11 - 05:08 PM Agreed John. Most of us can only remember one password :-) |
|
Subject: RE: Tech: Paypal hacked From: open mike Date: 11 Aug 11 - 05:29 PM i hope this is an isolated incident. many people trust paypal to be a safe place for financia transactions. i hope they will re-imburse you for this. |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 11 Aug 11 - 05:38 PM And even a few fairly secure >9 char ones (recomended where possible) are a PIA to keep changing all the time. Many places limit how many characters you can use to "short" ones (<6?) that are not really hard to crack. It's probably more important to flip in a new one fairly regularly at those sites, but of course that depends on whether there's any significant information there and whether anybody can hurt you by getting to it. And no matter how secure the password is, length and randomness don't matter much if someone finds a place where all they have to do is copy it. John |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 11 Aug 11 - 05:44 PM John - I don't have any paypal app on my phone, so it cannot have come from there. I too am only just out of the tin can era. My password is at least 8 chars alphanumeric. What is scary is that it was linked up to a credit card (not any more!) and more could probably have been taken. They just cleared out the visible balance - - therefore managed to see it somehow. |
|
Subject: RE: Tech: Paypal hacked From: Richard Bridge Date: 11 Aug 11 - 06:12 PM Changed |
|
Subject: RE: Tech: Paypal hacked From: SINSULL Date: 11 Aug 11 - 06:33 PM Changed PW. Thanks for the heads up. Mary |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 11 Aug 11 - 06:48 PM pavane - A "guilty" app on your phone wouldn't need to be a paypal app. ANY app can put the malware in place and the malware can be capable of going through everything on the phone and snatching everything you do with the phone. Any password that is itself on the phone or used on any connection made with the phone could be vulnerable to the malware - but the malware itself could have been brought onboard by any ap you've installed or even by an app that you "just used once" to try out something (a cute game?) on a connected site. Malicious infections specific to phones have been reported in music downloads from "respectable" sites like iTunes, among others. At present, they don't seem to infect a lot of people, but "intense activity" in developing phone malware is being reported. The actual incidence of phone malware is low enough that paranoia probably isn't justified at present ("... but John, paranoia is such fun!!!"); but being aware that phones now are sufficiently powerful to require the same sort of cautions as "real computers" is increasingly necessary, and indications are that "it's gonna get worse." John |
|
Subject: RE: Tech: Paypal hacked From: Janie Date: 11 Aug 11 - 09:15 PM John, would an iPad be more like a phone or more like a "real" computer regarding apps. |
|
Subject: RE: Tech: Paypal hacked From: GUEST Date: 11 Aug 11 - 10:04 PM PLEASE send factual documents to mossberg@wsj.com |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 12 Aug 11 - 01:52 AM No, I don't have ANY apps, nor do I log into anything from the phone. No games, no passwords ever entered. So probably not that. But thanks. |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 12 Aug 11 - 01:53 AM And who is this mossberg? |
|
Subject: RE: Tech: Paypal hacked From: GUEST,999 Date: 12 Aug 11 - 02:03 AM Mossberg (Walt) is the Wall Street Journal's Personal Technology writer |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 12 Aug 11 - 02:59 AM I only see the reports that come up in general news reports, and I've only noticed that there have been increasing numbers of reports relating to attacks on "mobile devices" in general. If you're concerned about a particular device, your best approach probably is to check for updates and recommendations with the provider of your specific device. Since I do have some interest in "corporate behavior" items, I have noticed a couple of prominent "denials by XXXX" about malware later confirmed ("baaaa said XXX sheepishly") but I don't think denial has been a big problem. Within the past one or two days, separate articles have appeared in the Tech Section at MSNBC News about a recently found Blackberry vulnerability and about an Android Hack. Years ago devices were available to scan for the codes to open your garage door if you had a "remote control" on an opener. There's some circulation of hacks for "auto remotes" for breaking into automobiles, but the auto makers have countered (partly by using such crude code that "sophisticated hackers" apparently are bored?). More recently, one "researcher" demonstrated the ability to remotely reprogram implanted heart pacemakers, and another more recent one reported how to hack an isulin incetion pump implanted controller. (The paranoids know that "government intelligence" considers both of these "obsolete technology" since neither of those two hackers disappeared mysteriously. Watch for the next "medical emergency" in a politically significant person, of course.) Any device containing enough circuitry to be capable of "executing an instruction" and that can send/receive information can probably be hacked. The immense surge in mobile devices with a whole lot of capability has attracted attention, both from those trying to provide protections and from those trying to break into them. You can easily get lots of more general information - e.g. Google "smartphone malware statistics". I do see an item there claiming "FaceBook is biggest mobile malware threat ..." but that also is of little real interest to me. Any device that can "execute a programmed sequence of instructions" can probably be hacked, expecially if it can send/receive any kind of information. Believing that anything you buy, especially anything new and different, is "safe" because it's sold by "a big company" suggests immense gullibility, and you should never (among other things) buy a toy for for a child (just as a trivial case-in-point). John |
|
Subject: RE: Tech: Paypal hacked From: Joe Offer Date: 12 Aug 11 - 04:01 AM I get official-looking messages from PayPal all the time. They're usually in English, but they're all more-or-less like this:
Ungewöhnliche Kontobewegungen haben es notwendig gemacht Ihr Konto einzugrenzen bis zusätzliche Informationen zur Überprüfung gesammelt werden. Zur Zeit haben Sie nur begrenzten Zugang zu Ihrem Pay Pal Konto. Wir bitten Sie daher die von uns angeforderten Kontodaten zu enrneuern. Here's an English version:
It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records before August 15, 2011 Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal. Click here to update your PayPal account information Copyright © 1999-2011 PayPal. All rights reserved. Information about FDIC pass-through insurance -Joe- |
|
Subject: RE: Tech: Paypal hacked From: Desi C Date: 12 Aug 11 - 07:54 AM I get regular mails supposedly from Pay Pal most are just scams. So check straight away if they have mailed you, if so there'll be a copy on your Pay Pal account. Always best to check if you get any mails also asking you to verify account details for banks or similar. Even if you click on them and a site comes up looking genuine it often isn't there are numerous scams like this going round, If your Pay Pal has been hacked change your password immediately |
|
Subject: RE: Tech: Paypal hacked From: VirginiaTam Date: 12 Aug 11 - 09:35 AM On my android tab, I do not log into bank accounts, paypal, ebay or amazon. Not worth the worry. I use Rapport on my home pc to ensure I am logging in securely. |
|
Subject: RE: Tech: Paypal hacked From: GUEST,leeneia Date: 12 Aug 11 - 11:12 AM In 2005, somebody used my Paypal account to buy jewelry. However, the merchants were suspicious for some reason, and they never sent out the jewelry. But what a headache it was for me, dealing with the identify theft! I've changed my Paypal account so that it is not linked to my credit card. Instead, if I buy anything using Paypal, the money comes from a little-bitty savings account at my bank. Paypal doesn't seem to like it, but tough. In 2005, some Mudcatter who I knew and respected said that most of these seeming-brilliant hacker attacks are actually the work of an employee at the institution, one who has access to inside knowledge. I think that makes a lot of sense. |
|
Subject: RE: Tech: Paypal hacked From: Richard Mellish Date: 12 Aug 11 - 06:16 PM Leenia said > In 2005, some Mudcatter who I knew and respected said that most of these seeming-brilliant hacker attacks are actually the work of an employee at the institution, one who has access to inside knowledge. I think that makes a lot of sense. < A friend of mine had some strange transactions appearing on her PayPal account. I don't remember the details, but I do remember that she eventually was able to speak to someone there who stated categorically that her account couldn't have been hacked from outside. She replied "So you're telling me it was an inside job?" and the PayPal person refused to comment further. Richard |
|
Subject: RE: Tech: Paypal hacked From: Don(Wyziwyg)T Date: 12 Aug 11 - 06:40 PM ""It's gotten to the point where I don't trust any e-mail from any financial institution. If I get something that looks legit, I'll close the e-mail go to my account through my usual login link."" Joe, no reputable company will ever ask for account login or password by E-Mail, and most won't even ask for ANY account details at all. So you are taking the correct action. It's virtually certain that those E-Mails are scams. Any E-Mail addressed to User or Client shows that the sender doesn't know your name. Very strange if you are actually a client. E-Bay always uses your unique username, while Paypal always uses your real Christian name and Surname. Don T. |
|
Subject: RE: Tech: Paypal hacked From: Joe Offer Date: 12 Aug 11 - 07:47 PM These "phishing" e-mails are getting more and more sophisticated. Some look really stupid and you can tell so easily they're scams that you wonder how anybody could ever fall for them. Maybe they're meant to throw people off the track so they're bit on the official-looking ones. Don't even click the links on financial institution e-mails, because some of those links are clever scripts that will take you where you don't want to go. Close the e-mail and go to the financial institution via your usual link. -Joe- |
|
Subject: RE: Tech: Paypal hacked From: Jack Campin Date: 12 Aug 11 - 08:38 PM It is quite likely that Pavane's "special" email address is in a message in his/her Hotmail inbox, and could have been leaked through a security hole in that account. From what he/she says, all the relevant information will have been forwarded there and is sitting in the Hotmail database. So anything that can access that database can leak it. |
|
Subject: RE: Tech: Paypal hacked From: GUEST,leeneia Date: 12 Aug 11 - 10:10 PM "So you're telling me it was an inside job?" Love it, Richard! Thanks for posting. |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 13 Aug 11 - 05:11 AM While there appears to still be some interest in the subject, it might be worth noting that recent statistics assembled from fraud reporting agencies indicated that the majority of "identity thefts" that actually result in losses by individuals (as opposed to businesses and corporations) are the result of someone going through trash bins and/or dump sites. It that's taken as true, it's possible that your paper shredder may be at least as important a part of your defenses as your intelligent handling of email and your secure browsing habits. You do have a good shredder - and use it - we hope ...(?). John |
|
Subject: RE: Tech: Paypal hacked From: Don(Wyziwyg)T Date: 13 Aug 11 - 05:18 AM Yep! Converts an A4 sheet into a 5000 piece jigsaw (5000 identically shaped pieces). Nothing leaves my house readable except junk mail (they are welcome to steal the ID of "Occupier"). Don T. |
|
Subject: RE: Tech: Paypal hacked From: Artful Codger Date: 13 Aug 11 - 02:16 PM The security gaps are especially prevalent now that corporations have taken to pushing out relatively untested software—and updates. Effectively, they're now using the user base for beta-testing because actually testing the software rigorously in-house would introduce delivery delays and cost money that could better be spent on executives' vacation homes and Dom Perignon. |
|
Subject: RE: Tech: Paypal hacked From: GUEST,PeterC Date: 14 Aug 11 - 04:56 AM It's gotten to the point where I don't trust any e-mail from any financial institution. I get so many phishing emails supposedly from PP that I automatically filter the name as spam. Not much point in ever opening an account with them. On this side of the Atlantic credit card payments are protected by law so you are protected against fraud without needing a special intermediate processor like PP. |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 14 Aug 11 - 06:40 AM Good news is that Paypal have refunded the transaction and sent me details of how to disable the mobile application facility on my account (But I imagine a hacker could switch it back on). John, my email address is not private, but only used for incoming mail, therefore a keylogger could not have intercepted outgoing mail for passwords. Nor will it ever have been in my Hotmail account. I have never, ever, typed my paypal password on my phone or on that email address. So I still believe the security breach was not down to my actions. But I don't suppose I will ever find out. |
|
Subject: RE: Tech: Paypal hacked From: MikeL2 Date: 14 Aug 11 - 06:53 AM From: Artful Codger - PM Date: 13 Aug 11 - 02:16 PM <" The security gaps are especially prevalent now that corporations have taken to pushing out relatively untested software—and updates. Effectively, they're now using the user base for beta-testing because actually testing the software rigorously in-house would introduce delivery delays and cost money that could better be spent on executives' vacation homes and Dom Perignon."> Hi AC This is nothing new. This has been going on ever since interactive computing was introduced in the 70/80s There is probably more of it about now. Cheers MikeL2 |
|
Subject: RE: Tech: Paypal hacked From: GUEST,999 Date: 14 Aug 11 - 07:00 AM For some reason, something someone said reminded me of the following. "The infinite monkey theorem states that a monkey hitting keys at random on a typewriter keyboard for an infinite amount of time will almost surely type a given text, such as the complete works of William Shakespeare." A comic replied, "The internet proves that's not true." |
|
Subject: RE: Tech: Paypal hacked From: GUEST,999 Date: 14 Aug 11 - 07:01 AM PS Glad you got your bucks back, Pavane. |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 14 Aug 11 - 07:52 AM A news note from the last couple of days reports that Symantec now has a "Free AV App for Android," and the article links to a list of others offering similar (free and "enhanced") Apps for Android and most others. Those using "Smart" phones (or stupid ones clever enough to get in trouble) might want to think about whether what's offered would help you feel more secure. With the frequency of reports of "hacks" rapidly increasing, it's likely that quite a few such "protections" should be coming out, so a decent one shouldn't be hard to find if you watch for them. And additional (local) reports of ID Thefts via the trash bins support the recomendation that every household really should have, and USE, a paper shredder (since incinerators are banned for almost all of us). For most home use, the $40 (US) ones at Walmart, Walgreens, etc should be just fine, although I've worn the guts out of two of those in the past year or so. (I've been clearing old records so I've been a "heavy user" recently.) IMO the "strip cut" shredders are probably adequately secure, but the paper "fluffs up" somewhat more than with a cross-cut, so you handle more bulk for the same weight. Ones that will eat CDs/DVDs are generally available, and while the feature probably isn't critical (you can slice a CD lots of ways) it may indicate a little sturdier construction that suggests somewhat longer life. I've graduated to one of the "big boys" rated at 18 sheets per pass that so far has produced >30 barrels (36 gal each) of cross-cut fluff since I got it about 6 months back; but that's probably several years worth of throughput for most. The recycler in my area refuses to accept shredded stuff, apparently because it "blows in the wind" and is a mess to handle the way they do it. If you can recycle, most prefer that you avoid including "self-carbon" forms, since it doesn't go throught the pulping and bleaching well, but shreds are otherwise a prime candidate the recyling so you can "feel a little greener" where you can do it. They likely will ask that you "bag it" even if they do accept it in the bin, because it is like loose confetti until they can get it to a baler. John |
|
Subject: RE: Tech: Paypal hacked From: pavane Date: 14 Aug 11 - 10:44 AM Daughter used to use it for horse bedding |
|
Subject: RE: Tech: Paypal hacked From: JohnInKansas Date: 14 Aug 11 - 01:37 PM If you keep the the toxic stuff out of it, it's good filler for your worm beds to raise your wigglers for fish bait and to breed 'em up until they get big enough to work in your garden, (Toss in your used coffee grounds ro keep 'em awake so they work hard. They don't need much other feedin'.) It'd take a really big bed to handle much of my shreds, and I ain't got room to keep 'nuff worms to even handle the coffee grounds I toss out. One of our cats likes to hop up to sleep in the big barrel where I gather them up from the bitty bin on the shredder, and he keeps track of the litter box. He lets me know when the cat box needs cleaned by crappin' in the shreds where I'll be sure to see it when the cat box gets too full. (It's his "secret place" 'cause the other two haven't figured out its a comfy spot to take a nap.) John |
| Share Thread: |