Anyone had their PayPal account hacked?
Fender_Man
Posts: 408
A friend of mine phoned today and told me that about £300 ($600) had been liberated from his PayPal account during the night. The hacker had changed all of his personal details including address, phone and bank account details (even changed his security question). He tried to get into his account this morning and was denied access (wrong email and password).
He got straight on to PayPal, expecting a hellish few hours being bounced from dept. to dept.. Much to his (and mine) surprise he was put straight through to a guy in Dublin who sorted the whole thing out for him within an hour. Not only that but apparently there is insurance against such things happening and you are covered to the sum of £500 ($1000), as a result the stolen money will be credited directly to his bank account within 5 working days.
Now this is all very well and it looks like Paypal came up trumps in the customer service department, but how the fuck did this happen? My friend has always been very careful with regards to giving out sensitive info. on the net and is well aware of spoof emails and phising etc. He is confident that this incident was not as a result of any mistake on his part. PayPal told him that the hacker was using a Ukrainian ISP,that an investigation was underway and he would be informed of the outcome in due course.
Is this a common event? Has this happened to anyone else on the board, or to any friends? Any security tips to help prevent this happening again? My first thought was not to ever keep more than £500 in my account, so at least if this happened to me, I would be insured.
He got straight on to PayPal, expecting a hellish few hours being bounced from dept. to dept.. Much to his (and mine) surprise he was put straight through to a guy in Dublin who sorted the whole thing out for him within an hour. Not only that but apparently there is insurance against such things happening and you are covered to the sum of £500 ($1000), as a result the stolen money will be credited directly to his bank account within 5 working days.
Now this is all very well and it looks like Paypal came up trumps in the customer service department, but how the fuck did this happen? My friend has always been very careful with regards to giving out sensitive info. on the net and is well aware of spoof emails and phising etc. He is confident that this incident was not as a result of any mistake on his part. PayPal told him that the hacker was using a Ukrainian ISP,that an investigation was underway and he would be informed of the outcome in due course.
Is this a common event? Has this happened to anyone else on the board, or to any friends? Any security tips to help prevent this happening again? My first thought was not to ever keep more than £500 in my account, so at least if this happened to me, I would be insured.
Post edited by Unknown User on
0
Comments
He says he's been careful, but he could have slipped up somewhere and let that info out unknowingly?
Does he use any of the "Remember me at next login" features? That uses cookies to store information and if his pc was hacked, that info would be there for the taking.
The hacker might have been able to hack PayPal directly and access files/information from PayPal's database and your friend may not have been the only one with a compromised account.
And the last possibility is just dumb luck that the hacker came upon his username and guessed his password.
Verona??? it's all surmountable
Dublin 23.08.06 "The beauty of Ireland, right there!"
Wembley? We all believe!
Copenhagen?? your light made us stars
Chicago 07? And love
What a different life
Had I not found this love with you
Also, I wouldn't use PayPal as an online bank. I use it to buy/sell stuff, but I always keep the balance at zero. If you do that, hackers won't have much interest.
Sweep the Leg Johnny.
But he also says the bigger problem is with typical credit card transactions, and not so much online banking.
I took a computer ethics and security class for my computer science degree and learned all sorts of stuff like that. It is pretty interesting looking at how hacking methods and security methods have advanced over the years. I would like to become an "ethical hacker". I think that would be a very interesting job.
I wouldn't doubt that using credit cards online are a bigger problem. It would be much much easier to compromise a purchase transaction than it would be to infiltrate a bank's system. There will always be those hackers who want to prove themselves or prove their talents by trying the banks though. Probably part of that big ego thing -- "I'm the best so why not go after the best" -- but that gets too much into psychology, which I don't know much about. But, like I said before, any place that deals with money or account information will always have someone going after them.
PayPal customer service IS decent, but only to a point. I had a PayPal problem and there were times I had to take deep breaths and count to 10 while dealing with them.
I heard there are viruses (or whatever you would call them) that can actually transmit every keystroke you make to the thief (scary!!). I've also heard of automated programs that will just try password after password after password until they get a "hit." Finally, it's not a good idea if ALL your passwords are "PRLJM"
Vegas 93, Vegas 98, Vegas 00 (10 year show), Vegas 03, Vegas 06
VIC 07
EV LA1 08
Seattle1 09, Seattle2 09, Salt Lake 09, LA4 09
Columbus 10
EV LA 11
Vancouver 11
Missoula 12
Portland 13, Spokane 13
St. Paul 14, Denver 14
It's fairly easy to write one of those automated programs. I wrote one of those for that ethics/security class. The best way to combat that is to give users a finite number of tries at logging in (usually 3). If they haven't successfully logged in after the third attempt, the account is suspended until the appropriate actions are taken by the user to reinstate the account. That is a simple, yet very effective solution to dealing with the automated programs.