PDA

View Full Version : My Paypal account was hacked! Change your password or



writerterri
02-17-2010, 01:25 AM
close your account if you don't use it very often. I often use the same password for all but my bank account and just change a minor detail every year. Well, not anymore! Someone guessed my password after getting access to it.

And, no, they didn't get anything but if my account was active the money would have gone through and I would be out around 500.00 dollars right now. So, if your account is just there waiting for you to use it at random, I would go there right now and change your password or close it. I can't close my account right now until all the activity stops so, I've had to put a freeze on my bank account. You have no idea! We just mailed out all our bills. But we can authorize what needs to be paid.

Here's what paypal said, change all your passwords frequently and don't use the same one for all your accounts like I do. Luckily for me my bank account pw was different. Whew!

You can keep a folder of your info (in your meat space) like I used to. And I'm changing my passwords again for all my accounts.


Let's make this a password change day!

PS. Since I have the same pw for AW and you start seeing wierd posts...

Now I need to install spell check. :tongue

alleycat
02-17-2010, 01:31 AM
You mean, "weirder posts". ;-)) Just kidding!

Good luck getting your account straightened out on PayPal. I've had a problem with it for ten years that apparently can't be fixed. It's one of those Catch-22 problems that even the service reps couldn't figure out.

Cella
02-17-2010, 01:33 AM
thanks, Terri...

one time someone broke into out bank account electronically and stole all but $100 :rant:

writerterri
02-17-2010, 01:46 AM
You mean, "weirder posts". ;-)) Just kidding!

Good luck getting your account straightened out on PayPal. I've had a problem with it for ten years that apparently can't be fixed. It's one of those Catch-22 problems that even the service reps couldn't figure out.

Yes, weirder! :D

Are you kidding? I don't need anymore headaches. I already couldn't close the account. I suppose it can be a good thing.


thanks, Terri...

one time someone broke into out bank account electronically and stole all but $100 :rant:

I guess they thought you at least had to eat.

alleycat
02-17-2010, 02:06 AM
Are you kidding? I don't need anymore headaches. I already couldn't close the account. I suppose it can be a good thing.
My situation with them would take a while to explain (and I'm not sure I could). It was something like I changed e-mail address, credit card number, and maybe something else around the same time. Now I can't change anything because it want to use the other data to verify the change. It's like a dog chasing its own tail. I can't change this, because that is incorrect, and I can't change that, because this is incorrect.

If I want to use PayPal now (to donate to AW, for example), I don't even log into to my account; I just reenter my information.

By the way, are you sure your PayPal account was hacked, or could you possibly have a keylogger on your computer?

Cella
02-17-2010, 02:11 AM
I guess they thought you at least had to eat.
I was impressed with their considerate attitude, yes.

Ambrosia
02-17-2010, 02:22 AM
Are you using a harder to hack password? If you use a password with letters, numbers, and symbols, it is harder for a hacker to guess. Also, and I fail miserably at this one, not using a real word helps. My husband uses the lyrics of songs. He will choose a line and pick the first letter of each of the words, add numbers and symbols and it is virtually unbreakable.

writerterri
02-17-2010, 02:23 AM
My situation with them would take a while to explain (and I'm not sure I could). It was something like I changed e-mail address, credit card number, and maybe something else around the same time. Now I can't change anything because it want to use the other data to verify the change. It's like a dog chasing its own tail. I can't change this, because that is incorrect, and I can't change that, because this is incorrect.

If I want to use PayPal now (to donate to AW, for example), I don't even log into to my account; I just reenter my information.

By the way, are you sure your PayPal account was hacked, or could you possibly have a keylogger on your computer?

I have no idea. All i know is that i got emails from several people stating that my echeck is being processed from things that i had bought on line. Two of which were refunded. It was as if i had bought items from these people and now they were taking money from my account.

writerterri
02-17-2010, 02:25 AM
Are you using a harder to hack password? If you use a password with letters, numbers, and symbols, it is harder for a hacker to guess. Also, and I fail miserably at this one, not using a real word helps. My husband uses the lyrics of songs. He will choose a line and pick the first letter of each of the words, add numbers and symbols and it is virtually unbreakable.


I'm going to do that now. Caps and numbers. Before i just used a word and some numbers.

alleycat
02-17-2010, 02:25 AM
What kind of security software do you have on your computer?

And, if you have additional online accounts, I suggest using a virtual keyboard to enter account numbers and passwords until you get this figured out.

alleycat
02-17-2010, 02:27 AM
I'm going to do that now. Caps and numbers. Before i just used a word and some numbers.
And if you want to write these new passwords down and keep them handy, while still keeping them secure (say, if you lose your purse), I can explain a simple technique to do that.

writerterri
02-17-2010, 02:33 AM
What kind of security software do you have on your computer?

And, if you have additional online accounts, I suggest using a virtual keyboard to enter account numbers and passwords until you get this figured out.


I use what my cable comp. offers. Virtual Keyboard?


And if you want to write these new passwords down and keep them handy, while still keeping them secure (say, if you lose your purse), I can explain a simple technique to do that.

Okay.

alleycat
02-17-2010, 02:40 AM
Virtual Keyboard?
Also called an onscreen keyboard. You probably already have one in your Accessories.

writerterri
02-17-2010, 03:11 AM
Also called an onscreen keyboard. You probably already had one in your Accessories.



I didn't know that! I'll look. Gotta go for now. Thanks for your help!

alleycat
02-17-2010, 03:17 AM
An onscreen keyboard can't be "read" by current keyloggers. But just give it time.

Susie
02-17-2010, 03:18 AM
Gee, sure sorry that happened, werri, but sure glad they didn't take your money and thx much for the heads up!

benbradley
02-17-2010, 05:50 AM
Update your virus/malware scanning software and do a scan BEFORE changing your passwords, otherwise you could be giving some cracker ALL your new passwords!

Also, about using a "virtual keyboard" (see below)I'm not sure how keyloggers work (I'm not a security expert though I suppose I could find out - the source codes for a lot of these things are available, or so I hear, but I hesitate to poke around in that area of the Cyberverse just out of curiosity), but I know enough about computers to know there are SEVERAL ways they CAN work (as in possibly logging more than just physical keystrokes), and using a "virtual keyboard" or copying-and-pasting a password might be caught by a logger just the same as if it were typed on the physical keyboard. There's lots of layers where data can be copied.

Here's an absolutely free virtual "virtual keyboard" ;) - you use it by selecting the letter or character you want to use, do ctrl-C or Edit->Copy, go to another document or a password logon screen, click the location where it goes, and do ctrl-V or Edit->Paste. Repeat for each letter you want to enter:

ETA: blowing this up to a larger font size to make it easier to use. :)

ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
1234567890-=`~!@#$%^&*()_+,./<>?;:'"[]{}\|
oh and space, between the quotes: " "
Hope this helps. :)


Yes, weirder! :D

Are you kidding? I don't need anymore headaches. I already couldn't close the account. I suppose it can be a good thing.



I guess they thought you at least had to eat.
Paypal has always had sucky customer service. But I guess this is a bad time to say that...


By the way, are you sure your PayPal account was hacked, or could you possibly have a keylogger on your computer?
Well, it's "hacked" (technically the word is cracked, though admittedly that battle was lost over a quarter century ago) either way. A computer with a keylogger installed without the consent of the owner/user is a "hacked" system.

ad_lucem
02-17-2010, 05:59 AM
Scary! Thanks for the info. I have noticed that some sites...like my alma mater have moved to making people update passwords every now and then. Good idea, even if it sucks for people with little memories like me :D

Hugs and sorry that happened!!!

writerterri
02-17-2010, 06:29 AM
An onscreen keyboard can't be "read" by current keyloggers. But just give it time.



What's a keylogger?

alleycat
02-17-2010, 06:34 AM
What's a keylogger?
In this case, I mean a piece of malicious software that has been loaded onto your computer without you knowing it, and is capable of "stealing" everything you enter on your keyboard.

I was just offering that as another possibility for why your PayPal account had been compromised. Using an onscreen keyboard is just another step you can take to help protect your passwords.

writerterri
02-17-2010, 06:37 AM
Update your virus/malware scanning software and do a scan BEFORE changing your passwords, otherwise you could be giving some cracker ALL your new passwords!

Also, about using a "virtual keyboard" (see below)I'm not sure how keyloggers work (I'm not a security expert though I suppose I could find out - the source codes for a lot of these things are available, or so I hear, but I hesitate to poke around in that area of the Cyberverse just out of curiosity), but I know enough about computers to know there are SEVERAL ways they CAN work (as in possibly logging more than just physical keystrokes), and using a "virtual keyboard" or copying-and-pasting a password might be caught by a logger just the same as if it were typed on the physical keyboard. There's lots of layers where data can be copied.

Here's an absolutely free virtual "virtual keyboard" ;) - you use it by selecting the letter or character you want to use, do ctrl-C or Edit->Copy, go to another document or a password logon screen, click the location where it goes, and do ctrl-V or Edit->Paste. Repeat for each letter you want to enter:

ETA: blowing this up to a larger font size to make it easier to use. :)

ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
1234567890-=`~!@#$%^&*()_+,./<>?;:'"[]{}\|
oh and space, between the quotes: " "
Hope this helps. :)


Paypal has always had sucky customer service. But I guess this is a bad time to say that...

Well, it's "hacked" (technically the word is cracked, though admittedly that battle was lost over a quarter century ago) either way. A computer with a keylogger installed without the consent of the owner/user is a "hacked" system.


That's valuable! Thanks so much !

writerterri
02-17-2010, 06:40 AM
In this case, I mean a piece of malicious software that has been loaded onto your computer without you knowing it, and is capable of "stealing" everything you enter on your keyboard.

I was just offering that as another possibility for why your PayPal account had been compromised. Using an onscreen keyboard is just another step you can take to help protect your passwords.


Oh, I see!

I better not go on and change my password to my bank account right away then. Unless I use the v keyboard.

alleycat
02-17-2010, 06:45 AM
I don't really know where the problem is in your case; I'm was just offering some additional security steps you could take.

Your PayPal account could be hacked. Or your system could be hacked. There is no way of telling right now without running some kind of scan and/or a HiJack log. Of course, if there is a problem with any of your other online accounts, then your computer has probably been loaded with malware, and you'd need to clean that out.

Until you figure it out, be especially vigilant about what passwords you enter via the regular keyboard, and be watchful to see if there is any suspicious activity on any of your other accounts. It could just be this one account that's been compromised, but, who knows right now.

writerterri
02-17-2010, 06:47 AM
I'm going to do a full scan tonight.

alleycat
02-17-2010, 06:53 AM
Oh, I see!
There are also a "mechanical" keyloggers, but don't worry about those (unless you think your husband is ordering stuff using PayPay and charging it to you ;-)

alleycat
02-17-2010, 06:53 AM
I'm going to do a full scan tonight.
Good idea.

writerterri
02-17-2010, 08:01 AM
It said it was all clear and 100% protected.

Ambrosia
02-17-2010, 04:12 PM
Did you update your definitions before you did the scan?

Also, try: Trend Micro HouseCall (http://housecall.trendmicro.com/) This will scan your computer from their server in case your antivirus software is itself compromised. And yes, it is a safe site. This has saved my butt a time or two.

To quote my husband: "The thing about viruses is you can never be 100% sure you are not infected. You can only be sure when you are infected."

CheekyWench
02-17-2010, 04:26 PM
It said it was all clear and 100% protected.

I'm sorry this happened to you. I would also suggest calling the credit agencies and placing a block on your credit, where you have to call for any credit authorizations.

PayPal has proven to me time and time again they aren't secure at all and if you're going to continue to use them, do so at your own risk.

My sister had to fight them for 2 years about a purchase that she never made.
Right now my husband and I are fighting with them because someone, somewhere, got a Credit Card with them in HIS name and charged $600 to Ebay!! Not only does this piss me off because they did it, it pisses me off because when we called the police for a report, called PayPal and explained the situation and gave the police report number for fraud on THREE occasions, we were told "it's been taken care of, don't worry..." they still send us bills for it.

:Soapbox:

KellyAssauer
02-17-2010, 04:38 PM
I heard so many horror stories from friends about that service when it first became 'popular' that I went down to my bank and opened a new account and I keep a horribly low balance in it .

On the rare occasion that I really must make an online purchase using that service, I transfer what I need into that account. Yep, it takes forethought and a few extra days, but every time I hear tales such as these, I'm reminded as to how totally worth it that account is. Sorry to hear about the troubles, but seriously consider an 'online' only separate way-low-balance account!!

bettielee
02-18-2010, 12:47 AM
I want to say I also got phished once about my paypal. Got a email saying someone had tried to get in and to go and change my password right away, so I clicked the link, followed the instructions - and they got my credit card number (I don't have a "account" for monies, but it is hooked up to my credit card number). Get a call from Wells Fargo saying someone tried to use my card for some massive transfers thru Western Union. And my dumb ass didn't know anything about phishing at the time, so when I got my new card number, clicked the link from the phishing email AGAIN and the same thing happened, only this time I HANDED them the number.

**waits for Darwin award**

aadams73
02-18-2010, 01:19 AM
**waits for Darwin award**

"Well, at least she's pretty."

:D

benbradley
02-18-2010, 01:38 AM
An onscreen keyboard can't be "read" by current keyloggers. But just give it time.
I wouldn't bet fifty cents on what a "current keylogger" can't do. If we can write about it here, they (the real people who write the crap) can modify the code and have the new one installed on thousands of computers in days or hours. It's only safe to assume that a keylogger or any malware CAN do these things, and a lot more besides, without giving the user a clue.

Five or ten years ago most malware slowed down computers to a crawl because it was so badly written, so "my computer is running slow" was often a sign for a knowledgable person that the computer is likely infected. Nowadays you might never know without running a scan or having a continuously running malware-scan program in the background that scans every incoming packet and double-checks every system request.

Oh, I see!

I better not go on and change my password to my bank account right away then. Unless I use the v keyboard.
A "virtual keyboard" may have given more protection years ago against keyloggers than it does now, but I wouldn't bet on it being safe then or now. Just do a scan (or several, one each with different programs), that's about the best anyone can do.

benbradley
02-18-2010, 01:48 AM
I want to say I also got phished once about my paypal. Got a email saying someone had tried to get in and to go and change my password right away, so I clicked the link, followed the instructions - and they got my credit card number (I don't have a "account" for monies, but it is hooked up to my credit card number). Get a call from Wells Fargo saying someone tried to use my card for some massive transfers thru Western Union. And my dumb ass didn't know anything about phishing at the time, so when I got my new card number, clicked the link from the phishing email AGAIN and the same thing happened, only this time I HANDED them the number.

**waits for Darwin award**
I've posted about this before. Even "plain email" program thesedays look like browsers and render HTML code just like a webbrowser does, but if you put the pointer over a "link" they still show the actual link on a line in the bottom of the window or something.

Here's my rant about it. I thought I was harsh until I scrolled down and read post #30:
http://www.absolutewrite.com/forums/showthread.php?p=2116689#post2116689

bettielee
02-18-2010, 02:58 AM
Yes Ben, you taught me that, and I use it now.

writerterri
02-19-2010, 05:44 AM
Did you update your definitions before you did the scan?

Also, try: Trend Micro HouseCall (http://housecall.trendmicro.com/) This will scan your computer from their server in case your antivirus software is itself compromised. And yes, it is a safe site. This has saved my butt a time or two.

To quote my husband: "The thing about viruses is you can never be 100% sure you are not infected. You can only be sure when you are infected."

Yes, as a matter of fact I did! I did know I had to though.

True, what hubby said. I'll use the link! Thanks!

writerterri
02-19-2010, 05:54 AM
I wouldn't bet fifty cents on what a "current keylogger" can't do. If we can write about it here, they (the real people who write the crap) can modify the code and have the new one installed on thousands of computers in days or hours. It's only safe to assume that a keylogger or any malware CAN do these things, and a lot more besides, without giving the user a clue.

Five or ten years ago most malware slowed down computers to a crawl because it was so badly written, so "my computer is running slow" was often a sign for a knowledgable person that the computer is likely infected. Nowadays you might never know without running a scan or having a continuously running malware-scan program in the background that scans every incoming packet and double-checks every system request.

A "virtual keyboard" may have given more protection years ago against keyloggers than it does now, but I wouldn't bet on it being safe then or now. Just do a scan (or several, one each with different programs), that's about the best anyone can do.


Malware! That's what slowed my pc to a crawl! It was so slow I couldn't fix it! My son and his surfing did it. I don't let him on here anymore. My pc is old. I'm going to get a new one sometime.

It's a shame people have to pick on other people who are by no means wealthy. If they would have gotten any of our money it would have been a disaster.

writerterri
02-19-2010, 05:56 AM
I heard so many horror stories from friends about that service when it first became 'popular' that I went down to my bank and opened a new account and I keep a horribly low balance in it .

On the rare occasion that I really must make an online purchase using that service, I transfer what I need into that account. Yep, it takes forethought and a few extra days, but every time I hear tales such as these, I'm reminded as to how totally worth it that account is. Sorry to hear about the troubles, but seriously consider an 'online' only separate way-low-balance account!!

You're smart! I didn't even think about that.

PayPal does suggest that if you have an account with them that it's not connected with your main account.

writerterri
02-19-2010, 06:01 AM
I'm sorry this happened to you. I would also suggest calling the credit agencies and placing a block on your credit, where you have to call for any credit authorizations.

PayPal has proven to me time and time again they aren't secure at all and if you're going to continue to use them, do so at your own risk.

My sister had to fight them for 2 years about a purchase that she never made.
Right now my husband and I are fighting with them because someone, somewhere, got a Credit Card with them in HIS name and charged $600 to Ebay!! Not only does this piss me off because they did it, it pisses me off because when we called the police for a report, called PayPal and explained the situation and gave the police report number for fraud on THREE occasions, we were told "it's been taken care of, don't worry..." they still send us bills for it.

:Soapbox:


I'm afraid it'll only get worse. We are working toward a cashless society and when cash becomes obsolete (sorry, no spell check at this time) people will be getting ripped off more than ever.

I got emails today that our bank stopped the payments from being made.