NoPaypal
You are not logged in! [ LOGIN ] or [ REGISTER ]
NoPaypal Horror Stories: Someone else did it! Thread: How to hack Paypal… -- Page 3 | Jump To: 

Sender Message
Thread: How to hack Paypal…
<nobody>
Not Registered

From: N/A
Messages:
 How to hack Paypal…
Sent: 03-20-2002 14:51
  Reply



Speaking from a little "hacking" experiance, it is much more likely that the information was taken from the user's computer or "listened to" during transmission than from any of the profesionally mantained servers of any of those services. I mean why go fishing in a lake when can shoot'em in a barrel.

The best solution is to install good anti-virus and firewall software and make sure you know how to use them. Good luck! :o)

 




Neify
New User

From: Salt Lake City
Messages: 10
 How to hack Paypal…Disconcerting thought
Sent: 03-20-2002 12:16
  Reply



Well reading "A minor problem but a bad symptom" gave me this disconcerting thought.
In "A minor problem but a bad symptom" post there is a transaction that took place over a year ago, but was showing up as "unclaimed" on the account over a year later. Which worries me the computer is remembering transactions. What else is it remembereing?

"If the computer is re-tracing transactions of a year ago, then that means they keep a log of all that info. That means they probable keep all CC numbers all Bank account numbers, all demi-graphic information (i.e. addresses, phone numbers and such), and most likely that is kept even when you delete your account, or remove the information or change the information. And I am betting that all that "old" information isn't even safely gaurded. I am betting hackers could easily get at a lot of old information that PayPal doesn't keep secured because it is "out of date". However, that could be a way for hackers to get passwords (if you use the same for lots of things) full names, real addresses, real phone numbers. All this information once obtained could be used for ID fraud."

 




<BradleyT>
Not Registered

From: N/A
Messages:
 How to hack Paypal…
Sent: 03-20-2002 00:08
  Reply



MRJones,
Do you play any online games? Have you downloaded any hacks for them? Have you downloaded any programs lately? Do you have anti-virus protection running 24/7?

There are quite a few ways people could have gotten your information, an easy one being a key-logger which logs your keypresses in a file and sends it to the perpetrator. You CAN get trojans just from visiting websites that run Active X scripts.

 




<KissAnti>
Not Registered

From: N/A
Messages:
 How to hack Paypal…
Sent: 03-18-2002 16:43
  Reply



MRJones,
maybe you should consider to report this to the FTC identity theft service. If the guy has access to your computer/password, he is able to do much bigger damage too. There is way to prevent it.

1-877-IDTHEFT or the on-line form https://rn.ftc.gov/dod/widtpubl$.startup?Z_ORG_CODE=PU03

 




MRJones
New User

From: N/A
Messages: 2
 How to hack Paypal…
Sent: 03-18-2002 09:43
  Reply



markprz,

Yeah, I'm ahead of you on the password thing. I spent all weekend working out a new password scheme - one where I can remember the different passwords but others wouldn't have a clue. A hacker would have to know at least two different passwords to even have a CHANCE to figure this one out.

The "recruiter's" email comes from a ".to" (as opposed to .com) for Tonga. I don't want to share the domain yet.

How can a fake Hotmail login screen appear on my screen? I always use the "type-ahead" feature in my address bar.

Thanks for your reply,

 




markprz
Active User

From: N/A
Messages: 53
 How to hack Paypal…
Sent: 03-17-2002 06:07
  Reply



MRJones,

From the point of view of a malicious hacker, your first mistake is using the same password for all your online accounts. No matter how secure the password is, one of the services likely is not, and that will be your downbringing.

Hotmail used to be one of the most unsecure services around. Lately they've been getting better, and even if the guy got access to your account, he wouldn't have gotten your password by using any of the standard tricks.

I created an account at bn.com to see what "usual" methods can be used to retrieve someone else's password. To do this, he would have to have access to your full name & your email address, which he couldn't have gotten.

That leaves PayPal and eBay. At eBay, like with Hotmail, you may only create a new password. You can't retrieve your current one.

Then there's PayPal, which also only lets you create a new password, and would require access to your hotmail account.


So that leaves you indeed inadvertently giving out your password to a fake login screen. This would've probably been easiest done with your Hotmail account, which might have had account information for eBay, PayPal, Barnes&Noble, etc. Such fake login screens are extremely easy to be fooled by. You often can't tell them from the real thing, and with countless bugs in Internet Explorer that allow "faking" the current web address, you would think you're actually logging into the real site, and then would actually be forwarded to the real one.

This guy is obviously a professional. Did you look over the headers of his emails? What country is his IP address from?

 




MRJones
New User

From: N/A
Messages: 2
 How to hack Paypal…
Sent: 03-16-2002 23:11
  Reply



[Added by Admin: This is an obvious scam. Anyone using this information is asking for trouble
How to hack Paypal…

Here's my story from the beginning:

03.15.2002 | 7 AM – I'm going over my checking account online. i'm in Overdraft and I find an e-check transfer from Paypal for $425 and i'm wondering WTF!?! I login to Paypal and see a purchase from ebay for a DVD writer and an electronic transfer from the bank. I search on the ebay item and send a message to the buyer (the name is SI) asking what is going on?

Later that day: Here's the reply:

>I am who use your PayPal for a eBay payment.
>Please view All Activity of your PayPal account. You can see -425$ to
>SI.

>Please change yours PayPal, Hotmail, eBay and bn.com passwords.

>You are one of the many.
>I see You have a Bank Account, who I use unsuccessfuly. This was a
>test.

>I have one offert to You. You can have many money.

>Waiting for a answer...

i'm at work and stuck in meetings all day. I go home and try to investigate further and when I log in to Hotmail… the message is GONE from my Inbox! The jerk went in to my email account and deleted the message. All right. I know what you're saying. i'm an idiot… the bastard TOLD me to and I STILL didn't change my password.

But I start poking around my TEMP directory and found the message (I can't tell you the relief)! I sent him one back:

Okay, I changed my passwords. You deleted the message that you sent me but I found it in my TEMP Directory.

Then I try to contact Paypal. What a fiasco! I put my own account into Restriction – what a mistake! I send emails to ebay, Paypal, and log a complaint on ifccfbi.gov. Still, I feel helpless. Email is no way to conduct this kind of urgent situation.

03.16.2002 | 20:54 - Reply from the hacker:

>Well done.

>All was a test. Real test.
>I have many PayPals form whole world.
>I know how to use them, but I have need from peoples in USA.

>You can help me Mr. Jones. You can receive a good sum.
>This is a Real business.

No matter what I do I cannot get in touch with Paypal. Thank heaven for paypalsucks.com. Because the numbers are listed on this website I am able to call them and then I get service worse than I ever would have imagined.

I explain about the issues happening and the "Customer Service Agent" tells me "we have over 13 million customers". Like I could give a #*&^* about THEM. This is ME and MY money we're talking about.


She accuses me of giving out my password for my account… I could just SCREAM!

I tell her that I am using email for correspondence with the perpetrator who is now attempting to recruit me to help him steal money from Paypal… and she practically yawns! So we end the conversation with a promise of a 24-48 hour return call from a manager.

Continuing my own investigation, I respond to the hacker:

>Okay, i'm interested. How dangerous is this?
>I would like to get ebay merchandise for free. How about cash?

Then it begins to dawn on me. The hacker got into either ebay or bn.com (Barnes & Noble) He finds the password that I used for the account (I use an alpha-numeric password that is impossible to figure out, and I change it every six months… but I use the SAME password for ALL of my online accounts!) If he gets links to any site that I have visited, he already knows my email address and password. AND my Hotmail account has its own folder FULL of receipts for Paypal transactions.

*&^%$%*! I feel so VIOLATED!

03.16.2002 | 23:23 – Reply from the hacker:

>You must have a non restricted PayPal account with added bank account.
>In the moment You wait for a mail from PayPal.

>>how about cash?
>I have over 200 PayPals, but I can't use all.
>Over 5'000$ is a real sum.
>If you want more money, You lose my guarantee.

>>How dangerous is this?
>This would be a complex hidden transfer.

>>I would like to get ebay merchandise for free...
>This is a petty work. Do not do this.

>When You repair the account or create new, send me a e-mail.

Summary: I think the REAL criminal is the website who let my information out. This guy is just an opportunist. I will carry on the investigation. Your feedback is welcome.

Mr. Jones

 




Prev  1 - 15   16 - 30  31 - 37


Statistics

Currently Online: 7 Guests Most ever: 152
Total number of messages: 78437
Total number of topics: 31645
Total number of registered users: 102967
This page was built together in: 0.5212 seconds

Make Your Own Website

Credit Card Processing

New PayPal Forums

PayPal Alternative

Free Shopping Cart Software