I usually check my emails right after I wake up and received a PayPal email receipt this morning that told me that the amount of $480 was transferred from my account. I first thought that this was a phishing email and checked the links and headers but it turned out to be legit. I was slightly nervous at that time and decided to log into PayPal to see if the transaction would be found there as well.
Imagine my surprise when I discovered that a payment for all the money in the PayPal account has been made at 23:35:35 PDT to Santrex Internet Services. I was not awake at that time which could only mean that someone else managed to make the transaction. The question is how.
I contacted PayPal and filed for unauthorized payment and did contact the “seller” as well who replied telling me that someone did buy Virtual Servers from the money. I’m pretty sure that I will get the money back the question however is how someone was able to make that transaction in first place.
The possibility is there that someone was able to get my password for PayPal somehow and made the transaction that way. I’m not sure if there is a possibility to make a transaction from PayPal without logging into the account. It does not look this way.
I checked my system with latest anti-virus software and found nothing. I also checked the PayPal account settings and changed the passwords there. I will change all passwords for all sites just to make sure that someone did not get them all.
The strange thing is that the payment was only made for the amount that I had lying around in my account. Anyone ever heard of something like that ? The real question is how he was able to get into my account as it is unlikely that transactions could have been made without my PayPal login data.
Related Articles:
Ebay.de To Switch To New Payment Processing SystemHow To Verify Your PayPal Account Without A Credit Card
How Much Is A Hacked PayPal Account Worth?
PayPal: Please update your account information
Update on my PayPal Story
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Good luck Martin!
Is it a company that you’ve previously done business with?
I’ve had a web host automatically renew my account, without telling me that I had auto-renewal enabled.
Then again, they withdrew everything, so either they managed to get in and figure out the exact amount, or they withdrew more than you had, and the balance was taken out of your bank account or credit card (and you haven’t noticed yet).
Just some thoughts, hope PayPal can sort this out soon. Sorry, dude.
I have never heard of that company before. My account has a balance of $0,35 which suggests that they knew the amount that they were able to take.
I mailed the guy and he told me that PayPal required username and password for the transactions.
The guy who did it used Canadian information and had an IP from a US University. Most likely faked.
Martin, please keep us posted some how on the outcome of this. I’d really like to know how this turns out and more importantly how they managed to do this to someone like your good self. Here’s hoping you get your cash back.
Colin thanks I will keep everyone posted. More important than the cash is how it was done. It’s impossible to say yet but it does not look like he gained access to my computer.
And I’m still wondering why he did not disable notifications of payments and account changes in PayPal and change the password and security questions afterward so that I would have additional troubles solving the issue. This would have bought him some time.
Bad news. Probably someone cracked your password. Go to Youtube and search “hack paypal”, “crack paypal”. Lot’s of how-to video’s.
You should order a PayPal Security key (I just did). Cost is $5 in the USA (free to business account users). This will provide extra security.
Link:
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayPalSecurityKey
This just sucks! I’m so glad I don’t keep much (if any) money in PayPal!
ê¿ê
Have you checked your email account to see if mail was being filtered or redirected somehow?
I had a friend (that I have since lost contact with, unfortunately!) that had this happen to him way back in 2004. If I recall he said that someone had intercepted his login via his network at work. I cant fully remember but he was the IT Manager and he felt like crap after this and really didn’t want to talk about it, but it had something to do with a key logger and some other crap. Regardless the amount was similiar, close to 600 and it was very hard to recover those funds. I never had this problem, *KNOCK ON WOOD*, but I also never left any large amount in Paypal, and I really never had any issues at all in the near 6 yrs or so I used them.
In any event, heres hoping this is resolved quickly and in your favor, and that Paypal does whats right. They tend too. Good Luck!
it goes without saying that you should keep a close eye on any other services and accounts where you use a password to log in, as there is a possibility they got your login and poassword from some kind of keylogger on your computer or something similar that exposed the login information for other sites you used.
I got my money back already but a call with PayPal did not reveal any additional information that could have helped me track the method down.
Nothing was changed on my system as far as I can see and there have not been logins into other online accounts. I wished they would have told me if someone with another IP logged into my PayPal account which would still leave the question unanswered how someone was able to get that password.
I ordered the PayPal Security Key by the way Jojo, nice tip, thanks for that.
you haven’t explicitly stated yet, but have you checked the dns settings on your computer and on your router? (to rule out the possibility of pharming)
also, javascript keyloggers are possible… you wouldn’t necessarily find them with a scanner because they aren’t necessarily persistent…
Kurt DNS Settings have not been changed. I’m currently running additional programs (Hijack This was the last). So far nothing was found.
I sugest you format you computer ASAP.
Have you used some wireless network?
Possible even a public one?
Chances are that there are some people out there that are intercepting packets and seeing all the info you are sending and receiving.
Also, maybe someone phished your password with a fake e-mail…
I don’t know if it’s possible but maybe the hacker got your info from the Paypal database? So you may not be the only victim.
A keylogger is the most probable reason…
Well I was not able to detect a keylogger on my system. Cheryl yes that it possible but unlikely because there is no huge public outcry. More like is an error in their billing system or the hacking of another website where I used the email and password for.
Could have also been a Firefox extension or website exploit that caught the password. The first is unlikely while the second could be a valid cause
Ok, I know you’ve stated in the past that you don’t install antiviruses on your PC. You just scan it afterwards. But a keylogger can persist in the Root and not be found by a “after-the-fact” scan. Also, are you in the habit of shutting down your browser and than restart it before you enter a financial transaction site? And shut down and restart after you’ve finished the financial transaction? These are the basic security measures that me and my wife take routinely. So far so good.
But than I am paranoid. I have McAfee Antivirus, Avira, and ZoneAlarm running at the same time.
In general there are two possible forks of what happened (assuming internet only and no local networks with possible sniffing as mentioned above involved):
1. Targeted personal attack. Very rare and very scary. If someone qualified is set to cause trouble it would take lots of paranoia to stay safe. Doesn’t seem to be the case – damage too small.
2. Carpet bombing with latest virus\trojan\sniffer\expoit\whatever. Best case it is catched with anti-virus (or by hand) soon, worst case – browser-related non-local exploit. Paranoia helps against local stuff but browser exploits are reaaaaally bad news until fixed.
If local system is really clean then my bet is on browser exploit – Firefox3 is likely candidate as it is propably being ripped to pieces in search of fresh exploits from the day of release.
I would also be very careful with keyloggers. They are extremely easy to write on Windows (about 30-50 lines of code on some languages).
For my part I have a keyscrambler on my PC (the free version of QFX, firefox addon):
http://www.qfxsoftware.com/index.html
When I have to use another PC I use this software on my USB key (I always assume there’s a keylogger):
http://www.aplin.com.au/?p=204
francois
I had a problem where my paypal email address suddenly started to recieve loads of spam – this should be impossible as it is not used anywhere other than for paypal itself. And yes, I checked my machine – as an IT consultant working on government conracts I am VERY careful about that stuff.
Paypal themselves were unable/unwilling to shed any light on the matter and I don’t know if it is related however, the only realistic way I could think of for this to happen was for there to be a problem inside paypal itself.
Related to all of this, I have a colleague who has recently had money taken from her account by paypal themselves where they have double paid from multiple sources (bank and card). It has taken a long time to get that sorted.
I am rapidly getting concerned about using paypal. Of course it is rather convenient so I am considering setting up a current account and credit card simply to be linked to them.
Regards, J.
Okay I tested the system with several anti-virus, spyware, rootkit applications which all found nothing.
It is most likely that it was either a browser exploit as Rarst pointed out or that another website was hacked where I did use the email and same password.
I naturally keep an eye on my traffic with various applications at the moment but nothing so far.
May be you had a weak password?
a weak password would only matter if he had my email address. And if he had my email address it was intentional. But I do not think that you can bruteforce PayPal. And the password was not weak, no dictionary word.
Well if you use the same email address that you elsewhere, then you are asking for trouble.
I use Spamex for disposable email addresses (www.spamex.com). Cost is $10/year for up to 500 email addresses at any one time. Well worth it! There is a javascript bookmarklet that you can add to your Links bar to easily enter Spamex or allocate a new email address. The email actually gets forwarded to another account that you specify. I think I have a couple hundred active email addresses right now.
These addresses are great to use for virtually anything including Paypal, Amazon, forums, blogs, etc. I am building a small domain portfolio and I use a different SpamEx address for each individual domain I own.
btw: Spamex has an alternative domain you can use (xemaps.com) which is spamex spelled backwards. I’d suggest using this as some mail scanners give trouble if they see the word spam in anything, even a domain address.
Hey Martin, this sucks mate,
just wondering, do you have any site you use same account coded in a Paypal bottom ?
Martin it was probably a undetected trojan that sniffed your password.
Lucio I do not think that I have a site up currently with a PayPal donate button but I had them up in the past. Why are you asking ?