Unauthorized Payment Done With My PayPal Account

Good luck Martin!

Is it a company that you’ve previously done business with?

I’ve had a web host automatically renew my account, without telling me that I had auto-renewal enabled.

Then again, they withdrew everything, so either they managed to get in and figure out the exact amount, or they withdrew more than you had, and the balance was taken out of your bank account or credit card (and you haven’t noticed yet).

Just some thoughts, hope PayPal can sort this out soon. Sorry, dude.

I have never heard of that company before. My account has a balance of $0,35 which suggests that they knew the amount that they were able to take.

I mailed the guy and he told me that PayPal required username and password for the transactions.

The guy who did it used Canadian information and had an IP from a US University. Most likely faked.

Martin, please keep us posted some how on the outcome of this. I’d really like to know how this turns out and more importantly how they managed to do this to someone like your good self. Here’s hoping you get your cash back.

Colin thanks I will keep everyone posted. More important than the cash is how it was done. It’s impossible to say yet but it does not look like he gained access to my computer.

And I’m still wondering why he did not disable notifications of payments and account changes in PayPal and change the password and security questions afterward so that I would have additional troubles solving the issue. This would have bought him some time.

Bad news. Probably someone cracked your password. Go to Youtube and search “hack paypal”, “crack paypal”. Lot’s of how-to video’s.

You should order a PayPal Security key (I just did). Cost is $5 in the USA (free to business account users). This will provide extra security.

Link:
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/general/PayPalSecurityKey

This just sucks! I’m so glad I don’t keep much (if any) money in PayPal!

ê¿ê

Have you checked your email account to see if mail was being filtered or redirected somehow?

I had a friend (that I have since lost contact with, unfortunately!) that had this happen to him way back in 2004. If I recall he said that someone had intercepted his login via his network at work. I cant fully remember but he was the IT Manager and he felt like crap after this and really didn’t want to talk about it, but it had something to do with a key logger and some other crap. Regardless the amount was similiar, close to 600 and it was very hard to recover those funds. I never had this problem, *KNOCK ON WOOD*, but I also never left any large amount in Paypal, and I really never had any issues at all in the near 6 yrs or so I used them.

In any event, heres hoping this is resolved quickly and in your favor, and that Paypal does whats right. They tend too. Good Luck!

it goes without saying that you should keep a close eye on any other services and accounts where you use a password to log in, as there is a possibility they got your login and poassword from some kind of keylogger on your computer or something similar that exposed the login information for other sites you used.

I got my money back already but a call with PayPal did not reveal any additional information that could have helped me track the method down.

Nothing was changed on my system as far as I can see and there have not been logins into other online accounts. I wished they would have told me if someone with another IP logged into my PayPal account which would still leave the question unanswered how someone was able to get that password.

I ordered the PayPal Security Key by the way Jojo, nice tip, thanks for that.

you haven’t explicitly stated yet, but have you checked the dns settings on your computer and on your router? (to rule out the possibility of pharming)

also, javascript keyloggers are possible… you wouldn’t necessarily find them with a scanner because they aren’t necessarily persistent…

Kurt DNS Settings have not been changed. I’m currently running additional programs (Hijack This was the last). So far nothing was found.

I sugest you format you computer ASAP.

Have you used some wireless network?

Possible even a public one?

Chances are that there are some people out there that are intercepting packets and seeing all the info you are sending and receiving.

Also, maybe someone phished your password with a fake e-mail…

I don’t know if it’s possible but maybe the hacker got your info from the Paypal database? So you may not be the only victim.

A keylogger is the most probable reason…

Well I was not able to detect a keylogger on my system. Cheryl yes that it possible but unlikely because there is no huge public outcry. More like is an error in their billing system or the hacking of another website where I used the email and password for.

Could have also been a Firefox extension or website exploit that caught the password. The first is unlikely while the second could be a valid cause

Ok, I know you’ve stated in the past that you don’t install antiviruses on your PC. You just scan it afterwards. But a keylogger can persist in the Root and not be found by a “after-the-fact” scan. Also, are you in the habit of shutting down your browser and than restart it before you enter a financial transaction site? And shut down and restart after you’ve finished the financial transaction? These are the basic security measures that me and my wife take routinely. So far so good.

But than I am paranoid. I have McAfee Antivirus, Avira, and ZoneAlarm running at the same time.

In general there are two possible forks of what happened (assuming internet only and no local networks with possible sniffing as mentioned above involved):

1. Targeted personal attack. Very rare and very scary. If someone qualified is set to cause trouble it would take lots of paranoia to stay safe. Doesn’t seem to be the case - damage too small.

2. Carpet bombing with latest virus\trojan\sniffer\expoit\whatever. Best case it is catched with anti-virus (or by hand) soon, worst case - browser-related non-local exploit. Paranoia helps against local stuff but browser exploits are reaaaaally bad news until fixed.

If local system is really clean then my bet is on browser exploit - Firefox3 is likely candidate as it is propably being ripped to pieces in search of fresh exploits from the day of release.

I would also be very careful with keyloggers. They are extremely easy to write on Windows (about 30-50 lines of code on some languages).

For my part I have a keyscrambler on my PC (the free version of QFX, firefox addon):
http://www.qfxsoftware.com/index.html

When I have to use another PC I use this software on my USB key (I always assume there’s a keylogger):
http://www.aplin.com.au/?p=204

francois

I had a problem where my paypal email address suddenly started to recieve loads of spam - this should be impossible as it is not used anywhere other than for paypal itself. And yes, I checked my machine - as an IT consultant working on government conracts I am VERY careful about that stuff.

Paypal themselves were unable/unwilling to shed any light on the matter and I don’t know if it is related however, the only realistic way I could think of for this to happen was for there to be a problem inside paypal itself.

Related to all of this, I have a colleague who has recently had money taken from her account by paypal themselves where they have double paid from multiple sources (bank and card). It has taken a long time to get that sorted.

I am rapidly getting concerned about using paypal. Of course it is rather convenient so I am considering setting up a current account and credit card simply to be linked to them.

Regards, J.

Okay I tested the system with several anti-virus, spyware, rootkit applications which all found nothing.

It is most likely that it was either a browser exploit as Rarst pointed out or that another website was hacked where I did use the email and same password.

I naturally keep an eye on my traffic with various applications at the moment but nothing so far.

May be you had a weak password?

a weak password would only matter if he had my email address. And if he had my email address it was intentional. But I do not think that you can bruteforce PayPal. And the password was not weak, no dictionary word.

Well if you use the same email address that you elsewhere, then you are asking for trouble.

I use Spamex for disposable email addresses (www.spamex.com). Cost is $10/year for up to 500 email addresses at any one time. Well worth it! There is a javascript bookmarklet that you can add to your Links bar to easily enter Spamex or allocate a new email address. The email actually gets forwarded to another account that you specify. I think I have a couple hundred active email addresses right now.

These addresses are great to use for virtually anything including Paypal, Amazon, forums, blogs, etc. I am building a small domain portfolio and I use a different SpamEx address for each individual domain I own.

btw: Spamex has an alternative domain you can use (xemaps.com) which is spamex spelled backwards. I’d suggest using this as some mail scanners give trouble if they see the word spam in anything, even a domain address.

Hey Martin, this sucks mate,
just wondering, do you have any site you use same account coded in a Paypal bottom ?

Martin it was probably a undetected trojan that sniffed your password.

Lucio I do not think that I have a site up currently with a PayPal donate button but I had them up in the past. Why are you asking ?

Martin, long ago I remember a plugin for firefox (sorry mate cant remember the name) that would give you the username + coded password, then you can use a force cracker to fin out,
More or less like google syntax:
inurl:_vti_pvt”service.pwd”
cheers
Lucio

I have just had this done twice, I have paypal linked to my hotmail account and it had the same password (this is now not the case) they took about £400 both time’s i didn’t notice the first one as they must have logged into my hotmail account and deleted the notifications, but the second time i was at work and logged into messenger and noticed an alert pop up from paypal about a payment, this was a bit of a shock.

I don’t normaly have any money in the account so they took it off 2 card’s i have stored in paypal

the person left a few days between each payment, fortunatly I have now notified paypal but i don’t know how long this is going to take.

Tom

I’ve just had this EXACT same thing happen to me… except the amount was for $1200 USD sent to a UK e-mail address. Of course, the first thing I did was report it as unauthorized on the PayPal site, change my password and questions, and scan my computer for trojans. Everything turned up clean. Did you find out if PayPal had a record of someone logging into your account from another IP address? I’m very curious as to how this happened as well, as it seems it happened without someone logging in. My dispute is still pending. The process PayPal goes through is to contact the recipient and have them confirm that the payment was unauthorized or something. And today, the guy e-mails me asking me to remove the dispute and he will refund the money to me, as this is all a nightmare for him… for HIM?!?! No way in hell I’m removing the dispute. If he’s innocent, he has nothing to worry about. It’s also been recommended to file a police report. We should keep this thread going to educate people about what’s going on and what they can do to prevent it/get their money back.

“”"We should keep this thread going to educate people about what’s going on and what they can do to prevent it/get their money back.”"”

Concerning the “educate” part, as I said in my comment above, it is extremely easy to write a new keylogger on Windows which will then be undetected (I would say 30 minutes for a ‘reasonable’ student beginning programming). I think the best way to avoid them is to assume there is always one lurking around (and use a keyscrambler for example).

Also concerning paypal my password is unique (not used on any other website or application), long, using also numbers and special characters.

My point was that regardless of keyscramblers and unique passwords, your PayPal account can still be hacked! My password was very unique, long, and used numbers and letters. The person who recommended doing a search on YouTube for instructional PayPal hacking videos was right. There are plenty of programs out there that will brute-force figure out your password… no matter how unique it is. Since it doesn’t seem like someone physically stole my password and logged into my PayPal to make an illegal transaction, the next logical choice would be that they used one of those programs to hack the password remotely. There must be some backdoor vulnerability that some of these programmers figured out too. I hope PayPal gets their security in order. But for now, I’m clearing my account.

I got my new Paypal/eBay security key the other day. I don’t think anyone will be able to easily hack an account using a security key.

Who knows, maybe there is someone inside PayPal that can compromise an account? Who knows how strong PayPal’s internal security is or if anyone really reviews logs?

Again, given that we don’t know how this (or other) break-in’s are really accomplished, I’d highly recommend getting the security key.

@SisXtian

“”"
My point was that regardless of keyscramblers and unique passwords, your PayPal account can still be hacked!
“”"

Sure, every systems can have flaws. I was talking about the “educate” part for the 99.9% of computer users who still don’t care about (unique/password strength) for a sensitive websites or don’t know what a key logger is. As a software developer I just say it is *extremely easy* to write a new keylogger on Windows, just plain *extremely easy*. The first step to avoid a danger is to know its existence. From that point people do what they want, I really don’t mind.

“”"
There are plenty of programs out there that will brute-force figure out your password… no matter how unique it is.
“”"

Sure, but after my death I don’t really care. The stronger a password is the longer it will take to crack (assuming it wasn’t a key logger).

“”"
Bit strength can be calculated by taking the total number of possibilities for each character in a proposed password, and multiplying by the total password length.
…
Currently, distributed.net estimates that cracking a 72-bit key using current hardware will take about 403′784.9 days or 1′105.5 years.[7]
No currently expected increase in computer power will be sufficient to break 128-bit or 256-bit encryption using random keys via a brute-force attack.
“”"
http://en.wikipedia.org/wiki/Password_strength

This numbers assume you have a local access to the users’s data. Through the internet the delay between each try will probably give you times much longer than the age of the universe itself and you’ll quickly run into a “denyhost” anyway.

Assuming that password strength is not important for a sensitive service is IMO a bad idea for “educating” people to security.

If cybercriminals retrieve the users database of a popular service (like for example a php forum through an SQL injection if there is a security flaw), they can then brute-force the weakest passwords. With the retrieved login/mail/passwords they can try other popular service like ebay/paypal/etc and since lot of people keep the same login/password for a sensitive service…

Cybercriminals search for the easy catch first, they are not going to spend few years to crack a strong password, time is money, simple business logic.

[...] had a rather unpleasant experience with PayPal lately where someone transferred all the money from my account. PayPal was not very forthcoming and [...]

[...] by admin under Hardware, Sicherheit Ich hatte vor kurzem ein sehr unerfreuliches Erlebnis mit PayPal bei dem das gesamte Geld ohne meine Zustimmung von meinem Zugang überwiesen worden ist. Eine der [...]

[...] giorno fa è accaduta a Martin Brinkmann di ghacks.net una singolare sventura: dal suo conto paypal sono stati proditoriamente prelevati a sua insaputa [...]

Same exact thing just happened this morning for $410. Here is a list of the companies below.

Jul. 23, 2008 -$180.00 USD Gaming Resources LLC
Jul. 23, 2008 -$180.00 USD Gaming Resources LLC
Jul. 23, 2008 -$50.00 USD aeRO Gaming

HI, same thing happened to me this weekend. $2000 out of paypal acct. I believe it is internal problem at paypal… they acted on the phone like they are seeing this problem a lot this month. My system and network are solid.

I just had the same thing happen - the catch is I havent used paypal in over a year. This would seem to rule out spyware. Any ideas?

ha ha ha ha ha i guess thats what happens when people on youtube goto my vids about hacking. I did the same to some other guy. but i dont think i did any of you guys sooooo probably someone saw my video and did it thats funny how lots of people can do it

[...] key to safeguard your account from similar activity. This is not an isolated case, I found this article which goes to show that there is obviously a significant loop hole somewhere in the system, and it [...]