Email Account Hacked

decmatt · 23 Jun 2018 at 18:49

Hi

I have had my email account hacked, and they managed to spend £50 on Steam Gift Card Vouchers (via cdkeys and paid via my Paypal).

I have reinstalled windows, and changed password so far.

Is there anything else I need to do that I haven't thought of? I am not sure how the account hack happened

I have raised a Paypal dispute, but what are the likelihood that I will get a refund? It was delivered to my email address and paid for via my Paypal?

Thanks

Edit - I know they where delivered to my email, as I logged onto my ISPs webmail and they had tried to delete them

Malevolence · 23 Jun 2018 at 18:56

Why would you use the same password for your email and your Paypal? I'd sort that out first.

decmatt · 23 Jun 2018 at 18:58

Malevolence said:
Why would you use the same password for your email and your Paypal? I'd sort that out first.

I don't which is what I don't understand

Delta3D · 23 Jun 2018 at 18:58

Malevolence said:
Why would you use the same password for your email and your Paypal? I'd sort that out first.

Could he not have reset the password through his email since he had access?

Malevolence · 23 Jun 2018 at 19:01

Pretty sure that PayPal use security questions whenever you need to change anything..

Minusorange · 23 Jun 2018 at 19:02

Malevolence said:
Why would you use the same password for your email and your Paypal? I'd sort that out first.

Because you use 2fa so it's safe(r) ?

The error isn't using same passwords, it's not having 2FA set up

Pho · 23 Jun 2018 at 19:04

Do you use the same password anywhere else? Chances are it was somewhere else that got compromised. Put your email into https://haveibeenpwned.com/, are you on there?

If you're using your ISP for email I'd ditch it and switch to Google/Hotmail/Exchange online and enable two-factor authentication, and use LastPass (free) to generate unique strong password for every site you use. An added bonus is it makes it easy to switch ISP as you don't have to go update everywhere with your new email.

decmatt · 23 Jun 2018 at 19:06

Pho said:
Do you use the same password anywhere else? Chances are it was somewhere else that got compromised. Put your email into https://haveibeenpwned.com/, are you on there?

If you're using your ISP for email I'd ditch it and switch to Google/Hotmail/Exchange online and enable two-factor authentication, and use LastPass (free) to generate unique strong password for every site you use. An added bonus is it makes it easy to switch ISP as you don't have to go update everywhere with your new email.

Thanks - Not the email password, that one is only for the email account - Which is what surprised me

I'll switch over to my outlook account, and thanks for the Lastpass link.

Anything else? I did a format and reinstall via the Microsoft Windows 10 Reinstaller - Is that suffice? All I can think of is I had a keylogger of some sort to get that password.

Also any ideas about the £50? It was linked to a debit account which the funds came out of.

Delta3D · 23 Jun 2018 at 19:15

Malevolence said:
Pretty sure that PayPal use security questions whenever you need to change anything..

Ah my bad, never had to reset my PayPal so wasn't sure of it

Tefal · 23 Jun 2018 at 19:23

Ahhh I love threads like these everyone saying what you should have done rather than belong with what to do jext

Minusorange · 23 Jun 2018 at 19:54

Tefal said:
Ahhh I love threads like these everyone saying what you should have done rather than belong with what to do jext

Surely telling him what he should have done ensures he does those things in future so what happened when he didn't do those things doesn't happen again ?

arknor · 23 Jun 2018 at 20:34

probably got a keylogger from some pron site

Scam · 23 Jun 2018 at 20:36

ThriceNightly · 23 Jun 2018 at 20:56

Pho said:
If you're using your ISP for email I'd ditch it and switch to Google/Hotmail/Exchange online and enable two-factor authentication, and use LastPass (free) to generate unique strong password for every site you use. An added bonus is it makes it easy to switch ISP as you don't have to go update everywhere with your new email.

This is the issue I have.... my isp email is 10charachter letter numbers only with no 2fa

I'm going to set up a hotmail account/s

Is one account ok for everything or is it a good idea to have multiple email accounts for bank /investments / paypal/ major retailers/ forums etc

Advice appreciated.

CREATIVE!11 · 23 Jun 2018 at 20:59

2fa and use different passwords for important accounts. My email paypal ebay and facebook all 4 have different passes. For any forums like ocuk etc I use same disposeable password.

Pho · 23 Jun 2018 at 21:03

ThriceNightly said:
This is the issue I have.... my isp email is 10charachter letter numbers only with no 2fa

I'm going to set up a hotmail account/s

Is one account ok for everything or is it a good idea to have multiple email accounts for bank /investments / paypal/ major retailers/ forums etc

Advice appreciated.

As long as you use different passwords for each site, or as a minimum a different password for your email account to all the sites you sign up for you should be fine.

Personally I prefer Gmail over Hotmail. Their two factor works excellently with an Android phone.