Paypal hacked for a second time :(

CaptainRAVE · 26 Aug 2014 at 23:08

Hi all...

A few weeks back my other half had a fraudulent transaction appear on her Paypal account. The money was eventually refunded and she changed her password.

Today it seems to have happened again - for a lesser amount this time and with a different currency.

My first thought is to scan her computer for viruses and spyware (what are the best tools for this?).

Is there anything else that I haven't thought of?

Mynight · 26 Aug 2014 at 23:13

Has she had a few calls from Indian guys fixing the viruses on her pc?

Personally if you suspect something on the pc I'd clean install.

Is she following standard password practises? They're not just social engineering her are they?

Sin_Chase · 26 Aug 2014 at 23:14

Paypal used on any mobile devices?
Linked to any other websites?

Format PC
Close down Paypal account. Open a completely new one.

CaptainRAVE · 26 Aug 2014 at 23:22

Currently running a full system scan with Avast and a full scan with windows defender. Looks like it will take a while.

They seem like complex passwords, a mix of letters, numbers, case etc.

Not used on any mobile devices or linked to any website other than ebay.

Might be a good idea to close the account.

Surely there must be something on the laptop for this to have happened?

Burnsy2023 · 26 Aug 2014 at 23:24

This would be solved if you used 2 factor authentication. Just set it up.

Mynight · 26 Aug 2014 at 23:25

Ok so complex password is good but is it the same she uses on other sites? (Sorry I'm sure she's not thick I'm just making sure).

Check your router settings for port forwarding. Long shot but possible.

Otherwise as said above create a new account and format the computer.

Are the transactions to a company or person? Can you give their name?

arknor · 26 Aug 2014 at 23:26

is she using paypal anywhere but on her own computers?
does she logout every time?I think there was a thing with cookies that could be exploited

CaptainRAVE · 26 Aug 2014 at 23:38

Burnsy2023 said:
This would be solved if you used 2 factor authentication. Just set it up.

I have told her to set it up. I have it setup for this exact reason!

Mynight said:
Ok so complex password is good but is it the same she uses on other sites? (Sorry I'm sure she's not thick I'm just making sure).

Check your router settings for port forwarding. Long shot but possible.

Otherwise as said above create a new account and format the computer.

Are the transactions to a company or person? Can you give their name?

She tells me that the password is unique to Paypal.

The transaction appears to be involving a person -
fadi hatherh
Beit jala,shel street44
Bethlehem 00970
Israel

Payment is to Bodybuilding.com for $73.66.

I believe it was a person last time also.

arknor said:
is she using paypal anywhere but on her own computers?
does she logout every time?I think there was a thing with cookies that could be exploited

Interesting, I will delete all of the cookies on her laptop. Not sure if she logs out everytime.

Mynight · 27 Aug 2014 at 00:06

Weird I expected to see a fraudulent site not just someone buying stuff using your wife's/gfs paypal.

413x · 27 Aug 2014 at 00:43

Poo through letterbox? Will be a right stinker by time it gets there

More seriously I would definitely reformat that laptop

darael · 27 Aug 2014 at 01:19

I can't remember if Paypal uses security questions. If it does, change these also.

I'd use Firefox to save the password for Paypal generated by one of the many online generators.

redrooster303 · 27 Aug 2014 at 01:38

On hotukdeals at the moment their is a deal up for 1 years free lastpass premium password manager (1 year free).

Now if this is a load of rubbish please feel free to flame as I don't know about these things but it looked pretty decent to me. It has a password generator and a few other things so if all else fails that'll come in handy.

Link: http://www.hotukdeals.com/freebies/...l&utm_content=08262014&utm_campaign=Daily+Hot

This may help her with her other passwords. It just reduces the risk abit.

Mynight · 27 Aug 2014 at 01:54

Lastpass is supposed to be great. One of the simplest whilst maintaining security so it can't hurt.

I still vote for memorising passwords but even then they're only secure until you enter them into a website

.

redrooster303 · 27 Aug 2014 at 02:03

I have a notebook for my passwords but I don't write all the password in, only enough so I can remember the rest. I know this is abit risky but its the only way I can think of to archive my passwords.

I saw the deal on lastpass today and I've never used a password manager but the more I read up on it the more sense it made. Its all stored to the cloud aswell so failing a dodgy government no one will get hold of them. (I hope).

Mynight · 27 Aug 2014 at 02:07

redrooster303 said:
I have a notebook for my passwords but I don't write all the password in, only enough so I can remember the rest. I know this is abit risky but its the only way I can think of to archive my passwords.

I saw the deal on lastpass today and I've never used a password manager but the more I read up on it the more sense it made. Its all stored to the cloud aswell so failing a dodgy government no one will get hold of them. (I hope).

I must admit I don't like the idea of being stored in the cloud as if a warrant for your information is complied with by last pass then suddenly the police have access to every account you own(well ones you use lastpass with). I guess if you don't do anything illegal you don't have to worry, but I like to keep my options open

.

redrooster303 · 27 Aug 2014 at 02:16

Yeah I know what you mean. I don't do anything illegal but it just makes me feel uncomfortable knowing that all my internet life is there somewhere.

I mean some things could become illegal or god forbid they get hacked. Anyway that's abit tin foil hatty so I think I'll just have to believe its safe

even though nothing is truly safe (bar a swallowed laminated list lol).

Earth[Tera].bin · 27 Aug 2014 at 08:08

Just out of interest did the PayPal password change with the latest fraudulent use, or is the one she created still intact?

RoyMi6 · 27 Aug 2014 at 09:15

Format, format, format, format, format.

Then setup KeePass (and sync with dropbox) or LastPass

http://lifehacker.com/5944969/which-password-manager-is-the-most-secure

edscdk · 27 Aug 2014 at 09:30

RoyMi6 said:
Format, format, format, format, format.

Then setup KeePass (and sync with dropbox) or LastPass

http://lifehacker.com/5944969/which-password-manager-is-the-most-secure

that's a bit complex if the lady is not IT savvy if she trusts everyone in the house just write them down like most people do.

avrc · 27 Aug 2014 at 09:35

redrooster303 said:
I have a notebook for my passwords but I don't write all the password in, only enough so I can remember the rest. I know this is abit risky but its the only way I can think of to archive my passwords.

I saw the deal on lastpass today and I've never used a password manager but the more I read up on it the more sense it made. Its all stored to the cloud aswell so failing a dodgy government no one will get hold of them. (I hope).

This is what I do, my passwords are on paper and all too complicated to memorise. I have memorised email and PayPal though through constant use. I figure there's more chance of being hacked or whatever than burgled. My Mrs stores hers in a bloody text document. Makes me cringe but no amount of concern on my part changes this.