Some hacker bought something on my ebay account !! WHAT!

Yeah there are so many sophisticated attacks now that its basically almost impossible, I just spoke to PayEnemy on the phone- defo had my claim 'approved' (OH THANKS), and also had ago at them as to why they make life incredibly hard for password manager users and why it was such a nightmare and why they didn't tell me the IP address.

Turns out it was the IP that proved it wasn't me..........despite me asking a million times.

FYI for forum users apparently you can have JUST a credit card linked to paypal and not have to have a debit account (unless you receive payments)........which im not going to do through paypal anymore - im using a different company to take cards now (self employed)

Obviously I informed them once its all sorted I am never going near them EVER AGAIN and will be warning others to AVOID at all costs !!

Horrendous company!
 
NexusK said:
Most people who have fell for phishing via email, phone etc or that their login details have been leaked from x site/forum probably aren't even aware it's happened and still think they are as vigilant as they need to be. More often than not the details aren't used immediately and are sold on in bulk at a later date.
Click to expand...

day one, week one... first IT lesson at school aged 11 I was given my first computer password and...

instructed to change it immediately into something using a combination of numbers and characters

taught how to remember passwords using a mnemonic

told not to reuse it and to change it regularly



I guess these days there are some variations in those rules - if you've got two step set up then perhaps less of an issue also for things like forum passwords I don't think you really need to change regularly but uniqueness for anything important is pretty fundamental
 
Not sure if this has been asked yet but do you live with anybody who could have accessed you ebay account and ordered something? Kids/Room mates or even your partner? Its possible somebody you know had done this using your computer which is why the playstation is being shipped to your address and also why paypal seems adamant that this is a legit transaction.

Have you logged on to any accounts over public wifi? You'd be surprised how many sites still send passwords in plain text so log into anything on unsecure wifi unless you are going through a VPN as anybody with packet sniffing software will be able to capture your password.

Personally, I don't run a full time antivirus on my home PC/phone as i deem it unnecessary and a lot of them are so bloated its ridiculous but if you want to run one then bitdefender definitely seems like one of the best ones about at the moment. Avast used to be good but has gone down hill in the past few years. I wouldn't bother subscribing though as the default features should be good enough but thats up to you.

I'd also recommend you download malwarebytes and do regular scans with that (say once a month) in conjunction with your regular AV as malwarebytes will pick up things that most antivirus programs will miss. Again you don't need to go for the subscription service as the free version is more then enough.

There is also hijackthis which is worth a mention but i don't recommend it as you really need to know what you are doing to be able to interpret the results as it is possible to break you system if you remove something you shouldn't. Generally its the go to if you are sure you have a virus/malware on your system but your antivirus isnt picking it up.
 
Combat squirrel said:
FYI for forum users apparently you can have JUST a credit card linked to paypal and not have to have a debit account (unless you receive payments)........which im not going to do through paypal anymore - im using a different company to take cards now (self employed)
Click to expand...

You shouldn't really use a debit card for anything online, due to the sorts of issues that you've hit. Credit cards give you a lot more protection, not least the fact that you won't go overdrawn if a big transaction hits you.

Also, you can enable 2-factor on PayPal now, so you have to put a one-time password from your phone into the login screen before you can execute a transaction.
 
El Pew said:
That's exactly what it is? Credential theft via social engineering is a time-honoured method for hacking, and it's used in the vast majority of attacks. Almost all breeches involve the use of stolen credentials at some point.
Click to expand...

That's not hacking... Hacking involves code, not circumventing things.
 
Jeps said:
Not sure if this has been asked yet but do you live with anybody who could have accessed you ebay account and ordered something? Kids/Room mates or even your partner? Its possible somebody you know had done this using your computer which is why the playstation is being shipped to your address and also why paypal seems adamant that this is a legit transaction.

Have you logged on to any accounts over public wifi? You'd be surprised how many sites still send passwords in plain text so log into anything on unsecure wifi unless you are going through a VPN as anybody with packet sniffing software will be able to capture your password.

Personally, I don't run a full time antivirus on my home PC/phone as i deem it unnecessary and a lot of them are so bloated its ridiculous but if you want to run one then bitdefender definitely seems like one of the best ones about at the moment. Avast used to be good but has gone down hill in the past few years. I wouldn't bother subscribing though as the default features should be good enough but thats up to you.

I'd also recommend you download malwarebytes and do regular scans with that (say once a month) in conjunction with your regular AV as malwarebytes will pick up things that most antivirus programs will miss. Again you don't need to go for the subscription service as the free version is more then enough.

There is also hijackthis which is worth a mention but i don't recommend it as you really need to know what you are doing to be able to interpret the results as it is possible to break you system if you remove something you shouldn't. Generally its the go to if you are sure you have a virus/malware on your system but your antivirus isnt picking it up.
Click to expand...

Yes asked many times but as a reference for future users so we can be clear and show how incredibly unlikely it was I went through this I will make an obvious reply here:

Not sure if this has been asked yet but do you live with anybody who could have accessed you ebay account and ordered something? Kids/Room mates or even your partner? Its possible somebody you know had done this using your computer which is why the playstation is being shipped to your address and also why paypal seems adamant that this is a legit transaction.
Click to expand...

No - I live alone, I'm paranoid about security - my office has heavy bolt locks on it and out of trained habit I put all my devices in here at night - The house is also secured with a professional grade commercial alarm & CCTV. I take physical and digital security equally seriously - hence the absolute shock.

Have you logged on to any accounts over public wifi? You'd be surprised how many sites still send passwords in plain text so log into anything on unsecure wifi unless you are going through a VPN as anybody with packet sniffing software will be able to capture your password.
Click to expand...

Potentially - however I didnt anytime in the past few years, and my phone is set to only connect to known wifi and not auto connect to open ones.

Personally, I don't run a full time antivirus on my home PC/phone as i deem it unnecessary and a lot of them are so bloated its ridiculous but if you want to run one then bitdefender definitely seems like one of the best ones about at the moment. Avast used to be good but has gone down hill in the past few years. I wouldn't bother subscribing though as the default features should be good enough but thats up to you.
Click to expand...

True - however I will anyway as its so cheap for a year and covers my PC/MAC/Phone/Tablet - so why not.

I'd also recommend you download malwarebytes and do regular scans with that (say once a month) in conjunction with your regular AV as malwarebytes will pick up things that most antivirus programs will miss. Again you don't need to go for the subscription service as the free version is more then enough.
Click to expand...

Yup done this as well, before and like 10 times after this event.

There is also hijackthis which is worth a mention but i don't recommend it as you really need to know what you are doing to be able to interpret the results as it is possible to break you system if you remove something you shouldn't. Generally its the go to if you are sure you have a virus/malware on your system but your antivirus isnt picking it up
Click to expand...

I will look into this.

What I have made sure of now (although 90% of this was done prior to the attack, I have now spent 2 days going through every single possible account I can think of (turns out I have like 40 accounts, email, forums, banking, etc, uggh, time it took but worth it)

1) USE A PASSWORD MANAGER

2) Two-step log in EVERYTHING

3) Scan and secure systems

4) Make sure all systems up to date
 
Good stuff and glad to see its sorted now! If anything this thread has made me think about my online security a bit more as there are a few areas where i know that i am not being as secure as I could be. Things like using the same password for multiple accounts and not having 2 step log on turn on when i should know better. I'm just being lazy!
 
Jeps said:
Good stuff and glad to see its sorted now! If anything this thread has made me think about my online security a bit more as there are a few areas where i know that i am not being as secure as I could be. Things like using the same password for multiple accounts and not having 2 step log on turn on when i should know better. I'm just being lazy!
Click to expand...

it also reminded me that having a debit card listed as payment method isnt such a good thing, so i applied/got accepted for a credit card for my online purchases
 
spoffle said:
That's not hacking... Hacking involves code, not circumventing things.
Click to expand...

Yes it is...the dictionary definition of hacking is gaining unauthorised access to a system or data. Whether or not you have to code has nothing to do with it.

If you exclude credential theft then 95% of the attacks that have occurred this century, including the Target and Bangladeshi Central Bank attacks, are 'not hacking' by your criteria. Which is just stupid.
 
Jeps said:
Good stuff and glad to see its sorted now! If anything this thread has made me think about my online security a bit more as there are a few areas where i know that i am not being as secure as I could be. Things like using the same password for multiple accounts and not having 2 step log on turn on when i should know better. I'm just being lazy!
Click to expand...

cainer said:
it also reminded me that having a debit card listed as payment method isnt such a good thing, so i applied/got accepted for a credit card for my online purchases
Click to expand...

Awesome stuff guys - DO IT NOW is all I will say !!!! Everything that has my debit card details in - I am deleting, I will NEVER use a debit card online again!!!
 
Hey guys!

I've just noticed the forum blocks your password if you try and type it

***********

See? Now you try, go go go.
 
El Pew said:
Yes it is...the dictionary definition of hacking is gaining unauthorised access to a system or data. Whether or not you have to code has nothing to do with it.

If you exclude credential theft then 95% of the attacks that have occurred this century, including the Target and Bangladeshi Central Bank attacks, are 'not hacking' by your criteria. Which is just stupid.
Click to expand...

That would be cracking.
 
I have my paypal linked to my Amex card, any issues I with ebay/paypal I just ring Amex and they block/reverse it very quickly
 
spoffle said:
Then it sounds like the OED needs a smack in the mouth.

You wouldn't say safe hacker would you? If someone is getting in a safe, they're cracking the lock.
Click to expand...

To be fair I wouldn't call them a safe cracker if they were using a key they'd nicked off the owner of the safe which is basically what we're talking about here. I'd just call them a thief.
 
You must log in or register to reply here.
Back
Top Bottom