My PayPal have been hacked and funds taken off.
Please, beware and check your paypal accounts as soon as possible, if you find that you have the same problem open a dispute (investigation of an unauthorized activity claim). The more reports - the more chance we have of having our money back.
Somehow this person is cancelling disputes to slow down the investigations and the cases are getting closed.
I changed my paypal password but they managed to get into my account again
I think they are also getting into our e-mail accounts. The "case closed" message was deleted from my mailbox.
I contacted paypal through their own contact form, opened a dispute without an ID changed each and every password, security questions, deleted credit cards, am paranoid, devasted and waiting for a reply.
Anyway, just a heads up for you folks.
Its a very serious issue buddy.thanks for letting us know.now we have to be more careful
from now onwards
Too bad to hear...
Nowadays lot of paypal ids were hacking using spam mails. To avoid hacking your paypal user id and password
1. Don't click and enter into url from mails (Some spam mails will take to different site which will look same as paypal site)
2. Type the url http://www.paypal.com from the browsers address bar (don't use pretypied content)
3. Never reply to emails asking your paypal password. so much for it being completely secure
I also use this for business and thankfully i have not run into any problems as yet, but from now on i wont be keeping any funds in my account for longer than neccesary (which i often would)
Its a shame that such a well known secure net bank is being hacked, but it is just a bunch of code afterall, and you cant beat the hole in the ground, even if it is primitive. lol
As useful tool as paypal is, it should not be allowed to run if money is being stolen and accounts are being hacked
i wonder if paypal was hacked. It's far more easier to get into someones mail and get the pass. Also because of this:
| Quote: |
| The "case closed" message was deleted from my mailbox. |
That's strange if this guy hacked paypal. Paypal has always been sketchy since it started. Primarily the reason why I don't bother with them. There are other ways that are more "secure" than to let a third party organization handle your money.
oo my god this is serious shit, I use paypal a lot and always assumed they were a 100% procent safe. Guess not.... are they going to reimburse your funds or is it all lost. Still can't believe it, I buy and sell a lot on Ebay and use paypal for most transactions... what to do now???
Any suggestions are more than welcome
Cheers
yes... only enter your personal info on the paypal site itself... or if you are purchasing something with paypal funds...then purchase from a source that has a reputation... I wouldnt recommend entering your personal info on something that someone is trying to sell you from email... you would only be asking for it.... also there are other ways that hackers can get your login info... so I would recommend using mozilla firefox instead of IE since its alot more secure since it uses its own dll files instead if IEs which are tied in with windows... another thing you might want to consider for security is use different passwords for different things considering if you use the same password and username everywhere there is a good chance they can get into about everything you have.... also check for spyware and things of the sort... check your processes that are running and look for anything unusual... they may have installed a trojan of some sort on your computer that could be logging keystrokes... thats the first thing a hacker does is try different services with the same usernames and passwords they have.... paypal can track everything that takes place on your account so they should be able to get the FBI involved pretty easily since they have logs of activity that takes place on your account and their server... heh... btw I guess you could consider me an old skewl security analyst so trust me on what I tell you... if anyone needs any security help...you can contact me at ydjluv@hotmail.com or just message me here... 
Last edited by ydjluv on Mon Jan 28, 2008 9:05 pm; edited 3 times in total wow that really sucks, luckily i don't use paypal, i never really trusted it and never really had a point to use it.
You mentioned you changed your password but they still got into it, did you try running scans of your computer? You probably have some spy ware on your computer. I use spy bot, ad-aware, and anti-virus programs to remove all harmful stuff from my laptop. It could be that paypal has been hacked into, but most likely you have some sort of spy ware on your computer. As for the part were it says "case closed" i don't use paypal, but is it possible to close any cases you start? cause if you can this hacker is probably monitoring your computer and closing/cancelling anything you start.
Anyways, i hope things work out in the end for you.
Take a look at this... apparently Paypal is very aware of this problem....
| Quote: |
EBay's online payments division, PayPal, will pay $169 million for an Israeli security company specializing in detecting online fraud, the companies said Monday. The deal should close within 30 days.
Fraud Sciences, a private company, has developed technology designed to differentiate between real and fraudulent transactions. That technology will be folded into PayPal's antifraud systems, which will be "significantly" improved this year, eBay said.
Fraud Sciences' Chief Operating Officer, Yossi Barak, and founders Shvat Shaked and Saar Wilf will move to PayPal's technology and fraud management teams.
PayPal lets two users exchange money online via e-mail addresses. The ease at which people can transfer money has also made it one of the most highly targeted brands for phishing scams, where fraudulent Web sites mimicking real sites are set up in order to steal people's log-in details.
PayPal has taken other steps to shore up its defenses. Early last year, it began offering a keychain with a one-time numeric passcode that users enter in addition to their log-in and password. The passcode expires after 30-seconds, which greatly reduces a hacker's window of opportunity to get access to someone's account.
PayPal has also pushed for free e-mail providers to block e-mail sent without digital signatures. That would potentially mean fewer scam e-mails would land in people's inboxes, reducing the chance of fraud, although providers have yet to make a unified commitment.
By Jeremy Kirk, IDG News Service, 01/28/08 |
edit by rvec: please use quote tags and add a source wow thanks for this m8, im gonna watch my account now!
Oh yeah!! every that is online can and at one point or another will get hacked. there are people out there called "phishers" and the scam you to get your information so they can get into your files.
Wow this is really terrible...
I hope that you didn't lost a lot of money.
Try not to leave money into your paypal account, and buy with your credit card throw your paypal... That's safer. It's more easy to get your funds back from your credit card company then from paypal... we all know that paypal sucks...
I wouldnt worry about it too much... paypal says that after they transition to the new system... it will be ALOT harder for other people besides the account holder to use the account....
Nice. And I just had my bank account verified the other day. 
Is there a way to un-verify myself and delete my bank info? It was probably a case of using a public computer to access your details, thus leaving yourself vulnerable to attack or perhaps your internet network was hacked. Always make sure you you see the 'secure' logo (the little closed lock) on your browser when doing any financial transactions online. Otherwise, PayPal should be able to resolve any security issues.
Paypal is one of secure money market today, its fast and easy , to say that its 100% secure it's crazy. Nothing is secure you just have to do your part and watch your account. However, I've had paypal for years and never had any problem. 0-nada .
You mentioned that "case closed" was removed from your email, chances are they hacked your email first. so, I do not hold Paypal responsible. The thing is you do have to avoid using public CPU i.e. Libraries, Cafe, public WiFi etc. if you are dealing with Bank accounts, Paypal or any money Market accounts. Asked your trusted friends/relatives or better yet get your own CPU.
My theory? someone you know and knows you very well is the one who's responsible. ..eh I'm just guessing. don't mind me. I bid you good luck though.
its not paypals fault if your e-mail account gets hacked... its not like they hack your e-mail id from your paypal ... why would anyone wana do that?
by the way, have u been through a serious loss ? you seem awfully calm for a person whos moneys just taken away :p
| devotchka wrote: |
My PayPal have been hacked and funds taken off.
Please, beware and check your paypal accounts as soon as possible, if you find that you have the same problem open a dispute (investigation of an unauthorized activity claim). The more reports - the more chance we have of having our money back.
Somehow this person is cancelling disputes to slow down the investigations and the cases are getting closed.
I changed my paypal password but they managed to get into my account again
I think they are also getting into our e-mail accounts. The "case closed" message was deleted from my mailbox.
I contacted paypal through their own contact form, opened a dispute without an ID changed each and every password, security questions, deleted credit cards, am paranoid, devasted and waiting for a reply.
Anyway, just a heads up for you folks. |
I've had my pp account hacked twice. Both times they had great customer service and nothing bad in the end. Be dilligent is the best advice I can give. Also, be extra careful with opening emails. That's how they got me anyways. Gl!mine s great....for now 
Hardly use my Paypal account but I just checked it and everything seems to be in order. My password usually consists of upper and lowercase characters along with numbers to make it a little harder for anyone to gain access to.
How come could someone easily hacked paypal account? I had been hearing of these from many people about their paypal being hacked but I wonder how that could be easily done if not getting through your private account first. I warned people never to signup for any prgram requsting for their paypal account and password. I rejected an offer sometimes ago where a program was asking me to key in my egold account number and passphrase into their system for me to make some bucks but I turned it down. Please take good care of your account very well
Guh, gotta watch out for stuff like this. I generally try my best to avoid using public internet connections and the sort...but I guess it can still happen.
As far as I know PayPal itself is practically 100% secure. I haven't heard of any successful attempts to access their databases and such. Realising this people have almost stopped attempting to 'hack' PayPal and such sites. Instead, as has been mentioned before in this thread, the 'hackers' attempt to infiltrate your computer with trojans, key loggers and the like. They can also hack your email with relative ease, I believe.
Talking of email hacking, ydjluv: you should probably edit your post and remove or change the form your email is in. Otherwise it could be picked up by the wrong people!
Unfortunately, this gives PayPal and similar companies the edge over customers who have had their money stolen as they can in the majority of cases argue that it is the fault of the customer.
It's true, Many public computers can be infected with a trojan and virus and you should always practice dilligence in accessing your accounts when using such facilities. The best thing you can try to do is use those click on keyboard type style password accesses (not very common) and very annoying. Heck even using public wireless networks can have your information sniffed and than used to access information but it's less likely since most regular sites will just encrypt your login.
So I guess the lesson here is to just use your own computer if at all possible. Best way to accomplish that is to have a pda style phone which allows you to have wireless (like iphone). My paypal has never been hacked because I never visit phish sites and login through public computers.
Yeah, I have to agree. It sounds more like your email account was hacked.
You might want to change all your passwords for all the sites you're registered with that are of any significance. Sites such as online stores for instance.
Also, you might want to set up a new email account and use that from now on. Just forward all the email from your old account to the new, so you don't miss anything.
WOW! That is scary because I put so much trust into PayPal...
I always feel it is extremely secure. Hmm, All the best wishes to you; I hope it was not a significant loss....
That must be hard, thanks for sharing your trouble too...
| k_s_baskar wrote: |
Too bad to hear...
Nowadays lot of paypal ids were hacking using spam mails. To avoid hacking your paypal user id and password
1. Don't click and enter into url from mails (Some spam mails will take to different site which will look same as paypal site)
2. Type the url http://www.paypal.com from the browsers address bar (don't use pretypied content)
3. Never reply to emails asking your paypal password. |
also try not to keep funds in there and use a prepaid card:)
also a very well cleaned pc. | salman_500 wrote: |
its not paypals fault if your e-mail account gets hacked... its not like they hack your e-mail id from your paypal ... why would anyone wana do that?
|
Because some little sh*t people are mean?
By the way, how could "they" even know I had a paypal account by hacking my e-mail, how about my password?
"They" got into my e-mail after getting into my pp account and then, even my credit card was used fraudulently.
| salman_500 wrote: |
| by the way, have u been through a serious loss ? you seem awfully calm for a person whos moneys just taken away :p |
Each and every loss is a greater loss. What can I do but contact pp and let them know what's going on, pull my hair out and scream?
Also, I am not the only one going through this http://forums.digitalpoint.com/showthread.php?t=667954
I keep asking myself why some people love criticizing other people...Some care about something only when it affects them, anyway...
I have never disclosed my password to anyone, nor have I ever fallen victim to any of the PayPal scams. My computer is free of virus infection, security was never a problem here. Well, thank you all for your support. This too shall pass and justice will be served.
EDIT:
PayPal has verified the unauthorized transfer and stolen funds have been credited back to my account. 
I hope the credit card company will do the same now that PayPal have recognized that it was not my fault. I have contemplated torturing the "hacker" in the most violent fashion imaginable but I called the internet crimes police instead. | devotchka wrote: |
By the way, how could "they" even know I had a paypal account by hacking my e-mail, how about my password?
"They" got into my e-mail after getting into my pp account and then, even my credit card was used fraudulently. |
You can't tell which they got into first; they may have got into your email but not made any changes. As for knowing that you had a PayPal account, perhaps they didn't! They could have got into your email and then used the 'Forgot your Password?' feature on the PayPal website to send a new password to your email. If no email was sent then they could discard your email, or sell it on to others. If it worked then they could log into your Paypal account and delete the email from your inbox. I'm sure they have other methods, also.
I can't tell you how they got your email address, nor can I explain how they got your password. But the most innocent things on the web can turn out to be far more deadly than you could ever imagine (often without you even realising it).
OH! I've just had a devious thought. There's a 'Forgot Your Email Address?' feature on Paypal too. This allows you to enter some details about yourself to reveal your password. But you could take advantage of this by setting up a form filling macro that ran through a list of people. And they could have bought this list of people. (However, they can't have done this to you as that would only work if you hadn't added a bank account, credit or debit card to your account.)
If I can think of these techniques in a few minutes I'm sure they can come up with far better ones.
| devotchka wrote: |
| I have never disclosed my password to anyone, nor have I ever fallen victim to any of the PayPal scams. My computer is free of virus infection, security was never a problem here. Well, thank you all for your support. This too shall pass and justice will be served. |
Like I said, they can be devious. I rarely visit 'dodgy' websites, never even open spam mail or give my password away. I almost always check that I'm not being phished. Yet somehow when I run my virus scanner something is found to be infected; I have no idea where these things come from! It's not common, but I've had it.
| devotchka wrote: |
EDIT:
PayPal has verified the unauthorized transfer and stolen funds have been credited back to my account.
I hope the credit card company will do the same now that PayPal have recognized that it was not my fault. I have contemplated torturing the "hacker" in the most violent fashion imaginable but I called the internet crimes police instead. |
That's awesome! I'm glad they didn't get away with it this time, and so glad you got your money back. And I hope you'll be more careful in the future. I don't have a Paypal account at the moment but I'm pretty sure I'll need one in the future, so I've definitely learnt something from this. And I'm sure I'm not the only one. | devotchka wrote: |
EDIT:
PayPal has verified the unauthorized transfer and stolen funds have been credited back to my account.
I hope the credit card company will do the same now that PayPal have recognized that it was not my fault. I have contemplated torturing the "hacker" in the most violent fashion imaginable but I called the internet crimes police instead. |
| ninjakannon wrote: |
That's awesome! I'm glad they didn't get away with it this time, and so glad you got your money back. And I hope you'll be more careful in the future. I don't have a Paypal account at the moment but I'm pretty sure I'll need one in the future, so I've definitely learnt something from this. And I'm sure I'm not the only one. |
I am feeling better, at least there is some justice. Now my fingers are crossed to solve the credit card problem, contacted PayPal, the website where the transaction happened, Jesus, the police (even tried the devil when I was in a fury worthy of Greek tragedy 
)
This is extremely stressful. I should lock myself in a safe, with no internet.
Oh, what a world we are living in.
I will post it here when things are 100% ok. It might help someone going through the same, it is hard to think straight when you are going through something like that.I've been using PayPal for as long as I can remember, and it's never once failed me.... I transfer money between it and my checking accounts all the time, and use it to make all online purchases. I also use it for my eBay account for buying and selling needs, infact any auctions I make actually require you to have a PayPal account to even place a bid...
I don't think it's PayPal's fault really that some user's accounts are being compromised, it happens all the time with many other companies. It's usually (I said usually) some form of user-error, whether done consciously or not. They may have clicked a link from their email from a fake email posing as PayPal, downloaded a Keylogger, input their password on a phishing website... These are all things that could easily be prevented if users became more aware of the constant risk of these things...
Treat your PayPal username and password like you would your credit card information online... Don't go entering it around unless you're 100% you are on a secure website, and there's no (or very little) risk of it being stolen.
Well, there's my 2 cents on PayPal account compromises. 
I personally will continue to use PayPal till the end of it's time. If someone was able to delete emails AND get back into your PayPal account after you had changed the password, then a "keylogger" program probably got onto your computer, somehow. Although some keyloggers are hard to detect, many can be found with SpyBot Search & Destroy or by most of the better antivirus programs. Also, it is a good idea, no matter which antivirus program you usually run, to do occasional scans by DIFFERENT antivirus programs by using the free online versions available from Trend Micro, Kaspersky, and BitDefender.
What happens is keylogger programs keep track of your keystrokes and, sometimes, even your mouse movements, then transmit them over the Internet to someone waiting to hack your accounts. If you change your password on a site, it doesn't matter, since the keylogger would pass that information along, as well.
So, make sure you use good security programs (see this thread for further discussion), and keep them up to date.
Good luck! | Traveller wrote: |
| What happens is keylogger programs keep track of your keystrokes and, sometimes, even your mouse movements, then transmit them over the Internet to someone waiting to hack your accounts. |
Not meaning to scare you but I've seen one that also took screenshots when you clicked the mouse. That meant even if you used an on-screen keyboard or other mouse based method to enter your password it could tell. I thought that was pretty neat myself, although you could use it for very devious means.
I totally agree with what you said about regularly checking your computer for keyloggers [etc], Traveller.
I've now completely figured out how I would go about hacking someone's Paypal account and could probably succeed too. Of course I won't ever actually try this!
I think a website like Paypal should also register domains in all similar names, such as 'Puypal', Paypol' etc to stop phishing websites using them instead.
Traveller, where have you been?! Looks like so many of the older frequent members have stopped posting. Even me, substantially! mine has been deleted .they've change my password i thiink
I am extremely paranoid when it comes to money, and that is the main reason why I refuse to give out credit card numbers online or open u accounts for paypal. I've seen and heard of some strange things regarding computer security, and quite frankly I have lost a lot of hope for it.
If my money is my pocket no amount of spam can take it from me.
| ninjakannon wrote: |
| Not meaning to scare you but I've seen one that also took screenshots when you clicked the mouse. That meant even if you used an on-screen keyboard or other mouse based method to enter your password it could tell. I thought that was pretty neat myself, although you could use it for very devious means. |
Thanks, NK. I had forgotten about that aspect, too, but it IS a very common function of that kind of program.
| ninjakannon wrote: |
| Traveller, where have you been?! Looks like so many of the older frequent members have stopped posting. Even me, substantially! |
Just been very busy with other people's computers and websites, and just with life, itself. Still a lot of work to do, but I hope I can start to get back to more frequent posting.
Right now, I have another setback: my router isn't working (have already gone through all the proper diagnostic steps), so now I need to get that working (or replace it) before I'm really back to full capacity.It's horrible to hear that and I feel worried about the online transaction security degree. I would check all my account security as mail and other online services. It is really paranoid to see any lost but cannot verify them.
