Managed IT Services and Security


We are an IT Services and Support company based in Hatfield Hertfordshire. We believe that your staff should be spending their time working with your clients / customers, not spending hours on the telephone to your IT support company.

If you would like to know more, please send an email to TonyH@clearview.co.uk. I will then get back to you to arrange a date when we can meet up to explain how we can reduce the cost of your IT by using our experienced IT staff with the right automated tools to support your business.

Sunday, 10 March 2013

Had Your Paypal Account Hacked? Join The Club!

Last Thursday night I was sitting at home watching the TV when my iPad on the arm of the chair went “Bing”! The email notification said something about a Paypal transaction which (being a cautious sort of chap) I thought was worth checking. I'm used to seeing phishing emails, and Google Apps has a very good spam filter,  so this particular email was worth a second look.

When I opened the email a shiver ran down my spine. It was a notification from Paypal that £689 had been paid from my Paypal account to someone whose email address meant nothing to me. What was worse, this email looked genuine. I immediately fired up my laptop, logged on to Paypal and there it was staring me in the face. £680 had been paid out of my account using the card that I had hooked up to it.




The crafty beggars had timed the transaction to go through just after 10 pm when the Paypal phonelines closed, so I reported the unauthorised transaction through the Resolution Centre. Paypal sent through an email to confirm that my dispute had been registered and I sat back and crossed my fingers.

To their credit, within 2 days I received confirmation from Paypal that my £689 would be credited back, so with a big sigh of relief I was able to think of the lessons I had learnt from the experience.


How was my account hacked?
I’ll never know for sure, but the only two possibilities that make any sense are that:
  • I had a password stealing trojan on my PC or
  • Another site where I used the same password had been hacked and they tried out all of the usernames and passwords on Paypal.
If you ever have the misfortune of suffering a Paypal hack, you will need to cover both of these options. The only way to make sure that any trojan on your PC is no longer there is to back up your data and re-load your PC from the Windows CD. Is there anyone reading this who doesn’t have the Windows CD for their PC? If so, please go back to wherever you got the PC from and find out how you get one. It’s your ultimate “Get out of jail” card.

You then absolutely must change all of your critical passwords (eBay, Paypal, Amazon etc). It may be a pain, but if you have already been hacked, you have no choice. Paypal force you to change your password as part of their “disputed transaction” process anyway.

One of our engineers quite rightly gave me a hard time about my passwords, and I spent an amount of time this weekend working out a new system. Your Amazon / Paypal etc passwords really should be unique, and you need to avoid standard words and phrases that can be cracked pretty easily anyway. Use something such as the first letters in song lyrics that you can remember together with special characters. Having been stung once, I damned if I’m going to give anyone another chance of nicking my hard earned cash and neither should you. You can see the system that I have now chosen to use here. I hope it helps.

4 comments:

  1. Just had the same thing happen to me a few days ago for "Facebook ads" - $299.00AUD. Fingers crossed Paypal sort my one out as well.

    ReplyDelete
    Replies
    1. I hope they sort out your rebate soon, Martin. They certainly have a nerve hacking your Paypal account to promote dodgy advertisements which I assume will be in someone else's Facebook account that has been hacked using the same principle.

      Delete
  2. Me too ... and i suspect an application for checking gmail like gmail notifier, gmail manager, poppeeper or anything else had security vulnerability. Be careful if you use one of those application.
    Now i will never use such application again.
    Wondering why google doesn't have a light weight desktop application ... an official desktop application to check gmail without opening browser.

    ReplyDelete
  3. Don't confuse this with phishing attacks. I received a mail saying 'Receipt for your Paypal Purchase', although when I logged in there was no such purchase.

    The emailer had simply been hoping that I would click the link in the fake Paypal email and end up on their site where malicious software might have been installed.

    I never clicked anything and forwarded the email to spoof@paypal.com

    See here for more info:
    https://www.paypal.com/us/webapps/helpcenter/article/?articleID=94034&m=SRE

    ReplyDelete

Do you have a burning "How do I do that?" IT question that you need an answer to? Post it here and one of our engineers will answer it if they can. If we can't, we will get back to you and let you know nonetheless.