PayPal Account Highjacked -- Beware

Pilot_Ron wrote:

Wulfman wrote:I always used to get fraudulent e-mails.....SUPPOSEDLY from PayPal, telling me about transactions on my PayPal account and to connect to the site (in their link) and fix it. Well.....I DIDN'T HAVE a PayPal account. I hope you folks aren't falling for some sneaky thing like that and have actually given your actual account information to some Internet crooks.

Den

When I said they contacted me, it wasn't some phishing scheme. They didn't have a link to go to, it was just a notice that there was a problem. I contacted paypal directly (called them) and the email was lagitimate. I have seen the phishing emails, and if you roll your mouse over the link, it is easy to see that it's not a paypal site.

Absolutely! I just wanted to point out that phishing scheme.....which MOST people DO know about.....but, ya never know.

Den

I am a member of EBay and Paypal. I received an email 2 weeks ago that my Paypal had been deducted 47.00 for the product I bought on Ebay. This email was very very realistic looking, but I knew I didn't buy squat... so I instantly contacted Ebay, forwarding them the email. I also contacted Paypal right away and forwarded them the email.

Their reply: "Thanks for taking an active role by reporting suspicious-looking emails.
The email you forwarded to us is a phishing email, and our security team is working to disable it."

————————-
What is a phishing email?
————————-
Phishing emails attempt to steal your identity and will often ask you to
reveal your password or other personal or financial information. PayPal
will never ask for your password over the phone or in an email and will
always address you by your first and last name.

Both Ebay and Paypal thanked me for the link and their security was all over it. I do not know how many innocent people get these scams but they look very real... and for a brief moment.. I wondered if it were something I had back-ordered.

I received a Regions bank one last week. Had the Regions bank logo and just wanted to verify my information asking me for my account number and name and date of birth... funny.. I don't bank with Regions. I reported that fake site as well.

One thing I notice in all my "REAL" emails with Paypal that my full name is always mentioned - instead of "Dear Customer."

Even if you change your passwords, there are keylogging hacks that can retrieve information and passwords right off your computer... I recommend a Spyware program and an Anti-virus program. Well worth the money. I use Webroot Spy Sweeper, my browser is Firefox and I use Norton 360. I am also an individual who has been using the internet before it was internet (Bulletin Boards) and my first modem was a Cardinal 1200 baud.. lol. Whenever a back-door Trojan tries to get through.. it is always caught by Norton. Even your home-page can be hijacked.. and that I have had done to me.. that was a pain in the *ss to get rid off.. had to type in a certain line in my command prompt to get rid of that!!! Took hours.

Here is a link to a free Anti-Spy program called "Ad-Aware." It's pretty decent. The link is safe:

http://www.pcworld.com/downloads/collec ... files.html

sleepycarol wrote:I change my password pretty often, but apparently not often enough.

I've seen this mentioned several times so far and must say folks it is NOT the number of times you change your password but the type & strength of the password you do choose combined with your practices or behavior.

In other words, changing your password more often is NOT more effective. And choosing a strong password but using some freeware or other tools that remember your passwords for you is not a good practice (hygiene).

Conversely, choosing a password you can NOT remember is not good either.

Choose a base password that you will never, EVER forget then add something before or after that you can modify when required to change it - (another 2,3,4, or 5 characters that follow a sequence YOU can remember).

Good Luck,
GumbyCT

To add to Gumby's suggestion.

Your password should be 8 or more characters long with a good mix of character types:

At least one or more of the characters types should be a capital letter.
At least one or more should be a special character types (ie. !@#$%^&*)
At least two or more should be numeric types.

As Gumby said, it is more important to have a strong password than easy frequent changing password.

u can never be too careful or suspicious.last year i had an ebay auction(so called winner) said to ship item via some global express to nigiria(a real brainiac). come to find out the scumbag hijacked a britts ebay screen to purchase....sure ,phising scams everyday... past spring my credit card got scaned or viewed @ hershey park. found out online when they had my address and ph # changed on statement. caught it before they pinged. now my credit is being monitored for the next 7 years, just all to common.ALWAYS BE ON GUARD! stuff happens in a heartbeat*

GumbyCT wrote:And choosing a strong password but using some freeware or other tools that remember your passwords for you is not a good practice (hygiene).

....

Choose a base password that you will never, EVER forget then add something before or after that you can modify when required to change it - (another 2,3,4, or 5 characters that follow a sequence YOU can remember).

Good Luck,
GumbyCT

The fact that a piece of software to remember passwords is freeware is not necessarily bad. Some years ago a security company developed software called "PasswordSafe" and decided to make it available for free. It has much stronger encryption than typical (512-bit instead of 128-bit) and works very well indeed. I've been using it for at least 10 years.

Another password method is to pick a phrase or poem that is easy to remember and then use the first letter of each word; then add in a punctuation character and one or two numerics and you've got an *almost* unbreakable password.

Mindy

mindy wrote:The fact that a piece of software to remember passwords is freeware is not necessarily bad.

NO - its the fact the someone (something else) besides you now has YOUR password.

Its like once you tell someone a secret - is it still a secret? You're call.

The phrase thingy - a GREAT idea - didn't want to overwhelm this audience. One step at a time.

I keep a little recipe card box with 3 by 5 cards with passwords in them

Now if I could only remember to organize it.

It takes forever to find one but they are there.

My older daughter and her husband make their living in online sales, mostly t-shirts, on ebay, Amazon and their own site. (They sell some of my organ donor and sleep apnea awareness items and a gazillion of their own designs.) In about 6 years of doing this they've had 1 incident where someone hit their account. My other daughter shops online and they got hit with fradulent charges on their credit card, although they think their info was stolen at a biking marathon where her hubby made several vendor purchases.

But the one that made us just shake our heads was when my son-in-law was scrolling thru the t-shirts on ebay and ran into a design that looked a lot like one of theirs, except in black & white. Then there were more. Turns out someone in Bulgaria I think had copied their designs as B&W and was selling them as a competitor. Not really expecting any cooperation from a thief, I sent them a formal sounding email giving them the opportunity to pull the pirated designs. Guess they had stolen a lot of them because they said if we'd let them know which ones we were speaking of, they'd remove them. And they did. Never a shortage of thieves. Just much more sophisticated these days than raiding the henhouse.

GumbyCT wrote:

mindy wrote:The fact that a piece of software to remember passwords is freeware is not necessarily bad.

NO - its the fact the someone (something else) besides you now has YOUR password.

Its like once you tell someone a secret - is it still a secret? You're call.

When the encryption key is known only to the person using it, it is about as safe as it gets. I've never had a security breach in any of the systems I've managed .... and that includes on-line systems for over 40 years.... And I studied with the "father of disaster recovery planning" so I feel I've got a few formal credentials in that regard. Nothing is 100% secure, but with a good deal of care it is possible to come close. Nevertheless, I also don't think it's wise to totally rely on security systems. Close scrutiny of related accounts is crucial and common sense care are the most important components of a [relatively] secure system.

m

Great thread sleepycarol! Special thanks to Mindy,DreamStalker and GumbyCT for the best way to manage passwords. Your willingness to share expertise is what makes this such a fine Forum. I've taken action to tighten things up today.Regards

I have to use a password to get on the net at work, then a password on my computer desktop where I do my work. The IT department told me to use different passwords to make it even more difficult to get to my data on my computer.

I use the phrase or short sentence idea as well. If you start the sentence with a capital letter you have another odd character in the mix. Here is an example:
My dog likes cookies at 6 for a $ and you have Mdlc@64a$.

Doesn't have to make sense, either, just be easy to remember. If you have to change often, as we do at work, you can change the number 6 to a 7. You can make yourself a file of just the number change and the date you changed it so you can keep track of where you are in the sequence if you forget. Sometimes some of my older computers (I keep several in my office for various reasons) have the old passwords on them and I have to remember when I last accessed that computer so the number file helps me there. These old ones aren't online so they don't get much use.

I also forward to PayPal any emails that look "phishy". If I am not mistaken, the emails they send address the account holder by name.

Many of these suggestions I already follow. I use different passwords for various sites and computers (such as work vs. home). At work, I use three different passwords before I actually can start work. One for the computer, one for the network, and still another for the software.

I want to THANK EVERYONE for their suggestions and comments as we sometimes need to be reminded not to become complacent or relaxed in our security.

To be honest I feel it will probably continue to get worse as the technology becomes more sophisticated and easier to obtain.

My son has a Paypal security key. I think he told me the cost was $5 - and he felt well worth the cost. It also works for Ebay I believe. See link below:

https://www.paypal.com/securitykey