Hey all,

So I went to Aspen this weekend with my Mom (no internet access) and when I got back to Boulder at 2am yesterday morning, I had 10 emails from PayPal international saying I had sent 10x 10Euro charges to an account with the email address of Skype (skype@paypalpayments.com). Filed dispute claims with PayPal that minute, but those take up to 10 days to process.

Work up this morning, checked my PayPal account along with my bank account, to find out my bank account is completely drained. No money. Nada. Zilch. And it wasn't like that before I went to bed last night.

Does anyone have experience with PayPal's fraud department? As in, am I going to get my money back or am I now officially fucked? I did a free credit check yesterday and no one has stolen my identity, and I still have perfect credit, so I know the scope of things is limited to my PayPal getting hacked and sending loads of money to a fake Skype account. (side note, the emails I got saying I sent money to skype were all in chinese characters, except for the dollar amounts). I tried removing my bank account number from my PayPal account, but since there is a pending transaction, I can't remove it for another 3-5 days. Same goes with my credit card (its the backup funding source for my bank account).

Where do I go from here? I am definitely going to be calling my bank to try and figure this out, but all i can think right now is that i am fucked. Any ideas? Recommendations? Sympathy?

Fuck, that totally sucks man. :guns:

Good luck with the fraud department, although in my experience they only protect transactions involving ebay. With that said, I have no idea what protection they offer for that kind of transaction.

I hope it goes well for you and please let us all know the outcome. I know a ton of people use paypal on here and that is definitely a nightmare situation.

oh my gosh, Im sooo sorry! :shocked:

Damn dude, you got rogered and but good. Ralph (RForscythe) is gonna be probby the most knowledgeable paypal expert on the board, but you need to truck your ass over to the local FBI dept & let them know what's up. They handle fraud cases, internet & other.

We've sent several bogus checks to them that we've received from craigslist scammers.

good luck man!

Do you use this password for PAYPAL any where else? Ie. on other web sites? I have one password for each bank I do business with, then I have another generic password for everything else that does not need to be secure.

... and if you continue to use paypal, get a PayPal Security Key. It's a $5 device like the RSA SecurID.

Unfortunately I use the same password as several other closely tied sites, but I've used password crackers on it, and even they couldn't crack the password using brute force and sitting for a week.

MetaLord9, I never thought of contacting the FBI, but I guess after all is said and done I'll send them the information.

ihavealegohead, I remember seeing that paypal security key, but never thought it'd be worth it...but now that I have no money to my name, I may have to pick one up...in 2 weeks when I get my next paycheck that is.

Local law enforcement or the FBI should be your first call. Get them rolling on this.

THEN contact Paypal and let them know this is being investigated. Do you have a Paypal card tied to your account? If so, Mastercard or Visa will cover your loses. I would change all of your passwords immediately, contact your banks and let them know (they can keep an eye out for suspicious account activity)

If you would like any more infor, shoot me a PM. I will give you the same advice that you will get from law enforcement and your financial institutions.

Unfortunately I use the same password as several other closely tied sites, but I've used password crackers on it, and even they couldn't crack the password using brute force and sitting for a week.


One method these guys use, is to set up a legit website to get your email and password.

Then see if you have a paypal account and presto. If you have 10,000 email's and passwords, your bound to have a small percentage that use the same password..

I just changed my paypal password...

Scan your machine first. It's possible someone has installed a key grabber and just snagged your password when you typed it in.

Carl

Holy jesus... This makes me want to cancel my PayPal account!

Good luck man... Seriously.

One method these guys use, is to set up a legit website to get your email and password.

Then see if you have a paypal account and presto. If you have 10,000 email's and passwords, your bound to have a small percentage that use the same password..

For things like forums (like this one), I have the same password across the board.

For things that have money tied to them, I have random passwords assigned and save them in my Palm in a password program.

Carl

Are you running Vista or XP?

Vista has some great tools that prevent or detect rootkits, keyloggers, phishing, and other, elevation style attacks.

Hey Carl, can I borrow your Palm for a second? I need to update the firmware on it :)

I use XP. I have scanned my computer countless times (while both connected and disconnected from the internet) for malware, viruses, spyware, everything...using about 10 different programs.

Right now, my only option is to put a stop payment per se on my account using either PayPal as a trigger word, or the amount they deducted. Those charges would then be credited to my account since they won't clear and I'd have my money back, but then I could never use PayPal again with that bank account as it won't let transactions with those trigger words process.

Unfortunately, I have to go to class right now, stupid exams, but I will be back in an hour to figure things out.

Hey Carl, can I borrow your Palm for a second? I need to update the firmware on it :)

Nope, sorry :D

The passwords are also in an encrypted tool so just having the Palm doesn't get you the passwords. It just keeps me from having them (nice DOS attack :D )

Carl

When using Paypal I recommend tying it to an account at a credit union. They tend to be a bit more methodical when it comes to securing their money, in my past experience. I would also setup a password rotation like most companies do per SOX compliance. Make it a habit to change all of your passwords every 90 days at the most. It may be a pain but it is cheaper than the headache you are going through right now.

Agreed.

I have four levels of passwords:

1. Paypal, e-bay, Amazon, anything that deals with payments: unique passwords changed about yearly. Getting close to that time in fact.

2. E-Mail: several accounts and passwords. Changed once in a while.

3. Forums: 2 or 3 different accounts and passwords based on the subject matter (for instance, I'm dm_gsxr on the bike sites, Freejack on gaming sites, and bofh on computer sites (or co_bofh if bofh is taken)).

4. One off's such as the NY Times or Denver Post: Same account and password.

Carl

Oh, and my game keys are in the password locker too :) Unfortunately I missed putting in my Quake 4 key and I can't find the book (which is why I use the fricking password locker).

Carl

Metroid keys FTW!!!!

What pisses me off more is that I have the keys for Half Life 2 but I can't remember my password or account name on Steam. So even though I have everything, I can't play it. That's irritating. :scream1:

Carl

Scan your machine first. It's possible someone has installed a key grabber and just snagged your password when you typed it in.

Carl

+1 on this. I was thinking this would be the most likely problem.

This exact thing happened to me!!!!! My checking account was overdrawn three times. I had charges from Skype and other telecom companys for international calling cards. I caught it pretty quickly though and notified Paypal right away. They refunded all the transactions, but I still had to pay my bank's overdraw fees. I was pissed!!!! It took them a few days to resolve all of them though.

I am sure it was phished...anywho, call bank to reverse charges, call/contact paypal to reverse charges....FBI and Police would be last on my list because if it overseas it isnt going to happen. "I wish my boss would send me to the UK to investigate but it isnt in the budget" I would still call the Law but main priority would be reversing charges...

I had this happen to a few customers, sometimes they drain multiply peoples account to one spot....if your fast enough on reversing you can get the money back before they swing in close the account and take all the money.....Good Luck

PS paypalpayments.com is fake fake fake

I just changed my paypal password...


Ditto

I just changed your Paypal password too

Agreed.

I have four levels of passwords:

1. Paypal, e-bay, Amazon, anything that deals with payments: unique passwords changed about yearly. Getting close to that time in fact.

2. E-Mail: several accounts and passwords. Changed once in a while.

3. Forums: 2 or 3 different accounts and passwords based on the subject matter (for instance, I'm dm_gsxr on the bike sites, Freejack on gaming sites, and bofh on computer sites (or co_bofh if bofh is taken)).

4. One off's such as the NY Times or Denver Post: Same account and password.

Carl

BEEERS all round for the first guy to hack Carls' CSC password!!!

I am so very sorry to hear that this happened to you. You must be just sick about it. I can't even imagine going through this.

I hope it gets corrected as painlessly as possible and that the people who did this get caught or get their karma f*cked for life.

:(

Bummer! Best of luck man. Exactly why I do not do any internet banking like that.

^^^^ BwaHahahahahahahaha Dana the sig line is classic^^^^


On to the problem at hand and damn that just so sucks I am sorry and I wish you all sorts of good luck getting through this paper work, phone call ring of hell you are going to go through. You have tapped into one of my OCD disorders I suffer from, as a financial person I compulsively check my on-line accounts no less than 3 times a day and change passwords just as often for this exact reason and you have come along to affirm my reasoning for it!!!!!!!

I hope that everything gets worked out for you and you can get back what they stolen from you!!

F-changing the password, order the $5 fob!


BEEERS all round for the first guy to hack Carls' CSC password!!!

Ha only if I have permission ;)

go Carl, on top of keeping a password vault that I usually cycle through yearly too, I do all my financial web stuff using a virtual machine that I can power up on my laptop and run stuff inside.. leaving it powered off otherwise.

this way, I can occasionally wipe and reload the vm and it's much less likely to be tainted by anything I might accidently load/install/get infected with during the course of my normal day on the internet

might sound like a little overkill but having been acutely familiar with cc fraud in the past, there's no such thing as too cautious.

Gainer, how long did it take to resolve your situation with PayPal? They supposedly process any claims in 10 business days, but thats 2 weeks where I won't have any money.

Also, does anyone have experience with one of these things? Its a "Military Strength Flash Drive" (http://www.thinkgeek.com/gadgets/security/99f1/) thumbdrive that stores passwords and even makes extremely long, totally random passwords for you (eg. "}bCK--2X2*4w"). I saw it a long time ago, thought it was a good idea, but the price turned me away.

I'm now calling my bank (a credit union at that) to stop all charges from PayPal from going through. I figure $31 is cheaper than what I've lost, and then the charges won't clear, so the money will get refunded...hopefully.

Also, does anyone have experience with one of these things? Its a "Military Strength Flash Drive" (http://www.thinkgeek.com/gadgets/security/99f1/) thumbdrive that stores passwords and even makes extremely long, totally random passwords for you (eg. "}bCK--2X2*4w"). I saw it a long time ago, thought it was a good idea, but the price turned me away.



Very few PC get "hacked" these days, most of the fraud is done via phishing scams via fake but legit looking emails and websites. So no matter how awesome your password is, if you put it in a fake site they have it. Whats even more annoying is even some BANK sites dont let you use certain symbols in your passwords (sloppy programing)


I know the FBI use to put on classes at old folks homes to teach people how to read websites to know if they are legit (reading the sites backwards) and how scams/crackers work I went to it and it was very informative...I was tempted to continue to put on these classes locally so people can be more informed on how it all works and how easy anything on the internet is compromised.

My bank, Wells Fargo, literally gives you any money that you claim as stolen from you back just about the second you tell them. It's pretty nice.

Gainer, how long did it take to resolve your situation with PayPal? They supposedly process any claims in 10 business days, but thats 2 weeks where I won't have any money.

Paypal responded really quick to the first couple, but I think it was almost 10 days before they resolved them all. I had 7 or 8 different debits from my account, all fraudulent.

My bank, Wells Fargo, literally gives you any money that you claim as stolen from you back just about the second you tell them. It's pretty nice.

Wells Fargo did not and would not refund and of the money when I called them. They said that type of protection only applys to "Visa" check/debit card transactions, not direct account debits such as Paypal. Even after I returned the money to my account, Wells Fargo refused to refund the multiple over draft fees I incurred.

So I had learned this lesson a long long time ago. Sorry OP, this does suck.

If you are going to tie Paypal to a bank account, use one that is only for this purpose and only leave $5 bucks in it.

Also, I would never even enter my information on that website. The horror stories from people (Esp at http://www.paypalsucks.com/) are amazing. You are talking about a company that has frozen hundreds of thousands of dollars because they can.

Lastly, someone else suggested it here, get the key fob. $5 bucks and you need it to login.

Best of luck OP.

*edit* o lastly, you can put a "ACH" block on your bank account. ANY bank should be willing to do it.

shitty man, hope it works out for you!

yeah I just went swordfish on my paypal password!

That BLOWS! Good luck with it all....

Fuck that sucks........

EDIT: You don't use the same password for ebay and paypal do you? I know some dummy that did, and well, I probably don't need to say anymore.

And here is a great time to make sure everyone hears that you should keep more then 1 bank account with cash in it!

Hell my emergency fund is in a bank account where it is savings only. And yes I do have access to it via ATM card if I needed.

Diversify people... All your eggs in one basket can wreck havoc on you.

And here is a great time to make sure everyone hears that you should keep more then 1 bank account with cash in it!

Hell my emergency fund is in a bank account where it is savings only. And yes I do have access to it via ATM card if I needed.

Diversify people... All your eggs in one basket can wreck havoc on you.


In my Fat Swiss bank account

Point taken Matt. This thread scares the living bejesus outta me.

Ok so Paypal's fraud department was responsive the one time I needed to use them. Like others have said, get the security key as well! Then it doesn't matter if someone guesses your password, because that code changes every 60 seconds, and is needed to log in. The key also ties to your eBay account so it protects that as well.

As for how they got your password, it's hard to say. Brute force is generally a last resort though, so I'm happy that your password takes a while to guess but really that's only a partial protective mechanism. Since you use it all over god knows where, it's possible that some other web site was compromised, and they got your email address and that site's password. Given that a lot of people use the same PW everywhere, it's just a matter of trial and error to find ones that allow a login. It could have also been a phishing site, but I don't know where you've been (on the Internet).

For the record, change your Paypal password. DON'T use it anywhere else. Get a security token. And NEVER type it into a Paypal/eBay-looking site unless you physically got there from the paypal.com/ebay.com URL's.

I doubt someone sat there on Paypal and brute forced your account; there are mechanisms in place to catch that type of activity. More than likely they got your info through phishing or another compromised site, and used that to log in. It's also conceivable that your PC itself got compromised, but it sounds like you're pretty careful on that front.

Regarding the password storage drive, you can get one if you want, but it still won't matter if you use the same one all over the place and type it into some other website that gets owned one day. Personally I just recommend you go download an app called Keypass and store your stuff in that, since it sounds like you're going to have to change it in a few places. ;)

And here is a great time to make sure everyone hears that you should keep more then 1 bank account with cash in it!

Hell my emergency fund is in a bank account where it is savings only. And yes I do have access to it via ATM card if I needed.

Diversify people... All your eggs in one basket can wreck havoc on you.


Agreed. I always keep a separate account (in a safe) at all times, that someone can't access via the internet. Sad thing is, every once in a while, I deposit half/all of that into my bank account.

I am now planning on keeping that money in a separate bank account that I never touch and just let it slowly be building up. Kind of a pain to have to go to two branches to make deposits, but safer I guess.

I was able to get my bank (Elevations Credit Union) to put a stop on all charges from PayPal. They said that since I caught the fraudulent charges within a day, they will not clear, and so the money should reappear in my account shortly. Either way, it sucks. And I won't assume I'm getting my money back until it all shows up in my account.

I will be going around to all of the sites I frequent, and change the password to something totally random. Then, I'll use the good ol' method of remembering passwords by just writing them down, and putting them in my safe. I won't even store any on my computer from now on.

Are you sure those werent fishing e-mails? Did you send them any information first. Like one of those "We want to verify your account information for our records" People are really good at forging those. There are lots of examples of that. looks just like the real thing.

And with the existence of rainbow tables for lots of known encryption types, don't count on a brute force saving you....

But Ralph is right, if someone tried to log in using your account x number of times on paypal you would have been notified. it is most certainly from another website/your computer.

I didn't do anything with the emails. I just got home, checked my email, saw 10 of the following messages, and then checked my paypal account. Thats when I saw the charges.






尊敬的 Myfirstname mylastname,

本电子邮件确认您已经使用贝宝支付给Skype (billing@skype.net) 　500 EUR。

此次购物的汇率为1 USD = 0.726998EUR

付款详情

交易号： 4Wxxxxxxxxxxxxxxx
物品价格： 500.00 EUR
总计： 　500.00 EUR
账单号： 203xxxxxx
买家： Myfirstname mylastname

Then there was one email where they "reversed" the charge, but it wasn't reversed at all, it was just another charge. I have a feeling they did the first 10 transfers, and since they went through, they tried to do it another time, but that one wouldn't clear or something, so thats why it was a reversed charge (not a refund).

So the emails looked just like phishing emails, yet they were just the receipts that PayPal sends you to notify you of a transaction. I'm probably going to close down my PayPal account here once this is all done and not use it again. Which means a hassle since I won't be able to buy stuff on eBay as easily, but its a workaround I'd rather deal with than having this happen again.

Examples of some of mine. All official notices from Paypal



Payment Details
Transaction ID:http://images.paypal.com/en_US/i/scr/pixel.gif1S559292EW7******
Price:http://images.paypal.com/en_US/i/scr/pixel.gif$20.00 USD
Total:http://images.paypal.com/en_US/i/scr/pixel.gif$20.00
USD Order Description:http://images.paypal.com/en_US/i/scr/pixel.gif39473
Item/Product Number:http://images.paypal.com/en_US/i/scr/pixel.gif353
Buyer:http://images.paypal.com/en_US/i/scr/pixel.gif********

It may take a few moments for this transaction to appear in the Recent Activity list on your Account Overview. Business Information
Business:http://images.paypal.com/en_US/i/scr/pixel.gifTelx Inc.Contact E-Mail:http://images.paypal.com/en_US/i/scr/pixel.gifmy@telx-inc.com

If you have questions about the shipping and tracking of your purchased item or service, please contact Telx Inc. at my@telx-inc.com

Another one.



This email confirms that you have paid SkySipTel.com (http://skysiptel.com/) (info@skysiptel.com (http://us.mc330.mail.yahoo.com/mc/compose?to=info@skysiptel.com)) €9.99 EUR using PayPal.

The exchange rate for this purchase is 1 USD = 0.619446EUR

Payment Details
Transaction ID:http://images.paypal.com/en_US/i/scr/pixel.gif9NB67326E95******
Item Price:http://images.paypal.com/en_US/i/scr/pixel.gif9.99
EURTotal:http://images.paypal.com/en_US/i/scr/pixel.gif€9.99
EUROrder Description:http://images.paypal.com/en_US/i/scr/pixel.gifAccount charge
Buyer:http://images.paypal.com/en_US/i/scr/pixel.gif********
Phone:http://images.paypal.com/en_US/i/scr/pixel.gif********

It may take a few moments for this transaction to appear in the Recent Activity list on your Account Overview.
Business Information
Business:http://images.paypal.com/en_US/i/scr/pixel.gifSkySipTel.comContact E-Mail:http://images.paypal.com/en_US/i/scr/pixel.gifinfo@skysiptel.com

If you have questions about the shipping and tracking of your purchased item or service, please contact SkySipTel.com at info@skysiptel.com.

Here is a third just for fun.



This email confirms that you have paid United World Telecom LC (uwt@uwtcallback.com (http://us.mc330.mail.yahoo.com/mc/compose?to=uwt@uwtcallback.com)) $40.00 USD using PayPal.

Payment Details
Transaction ID:
http://images.paypal.com/en_US/i/scr/pixel.gif6K309545TC0******
Item Price:http://images.paypal.com/en_US/i/scr/pixel.gif$40.00 USD
Total:http://images.paypal.com/en_US/i/scr/pixel.gif$40.00 USD
Order Description:http://images.paypal.com/en_US/i/scr/pixel.gifUnited World Telecom
SignupItem/Product Number:http://images.paypal.com/en_US/i/scr/pixel.gif8461940501603722
Invoice ID:http://images.paypal.com/en_US/i/scr/pixel.gif8461940501603722
Buyer:http://images.paypal.com/en_US/i/scr/pixel.gif*********
It may take a few moments for this transaction to appear in the Recent Activity list on your Account Overview.
Business Information
Business:
http://images.paypal.com/en_US/i/scr/pixel.gifUnited World Telecom LCContact E-Mail:http://images.paypal.com/en_US/i/scr/pixel.gifuwt@uwtcallback.com
If you have questions about the shipping and tracking of your purchased item or service, please contact United World Telecom LC at uwt@uwtcallback.com.

Those are a lot more detailed than any of mine. It shows up on my powerbook, but not on my pc that the above question marks in my sample email are actually Chinese characters. No other contact information whatsoever, just what I typed in.