posted on April 13, 2005 09:15:43 PM new
So I log into my Paypal account yesterday, and I'm required to enter in my both my full Business Credit Card number, and Bank account number....YIPPY.
Now today to pending transfers are reveresed and I have "Open Issues", in relation to more "Security Hoola Hoops", I have to jump through...no this isn't Spam.
I then have to confirm my Telephone number on file with them, while some "Robot", calls me back within 20 seconds at which time I enter in a pin number their website randomly selects. I now get the following emails from Paypal which state verbatum
Dear John Doe,
Congratulations, by successfully answering our automated phone call, you
have confirmed that you are located at the address you have on file. This
further increases the security of our network.
Thank you for helping us test our Confirm Location by Phone process. Your
account information has been updated to reflect your successful completion
of this process.
Sincerely,
PayPal
Dear John Doe,
We have completed our review and have restored your account.
Thank you for your patience during this process and for helping to make
PayPal the safest and most trusted online payment solution.
posted on April 13, 2005 09:31:00 PM new
Yup,,,,,that was SPAM and you ate the Whole can......now they are going to eat your PP account to the bone.......
posted on April 13, 2005 09:54:01 PM new
Jack,
You got that right.
Excelrye...Immediately call the 800 number on your CC statement and report that card compromised and have it cancelled and renewed with a new number. Do the same with your bank account first thing in the morning. Change your password on your Paypal account now. You've been taken for a ride, and I can already spot two possible scenarios on how this could play out if you do nothing. You won't like the results of either scenario.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on April 13, 2005 10:27:44 PM new
Hello Anyone home? I didn't get these notices via email, this all occured when I logged into my Paypal account via Paypals website. Geez you guys are so quick to jump....this was the real deal...NOT SPAM..so no I wasn't "Taken For A Ride"..DUH
I was able to log into my account which displayed all my trasaction history..etc...etc, which stated "I had Open Issues".
The emails sent to me afterwards addressed me by first and last name etc....again not SPAM!
So basically what you guys are saying is someone Hacked into Paypals website, had me "Jump Through Hoola Hoops", in an attempt to steal my identity....Nah I don't think so guys sorry to burst your bubble
posted on April 13, 2005 10:33:31 PM new
Just logged into my Paypal account, here is what one of my transfers which was revered earlier today stated when I clicked on the details portion of the message
posted on April 13, 2005 10:52:06 PM new
Who said anything about a spoof email? Not me. I fully understood from your first post that you got this from inside your account. The point I was trying to make is that someone was most likely tampering with your account to provoke an inquisition like that from Paypal. This isn't something they do for fun in their spare time. Your account and you were singled out for a reason. They went so far as to restrict your account. Are you not curious as to why? I personally could care less. It's your money, not mine. I refuse to deal with Paypal, but if I did, I would be very curious as to what happened and would be on the phone asking questions.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on April 13, 2005 11:00:47 PM new
I don't think anyone was tampering with my account, the first message I recieved stated something to the effect of "New Security Measure",... You have been randomnly selected, to increase both the quality and safety of our site.
If you don't deal with Paypal, then your probably losing money. Yes I/many have undoubedly had to deal with chargebacks etc...however what's the alternative lost sales becasue I won't accept payment via Paypal...nah I don't think so?
posted on April 16, 2005 02:01:59 PM new
It is NOT a random "security feature" by PayPal. It happened to me within the last month. I'm running all kind of firewall, spyware, etc. When PayPal got to the second hoop-jumping session for "random security". I called PayPal. A resolution rep admitted to me someone had "walked right into your account within minutes of you changing your password - they couldn't answer your security questions, so the computer froze your account..."etc., etc., and so forth.
I locked down my internet connection and computer. You really should take the possiblity of hacking seriously. No sooner did security have all new anti-hacking/security software loaded on my system and accurate, than a red alert box popped up that someone externally was trying to run a malicious script on my internal system.
Call PayPal and ask them if your account was hacked - I was told they don't do "random security checks" - they just word it that way, I was told, so you won't be "alarmed". Heck, if I've been hacked, I NEED to be "alarmed".
Really, it's your money now, but you should take it seriously and review your security software, particularly if you are DSL or cable and online all the time.
posted on April 16, 2005 02:59:01 PM new
You got that right - about DSL and cable Modem. Ever since the Cable people came out and said that someone down the road was using my IP address, I've been really paranoid. I have like 3 firewalls set up. The first with my router catches them. Here is ONE day with what my firewall blocks. I've checked out the IP's before and they are from all over the world!
Sat Apr 16 15:48:05 2005 : Blocked access attempt from 202.99.183.176
Sat Apr 16 15:44:39 2005 : Blocked access attempt from 82.116.135.4
Sat Apr 16 15:26:13 2005 : Blocked access attempt from 69.1.30.51
Sat Apr 16 15:14:48 2005 : Blocked access attempt from 218.83.153.58
Sat Apr 16 14:37:12 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 14:18:54 2005 : Blocked access attempt from 200.43.230.109
Sat Apr 16 13:56:04 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 13:54:56 2005 : Blocked access attempt from 61.152.160.63
Sat Apr 16 13:53:40 2005 : Blocked access attempt from 82.120.53.204
Sat Apr 16 13:44:41 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 13:34:40 2005 : Blocked access attempt from 210.181.27.30
Sat Apr 16 13:34:39 2005 : Blocked access attempt from 210.232.80.23
Sat Apr 16 13:33:17 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 13:04:38 2005 : Blocked access attempt from 220.227.201.83
Sat Apr 16 13:01:23 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 12:47:45 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 12:43:13 2005 : Blocked access attempt from 82.233.242.21
Sat Apr 16 12:27:37 2005 : Blocked access attempt from 217.249.231.205
Sat Apr 16 12:20:04 2005 : Blocked access attempt from 69.245.154.14
Sat Apr 16 12:17:53 2005 : Blocked access attempt from 219.148.64.68
Sat Apr 16 12:02:42 2005 : Blocked access attempt from 82.119.222.105
Sat Apr 16 12:02:12 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 11:43:19 2005 : Blocked access attempt from 69.154.10.133
Sat Apr 16 11:38:55 2005 : Blocked access attempt from 217.110.13.62
Sat Apr 16 11:38:49 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 11:25:42 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 11:16:05 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 11:10:46 2005 : Blocked access attempt from 84.97.147.83
Sat Apr 16 11:08:06 2005 : Blocked access attempt from 216.174.125.20
Sat Apr 16 11:04:56 2005 : Blocked access attempt from 168.234.168.186
Sat Apr 16 11:04:42 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 10:54:53 2005 : Blocked access attempt from 211.15.225.25
Sat Apr 16 10:54:53 2005 : Blocked access attempt from 210.142.194.245
Sat Apr 16 10:41:57 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 10:31:51 2005 : Blocked access attempt from 83.24.89.157
Sat Apr 16 10:19:11 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 10:11:08 2005 : Blocked access attempt from 82.116.138.41
Sat Apr 16 10:06:47 2005 : Blocked access attempt from 211.180.116.130
Sat Apr 16 09:56:24 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 09:55:10 2005 : Blocked access attempt from 61.152.160.63
Sat Apr 16 09:50:31 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 09:46:01 2005 : Blocked access attempt from 81.214.64.243
Sat Apr 16 09:45:09 2005 : Blocked access attempt from 61.30.143.121
Sat Apr 16 09:45:04 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 09:41:40 2005 : Blocked access attempt from 213.54.40.34
Sat Apr 16 09:26:56 2005 : Blocked access attempt from 218.64.175.198
Sat Apr 16 09:13:05 2005 : Blocked access attempt from 201.1.173.8
Sat Apr 16 08:59:34 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 08:23:32 2005 : Blocked access attempt from 212.99.207.233
Sat Apr 16 08:20:10 2005 : Blocked access attempt from 82.118.252.150
Sat Apr 16 08:15:43 2005 : Blocked access attempt from 210.232.102.162
Sat Apr 16 08:15:42 2005 : Blocked access attempt from 210.153.201.145
Sat Apr 16 08:15:13 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 08:02:49 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 07:48:03 2005 : Blocked access attempt from 62.69.32.132
Sat Apr 16 07:17:21 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 07:07:13 2005 : Blocked access attempt from 200.158.102.99
Sat Apr 16 07:05:39 2005 : Blocked access attempt from 218.83.153.58
Sat Apr 16 06:31:52 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 06:29:11 2005 : Blocked access attempt from 82.116.208.54
Sat Apr 16 06:21:28 2005 : Blocked access attempt from 222.8.81.150
Sat Apr 16 05:57:51 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 05:55:10 2005 : Blocked access attempt from 61.68.119.204
Sat Apr 16 05:42:04 2005 : Blocked access attempt from 218.232.166.190
Sat Apr 16 05:38:10 2005 : Blocked access attempt from 61.0.106.50
Sat Apr 16 05:36:33 2005 : Blocked access attempt from 211.37.203.249
Sat Apr 16 05:36:32 2005 : Blocked access attempt from 210.251.155.36
Sat Apr 16 05:35:10 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 05:33:38 2005 : Blocked access attempt from 194.243.175.18
Sat Apr 16 05:27:31 2005 : Blocked access attempt from 202.99.177.194
Sat Apr 16 05:12:32 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 05:04:09 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 05:01:37 2005 : Blocked access attempt from 218.162.115.237
Sat Apr 16 04:49:51 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 04:48:35 2005 : Blocked access attempt from 24.214.63.101
Sat Apr 16 04:38:30 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 04:38:13 2005 : Blocked access attempt from 82.119.127.82
Sat Apr 16 04:27:28 2005 : Blocked access attempt from 213.36.158.240
Sat Apr 16 04:27:09 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 04:17:00 2005 : Blocked access attempt from 211.74.248.91
Sat Apr 16 04:16:22 2005 : Blocked access attempt from 61.172.249.200
Sat Apr 16 04:15:50 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 04:12:19 2005 : Blocked access attempt from 195.138.119.80
Sat Apr 16 03:53:10 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 03:40:34 2005 : Blocked access attempt from 219.64.28.200
Sat Apr 16 03:19:08 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 03:17:37 2005 : Blocked access attempt from 81.196.153.130
Sat Apr 16 03:07:47 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 03:04:01 2005 : Blocked access attempt from 219.148.64.68
Sat Apr 16 02:57:22 2005 : Blocked access attempt from 210.86.150.172
Sat Apr 16 02:57:21 2005 : Blocked access attempt from 210.99.183.87
Sat Apr 16 02:47:15 2005 : Blocked access attempt from 82.121.97.250
Sat Apr 16 02:45:08 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 02:35:17 2005 : Blocked access attempt from 217.110.13.62
Sat Apr 16 02:33:49 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 02:26:32 2005 : Blocked access attempt from 69.174.240.59
Sat Apr 16 02:22:30 2005 : Blocked access attempt from 61.172.244.159
Sat Apr 16 02:17:53 2005 : Blocked access attempt from 82.172.69.217
posted on April 16, 2005 03:59:32 PM new
OMG!!! glassgirl, did you notice the number of repeat atemps from the same IP's? Is there any place that you can go to get these BASxxx's? Last week I had a call from the main office of my bank. They told me that somone in Italy had stolen the numbers on my ATM card & had been caught by the police. They cancelled my card & issued me a new number. I have no idea how someone in Italy got those numbers. I never use it on the internet.
posted on April 16, 2005 04:00:30 PM new
Debbie,
If they got into your account minutes after you changed your password, it sounds like a keystroke logger may have made it past your AV system. I had that happen once, but caught it in a system scan. Since then, I periodically doublecheck my AV software with an external AV program, such as Housecall from Trendmicro. Once that trojan takes up residence on your hard drive, a firewall becomes useless.
Glassgrl...Looks like your system has a lot of potential houseguests. Just imagine what the log looks like each day at Paypal, which incidentally, is one of the top 5 financial targets for hackers in the U.S. I just find it disturbing that the notice Excelrye got when she logged in to Paypal sounded like and requested the same information that a spoofer from Romania would put into a spam email. Not a very professional way to handle a security breech. They could hire a high school student on a part time basis that could be more creative. Assuming, of course, that a diverting script on her hard drive didn't send her to a lookalike site.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on April 16, 2005 04:22:32 PM new
I think everyone has these potential "houseguests".
I just didn't know it until I enabled my firewalls. And I didn't know I needed a firewall until I installed Norton (and I still hate Norton) and it said "we blocked a potential hacker etc."
That's when I went in a enabled my router firewall. It looks like that ALL day EVERY day.
posted on April 16, 2005 04:23:07 PM new
You're not kidding, glassgrl, that's for sure. Some graduate students at Toledo U did a reserach project on spyware software for work on their master's level computer science degrees. Guess what they discovered? No one spyware software, no matter how highly rated and sophisticated gets 'em all. Their conclusion was that users should have at least two top-rated spyware blocker programs.
I'm with you. I've had computers since the old 8088's and the bulletin board days in the 80's, since there were "home" computers to be had and I've always been security concious and look what happened to me, even with protective software. When I got off the phone with PayPal that morning, I immediately shut my system down, unplugged my modem, called a security expert I trust in immediately and didn't hook my modem back up till everything had been installed, etc. - it was cheaper than what I almost lost.
I'm running multiple software programs, too - I pull up similar reports to yours every day, the crackers never give up - hacking (or, really, "crackers" as they are) is a continual, ongoing process to be guarded against.
I originally decided to call PayPal because I've been with them almost from the beginning and NEVER had any kind of "security" issues from or with them, let alone to have them insist "you must change your password immediately", so I knew something was up out of the ordinary beyond just some alleged "random security check" I got caught up in (had my share of gripes with 'em, too, but we have no choice unless we want to greatly diminish high bids). It took a while to get the rep to admit to me that it wasn't random at all, that it was because I'd been hacked.
I've lost count of how many times I've been notified by one or the other of my plethora of brand new security software has stopped a malicious script or keystroke counter, etc. from accessing my computer in the weeks since I totally upgraded all of my security software and then some.
One of my software programs is really neat - when you are continually hooked up online, it allows you to virtually "unplug" yourself, if you will, from the internet. It stops all incoming and outgoing traffic, no exceptions, when you activate it with a mere keystroke. When I'm away from my keyboard for any length of time, I activate it.
It's pretty scary how far crackers have come in being able to access even those computers whose DSL and cable modem user's think are well-protected. I'd have said that two months ago, too, cause I thought I was doing all the right things security-wise. I found out, almost the hard way, it wasn't enough.
Too much $$$ goes thru my business accounts online to run the risk of not having my system locked down securely - it's something I no longer take for granted - just installing the software isn't enough, vigilence is required every day to keep everything updated and locked down securely.
Had it not been for the inability to answer my PP security questions (relatively obscure questions, I'll admit <g>, I doubt even my spouse could have answered more than one of the questions himself and that after never mind how many years together - but I think it was the obscurity of the my security questions that saved me being separated from a large chunk of my funds for an indeterminate period of time, frankly), roughly $1500 of my hard earned dollars would have taken a trip to the Cayman Islands a few weeks ago (no doubt to be transferred, probably not traceable either, from one of the 400+ international banks located on that little island to mercy knows where afterwards).
I am a professional woodturner - it ain't rich folk work - you earn a living, but not as easily or as handsomely as I did before I retired, pretty much anyway, from my clinical psychology practice and took to mostly full-time turning. Even my private commission clients tend to like the convenience of paying me via PayPal instead of having me directly process their credit cards through my biz account at my local bank, so it has become a major clearinghouse for probably 65% of my income. Not something I wanted hacked, for sure.
Ah, well, a lesson learned the hard way, but at least without suffering huge temporary financial loss (It's been a week and a half and I'm still waiting for the provisional return of $220 from PayPal, even after I sent the affidavit in snail mail and PP confirmed receipt of it, for an ATM machine transaction that failed in mid-stream when the ATM's modem went down before it dispensed my $$$, but after it had secured approval from PP's system to gimme me my money - imagine how much longer it would have taken to get $1500 fradulently transferred out of my account back).
The point I am trying to make is that I THOUGHT I had all the security software in place before, the firewall, the spyware software, the virus scanner - but it isn't enough. No one could have been more security conscious than I have always been. But it happened to me.
Like you, glassgrl, I have multiple programs now, 3 spyware blockers, multiple first-rate firewalls and even a second virus scanner I activate manually 3 X's a day so it doesn't conflict and "argue" with the one resident in my "tray".
posted on April 16, 2005 04:26:29 PM new
Thanks, Spartz for the additional info - after what almost happened to me, I'm prepared to do whatever I have to to maintain a locked down, secure system.
posted on April 16, 2005 04:41:06 PM new
Quote: One of my software programs is really neat - when you are continually hooked up online, it allows you to virtually "unplug" yourself, if you will, from the internet. It stops all incoming and outgoing traffic, no exceptions, when you activate it with a mere keystroke. When I'm away from my keyboard for any length of time, I activate it. "
What is this software program?
When I go out of town I unplug everything and I do mean EVERYTHING. That was the first time I had the attempted hacker.
posted on April 16, 2005 04:53:32 PM new
Glassgrl - it's in Norton 2005 firewall - if you right click on the Norton Firewall icon in your tray (I believe you said you have Norton - I hate it, too, it "argues" with everything, but it works, coupled with my other security software) it should pop up the little screen that lets you choose to click on "Block Traffic". Just leave the reminder screen up in the middle of your monitor so you'll remember to reverse click to "allow traffic" again when you are back at your computer.
posted on April 16, 2005 10:29:12 PM new
People, People....relax.....do the following. Go to start then "Run", if running Windows... do a simple DOS promt type in "CMD", and then typed in "Netstat". If anyones logged into your system their IP addy will be displayed.
If using a router Disable "WEP", so your neighbors aren't hijacking your internet connection....DUH.
glassgrl, fine tune your router if you are running one, and you shouldn't have any more problems. It amazez me how many people enable "WEP", ...not very smart. Also secure your connection so it requires authentication if someone does manage to make it that far. Bascially if someone wanted to hack into my systems they would first have to have my IP ADDYs which are both Static...not very likely going to find those, and then enter my username, and 32 charachter password two times. It really doen't matter just enable Dynamic IP which is much easier, and secure your system with a number of differen't passwords and change them every once and a while. No ones going to find you once you disable WEP...and again secure your connection
posted on April 17, 2005 03:32:05 AM new
Never get any other these hacker problems with Linux or Macs... mind you we don't use PayPal either. Cash is King!
posted on April 17, 2005 06:00:43 AM new
" Never get any other these hacker problems with Linux or Macs... mind you we don't use PayPal either. Cash is King!"
I agree, I started using Linux over 2 years ago and I love it. None of this spyware crap and viruses are almost non-existent.
Tony.
In a world without walls or fences who needs Windows and Gates?
posted on April 19, 2005 03:52:27 AM new
Ok boys and girls, get out your pencil's. I have NEVER had a problem with paypal and get fake email's weekly and sometimes daily. I never, never, never reply to email's from paypal even if they are addressed to me by name. If I have a question or concern I call this Paypal Toll Free number 1-800-377-1809. I found it somewhere in the paypal website back when I opened a account and wrote it down. You call it and get a real live and breathing person. Explain any concern's you have and if they can not help you they will direct you to a paypal rep that can. ALL of my security issues have alway's been solved by them on the spot and before I hung up. I like calling them because I know who I am dealing with, that being PAYPAL. Responding to email's in reference to my account I feel is just to risky now-a-day's no matter how many firewall's, spam blockers and so on. Also, if you don't have it DOWNLOAD THE EBAY TOOLBAR. If for no other reason than to protect you from loging into fake paypal site's. I very often respond to the fake emails just to see what they are, and if it was not for the ebay toolbar warning alert's poping up you would never be able to tell you were not on a paypal site. It's one thing ebay/paypal got right and actually works. Yea, yea, yea I know it takes up a extra little space on your screen, but when it comes to my account security, it is worth the loss of 1/4 inch of my screen display. Also, do everyone else a favor, if you do get fake email's from someone claiming to be ebay or paypal, REPORT IT. If you have the toolbar, just click on the report fake site. If not, you can forward the suspect email to [email protected] , in my experience the site's usually get shut down in 1 or 2 day's. Hope this helps
posted on April 19, 2005 04:06:15 AM new
Excelrye, here is something I found that is just like netstat, but shows all the tcp/ip connections to your machine. I think its pretty neat (although half the time I dont know what the helz I am looking at but after awhile, you start to know what IP numbers you usually have running and can see when there might be a odd one then run a "who is" to see if you want to allow that connection.
http://www.sysinternals.com/
..
It's under the heading - April 15 TCP/IP View if anyone wants to try it.
..
[ edited by dblfugger9 on Apr 19, 2005 04:15 AM ]
