1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My paypal just got hacked and money just got SPENTTT!!!!

Discussion in 'BlackHat Lounge' started by supermat007, Apr 22, 2009.

Thread Status:
Not open for further replies.
  1. supermat007

    supermat007 Regular Member

    Joined:
    May 8, 2008
    Messages:
    261
    Likes Received:
    401
    Hey,

    I came back to my pc to find someone has added a new email to my paypal and used it to buy some online game code for $10 with it.

    A few minutes later it got refunded.

    I called the company that it was ordered from and the number took me to a company that deal with their online transactions.

    The lady told me that because this thing is pretty common thats why i got refunded straight away because its was obvious...BECAUSE THE ORDER CAME FROM TURKEY FROM THIS WEIRD NEW UNCOMFIMED ADDRESS and im in the UK!

    She advised me to CLOSE my paypal as...

    They usually do this as a test to see what they can get before going after my money BIG TIME.

    Since they got into my account once, changing my password probably wont help....

    Paypal is shut at the momment plus I need to go to bed its 11:40 pm

    Fortunatly its only linked to my debit account and there's about £30 in the account! ahah....but they still have access to it, they could get my address and other details? who knowsssssss........

    Anyway this is the email that got added to my paypal

    Code:
    qeveze38@hotmail.com
    The lady told me the order came from Turkey.
    She didnt give me an IP or anything....I tried doing a reverse lookup on the email, i got an IP but it lead me to London and America... dont know really....

    SOOOOO

    HAS THIS HAPPENED TO YOU BEFORE?

    Any advice?

    ANY IDEAS HOW I CAN TAKE THIS FURTHER?

    DAMN I really dont want to close my paypal, I use it all the time (I havn't been phished.....unless paypal or rentacoder has been hacked! ahaha)

    Thanks guys

    Matthew
     
  2. bizcredit

    bizcredit Power Member

    Joined:
    Apr 1, 2008
    Messages:
    678
    Likes Received:
    253
    Occupation:
    blackhat
    Location:
    usa
    Home Page:
    Change the password, change the security questions, and run spyware checkers. And stop falling for paypal phishing emails
     
  3. supermat007

    supermat007 Regular Member

    Joined:
    May 8, 2008
    Messages:
    261
    Likes Received:
    401
    LOL well.........If I fall for phishing emails...i wouldnt be here...id be at DP ;)

    Like i said, if i change the password they could get it again - they already got it once. My pc is as clean as a whistle, although ill do some more scans etc.

    Anyone else?
     
  4. freqout

    freqout Regular Member

    Joined:
    Dec 1, 2008
    Messages:
    494
    Likes Received:
    81
    Occupation:
    Security Engineer
    Location:
    San Francisco bay area
    Just figuring out which plasma I want to buy for my turkish condo, thanks mate
     
  5. shyntaxx

    shyntaxx Registered Member

    Joined:
    Jul 31, 2008
    Messages:
    96
    Likes Received:
    50
    Yess change passes .. remove emails .. add a fresh one with different .. password then your paypal is .. clean cookies .. maybe even change all your pass for everything who knows what else they no .. Good luck buddy ..
     
  6. blazen

    blazen Regular Member

    Joined:
    Mar 8, 2008
    Messages:
    471
    Likes Received:
    147
    Change password, change the password for the email, and open a dispute for a unauthorized transaction. Also give details such as the IP was not the one you usually use when logging into your account etc. Call paypal by phone, they should help you out.
     
  7. grafxextreme

    grafxextreme Regular Member

    Joined:
    Nov 28, 2008
    Messages:
    350
    Likes Received:
    1,247
    Occupation:
    Retired
    Location:
    Tri-Dimensional Importation
    Afraid you may have to close your Paypal account. Paypal is not a bank (wouldn't matter because banks aren't any better) and they're not going to do anything to protect you. Chances are pretty good that it may be someone from Paypal who had access to Paypal's information. I know that I had a similar problem with my bank and their fraud department was a joke. I was the one who finally traced it down to one of their employees.

    I'm surprised that who ever has access to your account hasn't locked you out of it and hasn't tried to take money directly out of your bank account. That's the next step. Because they can get your bank's routing number combine that with other info you gave Paypal (your bank account) and have a field day.

    You may want to keep an eye on your bank account over the next few months. Especially if you start seeing someone adding a few cents to your account. That's a big giveaway. Then the only thing you can do is move your bank account to another bank. Changing your bank account or your credit/debit card won't help. It just gets worse from there.

    Wish you luck...
     
  8. Vivica

    Vivica Regular Member

    Joined:
    Dec 15, 2007
    Messages:
    260
    Likes Received:
    72
    Occupation:
    Agent of novelty!
    Location:
    Planet Earth ≡ This was just a first step; in time
    I had to close my PayPal account and my bank account when I got hacked. Since it was an unauthorized transaction I got my money back but it took like a week to get it all sorted out. The amazing thing was I logged into my account while I was on the phone with PayPal and then the PayPal rep told me that the miscreant was logging into my account at that exact moment trying to get more money out!
     
  9. 79beams

    79beams Newbie

    Joined:
    Dec 16, 2008
    Messages:
    27
    Likes Received:
    1
    I would suggest you should always clean your cookies,also I've read in some blog that hackers used keylogger to get their victims info
     
  10. housemusic

    housemusic Regular Member

    Joined:
    Jan 27, 2009
    Messages:
    389
    Likes Received:
    72
    Occupation:
    Jan 2009
    Location:
    Jan 2009
    gaming stuff?you were robbed by chickens or semeone sold your account info. most of carders test with another things such as free trials.
     
  11. Steeky

    Steeky Regular Member

    Joined:
    Jan 13, 2007
    Messages:
    454
    Likes Received:
    163
    There was a guy in bhw irc chat posting paypal emails/pass the other day.
     
  12. berrycorp

    berrycorp Guest

    hehe.... that comment was quite funny... lol
     
  13. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    Well dude you probably either fell for a phishing e-mail or you have a trojan. Scan your computer, change the password and be more careful in the future.
     
  14. BrianO

    BrianO Junior Member

    Joined:
    Apr 13, 2009
    Messages:
    173
    Likes Received:
    9
    I think you had become a victim of cookie stealing...if they are having your cookies the your password changing method will not work...and he can use it just by filling ur cookie details from his computer...so let the cookie expire!!!!
     
  15. DMONY

    DMONY Newbie

    Joined:
    Apr 9, 2009
    Messages:
    26
    Likes Received:
    2

    I've seen program built for egold were called "syphon viruses", and they basically piggybacked onto your connection somehow and whenever you logged into your egold account they logged in right behind you. No real hacking needed, just needed to know the IP address of the person you wanted to steal from.

    I'm guessing someone figured out how to do this with paypal. It's a shame what the world has come to.
     
  16. rocket

    rocket Regular Member

    Joined:
    Apr 14, 2009
    Messages:
    471
    Likes Received:
    131
    Occupation:
    Web developer and marketer
    Location:
    In my competitor's mind
    PayPal will never email you shit. Look at the headers in you emails from them.
     
  17. rocket

    rocket Regular Member

    Joined:
    Apr 14, 2009
    Messages:
    471
    Likes Received:
    131
    Occupation:
    Web developer and marketer
    Location:
    In my competitor's mind
    Do this:

    1. run mulitple AVs. Scan in safe mode
    2. restart computer
    3. run browser, preferably FF, in a sandbox. Sandboxie is a user-friendly program
    4. THEN log in to your PayPal account.

    Nothing's failproof, but that should stop the average hacker jackhole
     
  18. BrianO

    BrianO Junior Member

    Joined:
    Apr 13, 2009
    Messages:
    173
    Likes Received:
    9
    Y i forgot to mention one more thing...you could also be having a keylogger installed by the attacker!!!Try to go for a good spyware remover!!!!
     
  19. biznets

    biznets Junior Member

    Joined:
    Jan 24, 2009
    Messages:
    116
    Likes Received:
    20
    I have to agree, I've been in the same situation and the only way is to close your a/c ASAP, you probally be advised to shut your bank a/c down too, Good luck.
     
  20. supermat007

    supermat007 Regular Member

    Joined:
    May 8, 2008
    Messages:
    261
    Likes Received:
    401
    Thanks guys (not everyone :p ) for the advice.....

    I use NOD32 Antivirus and its constantly upto date. Never had a virus for a long time! So I dont think its that....

    Cookie stealing?....I thought cookies where encrypted? hmmmmm

    As theres no money in my bank im seeing how it goes. About to get on the phone to paypal now.

    Also even if they have access to my paypal, paypal doesnt show the card numbers or bank numbers.. They just show XXXXXXXXX and then like the last 4 numbers?

    hmmm

    Ill let you know what paypal say.

    Matt
     
Thread Status:
Not open for further replies.