• We welcome content that is not political, divisive, or offensive. If we feel your content leans this way or has the potential to, it may be removed at any time. A hot pepper forum is not the place for such content. Thank you for respecting the community!

Dear Thief Who Emptied Our PayPal Account

theghostpepperstore

theghostpepperstore

It seems like the holiday season always brings out the liars and thieves. I woke up this morning and logged into my PayPal account to process the orders from the weekend. The first thing I notice is a balance of approximately $0 and a money transfer to a bank account that doesn't belong to me. Some dirty thief tried to make off with all of the money in the account. Well, since this is nothing new to the security people at PayPal, it took me all of 10 minutes to remedy the issue and get my money back. The idiot that tried to steal from me, tried sending the money to a US bank account (silly!). Hopefully that account belonged to the thief that hacked my account and not some victim who lost control of their bank account. Its also too bad that I can't help with the data forensics, I would love to nail this person myself, but I guess there is some kind of a conflict of interest in me investigating a hack that happened to me.

It just amazes me that someone determined enough to hack my PayPal account wouldn't put in a bit of research into how to move the money effectively. PayPal has a 3-4 hold on transfers, much like the banks do with personal checks. We are obviously not dealing with a criminal mastermind here.
 
Glad you recovered the money. Do you know if they hacked it through the PayPal API on your site? I guess maybe you might not have a PayPal API but many people do that accept PayPal on websites.
 
armac said:
They were able to recall your money or they replaced it?
Click to expand...

They recalled the money, I caught it within 3 hours of it happening.

JoynersHotPeppers said:
Glad you recovered the money. Do you know if they hacked it through the PayPal API on your site? I guess maybe you might not have a PayPal API but many people do that accept PayPal on websites.
Click to expand...

It appears they "brute-forced" my password which is pretty impressive, someone obviously thought there was going to be more money than there was. It probably took them quite some time to pull off. Probably some "script-kiddy" with a COTS brute-force program, I can't wait to find out if PayPal is going to give me the name on the account that was the recipient.
 
I worked with pay pal investigators for several years, this type of thing happens hundreds of times a day. If they were really able to recall your money I would be surprised. The account it was wired to was just a "pass through" account, some idiot who thought he was making money on legal transfers. The bank will close his account, they will find the money would have been transferred overseas, and would not be traceable.

fraud, not good, but very common
 
They also had to add a bank account, and verify the deposit paypal made into that account, which can take awhile. You would have also received emails about these actions.

Glad you got it sorted.
 
This is why i haven't set up a pay pal account yet. i'm paranoid about crap like that happening! wanted to offer boxes of pods this season but fear of things like this stopped me.
 
Every week or so I get the password reset request email from paypal. Quite the phrase for someone to figure out and I change it periodically. I just ignore the password reset emails.

Edit: I also check my account multiple times a day and get notified on my new phone when anything happens with it.
 
You are right, they shouldn't have been able to brute force from the PayPal site. There must be a way to get through the API without setting off a flag somewhere. I know they weren't able to "password recover" on my account because I would have been alerted to that as well.

armac said:
I worked with pay pal investigators for several years, this type of thing happens hundreds of times a day. If they were really able to recall your money I would be surprised. The account it was wired to was just a "pass through" account, some idiot who thought he was making money on legal transfers. The bank will close his account, they will find the money would have been transferred overseas, and would not be traceable.

fraud, not good, but very common
Click to expand...

I think PayPal holds all bank transfers for several days before actually sending the money. I know all of my legitimate transfers sit in "limbo", as my bank likes to call it, for a couple of days before my bank can even see them.

The Hot Pepper said:
They also had to add a bank account, and verify the deposit paypal made into that account, which can take awhile. You would have also received emails about these actions.

Glad you got it sorted.
Click to expand...

They did have to add the bank account to my profile, they didn't even have time to verify it which is why PayPal was able to so quickly get the money back to me. I did receive emails but they were at 3 AM, I usually ignore those until I wake up.

naganumbness said:
This is why i haven't set up a pay pal account yet. i'm paranoid about crap like that happening! wanted to offer boxes of pods this season but fear of things like this stopped me.
Click to expand...

Nothing to be paranoid about, this really is the exception, just don't keep a bunch of money in the account and you never have too much to lose.
 
Yeesh - glad you came out $ neutral from the experience.

I have email notifications set to alert me for everything. I don't mind the extra mail, it's worth it.

Again, very glad you didn't get screwed on the deal. Big picture wise, who cares who did it or where the $ went - so long as you are made whole that's what's important.
 
naganumbness said:
This is why i haven't set up a pay pal account yet. i'm paranoid about crap like that happening! wanted to offer boxes of pods this season but fear of things like this stopped me.
Click to expand...

theghostpepperstore said:
Nothing to be paranoid about, this really is the exception, just don't keep a bunch of money in the account and you never have too much to lose.
Click to expand...

Have to agree with that 100%. That's like not going outside because a tree might fall on you. Life is chances.
 
good for you... as i type on this laptop.. i am factory restoring it..due to high possibility of a compromised laptop... i get SPAM emails from my FB friends.. cmon... also more recent i am getting emails from BILLMELATER ..."wwe are unable to authorize your recent attempts to use BML....so ya.. this laptop will me formatted.. used the iPad and changed all the pws on ALL my accounts...

also as we speak i am preparing papers to file police report due to someone opening 4 FOUR!!!! verizon phones (iphone 4)s mind you...and a few months before .. someone tried to add themselves as authorized user.... SMH.. just never ending...

at ED... thats why you should just ship em fo FREEEE lol
 
bummer, do you know about the pseudorandom number generators paypall and others use for account protection?
i had one for a while, and it was super easy to use. basically just push a button, you get a 6 digit pseudorandom number, and you put that at the end of your normal password. i understand nowaways they just do this through smart phones, but in the event you dont have one, i bet you could buy a stand alone device.
when i was getting alot of money through paypal way back, i used a little football shaped keyfob generator and it was excellent, best 5.99 or w/e ive spent.

edit:
id also look very very hard at reformatting all of your computers, its super likely one is infected with some asshole keyloggers. while it is possible to clean them out with av tools... with all the incomprehensible root kits and insanely tenacious viruses ive been told its almost always best to just reformat.
also its probably a good time to update your OS's if possible... if you are still on someting old... windows xp is like 50 years old, and from what i understand, is a very very tempting target given just about every facet of it has been documented and explored for years... and years and years.

look at new passwords for all of your accounts. assume that they had/have the information to all your stuff. check your email accounts for unexplained filters... i understand that sometimes people will use weird filters/ filtering rules to keep email notifications from showing up in your inbox that would otherwise notify you of suspecious crap. you might also want to reset your routers and modems etc to factory defaults considering its possible someone was stealing your info from your network, or was accessing your network and reconfiguring settings to facilitate w/e traffic they want.

if you want to get crazy, you could nuke the drive with software that completely writes over the bits on the drive such that its empties of all data on the drive completely. this is as opposed to low level reformatting that is basically just wiping out the file system and boot sector or w/e, all the existing data is just rewritten as you write new junk onto the drive. i mention this because i think software was demonstrated years back where a virus could essentially survive a reformatting. that being said, i dont bother. im not a tasty enough target for that sort of thing.

i remember way back i had some stupid virus on my unpatched less than legitimate version of windows that i found with wire shark. it was sending traffic through irc? i could see the information it was sending out in plain text from the packets wireshark had captured, what little i could understand was interesting to read.
 
I consider myself lucky in the fact that it could have been much worse.

Denniz, it sounds like you are fighting the kind of battle I am hoping to avoid. Good luck with it!

queequeg152 said:
bummer, do you know about the pseudorandom number generators paypall and others use for account protection?
i had one for a while, and it was super easy to use. basically just push a button, you get a 6 digit pseudorandom number, and you put that at the end of your normal password. i understand nowaways they just do this through smart phones, but in the event you dont have one, i bet you could buy a stand alone device.
when i was getting alot of money through paypal way back, i used a little football shaped keyfob generator and it was excellent, best 5.99 or w/e ive spent.
Click to expand...

I did not know about this, sounds like a RSA solution which in theory is great, except someone hacked RSA last year and I am not so sure about how safe it is anymore.
 
interesting, i was ignorant of that!

it very well may be that you know more about this than me, i am, and always will be stupid when it comes to coding etc. i worked my ass off in comp sci classes and always did shitty.

but its my understanding that the PHYSICAL tokens, are, and were always much more secure because the software token... the bit of data that is used to generate random numbers is stuffed away inside the keyfob, and cannot be "gotten" without someone like.... dismantling the thing... and somehow stealing the data it has stored in memory with some fancy equipment. if the server side stuff is cracked as you say, they would still need to know what token is used as the...seed data used to generate your random numbers... if you have it on a phone, sure i bet they could get at it easily if they wanted to, but if its in your pocket? they need to do some cia crap to get at it.

thats just my LIMTED understanding however... a little research on your part may be in order to mitigate your fears tho.


edit: grammar
 
12 years ago someone somehow got ahold of my checking account debit card. I NEVER ever use the debit card for anything...but I noticed some charges on the monthly statement. This was before web-banking, why back in the old days whenyou used to have to balance the checkbook....

Anyway, they were using the debit card to subscribe to animation/cartoon porn sites. I know people have some weird fetishes, but cartoon sex just doesn't even sound fun! :crazy: I was able to get the money back through the banks fraud protection policies. We still have no idea how someone got ahold of the number, but we're pretty sure it was someone local as one of the websites confirmed the IP address of the subscription was in Twisp but we couldn't get any further information than that.

So, it doesn't just happen to paypal....or credit cards....
 
salsalady said:
12 years ago someone somehow got ahold of my checking account debit card. I NEVER ever use the debit card for anything...but I noticed some charges on the monthly statement. This was before web-banking, why back in the old days whenyou used to have to balance the checkbook....

Anyway, they were using the debit card to subscribe to animation/cartoon porn sites. I know people have some weird fetishes, but cartoon sex just doesn't even sound fun! :crazy: I was able to get the money back through the banks fraud protection policies. We still have no idea how someone got ahold of the number, but we're pretty sure it was someone local as one of the websites confirmed the IP address of the subscription was in Twisp but we couldn't get any further information than that.

So, it doesn't just happen to paypal....or credit cards....
Click to expand...

i wonder if your entire bank could have been compromised. i can see some bank employee selling information on the side to whoever for a quick buck.
or maby someone just stole your mail.
 
You must log in or register to reply here.
Back
Top