Results 1 to 7 of 7
  1. #1
    David 1 FAST VE's Avatar
    Join Date
    Jun 2005
    Southaven, MS

    Be Careful with Your PayPal Account!!

    Mine got hacked and I lost $1,000.
    I had a good password, I thought but it didn't seem to help?

    I got up, the next morning to the email where I had sent money and thought this person had got into my account and sent money to himself.

    Well, I then threatened this persons life with a violent act and firearm, and then found out that this person was scammed too.

    Then I found the second person that had the same thing happen by selling something and receiving money from my account.
    One of the guys sold a World of Warcraft and was paid with my account the other guy said it was video game related. Maybe they can follow this account??

    So they are out $500 each and me $1,000.

    I filed a police report, and PayPal already has the persons IP address for what help that will be.

    So hopefully they will find this POS. The police said that if they are caught it will be a felony and also identity theft so they will be charged with a minimum of two felony charges.

    The moral to this story is use very odd passwords, nothing family related and change it often!

  2. #2
    Banned User
    Join Date
    May 2008
    Lake Havasu
    Use this;
    It generates a completely random password. There are many other free random password generators. Use one. Then create a text file somewhere, hidden on your computer, and rename the file extension to something obscure, or even make it a .sys file or something that make sense.
    Only you know which file it is, and where, and what the file extension is.

    Rename it back to txt, or doc, copy and paste your passwords into wherever they need to be.

    Change passwords often. Especially if it's an account you log onto that contains money.
    I think the limit on password size on Paypal is 26 characters.

    And, never, ever, use the same password for your email/games/green hulk, as you use for your financial accounts. Those passwords shMould be completely different, and impossible go guess.

    Where people fall prey the most, is that they use a common password for everything. Or, they use common words. Use alternating capitol letters, and combine numbers and symbols into your passwords.

    My Paypal account was hacked last year. However, I make a habit of checking my banking information daily, and noticed it as it was happening. Paypal also was paying attention and blocked all 6(yes, 6) transactions, totally over $8000.
    I had to send in 6 affadavits to my bank, stating that those weren't my charges(they immediately froze my account), and, I couldn't use my debit card for 24 hours, but I didn't lose a dime, and the bad guys didn't get one either.

  3. #3
    Thanks for the heads up!

  4. #4
    305coco's Avatar
    Join Date
    May 2007
    cape coral, florida USA
    wow,, that really sucks man hope everything gets straighten out for ya.

    this is exactly why i never link a debit or credit card to paypal cause if you ever get robbed after your paypal goes empty there goes your credit/debit account, then you have two problems to deal with..

  5. #5
    David 1 FAST VE's Avatar
    Join Date
    Jun 2005
    Southaven, MS

    Here is some good reading for those interested.
    The girl I spoke with said that they attack sites that you visit and get your information from them then move to your bank and pay-pal.
    I have a key generating dongle on the way so this wont happen again!

    Here is the article I was telling you about. It was written by an actual
    computer hacker, and outlines exactly how they would go about cracking
    your password. I hope that you find this article as useful as I did!


    If you invited me to try and crack your password, you know the one that
    you use over and over for like every web page you visit, how many
    guesses would it take before I got it?

    Let’s see… here is my top 10 list. I can obtain most of this information
    much easier than you think, then I might just be able to get into your
    e-mail, computer, or online banking. After all, if I get into one I’ll
    probably get into all of them.

    1. Your partner, child, or pet’s name, possibly followed by a 0 or 1
    (because they’re always making you use a number, aren’t they?)
    2. The last 4 digits of your social security number.
    3. 123 or 1234 or 123456.
    4. “password”
    5. Your city, or college, football team name.
    6. Date of birth - yours, your partner’s or your child’s.
    7. “god”
    8. “letmein”
    9. “money”
    10. “love”

    Statistically speaking that should probably cover about 20% of you. But
    don’t worry. If I didn’t get it yet it will probably only take a few
    more minutes before I do…

    Hackers, and I’m not talking about the ethical kind, have developed a
    whole range of tools to get at your personal data. And the main
    impediment standing between your information remaining safe, or leaking
    out, is the password you choose. (Ironically, the best protection people
    have is usually the one they take least seriously.)

    One of the simplest ways to gain access to your information is through
    the use of a Brute Force Attack. This is accomplished when a hacker uses
    a specially written piece of software to attempt to log into a site
    using your credentials.

    So, how would one use this process to actually breach your personal
    security? Simple. Follow my logic:

    * You probably use the same password for lots of stuff right?
    * Some sites you access such as your Bank or work VPN probably have
    pretty decent security, so I’m not going to attack them.
    * However, other sites like the Hallmark e-mail greeting cards site, an
    online forum you frequent, or an e-commerce site you’ve shopped at might
    not be as well prepared. So those are the ones I’d work on.
    * So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on
    their server with instructions to try say 10,000 (or 100,000 - whatever
    makes you happy) different usernames and passwords as fast as possible.
    * Once we’ve got several login+password pairings we can then go back and
    test them on targeted sites.
    * But wait… How do I know which bank you use and what your login ID is
    for the sites you frequent? All those cookies are simply stored,
    unencrypted and nicely named, in your Web browser’s cache.

    And how fast could this be done? Well, that depends on three main
    things, the length and complexity of your password, the speed of the
    hacker’s computer, and the speed of the hacker’s Internet connection.

    Assuming the hacker has a reasonably fast connection and PC here is an
    estimate of the amount of time it would take to generate every possible
    combination of passwords for a given number of characters. After
    generating the list it’s just a matter of time before the computer runs
    through all the possibilities - or gets shut down trying.

    Pay particular attention to the difference between using only lowercase
    characters and using all possible characters (uppercase, lowercase, and
    special characters - like @#$%^&*). Adding just one capital letter and
    one asterisk would change the processing time for an 8 character
    password from 2.4 days to 2.1 centuries.

    Password Length |All Characters | Only Lowercase
    | |
    3 characters | 0.86 seconds | 0.02 seconds
    4 characters | 1.36 minutes | 046 seconds
    5 characters | 2.15 hours | 11.9 seconds
    6 characters | 8.51 days | 5.15 minutes
    7 characters | 2.21 years | 2.23 hours
    8 characters | 2.10 centuries | 2.42 days
    9 characters | 20 millennia | 2.07 months
    10 characters | 1,899 millennia | 4.48 years
    11 characters | 180,365 millennia | 1.16 centuries
    12 characters | 17,184,705 millennia | 3.03 millennia
    13 characters | 1,627,797,068 millennia | 78.7 millennia
    14 characters | 154,640,721,434 millennia | 2,046 millennia

    Remember, these are just for an average computer, and these assume you
    aren’t using any word in the dictionary. If Google put their computer to
    work on it they’d finish about 1,000 times faster.

    Now, I could go on for hours and hours more about all sorts of ways to
    compromise your security and generally make your life miserable - but
    95% of those methods begin with compromising your weak password. So, why
    not just protect yourself from the start and sleep better at night?

    Believe me, I understand the need to choose passwords that are
    memorable. But if you’re going to do that how about using something that
    no one is ever going to guess AND doesn’t contain any common word or
    phrase in it.

    Here are some password tips:

    1. Randomly substitute numbers for letters that look similar. The letter
    ‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. -
    m0d3ltf0rd… like modelTford)
    2. Randomly throw in capital letters (i.e. - Mod3lTF0rd)
    3. Think of something you were attached to when you were younger, but
    DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the
    dictionary will fail under a simple brute force attack.
    4. Maybe a place you loved, or a specific car, an attraction from a
    vacation, or a favorite restaurant?
    5. You really need to have different username / password combinations
    for everything. Remember, the technique is to break into anything you
    access just to figure out your standard password, then compromise
    everything else. This doesn’t work if you don’t use the same password
    6. Since it can be difficult to remember a ton of passwords, I recommend
    using Roboform. It will store all of your passwords in an encrypted
    format and allow you to use just one master password to access all of
    them. It will also automatically fill in forms on Web pages, and you can
    even get versions that allow you to take your password list with you on
    your PDA, phone or a USB key.
    7. Once you’ve thought of a password, try Microsoft’s password strength
    tester to find out how secure it is.

    Another thing to keep in mind is that some of the passwords you think
    matter least actually matter most. For example, some people think that
    the password to their e-mail box isn’t important because “I don’t get
    anything sensitive there.” Well, that e-mail box is probably connected
    to your online banking account. If I can compromise it then I can log
    into the Bank’s Web site and tell it I’ve forgotten my password to have
    it e-mailed to me. Now, what were you saying about it not being

    Often times people also reason that all of their passwords and logins
    are stored on their computer at home, which is save behind a router or
    firewall device. Of course, they’ve never bothered to change the default
    password on that device, so someone could drive up and park near the
    house, use a laptop to breach the wireless network and then try
    passwords from this list until they gain control of your network - after
    which time they will own you!

    Now I realize that every day we encounter people who over-exaggerate
    points in order to move us to action, but trust me this is not one of
    those times. There are 50 other ways you can be compromised and punished
    for using weak passwords that I haven’t even mentioned.

    I also realize that most people just don’t care about all this until
    it’s too late and they’ve learned a very hard lesson. But why don’t you
    do me, and yourself, a favor and take a little action to strengthen your
    passwords and let me know that all the time I spent on this article
    wasn’t completely in vain.

    Please, be safe. It’s a jungle out there.

    If you have any further questions, please feel free to contact us again.

    PayPal Customer Solutions
    PayPal, an eBay Company

  6. #6
    305coco's Avatar
    Join Date
    May 2007
    cape coral, florida USA
    very helpfull. thanks for posting this article.

  7. #7
    Click avatar for tech links/info, donation request K447's Avatar
    Join Date
    Jul 2007
    near Toronto, Canada
    Passwords - we all have way too many accounts that need passwords.

    At the very least, use different passwords for anything remotely connected to money and online commerce - banking, Paypal, eBay, Amazon, and email - yes, email.

    Then use something completely different for non-money related accounts - such as online forums. If you can, use a different and separate email address for non-money online accounts.

    Assume that at some time at least one of these forums or other online web sites will be hacked or breached, and your user name and password will become known to bad guys. Make sure that your forum user name and passwords will not work on anything else that you consider important.

    There are many online and computer installed password managing solutions available. Research how they work before starting to use one. Some of them are not very well built, and may be susceptible themselves to hacking. Some of them will be cumbersome or a poor fit for how you use the Internet.

    Passwords are a weak security system. Until better methods become more common, make your passwords as secure as you can cope with.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Careful in the mangroves.
    By inothome in forum Southeast
    Replies: 2
    Last Post: 01-09-2008, 04:34 PM
  2. PayPal User Pro's
    By Red Devil in forum Sea Doo Open Discussion
    Replies: 6
    Last Post: 12-07-2006, 06:34 PM
  3. ebay account hi-jacked
    By shhr in forum Sea Doo Open Discussion
    Replies: 1
    Last Post: 07-11-2006, 07:06 PM
    By Angelse68cal in forum Sea Doo Open Discussion
    Replies: 2
    Last Post: 08-30-2005, 07:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts