03-17-2010, 06:17 PM #1
Be Careful with Your PayPal Account!!
Mine got hacked and I lost $1,000.
I had a good password, I thought but it didn't seem to help?
I got up, the next morning to the email where I had sent money and thought this person had got into my account and sent money to himself.
Well, I then threatened this persons life with a violent act and firearm, and then found out that this person was scammed too.
Then I found the second person that had the same thing happen by selling something and receiving money from my account.
One of the guys sold a World of Warcraft and was paid with my account the other guy said it was video game related. Maybe they can follow this account??
So they are out $500 each and me $1,000.
I filed a police report, and PayPal already has the persons IP address for what help that will be.
So hopefully they will find this POS. The police said that if they are caught it will be a felony and also identity theft so they will be charged with a minimum of two felony charges.
The moral to this story is use very odd passwords, nothing family related and change it often!
03-17-2010, 09:01 PM #2
- Join Date
- May 2008
- Lake Havasu
Use this; http://www.pctools.com/guides/password/
It generates a completely random password. There are many other free random password generators. Use one. Then create a text file somewhere, hidden on your computer, and rename the file extension to something obscure, or even make it a .sys file or something that make sense.
Only you know which file it is, and where, and what the file extension is.
Rename it back to txt, or doc, copy and paste your passwords into wherever they need to be.
Change passwords often. Especially if it's an account you log onto that contains money.
I think the limit on password size on Paypal is 26 characters.
And, never, ever, use the same password for your email/games/green hulk, as you use for your financial accounts. Those passwords shMould be completely different, and impossible go guess.
Where people fall prey the most, is that they use a common password for everything. Or, they use common words. Use alternating capitol letters, and combine numbers and symbols into your passwords.
My Paypal account was hacked last year. However, I make a habit of checking my banking information daily, and noticed it as it was happening. Paypal also was paying attention and blocked all 6(yes, 6) transactions, totally over $8000.
I had to send in 6 affadavits to my bank, stating that those weren't my charges(they immediately froze my account), and, I couldn't use my debit card for 24 hours, but I didn't lose a dime, and the bad guys didn't get one either.
03-17-2010, 09:15 PM #3
- Join Date
- Oct 2005
Thanks for the heads up!
03-18-2010, 10:20 AM #4
wow,, that really sucks man hope everything gets straighten out for ya.
this is exactly why i never link a debit or credit card to paypal cause if you ever get robbed after your paypal goes empty there goes your credit/debit account, then you have two problems to deal with..
03-18-2010, 06:44 PM #5
Here is some good reading for those interested.
The girl I spoke with said that they attack sites that you visit and get your information from them then move to your bank and pay-pal.
I have a key generating dongle on the way so this wont happen again!
Here is the article I was telling you about. It was written by an actual
computer hacker, and outlines exactly how they would go about cracking
your password. I hope that you find this article as useful as I did!
If you invited me to try and crack your password, you know the one that
you use over and over for like every web page you visit, how many
guesses would it take before I got it?
Let’s see… here is my top 10 list. I can obtain most of this information
much easier than you think, then I might just be able to get into your
e-mail, computer, or online banking. After all, if I get into one I’ll
probably get into all of them.
1. Your partner, child, or pet’s name, possibly followed by a 0 or 1
(because they’re always making you use a number, aren’t they?)
2. The last 4 digits of your social security number.
3. 123 or 1234 or 123456.
5. Your city, or college, football team name.
6. Date of birth - yours, your partner’s or your child’s.
Statistically speaking that should probably cover about 20% of you. But
don’t worry. If I didn’t get it yet it will probably only take a few
more minutes before I do…
Hackers, and I’m not talking about the ethical kind, have developed a
whole range of tools to get at your personal data. And the main
impediment standing between your information remaining safe, or leaking
out, is the password you choose. (Ironically, the best protection people
have is usually the one they take least seriously.)
One of the simplest ways to gain access to your information is through
the use of a Brute Force Attack. This is accomplished when a hacker uses
a specially written piece of software to attempt to log into a site
using your credentials.
So, how would one use this process to actually breach your personal
security? Simple. Follow my logic:
* You probably use the same password for lots of stuff right?
* Some sites you access such as your Bank or work VPN probably have
pretty decent security, so I’m not going to attack them.
* However, other sites like the Hallmark e-mail greeting cards site, an
online forum you frequent, or an e-commerce site you’ve shopped at might
not be as well prepared. So those are the ones I’d work on.
* So, all we have to do now is unleash Brutus, wwwhack, or THC Hydra on
their server with instructions to try say 10,000 (or 100,000 - whatever
makes you happy) different usernames and passwords as fast as possible.
* Once we’ve got several login+password pairings we can then go back and
test them on targeted sites.
* But wait… How do I know which bank you use and what your login ID is
for the sites you frequent? All those cookies are simply stored,
unencrypted and nicely named, in your Web browser’s cache.
And how fast could this be done? Well, that depends on three main
things, the length and complexity of your password, the speed of the
hacker’s computer, and the speed of the hacker’s Internet connection.
Assuming the hacker has a reasonably fast connection and PC here is an
estimate of the amount of time it would take to generate every possible
combination of passwords for a given number of characters. After
generating the list it’s just a matter of time before the computer runs
through all the possibilities - or gets shut down trying.
Pay particular attention to the difference between using only lowercase
characters and using all possible characters (uppercase, lowercase, and
special characters - like @#$%^&*). Adding just one capital letter and
one asterisk would change the processing time for an 8 character
password from 2.4 days to 2.1 centuries.
Password Length |All Characters | Only Lowercase
3 characters | 0.86 seconds | 0.02 seconds
4 characters | 1.36 minutes | 046 seconds
5 characters | 2.15 hours | 11.9 seconds
6 characters | 8.51 days | 5.15 minutes
7 characters | 2.21 years | 2.23 hours
8 characters | 2.10 centuries | 2.42 days
9 characters | 20 millennia | 2.07 months
10 characters | 1,899 millennia | 4.48 years
11 characters | 180,365 millennia | 1.16 centuries
12 characters | 17,184,705 millennia | 3.03 millennia
13 characters | 1,627,797,068 millennia | 78.7 millennia
14 characters | 154,640,721,434 millennia | 2,046 millennia
Remember, these are just for an average computer, and these assume you
aren’t using any word in the dictionary. If Google put their computer to
work on it they’d finish about 1,000 times faster.
Now, I could go on for hours and hours more about all sorts of ways to
compromise your security and generally make your life miserable - but
95% of those methods begin with compromising your weak password. So, why
not just protect yourself from the start and sleep better at night?
Believe me, I understand the need to choose passwords that are
memorable. But if you’re going to do that how about using something that
no one is ever going to guess AND doesn’t contain any common word or
phrase in it.
Here are some password tips:
1. Randomly substitute numbers for letters that look similar. The letter
‘o’ becomes the number ‘0′, or even better an ‘@’ or ‘*’. (i.e. -
m0d3ltf0rd… like modelTford)
2. Randomly throw in capital letters (i.e. - Mod3lTF0rd)
3. Think of something you were attached to when you were younger, but
DON’T CHOOSE A PERSON’S NAME! Every name plus every word in the
dictionary will fail under a simple brute force attack.
4. Maybe a place you loved, or a specific car, an attraction from a
vacation, or a favorite restaurant?
5. You really need to have different username / password combinations
for everything. Remember, the technique is to break into anything you
access just to figure out your standard password, then compromise
everything else. This doesn’t work if you don’t use the same password
6. Since it can be difficult to remember a ton of passwords, I recommend
using Roboform. It will store all of your passwords in an encrypted
format and allow you to use just one master password to access all of
them. It will also automatically fill in forms on Web pages, and you can
even get versions that allow you to take your password list with you on
your PDA, phone or a USB key.
7. Once you’ve thought of a password, try Microsoft’s password strength
tester to find out how secure it is.
Another thing to keep in mind is that some of the passwords you think
matter least actually matter most. For example, some people think that
the password to their e-mail box isn’t important because “I don’t get
anything sensitive there.” Well, that e-mail box is probably connected
to your online banking account. If I can compromise it then I can log
into the Bank’s Web site and tell it I’ve forgotten my password to have
it e-mailed to me. Now, what were you saying about it not being
Often times people also reason that all of their passwords and logins
are stored on their computer at home, which is save behind a router or
firewall device. Of course, they’ve never bothered to change the default
password on that device, so someone could drive up and park near the
house, use a laptop to breach the wireless network and then try
passwords from this list until they gain control of your network - after
which time they will own you!
Now I realize that every day we encounter people who over-exaggerate
points in order to move us to action, but trust me this is not one of
those times. There are 50 other ways you can be compromised and punished
for using weak passwords that I haven’t even mentioned.
I also realize that most people just don’t care about all this until
it’s too late and they’ve learned a very hard lesson. But why don’t you
do me, and yourself, a favor and take a little action to strengthen your
passwords and let me know that all the time I spent on this article
wasn’t completely in vain.
Please, be safe. It’s a jungle out there.
If you have any further questions, please feel free to contact us again.
PayPal Customer Solutions
PayPal, an eBay Company
03-18-2010, 07:42 PM #6
very helpfull. thanks for posting this article.
03-18-2010, 09:14 PM #7
- Join Date
- Jul 2007
- near Toronto, Canada
Passwords - we all have way too many accounts that need passwords.
At the very least, use different passwords for anything remotely connected to money and online commerce - banking, Paypal, eBay, Amazon, and email - yes, email.
Then use something completely different for non-money related accounts - such as online forums. If you can, use a different and separate email address for non-money online accounts.
Assume that at some time at least one of these forums or other online web sites will be hacked or breached, and your user name and password will become known to bad guys. Make sure that your forum user name and passwords will not work on anything else that you consider important.
There are many online and computer installed password managing solutions available. Research how they work before starting to use one. Some of them are not very well built, and may be susceptible themselves to hacking. Some of them will be cumbersome or a poor fit for how you use the Internet.
Passwords are a weak security system. Until better methods become more common, make your passwords as secure as you can cope with.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By inothome in forum SoutheastReplies: 2Last Post: 01-09-2008, 04:34 PM
By Red Devil in forum Sea Doo Open DiscussionReplies: 6Last Post: 12-07-2006, 06:34 PM
By shhr in forum Sea Doo Open DiscussionReplies: 1Last Post: 07-11-2006, 07:06 PM
By Angelse68cal in forum Sea Doo Open DiscussionReplies: 2Last Post: 08-30-2005, 07:13 PM