This forum requires Javascript to be enabled for posting content
Log In
Please consider registering
Guest
Forum Scope


Match



Forum Options



Min search length: 3 characters / Max search length: 84 characters
Register Lost password?
Stolen Money
carbonterry2
356 Posts
(Offline)
1
April 28, 2016 - 11:39 am

I lost quite a bit of money from my PP account. PP says the transactions came from my computer?
Malware Scan=

Key Logger?

carbonterry2
356 Posts
(Offline)
2
April 28, 2016 - 11:46 am

log files

Jim Hillier
2700 Posts
(Offline)
3
April 28, 2016 - 6:28 pm

You have two PUPs (Potentially Unwanted Programs) installed - Malware Protection Live and Spigot. Although highly undesirable, neither is particularly malicious and I doubt they would have anything to do with the mystery PayPal transactions.

Did you allow Malwarebytes Anti-Malware to remove them? If not, do so now.

I can see no sign of a rootkit in the MBAM log file, however, I would still scan again with a dedicated rootkit scanner: https://www.malwarebytes.org/antirootkit/?tracking=Awin&awc=5663_1461881507_d847a54ffe82306274df96b64fa5b501

Have you changed your PayPal account password? If not, do so now!

Please use a strong password - minimum 10 characters, no dictionary words, include upper and lower case letters, at least one random character (such as $%^&*), plus a combination of numbers and letters: e.g. CBT#56dct=5STr

How and where do you save your passwords?

carbonterry2
356 Posts
(Offline)
4
April 29, 2016 - 11:57 am

Have removed all PUP's
Changed all passwords using 16 characters as you suggested.
Will do another scan per your suggestions.
passwords stored in a word doc not named password...move to a flash card?

Thanks Jim

carbonterry2
356 Posts
(Offline)
5
April 29, 2016 - 12:10 pm

No root kits per MBAM

Jim Hillier
2700 Posts
(Offline)
6
April 29, 2016 - 6:01 pm

Never keep an open list of passwords stored on the computer. One thing I forgot to mention - do not use the same password for different accounts, use a different password for each account.

Either use a password manager, where all passwords are encrypted and protected by a master password. Or, if the computer is in a safe environment, that is at home as opposed to any work or shared situation, print out the list of passwords and keep a hard copy somewhere secure. Then move the digital list (word doc) over to external media (flash card would be fine) as a permanent record.

I do both, I use a password manager, which allows me to log-in to accounts automatically, and keep a book of passwords in a safe place.

Recommended password managers:

Roboform: http://www.roboform.com/how-it-works - free for up to 10 log-ins. Full version (more than 10 log-ins) costs $9.95us for the first year and $19.95us for each subsequent year - well worth the money.

Last Pass: https://lastpass.com/ - free edition more than adequate for one PC/device, Premium edition costs $12.00us per annum (scroll down to the bottom of the page for feature comparison).

carbonterry2
356 Posts
(Offline)
7
April 30, 2016 - 12:00 am

Thanks Jim
Possibly someone came across my password document. Wouldn't there be some trace? My computer is in a secure place and I do use Last Pass

carbonterry2
356 Posts
(Offline)
8
April 30, 2016 - 12:01 am

The accounts that were hacked had unique passwords.

Jim Hillier
2700 Posts
(Offline)
9
April 30, 2016 - 1:17 am

Accounts, plural? What other accounts were hacked?

I hate to suggest thus BUT, most likely scenario here is someone you know, or someone who might have had access to the computer at some time.

carbonterry2
356 Posts
(Offline)
10
April 30, 2016 - 3:46 am

2 diff PP accounts.
This happened while I was the only person in the house.

Jim Hillier
2700 Posts
(Offline)
11
April 30, 2016 - 4:03 am

What happened while you were the only person in the house Terry? That your PayPal accounts were hacked?

Your passwords could have been accessed and copied at any time prior to the illegal transactions. In fact, it would make sense for a perpetrator to wait for while, until a time when suspicion would not necessarily fall on them.

Don't get me wrong mate, this is all supposition on my part. Merely an educated guess based on the absence of any rootkit/malware or any other obvious explanation.

dandl
Lexa, AR
740 Posts
(Offline)
12
April 30, 2016 - 9:00 am

carbonterry2 said

Thanks Jim
Possibly someone came across my password document. Wouldn't there be some trace? My computer is in a secure place and I do use Last Pass

Sounds like the most likely scenario?

carbonterry2
356 Posts
(Offline)
13
April 30, 2016 - 10:30 am

PP says that the transactions came from my computer?

Jim Hillier
2700 Posts
(Offline)
14
April 30, 2016 - 11:32 am

I don't understand how PayPal could say unequivocally that it was your computer. Even if logging the IP address, that still isn't proof positive that the computer was yours. Anyway, PayPal should be able to provide you with details of all the transactions.

If these transactions did come from your computer, a confirmation email would have been immediately forwarded to the email address associated with your account. Did you receive any confirmation emails?

Have you responded to any emails from PayPal recently (prior to the illegal transactions) which asked you to "verify" or "update" your account details, or similar?

David Hartsock
1117 Posts
(Offline)
15
April 30, 2016 - 7:11 pm

Six, OK seven, things that immediately come to mind...

1. PayPal should be able to provide the dates/times/IP addresses that have accessed the account. I would ask for that immediately. From there you can determine anything that looks out of the ordinary.

2. Find out if PayPal can, or will, recover any of the money!

3. Move any additional funds to your bank account and only keep enough in PP to handle any transactions.

4. LastPass was breached last year. If you did not change your password and/or hint there may be a chance that information was accessed, especially if you had an easy/insecure master password/account login. http://krebsonsecurity.com/2015/06/password-manager-lastpass-warns-of-breach/

5. Immediately change the passwords for other financial accounts and LastPass - use STRONG passwords.

6. Do a full scan with your (updated) AV software. Then scan it again with several of the online scanners from the major players (I'll add links below). Note that some won't be able to run from FF or Chrome.

7. If there is any sign of infection nuke the computer with extreme prejudice - and by nuke I mean wipe it and start from scratch.

http://www.eset.com/us/online-scanner/
http://www.bitdefender.com/scanner/online/free.html
http://www.pandasecurity.com/usa/support/tools_homeusers.htm
https://security.symantec.com/nbrt/npe.aspx

Forum Timezone: America/Indiana/Indianapolis
All RSSShow Stats
Administrators:
Jim Hillier
Richard Pedersen
David Hartsock
Moderators:
Carol Bratt
dandl
Jason Shuffield
Jim Canfield
Terry Hollett
Stuart Berg
John Durso
Top Posters:
Chad Johnson: 867
Mindblower: 664
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Newest Members:
JudeLandry
benjaminlouis680309
drogers97439
travishead60
Gohighlevelsnapshots
Forum Stats:
Groups: 8
Forums: 20
Topics: 1941
Posts: 13516

 

Member Stats:
Guest Posters: 11
Members: 3177
Moderators: 7
Admins: 3
Most Users Ever Online: 2303
Currently Online: jacksalvator
Guest(s) 20
Currently Browsing this Page:
1 Guest(s)
Exit mobile version

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!