More possible paypal problems.

Tandum (Robin) · #1 04-03-2011, 09:40 PM

Saw an article on overclockers about an email doing the rounds which is supposed to be from adobe telling you to upgrade your adobe reader. I found mine in the deleted items bin. It appears they have got the details to send these emails from paypal. In my case, my first and last names are reversed on paypal and that is who this email was addressed to.

I have since jumped into paypal to delete my credit card before it's stolen, again, and it tells me 'You may not remove your back-up funding source while an Instant Bank Transfer is still pending.' I see nothing pending in my history and have emailed paypal to see why. A pending transaction is normally associated with a linked bank account. I have jumped onto my banks site and emptied out the paypal linked bank account to another account. I figure it's easier to get the money back from visa than ANZ.

Has anyone else been hit yet? Last time they spent almost $10K at the apple store on my visa card

RickS (Rick) · #2 04-03-2011, 10:24 PM

Haven't seen that one yet, Robin...

DavidU (Dave) · #3 04-03-2011, 11:02 PM

Gawd !not good at all.

kustard (Simon) · #4 05-03-2011, 10:10 AM

Adobe Reader fake update emails are quite common unfortunately and they get a few unwary people. Adobe reader will update itself normally or you can manually update it via the application itself.

I always tell those who ask me about such emails to never ever click on any links provided in the email. Banks will never ask you to click on a link in an email. If you are unsure then contact the company BEFORE clicking on anything.

As with the email coming from paypal, they "spoof" the address to make it look like that it is coming from paypal but if you look at the full header information for the email then you can see that it is coming from some bogus server somewhere else.

I found one of these in my trash as well... here is the originating header line (blanked my email):

"Received: by zinc-fofi.emv4.net id hdcjb60hu6ov for <YOUR@EMAIL.ADDRESS>; Mon, 28 Feb 2011 05:28:09 +0100 (envelope-from <news@newman.cccampaigns.net>)"

I copied the "zinc-fofi.emv4.net" into google and straight away up comes some results about "zombies" (spamming bots) and "emv4.net" brings up a list about this domain spamming.

It's good to see that you (Tandum) jumped onto it straight away, it's very much to be safe than sorry when you're not sure of what's going on especially if you've already had it happen once before.

Tandum (Robin) · #5 06-03-2011, 09:09 PM

I got onto paypal by phone and the pending transfer problem when deleting a credit card is a known problem they are working on. I also searched my mail and found a few adobe upgrade emails, the first of which arrived in november, only a month or so after my credit card was hijacked from paypal last august. I'm guessing all this crap is from the hijack they did last year. I'm guessing I can expect more spam

Paypal still claim they where not hacked

Terry B · #6 06-03-2011, 10:04 PM

More info about it here at snopes
http://www.snopes.com/fraud/phishing/adobe.asp

Tandum (Robin) · #7 07-03-2011, 12:27 AM

Terry, the real problem isn't the emails themselves, it's the fact that they are using info cloned from paypal. Paypal insist they have not been breached yet the last email I got had my first and last names reversed on the email just like my paypal account and when I talked to paypal they called me Mr Robin

GeoffW1 (Geoff) · #8 07-03-2011, 03:20 AM

http://www.smh.com.au/technology/tec...306-1bjlp.html

pmrid (Peter) · #9 07-03-2011, 04:41 AM

I've been trying to remove a credit card and a linked bank account from my PayPal profile. Tried twice over the past 3 or 4 days now and got the same response saying in effect that there are transactions pending and so I can't do either. But there are no transactions pending I know about - haven't used PayPal for a few months now.
I just email'd them but would be interested to know what happened to your attempt to remove a card. Did you manage in the end?
Peter

Tandum (Robin) · #10 07-03-2011, 04:47 AM

Peter, I rang them and they removed my CC at their end. I got the same crap you are getting trying to do it from here. I think the russian maffia now controls paypal

AstroGuy · #11 07-03-2011, 10:59 PM

Hi Robin,

I've never heard of paypal being hacked. There is more chance of a trojan virus living in your computer that is remote controlled by the thief in question.

Once the trojan is on your computer the thief can see everything you do, even how you log onto your online banking, how you access paypal (passwords & login info etc...) basically you can get hacked from the inside out. This can only occur if you have run some shady software, or browser related plugin containing the trojan. Or, someone has been on your computer and placed it there knowingly, unknowingly, by mistakingly ok'ing a shady plugin or willingly.

Hope you get it sorted out without any losses.

Tandum (Robin) · #12 07-03-2011, 11:07 PM

There are no tojans on this machine. A lot of people here had thier credit cards used last year to buy lots of stuff from the Apple store in Sydney. Some of those people only used the stolen card with paypal, including me. The card was cancelled, refunded and replaced. It seems that those stolen personal details are now being used to send out these emails. The email I received had my first and last names reversed and it only appears that way on paypal. If this were a 2nd hack of paypal, my card would have been used by now, it hasn't been.

I doubt you'll ever hear of paypal being hacked, it's not something they'd want to get around.

MrB (Simon) · #13 07-03-2011, 11:17 PM

Quote:

Originally Posted by Tandum

I doubt you'll ever hear of paypal being hacked, it's not something they'd want to get around.

I'm thinking the other way.. it would be next to impossible for them to keep quiet.

There are bigger companies than Paypal that have had security issues exposed.

Note that I'm not refuting your claims.. just a different point of view.

Visionoz (Bill) · #14 09-03-2011, 02:00 AM

Robin

On the other hand someone that you had dealt with in the past using PayPal to pay them might have themselves been compromised and thus your PayPal name was disclosed - not directly from PayPal itself I suspect

HTH
Cheers
Bill

AstroGuy · #15 09-03-2011, 08:56 AM

There was a "Today Tonight" segment on TV some time ago, it went on to show how evil hackers can simply cruise the streets and find a wifi stream, then sit outside your house in a car with a notebook and wifi hacking software and hack you. They showed how simple it was for a professional evil hacker to easily translate and steal valuable personal data from the wifi data stream. So, they (evil hackers) don't even need to place a trojan on your PC anymore.

I tell ya, it gets more and more difficult to protect yourself huh?

supernova1965 (Warren) · #16 09-03-2011, 09:10 AM

Quote:

Originally Posted by AstroGuy

There was a "Today Tonight" segment on TV some time ago, it went on to show how evil hackers can simply cruise the streets and find a wifi stream, then sit outside your house in a car with a notebook and wifi hacking software and hack you. They showed how simple it was for a professional evil hacker to easily translate and steal valuable personal data from the wifi data stream. So, they (evil hackers) don't even need to place a trojan on your PC anymore.

I tell ya, it gets more and more difficult to protect yourself huh?

You can stop even these guys just turn off your SSID broadcast you can still use it yourself and use MAC address filtering on your router so only MAC addresses that you allow can access your network and WPA2 security and don't use the default username and password that comes with your router. These can be defeated but the hackers are not going to want to be sitting in front of peoples houses for that long. I also don't have a lot of time for Today Tonight there is too much sensationalism and down right incorrect information to take them seriously yes there is a problem but they make it seem worse than it really is they are the tabloid of the TV industry you know the world is ending in 2012 type

MrB (Simon) · #17 09-03-2011, 01:16 PM

Quote:

Originally Posted by supernova1965

You can stop even these guys just turn off your SSID broadcast you can still use it yourself and use MAC address filtering on your router so only MAC addresses that you allow can access your network and WPA2 security and don't use the default username and password that comes with your router. These can be defeated but the hackers are not going to want to be sitting in front of peoples houses for that long. I also don't have a lot of time for Today Tonight there is too much sensationalism and down right incorrect information to take them seriously yes there is a problem but they make it seem worse than it really is they are the tabloid of the TV industry you know the world is ending in 2012 type

Yes, current affairs programs suck.. nuff said.

That is the biggest problem with WiFi... the end user.
It is very very very common for people to set up their gear and leave the default settings.
Use a program like NetStumbler to sniff out the SSID, it tells you the make and model of router/modem/gateway.. you look up the factory default password for that brand and whala... you are in.

I was doing that while traveling thru Europe years back... I wasn't "Wardriving" or "hacking" tho.. not passwords and such.
Just using NetStumbler to find hotspots and people with 'open' connections and no password protection...
Yes it is illegal.. but hardly. I was not interested in personal info or accessing their computers.. for me it was just a gateway to the internet. These people do not protect themselves and I wasn't using any security bypass.
Some people appeared to leave connections open deliberately, saw a lot of that.

It kept my internet going for the whole trip

RickS (Rick) · #18 09-03-2011, 02:23 PM

Quote:

Originally Posted by MrB

That is the biggest problem with WiFi... the end user.
It is very very very common for people to set up their gear and leave the default settings.

The problem is not the end user, who can't be expected to have a working knowledge of computer security. It is products that don't make an effort to help the installer set them up securely.

MrB (Simon) · #19 09-03-2011, 02:40 PM

Hmm, dunno about that.
Every WiFi item I've ever had that has AP ability has clearly stated in the instructions to change the factory default username and password - very simple to do.
A decent password(non-dictionary) needs a 'brute force' attack, which takes an extreme amount of time to hack.

Anyway, I've led us OT.

AstroGuy · #20 09-03-2011, 04:19 PM

Quote:

Originally Posted by supernova1965

You can stop even these guys just turn off your SSID broadcast you can still use it yourself and use MAC address filtering on your router so only MAC addresses that you allow can access your network and WPA2 security and don't use the default username and password that comes with your router. These can be defeated but the hackers are not going to want to be sitting in front of peoples houses for that long. I also don't have a lot of time for Today Tonight there is too much sensationalism and down right incorrect information to take them seriously yes there is a problem but they make it seem worse than it really is they are the tabloid of the TV industry you know the world is ending in 2012 type

Problem is, mere mortals don't know about such magic! but I guess they do now