Cyber attacks

[Yaworski]

Around 7 this morning I was drinking some coffee when my phone beeped to tell me that a text had come in. A few seconds later there was another beep so I got out of my chair, found the phone, and read the messages. Both were from PayPal giving me a "security code."

Hmmmm . . . who's doing what with my PayPal account?

Went to PayPal and I see a $3,200 payment to eBay. WTF? My last eBay purchase was $13.

I did the online fraud report and then decided to call PayPal when they started answering the phone at 9 EDT. Amazingly, they had already reversed the charge and the money is headed for my bank.

Oddly, my home phone is my primary number but no alerts came to it, they all came to my cell.

Anyhow, I changed my password and deleted my banking information.

In January, someone accessed my walmart.com account and ordered some furniture. Discover refunded that.

Recently, someone used my Facebook account to post dozens of car ads.

Last week, someone got into my daughter's Amazon account and charged some video games to her. Amazon refunded the money.

This is getting old.

 

[ArizonaTea123]

Sounds like your personal data and info has been sold on the dark web.

You can go to www.deleteme.com and pay a subscription to delete your name and any personal data off the Internet.

 

[Yaworski]

Sounds like your personal data and info has been sold on the dark web.

All of our data is out on the dark web. Heck, the federal government puts it on laptops to be stolen from cars.

 

[ArizonaTea123]

Yes, but someone is actively using yours

 

[ArizonaTea123]

Do you run a VPN off your phone or use any protective security apps? It slows down your phone but it does help.
Disable blue tooth and location when not in use.
Also disable NFC when not in use

 

[hittman]

~ Change your password often
~ Do not use the same password on more than one site
~ Use more difficult passwords that include upper case, lower case, numbers and symbols

 

[Yaworski]

Do you run a VPN off your phone or use any protective security apps? It slows down your phone but it does help.

I use my phone to make calls and play music. No banking. No e-commerce. No email.

I do send the occasional text. I hate texting.

 

[Yaworski]

~ Change your password often
~ Do not use the same password on more than one site
~ Use more difficult passwords that include upper case, lower case, numbers and symbols

Easy to say, pain in the ass to do.

 

[hittman]

Worth the effort.

 

[Yaworski]

One of the more interesting things about today's fun is that paypal always sends an email when I pay for something. "Your payment to xxxx . . ." However, this transaction had no emails sent. Did the nefarious person break in, change the email address, do his deed, then change my email back?

 

[hittman]

Or, read the email PayPal sent you and deleted it.

 

[Yaworski]

Or, read the email PayPal sent you and deleted it.

If I had read the email, I would have said "Argh! $3K on ebay?" Also, I delete few emails. I have stuff going back to 1995 when I first went "online".

Also odd, if I log onto my daughter's Amazon account from anywhere but my home computer, she gets a text and a code that I have to enter. That didn't happen when the nefarious guys got into her account.

 

[hittman]

If hackers get into your email they could have deleted it before you knew it was there.

Changing email password be in order too

 

[NikA]

Maybe someone is remoted into your home computer.

2FA is a great thing whenever it's available. Best 2FA is a physical token.

 

[Johnnu2]

What's 2FA please...??

J.

 

[NikA]

2FA = two-factor authentication. The most basic is when the servicer sends you a text message or email with a code (easy to break with remote access). The best is a token with an encryption key, like a smartcard or YubiKey. To my knowledge, exploits for these require the attacker to have physical possession of the token, which to me would indicate other issues. RSA tokens fall somewhere in the middle, used to be very secure but I believe the generation database was stolen/compromised about a decade ago.

Example of application: it is only possible to log into my personal email with a password and an authorized token. I can force every instance to log out simultaneously, and the only way to log in again is with the token on my keyring. Makes it difficult for bad actors to maintain access to my email for any meaningful duration.

 

[Jeepnik]

Heck, we could stop this stuff. Hire a bunch of retired special forces types and a bunch of former intelligence types. Have them locate and eliminate the criminals. After the word get out they will drastically reduce their law breaking.

 

[Yaworski]

I can force every instance to log out simultaneously, and the only way to log in again is with the token on my keyring.

So is this a physical device that you stick into a USB port? What if you lose it?

 

[blume357]

I get emails all the time saying I've bought something on eBay or paid something via PayPal.... but never a text... I just ignore them.... usually if thou look at the actual email address it can from it is some other address of some scammer.... even on the odd occasion I reply telling who ever that they can stick a certain item in a certain place... it seems the email always bounces back...

Yaworski... now from your previous threads it does seem your info has been hacked seriously and someone is continued to try and use it....

 

[Yaworski]

Interesting development.

I have an email address for PayPal, I have another for eBay, and I have another for day to day stuff.

I got an email on my eBay email last night asking why I was disputing payment on my purchase. There was a link to the item but it didn't show up in my purchase history. I then noticed that there was a button for "hidden". Hidden? Who knew that you could "hide" purchases but they aren't hidden if they have a big link to them. So I clicked and there it was.

Since my eBay account is tied to PayPal, that explains the PayPal connection.

Interestingly, the shipping address is my address. There was a UPS tracking number which showed delivery on Monday. I was home on Monday, all day and no UPS deliveries. Oddly, the UPS delivery record shows that the person who signed for it has the same name as my sister-in-law whom I haven't seen since Christmas.

So now I've added two factor authentication to my ebay account and changed the password.