Paypal hacked for a second time :(

[BuffetSlayer]

Maybe you have got a key logging trojan on your machine? I tend to use Malwarebytes as it usually finds stuff that other so called premium anti-virus programs miss.

I would also change the password on her email account and her Ebay account too.

Also, be aware of a fake Paypal trojan that was circulating some time ago. I got it on my machine and it allows you to open up a legit Paypal page but as soon as you click 'log in' it opens a fake page asking for more security authentication as a 'routine security feature'

The premise of the scam is to ask you to verify your security details when you attempt to log in and steal your details. As it comes up after using the legit website it has caught many people out.

I will be interested to hear what your scans find, though.

 

[RoyMi6]

that's a bit complex if the lady is not IT savvy if she trusts everyone in the house just write them down like most people do.

Have more faith - these things aren't complex. Got my girlfriend and dad using it. Needs someone technically minded to set it up and walk them through it but that's about it.

 

[KIA]

This would be solved if you used 2 factor authentication. Just set it up.

It isn't as robust as some of the other 2FA systems. http://blog.internot.info/2014/06/paypals-2-factor-authentication2fa-good.html

 

[Chaos]

You could get her a Yubikey and set up paypal to use it for 2 factor authentication.

http://www.yubico.com/products/yubikey-hardware/yubikey/

 

[cainer]

is she using paypal anywhere but on her own computers?
does she logout every time?I think there was a thing with cookies that could be exploited

i bought something off ebay and it reminded me of your comment, as i always log out of places like paypal..
ebay directed me to log into paypal to make payment, once payment was made it sent me straight back to ebay with no option to log out of paypal,
once i was finished with ebay i went back into paypal via google and i was still logged in

 

[anything I don't mind]

Run rkill http://www.bleepingcomputer.com/download/rkill/
Then before restart pc run
malware bytes https://www.malwarebytes.org/mwb-download/
adwcleaner http://www.bleepingcomputer.com/download/adwcleaner/
tdscleaner http://www.bleepingcomputer.com/download/tdsskiller/
sophos cleaner http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx

Use keepass, create one password that is good taht you remember for keepass, the rest of hte passwords must be generated with a password generators and be impossible to remember then copy and paste them in to the browser. If you have rootkit on your pc then it won't matter what you do with passwords because attacker could easily steal your browser passwords or even steal your cookie sessions.

Reset every password, start with email accounts, then do the rest.

 

[Moredhel]

Just a thought, has she secured her email account? If that's compromised then compromising paypal is a simple case of resetting the password via her email account.

 

[bledd]

Test your password here.


https://howsecureismypassword.net

 

[CaptainRAVE]

So the plot thickens.

A few months ago, one of her credit cards received a fraudulent payment, again from abroad. This was picked up by the credit card company and a new card issued.

Again all passwords to every website she could think of were changed (to apparently a complex password, using a number of different passwords).

Then after filing a tax return, she received an email from 'HMRC' offering money, again a fraudulent email that clearly had been tracking her usage.

Then today her email account was blocked due to it being used for spam, I assume by a bot.

I have used malware bytes and avast - both have not picked up anything on her laptop or external drives. I have run boot scans, deleted all cookies and temporary files using ccleaner.

Some of her usage, e.g. to file the tax return used her ipad, so it can't just be her laptop? I have not had any issues at all, so surely our internet connection is secure?

I am very confused!

 

[Herman Gelmet]

So the plot thickens.

A few months ago, one of her credit cards received a fraudulent payment, again from abroad. This was picked up by the credit card company and a new card issued.

Again all passwords to every website she could think of were changed (to apparently a complex password, using a number of different passwords).

Then after filing a tax return, she received an email from 'HMRC' offering money, again a fraudulent email that clearly had been tracking her usage.

Then today her email account was blocked due to it being used for spam, I assume by a bot.

I have used malware bytes and avast - both have not picked up anything on her laptop or external drives. I have run boot scans, deleted all cookies and temporary files using ccleaner.

Some of her usage, e.g. to file the tax return used her ipad, so it can't just be her laptop? I have not had any issues at all, so surely our internet connection is secure?

I am very confused!

Can you explain why you think the HMRC email is anything other than a generic phishing email? These are common, and people are easily fooled.

It might be useful to understand how the passwords are entered into the various systems, as I suspect that a simple keylogger/RAT might be able to capture anything, complex or not.

 

[Herman Gelmet]

I see that a system like Keepass was recommended, but you really need to use password databases with keyscramblers, which encrypt every keypress and makes it useless (if being logged/watched)

 

[Feek]

Have you reformatted like multiple people have suggested?

 

[( |-| |2 ][ $]

Format the PC and then reset all passwords (including email and security questions).
Perhaps even setup a new email account and change the important accounts to this.
Setup 2FA where ever possible, I don't think there's much more to say than this.

 

[ADT]

Format and change all passwords as others have recommended. This happened to me years ago and this was the only way to cure it

 

[CaptainRAVE]

Can you explain why you think the HMRC email is anything other than a generic phishing email? These are common, and people are easily fooled.

It might be useful to understand how the passwords are entered into the various systems, as I suspect that a simple keylogger/RAT might be able to capture anything, complex or not.

It could indeed be a coincidence, but the phishing email arrived only a few days after sending the tax return.

The passwords, mostly being entered on the laptop, are being put into internet explorer.

I think it is nearly time to wipe the laptop...although there is nothing to say that the backup external drives are safe either?

 

[happy_2008]

After all these scans you have run it would have been easier and saer to just re-format your computer.

 

[CaptainRAVE]

After all these scans you have run it would have been easier and saer to just re-format your computer.

This is true, but there is no guarantee that something isn't present on one of the external backups.

 

[m4cc45]

Why would you go to backup?

Clean install. Get a decent AV and Firewall. Do not access any external drives until you have a decent AV and Firewall. Then scan everything.

Once you have all the drivers and the system as you would want it - image it at that point where by you are positive, at that point in time, that the system is clean.

A clean install is the only way to be sure.



M.

 

[CaptainRAVE]

Sorry, meant backup drives with photos etc.

Would a format be sufficient to remove everything?

 

[Glaucus]

Did she fall for a phising scam.

One actually showed up in my inbox today and I bet it would fool a fair few people. I did not pay for that and click on the refund link. Reported it to PayPal do hopefully it should go to other peoples junk boxes.

And if in doubt always format and run multiple scans on anything you can't format like back up drives, including online scanners.