Just wondering if my account really get hacked by somebody in foreign or just a joke from paypal to make me verify my account?
I got this message from paypal:
QUOTE
Security Center Advisory!
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive that your account was hacked by a third party without your authorization. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you.
If you are the rightful holder of the account you must click the link below and then complete all steps from the following page as we try to verify your identity.
Click here to verify your account
If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.
Thank you for using PayPal! The PayPal Team
If it is true my paypal account got hacked, maybe my egold or other programs got too...
broker88
Apr 8 2005, 08:26 AM
QUOTE(razoredy @ Apr 8 2005, 10:56 AM)
Just wondering if my account really get hacked by somebody in foreign or just a joke from paypal to make me verify my account?
I got this message from paypal: If it is true my paypal account got hacked, maybe my egold or other programs got too... [right][snapback]210686[/snapback][/right]
You better make sure that email was actually from Paypal before you click on the link to verify any info.
razoredy
Apr 8 2005, 08:38 AM
QUOTE(investor2005 @ Apr 9 2005, 12:26 AM)
You better make sure that email was actually from Paypal before you click on the link to verify any info. [right][snapback]210726[/snapback][/right]
The email is from service@paypal.com <-- Paypal right?
Student
Apr 8 2005, 08:54 AM
QUOTE(razoredy @ Apr 8 2005, 09:38 AM)
The email is from service@paypal.com <-- Paypal right? [right][snapback]210734[/snapback][/right]
I got the same exact email last night.
I am using MP Tunneler (with a different ip address) so I thought the email might be legit. Before I clicked on the link, I went to PayPal & tried to access my account. It would not let me access it, so I thought the email was legit. I clicked on the link in the email and url came up on bravenet as available.
I then immediately called PayPal, and they told me to fwd the email to spoof@paypal.com
Then I ran spybot and Ad aware. spybot came up clean. Ad aware had 24 entries I had to remove.
Hopefully this took care of whatever the person was trying to accomplish.
If anyone can shed some light on this, it would be very much appreciated!
-
cashsick
Apr 8 2005, 09:00 AM
i have no idea bout paypal.. but could anyone explain whats this? i got this from EMO..
[QUOTE]We have reason to believe that your EMO account has been compromised. Login has been disabled until further notice. Please contact us by a secure email, or by telephone to resolve this issue.
Please note that other accounts accessed from your computer may also be hacked. Please IMMEDIATELY scan your computer for virii, trojans, and keyloggers. Once you have taken appropriate corrective action, your account will be re-enabled.
Best Regards,
David
[QUOTE]
razoredy
Apr 8 2005, 11:06 AM
Just got 2nd msg from service@paypal.com...
The content is same but the subject is different,
1st subject: Warning! Your account has been violated!
2nd subject: Your account has been violated
2 times hacked
avm703
Apr 8 2005, 11:30 AM
I get those spoof paypal emails too. Just put your mouse over the link and if its some funky url, dont click on it. Also, paypal puts your name in the email. If you get something like "Member" then it isn't real. These spook emails pop up a lot. Be careful with them.
Pipster
Apr 8 2005, 03:15 PM
Few notes to remind you all how to distinguish between real email and fake one.
1.Real one will always include your first and last name.Hackers and others don't know your full name and dont use it in begining. 2.check headers and ip addresses. 3.Real emails will never ask you to click or direct you to the payment site,ONLY the hackers do as they will try to get your log in info that way.
Never click on any link in these emails if there is any and delete immediately.
razoredy
Apr 8 2005, 06:04 PM
QUOTE(Pipster @ Apr 9 2005, 07:15 AM)
Few notes to remind you all how to distinguish between real email and fake one.
1.Real one will always include your first and last name.Hackers and others don't know your full name and dont use it in begining. 2.check headers and ip addresses. 3.Real emails will never ask you to click or direct you to the payment site,ONLY the hackers do as they will try to get your log in info that way.
Never click on any link in these emails if there is any and delete immediately. [right][snapback]211077[/snapback][/right]
I just put my mouse on the link, and it is true, not came from paypal...
I had checked my other email from Paypal, and it put my real name, but the fake one (i think) doesn't came with my name...
1st time dealing with this problems...Thanks for the tips Pipster
The really email from Paypal should from service@intl.paypal.com not service@paypal.com
P/S: I thought only egold got this hackers. And just put note to hacker if available here, there is no money in my Paypal accounts
Student
Apr 8 2005, 07:31 PM
QUOTE(razoredy @ Apr 8 2005, 07:04 PM)
And just put note to hacker if available here, there is no money in my Paypal accounts [right][snapback]211190[/snapback][/right]
same here! - take it out right away.
Well I got both emails with the different subject lines. I fwd the 1st one to spoof@paypal.com and here is their reply:
QUOTE
Thank you for contacting PayPal.
We appreciate you bringing this suspicious email to our attention. We can confirm that the email you received was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website.
If you have surrendered any personal or financial information to this fraudulent website, you should immediately log into your PayPal Account and change your password and secret question and answer information. Any compromised financial information should be reported to the appropriate parties.
If you notice any unauthorized activity associated with your PayPal transaction history, please immediately report this to PayPal by following the instructions below:
1. Log in to your account at https://www.paypal.com/ by entering your email address and password into the Member Log In box
2. Click on Security Center at the bottom of the page
3. Click on the 'Unauthorized Transaction' link under the Report a Problem column
4. Please follow the instructions in order to access the appropriate form
If you have any further questions, please feel free to contact us again.
Sincerely, PayPal Account Review Department
************************************************************************ This email is sent to you by the contracting entity to your User Agreement, either PayPal Inc or PayPal (Europe) Limited. PayPal(Europe) Limited is authorized and regulated by the Financial Services Authority in the UK as an electronic money institution. *********************************************************************** PayPal and its representatives will NEVER ask you to reveal your password. There are NO EXCEPTIONS to this policy. If anyone claiming to work for PayPal asks for your password under any circumstances, by email or by phone, please refuse and immediately contact us via webform at https://www.paypal.com/wf/f=sa_pass. ***********************************************************************
onlinemoney
Apr 8 2005, 09:21 PM
Weird...
QUOTE
Dear PayPal User,
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address. We have temporarily limited access to sensitive PayPal account features. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.
If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you. However, if you did not initiate the log ins, please visit PayPal as soon as possible to log in and perform the steps necessary to restore your account access:
REMOVE
After filling in the information required we advise you to change your password. Changing your password is a security measure that will ensure that you are the only person with access to the account.
Thanks for your patience as we work together to protect your account.
Sincerely, PayPal
Yea right... but, I'm not even a PayPal member
Pipster
Apr 8 2005, 09:43 PM
QUOTE
Dear PayPal User,
Real email will never start that way but with your full name. Real email will never ask you to click on any link in it or directing you anywhere.
Thats about it,once you dont see your name and no matter what they say requires you to click on anything in this mail..trash it.
dollarmaker
Apr 8 2005, 09:53 PM
QUOTE(Pipster @ Apr 9 2005, 01:43 AM)
Real email will never start that way but with your full name. Real email will never ask you to click on any link in it or directing you anywhere.
Thats about it,once you dont see your name and no matter what they say requires you to click on anything in this mail..trash it. [right][snapback]211283[/snapback][/right]
Good experience PIPster.
Paypal will never ask you password. They will not direct you to click any links except when Signup (Validation code link)
So, Be careful. Dont click links.
onlinemoney
Apr 9 2005, 12:56 AM
QUOTE(Pipster @ Apr 9 2005, 01:43 PM)
Real email will never start that way but with your full name. Real email will never ask you to click on any link in it or directing you anywhere.
Thats about it,once you dont see your name and no matter what they say requires you to click on anything in this mail..trash it. [right][snapback]211283[/snapback][/right]
Highly agreed with that That's why I don't even bother to check the link...
najdah
Apr 10 2005, 11:09 PM
QUOTE(onlinemoney @ Apr 9 2005, 04:56 PM)
Highly agreed with that That's why I don't even bother to check the link... [right][snapback]211389[/snapback][/right]
Hi all, Last weekend my EG accnt. was hacked again. Those scammers/hackers outside there took for granted on our money, time and works.
rgds, najdah
Pipster
Apr 10 2005, 11:41 PM
QUOTE(najdah @ Apr 10 2005, 11:09 PM)
Hi all, Last weekend my EG accnt. was hacked again. Those scammers/hackers outside there took for granted on our money, time and works. rgds, najdah [right][snapback]212918[/snapback][/right]
If your account was hacked More than once,you have serious problem with your computer and want to clean it from keylogers or trojans.if you wont be doing so it will hit you over and over again.
najdah
Apr 10 2005, 11:51 PM
QUOTE(Pipster @ Apr 11 2005, 03:41 PM)
If your account was hacked More than once,you have serious problem with your computer and want to clean it from keylogers or trojans.if you wont be doing so it will hit you over and over again. [right][snapback]212935[/snapback][/right]
Hi pipster, Thanz for ur info. Anyway, what is the best trojans & keylogers remover?
rgds, najdah
Pipster
Apr 11 2005, 12:50 AM
QUOTE(najdah @ Apr 10 2005, 11:51 PM)
Hi pipster, Thanz for ur info. Anyway, what is the best trojans & keylogers remover?
Download and run their trial version and see if your system is clean or not to begin with.
razoredy
Apr 11 2005, 02:31 AM
QUOTE(najdah @ Apr 11 2005, 03:09 PM)
Hi all, Last weekend my EG accnt. was hacked again. Those scammers/hackers outside there took for granted on our money, time and works. rgds, najdah [right][snapback]212918[/snapback][/right]
how did they hacked u acctually?
ryanhkn
Apr 11 2005, 06:41 AM
Few things I realised that hackers (or should I say script kiddies) did is misleading people that the website is original (just like the first case happen to Citibank).
Here's some precautions when you click on the link and information you publish on Internet.
a) When you click on a weblink send by someone, always look at your URL bar at your IE. The weblink usually hide their link and when you click on the link, it lead you to their website. You see the exact webpage design like the real one (example, paypal). Then when you sign on, it capture your password and what you see from your screen is basically invalid a/c or etc. And if you click on the Lost Password section, even worst... you end up disclose your secret question/password, birthday and etc... that used to verify yourself as a genuie user.
A webpage that "seduce" you with hacking technique, porn, free software that is hosted by Geocities/Yahoo. They force you to sign on to their system but in fact it is not the real yahoo you are signing on, but their system. They don't need a server to host their webserver to capture this, just some simple trick on HTML or CGI/PHP to do the trick.
c) Don't give your personal info like date of birth, home address, wife name, aniversary date and etc to anyone. Do a search on google for your name, date of birth or any personal stuff to find out if you leave any record to anyone before. If you found one, that is one of the way those kiddies attempt to break into your a/c.
By all means, any webpage where you deal with finance, guard it carefully. Use a trusted email provider and always be observant when surfing someone webpage. Especially, do block 3rd party cookies if they are unrelated.
Just my 2cent.
najdah
Apr 12 2005, 06:42 PM
QUOTE(razoredy @ Apr 11 2005, 06:31 PM)
how did they hacked u acctually? [right][snapback]212979[/snapback][/right]
Pipster & Ryan thanz a lot for ur kind guide on this matter.
I belive my computer forcely installed once i'm surfing and the best things is to clean up evrythings.
Yesterday e-gold called me but unfortunately i'm not at home and been informed thru email that the temp. password will be sent to my postal address. I've tried to call a nd fax EG, but couldn't reached it as the line really busy...yeah..only single number for fax and phone..they should add more hotline as their dealing with worldwide.
Just pray my money are not losing ...
My fren also asked me to installed microsoft beta version of spyware removal..may this thing can help me and the others too..
Or maybe or members have suggestion of removal and protection software due to overcome any scammers/hackers activities in our computer...
warmest rgds, najdah
b00ksa
Apr 12 2005, 10:19 PM
just add one recommendation: do not use Internet Explorer to access your Egold or paypal. Using firefox or any other browsers will reduce the risk.
Pipster
Apr 12 2005, 10:54 PM
You MUST clean your computer first.then use roboform which encrypt your user ids and passwords and even with keyloggers would make it impossible to hack you,however CLEAN your hard drive first.
Never click on any links in emails sent from pretending to be egold or paypal,this as far as to emails.
You can use mailwasher too,this will let you check your mail on your isp server and stopped you of being infected by worms trojans and other crap sent via mail.
However...Clean your hard drive first ot all that will be for nothing.
rims4a
Apr 13 2005, 05:24 PM
Hi,
My 2 pence about this matter.
NEVER click on any links to ANY money processer accounts how legitimate they look.
1. They will never do that, I mean, give you links to your to click on. Only hackers trying to dupe you into giving your accout particulars will.
2. You open a browser and type out the address yourself.
3. As far as I know, most money processers, if not all, will start with https:// not just http://... and if they don't care about security will you join them?
Download and run their trial version and see if your system is clean or not to begin with. [right][snapback]212954[/snapback][/right]
Go to http://www.avast.com/ register and download the home edition. It works good. Arrest the trojans before they infect from emails and web sites. The home edition is free. I have used eTrust and some others and I find this a tad better, at least for now.
Try it.
ryanhkn
Apr 13 2005, 07:59 PM
My best practise (usually a techguy) is being observant on all the processes currently running in the background and terminate those process where suspicious.
Say for example after install your PC from fresh, record down all the process currently running (like svchost.exe, services.exe, lsass.exe and etc). These are the default background process. If you detect abnormal process, write down the process name (normally something like trojan.exe), find that file at DOS Prompt by using "cd\" follow by dir trojan.exe /a/s/h". Then try to delete the file.
Second thing you have to get familiar with register and record them down.
The above registry are the application which will run during startup (that run in the background). As long as you record down what your Windows OS run after fresh installation, the next application you installed make sure you update your record.
So when you suspect some spyware/trojan run at your background, just go to registry and delete the key and reboot.
After all, you probably have to consider the following software for more protection. a) Anti-virus (scheduled daily auto updates) Firewall (I use zone alarm)
Hope this may help. I know it's hard to grab all information by sudden, you definitely need a second opinion from IT friends to validate my typical practice. At least, it works for me.
Good luck.
najdah
Apr 13 2005, 10:22 PM
QUOTE(ryanhkn @ Apr 14 2005, 11:59 AM)
My best practise (usually a techguy) is being observant on all the processes currently running in the background and terminate those process where suspicious.
Say for example after install your PC from fresh, record down all the process currently running (like svchost.exe, services.exe, lsass.exe and etc). These are the default background process. If you detect abnormal process, write down the process name (normally something like trojan.exe), find that file at DOS Prompt by using "cd\" follow by dir trojan.exe /a/s/h". Then try to delete the file.
Second thing you have to get familiar with register and record them down.
The above registry are the application which will run during startup (that run in the background). As long as you record down what your Windows OS run after fresh installation, the next application you installed make sure you update your record.
So when you suspect some spyware/trojan run at your background, just go to registry and delete the key and reboot.
After all, you probably have to consider the following software for more protection. a) Anti-virus (scheduled daily auto updates) Firewall (I use zone alarm)
Hope this may help. I know it's hard to grab all information by sudden, you definitely need a second opinion from IT friends to validate my typical practice. At least, it works for me.
Good luck. [right][snapback]215639[/snapback][/right]
DONE everthings...guys thanz for ur guide.. Found few viruses once done online scanned with mcafee antivirus..
installed new windows beta (spyware removal)..nice and good product from microsoft..all of u can free download at microsoft website...all spywares and trojan have been removed from my laptop...
razoredy
May 12 2005, 01:09 AM
more hacking attempt to my paypal account ...
beware of email like this
CODE
PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with a secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience. Why is my account access limited?
Your account access has been limited for the following reason(s):
# 11 May 2005: We would like to ensure that your account was not accessed by an unauthorised third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
(Your case ID for this reason is PP-069-848-295.)
How can I restore my account access?
Please visit the http://www.paypal.com/webscrcmd=_login-run.php and complete the "Security Measures."
Completing all the items will automatically restore your account access. Please do not reply to this e-mail. Mail sent to this address cannot be answered. Copyright� 2005 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their
hackers. And just put note to hacker if available here, there is no money in my Paypal accounts 
same here! - take it out right away.
A webpage that "seduce" you with hacking technique, porn, free software that is hosted by Geocities/Yahoo. They force you to sign on to their system but in fact it is not the real yahoo you are signing on, but their system. They don't need a server to host their webserver to capture this, just some simple trick on HTML or CGI/PHP to do the trick.
...