Contact   Imprint   Advertising   Guidelines

Nuther web scam with VERY popular service

forum for kitesurfers


User avatar
chemosavi
Very Frequent Poster
Posts: 1508
Joined: Wed May 21, 2003 12:07 pm
Kiting since: 2002
Style: If Ghengis Kan, I kan too!
Gear: Grass fed Carbon Fiber
Brand Affiliation: Peace in the Middle East
Location: NW Pacific

Nuther web scam with VERY popular service

Postby chemosavi » Wed Apr 18, 2007 2:41 am

(names changed to protect the guilty) Sold two kites using Kay Kal about a month ago. Logged onto my pp account today and should have had a positive balance of almost 1 k but instead had a negative 3 k. Someone (I know his name, add and tel #) had hacked into my yahoo email the day after I sold the kites and emptied my pp account and went on to pilfer another 3 k over the next month. He altered my yahoo mail settings so that I did not receive warnings of suspicious behavior on the account. The pp cops are after his butt but in the meantime please use these services with discretion.

I'm not an "IT" guy but this is how I think they do it. Maybe one of you "its" knows better......

Use any name to get an email address, they're millions out there.

Use an algorithm guessing proggy to generate a working password .

Lotsa folks use the same password for various logins so they can immediately log into those sites that use your email address for a name.

If that password doesn't work they get their proggy to find one that does.

What I don't get is how easy it was for them to snooker Pay Pal into giving them my dough.

If that's not the case then it was an inside job.

calljj
Medium Poster
Posts: 61
Joined: Thu Oct 12, 2006 11:51 am
Kiting since: 0
Brand Affiliation: None
Location: UK

Re: Nuther web scam with VERY popular service

Postby calljj » Wed Apr 18, 2007 9:00 am

chemosavi wrote:
Use an algorithm guessing proggy to generate a working password .
watching too many films where someone cracks into the pentagon system in a matter of seconds? :lol:

Not a laughing a matter though, am sorry to hear of your probs.

Like you say there are millions of email users, therfore millions of passwords, involving numbers and letters...

Not saying this happened to you, but many pople get caught out by the phishing emails, where it looks like a website, smells like a website, but just isn't.

From a programmers point of view, its much much easier, in fact ANYONE can copy a login webpage - say ebay's login - then sends out a load of emails with a link asking you to login to reply to a message and the like, you go to the false page, where it logs your details, then fwds you on to the real site...you wouldn't even know.

Easiest way is always type your password in wrong for the first attempt on any site and have a different password for mail,ebay,paypal e.t.c so if it does get stolen, you're not going to lose everything.

Have a feeling that some investigation was done recently and it turned out the majority of this was being done by russian mafia...?

As a parting note, paypal is still one of the safest forms of payment using the internet and is far better than giving your card details, its not perfect, but look how many people use card scanners in shops and petrol stations nowadays to steal your card details...

User avatar
tautologies
Very Frequent Poster
Posts: 9671
Joined: Mon Feb 16, 2004 5:36 am
Kiting since: 0
Brand Affiliation: None
Location: Oahu
Contact:

Postby tautologies » Wed Apr 18, 2007 9:06 am

Actually, the most common way to get passwords are using spyware, or proxies..I can't really say what happened here though...maybe he sent you a fake invoice that registered the password you use?
This is actually a very big weakness in the paypal system.

If you use a strong password it should be almost impossible to hack your password...yahoo / paypal should also put a temp close on your account if someone starts guessing passwords, I don't know if they actually do though...but really they should....

Get your machine checked out for spyware though..I don't think this guy used anything like that. Use "search and destroy" and "adaware".

There is actually a good article (on microsoft.com ??) on how to create STRONG passwords:

http://www.microsoft.com/athome/securit ... sword.mspx

A.

User avatar
The Right Stuff
Very Frequent Poster
Posts: 532
Joined: Wed Jul 13, 2005 2:51 am
Kiting since: 0
Brand Affiliation: None
Location: Canada: Wet or Frozen

Postby The Right Stuff » Wed Apr 18, 2007 12:45 pm

Good ref, tauts.

User avatar
Wetstuff
Very Frequent Poster
Posts: 1471
Joined: Mon Nov 12, 2001 1:00 am
Kiting since: 0
Brand Affiliation: None
Location: Maryland USA

Postby Wetstuff » Wed Apr 18, 2007 2:06 pm

Sorry to hear Chemo.

Gotta run ..off to change my pwd!

j i m

User avatar
CosmoDog
Frequent Poster
Posts: 215
Joined: Sat Dec 21, 2002 1:00 am
Kiting since: 0
Brand Affiliation: None
Location: Cali
Contact:

Postby CosmoDog » Wed Apr 18, 2007 4:37 pm

safest forms of payment using the internet and is far better than giving your card details
I think a credit card is safer - I am only liable for $50 max. Be interested to hear how easy it is to get the stolen money back from PayPal.

User avatar
chemosavi
Very Frequent Poster
Posts: 1508
Joined: Wed May 21, 2003 12:07 pm
Kiting since: 2002
Style: If Ghengis Kan, I kan too!
Gear: Grass fed Carbon Fiber
Brand Affiliation: Peace in the Middle East
Location: NW Pacific

Postby chemosavi » Wed Apr 18, 2007 6:56 pm

After analyzing the actions of the fraudster, I realize that after he obtained my personal info and altered my account settings and and created a new UNCONFRIMED bank account in MY NAME, he was going down an email list and charging other peoples PP accounts to see if he could extract money without their knowledge. He was successful two times out of 6 or so tries @ 1400.00 each. Those people, once they became aware of the false charges, had to dispute them, but all of the people were minding their own businesses thinking all was well in Kansas.

So in retrospect, ANYBODY who has a pp account might someday find a nasty little charge to their account they have no knowledge of and be forced to become Kafka's rat for awhile.ie., dispute the claim, IF they find it in time. Nifty huh?

HelldogBE
Very Frequent Poster
Posts: 760
Joined: Fri Mar 31, 2006 5:44 pm
Kiting since: 0
Brand Affiliation: None
Location: Windekind,Belgium

Postby HelldogBE » Wed Apr 18, 2007 8:10 pm

-quickly changes his kiteforum password- :o

no seriously, about the cracking of passwords with a generator...
I don't see why this would not be possible? Lots of sites u can just keep spamming passwords (I often forget mine, different passwords :lol: ) so if u program a little application that tries all combinations its gonne hit the jackpot at a certain time...
but obviously it only has certain succes, it can take a lot of work and there are lots of accounts that contain no money.


But I definitely see where some kind of bankcard loginsystem on the computer would work! (like u need to attach a cardreader to the pc, wich would be a built-in feat in the future offcourse, that reads the chip on your identity card or something like that.
And it would store lots of very long randomly generated passwords for all your websites and applications, no need to enter them manually.

Internet crimes are on their way to the top :cry:

User avatar
CosmoDog
Frequent Poster
Posts: 215
Joined: Sat Dec 21, 2002 1:00 am
Kiting since: 0
Brand Affiliation: None
Location: Cali
Contact:

Postby CosmoDog » Wed Apr 18, 2007 9:07 pm

I don't see why this would not be possible?
Possible, but not very practical - 200 billion combos with a 8 letter a-z password. What I have seen used (only for security testing) is a dictionary of common words and passwords - then add numbers/letters to the front/back of each word - cuts the problem space way down.

-J.R.


Return to “Kitesurfing”

Who is online

Users browsing this forum: Bing [Bot], matth and 28 guests

cron