Nuther web scam with VERY popular service

[chemosavi]

(names changed to protect the guilty) Sold two kites using Kay Kal about a month ago. Logged onto my pp account today and should have had a positive balance of almost 1 k but instead had a negative 3 k. Someone (I know his name, add and tel #) had hacked into my yahoo email the day after I sold the kites and emptied my pp account and went on to pilfer another 3 k over the next month. He altered my yahoo mail settings so that I did not receive warnings of suspicious behavior on the account. The pp cops are after his butt but in the meantime please use these services with discretion.

I'm not an "IT" guy but this is how I think they do it. Maybe one of you "its" knows better......

Use any name to get an email address, they're millions out there.

Use an algorithm guessing proggy to generate a working password .

Lotsa folks use the same password for various logins so they can immediately log into those sites that use your email address for a name.

If that password doesn't work they get their proggy to find one that does.

What I don't get is how easy it was for them to snooker Pay Pal into giving them my dough.

If that's not the case then it was an inside job.

[calljj]

Use an algorithm guessing proggy to generate a working password .

watching too many films where someone cracks into the pentagon system in a matter of seconds?

Not a laughing a matter though, am sorry to hear of your probs.

Like you say there are millions of email users, therfore millions of passwords, involving numbers and letters...

Not saying this happened to you, but many pople get caught out by the phishing emails, where it looks like a website, smells like a website, but just isn't.

From a programmers point of view, its much much easier, in fact ANYONE can copy a login webpage - say ebay's login - then sends out a load of emails with a link asking you to login to reply to a message and the like, you go to the false page, where it logs your details, then fwds you on to the real site...you wouldn't even know.

Easiest way is always type your password in wrong for the first attempt on any site and have a different password for mail,ebay,paypal e.t.c so if it does get stolen, you're not going to lose everything.

Have a feeling that some investigation was done recently and it turned out the majority of this was being done by russian mafia...?

As a parting note, paypal is still one of the safest forms of payment using the internet and is far better than giving your card details, its not perfect, but look how many people use card scanners in shops and petrol stations nowadays to steal your card details...

[tautologies]

Actually, the most common way to get passwords are using spyware, or proxies..I can't really say what happened here though...maybe he sent you a fake invoice that registered the password you use?
This is actually a very big weakness in the paypal system.

If you use a strong password it should be almost impossible to hack your password...yahoo / paypal should also put a temp close on your account if someone starts guessing passwords, I don't know if they actually do though...but really they should....

Get your machine checked out for spyware though..I don't think this guy used anything like that. Use "search and destroy" and "adaware".

There is actually a good article (on microsoft.com ??) on how to create STRONG passwords:

http://www.microsoft.com/athome/securit ... sword.mspx

A.

[The Right Stuff]

Good ref, tauts.

[Wetstuff]

Sorry to hear Chemo.

Gotta run ..off to change my pwd!

j i m

[CosmoDog]

safest forms of payment using the internet and is far better than giving your card details

I think a credit card is safer - I am only liable for $50 max. Be interested to hear how easy it is to get the stolen money back from PayPal.

[chemosavi]

After analyzing the actions of the fraudster, I realize that after he obtained my personal info and altered my account settings and and created a new UNCONFRIMED bank account in MY NAME, he was going down an email list and charging other peoples PP accounts to see if he could extract money without their knowledge. He was successful two times out of 6 or so tries @ 1400.00 each. Those people, once they became aware of the false charges, had to dispute them, but all of the people were minding their own businesses thinking all was well in Kansas.

So in retrospect, ANYBODY who has a pp account might someday find a nasty little charge to their account they have no knowledge of and be forced to become Kafka's rat for awhile.ie., dispute the claim, IF they find it in time. Nifty huh?

[HelldogBE]

-quickly changes his kiteforum password-

no seriously, about the cracking of passwords with a generator...
I don't see why this would not be possible? Lots of sites u can just keep spamming passwords (I often forget mine, different passwords ) so if u program a little application that tries all combinations its gonne hit the jackpot at a certain time...
but obviously it only has certain succes, it can take a lot of work and there are lots of accounts that contain no money.


But I definitely see where some kind of bankcard loginsystem on the computer would work! (like u need to attach a cardreader to the pc, wich would be a built-in feat in the future offcourse, that reads the chip on your identity card or something like that.
And it would store lots of very long randomly generated passwords for all your websites and applications, no need to enter them manually.

Internet crimes are on their way to the top

[CosmoDog]

I don't see why this would not be possible?

Possible, but not very practical - 200 billion combos with a 8 letter a-z password. What I have seen used (only for security testing) is a dictionary of common words and passwords - then add numbers/letters to the front/back of each word - cuts the problem space way down.

-J.R.