Omega Owners Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Search the maintenance guides for answers to 99.999% of Omega questions

Pages: 1 [2] 3  All   Go Down

Author Topic: Hacked For The First Time  (Read 5313 times)

0 Members and 1 Guest are viewing this topic.

New POD

  • Senior Member
  • ****
  • Offline Offline
  • Gender: Male
  • Miseryside
  • Posts: 735
    • NEED MV6
    • View Profile
Re: Hacked For The First Time
« Reply #15 on: 05 February 2018, 22:12:46 »

Daughter had her bank card details used for payments for insurance by someone unknown. And at the same time someone phoned up her mobile supplier to say that her phone had been lost so it was blocked and she couldn't use it.
Apparently because the purchases looked suspicious the bank tried to phone her, but it was dead.
All sorted in about 2 hours.
Logged

78bex

  • Omega Knight
  • *****
  • Offline Offline
  • Gender: Male
  • 0
  • Posts: 1051
    • 2.2 CD AUTO / FAZER 600
    • View Profile
Re: Hacked For The First Time
« Reply #16 on: 05 February 2018, 22:28:02 »

Activating 2 factor authentication can help reduce the likelihood of this happening again.  All of my important email/paypal/linkedin/etc accounts have it enabled.  It wont completely remove the risk but it makes it quite difficult to break.  I also have text alerts for debits over a certain amount from my main bank account.

Thanks Guffer :y

I do have two factor authentication on my main cards, and my bank do text me, as they did today, about anything unusual.  But, it seems whatever 'security' was with the PP account broke down.  The payments made even used a different version of my email, but that failed to be noted! >:(

This is weird stuff,  if a different email address was used, how did they manage to login to you paypal account to make the purchases  ???
Hang on a minute, I take it you have tried to login to your paypal account Lizzie.
If you can`t , that means they`ve locked you out doesn`t it
Logged

Mr Gav

  • Omega Knight
  • *****
  • Offline Offline
  • Leeds
  • Posts: 1924
    • Nissan 370z GT Edition
    • View Profile
Re: Hacked For The First Time
« Reply #17 on: 06 February 2018, 09:58:15 »

For the first time, and it had to happen eventually, my bank had to contact me late this morning due to "suspicious activity" on my account involving £500 in total.

It turns out that four "purchases" were made using my PayPal details, with two being blocked, but two for computer parts going through and due to be delivered to an address in Burton-On-Trent!

I spent all afternoon on the phone to the bank, PayPal, and Action Fraud.  The fraudulent actions have been accepted by both PayPal and my bank, with refunds being issued. 

The odd thing was though, and no "expert" in any organisation I contacted, including BT, could explain why, after the attempted fraud, thousands of email's started to arrive from all over the World, with I think every language used!  Throughout the afternoon TWO emails EVERY SECOND was touching down, with the eventual grand total reaching 5,000+!!! :o :o :o :o 

I have now taken action to change my email address and delete the old one, but what an effort that was with 4 different BT customer services staff failing to provide any real help to stop the crazy number of email's. As I was changing the email addresses the BT system stated it could take "up to 60 days" for any changes could be made, and none of the BT staff could help me with that.  In the end I have sorted it all, and I have stopped the rouge email's!! >:( >:( >:(

I am so careful,and ironically have hardly used Paypal, instead using a direct debit card payment, the details of which the fraudsters used.  How I just do not know, and perhaps will never know. Passwords are changed regularly, full security measures are on my devices,  I don't click onto any emails I do not expect and am very careful to use only legitimate, well known and rated, suppliers.

A life experience indeed! ::) ::)

Are these the really bad red ones  ;D ;D ;D
Logged

deviator

  • Omega Knight
  • *****
  • Offline Offline
  • Chesterfield
  • Posts: 1398
    • View Profile
Re: Hacked For The First Time
« Reply #18 on: 06 February 2018, 10:24:46 »

Daughter had her bank card details used for payments for insurance by someone unknown. And at the same time someone phoned up her mobile supplier to say that her phone had been lost so it was blocked and she couldn't use it.
Apparently because the purchases looked suspicious the bank tried to phone her, but it was dead.
All sorted in about 2 hours.
It's quite common they will try and take your phone over, it's used for authentication for so many services and it potential keeps you busy/diverted whilst they do other financial things.
Logged
FCR and cam lock off kit available. Deposit maybe required. Contact me.

deviator

  • Omega Knight
  • *****
  • Offline Offline
  • Chesterfield
  • Posts: 1398
    • View Profile
Re: Hacked For The First Time
« Reply #19 on: 06 February 2018, 10:39:27 »

For the first time, and it had to happen eventually, my bank had to contact me late this morning due to "suspicious activity" on my account involving £500 in total.

It turns out that four "purchases" were made using my PayPal details, with two being blocked, but two for computer parts going through and due to be delivered to an address in Burton-On-Trent!

I spent all afternoon on the phone to the bank, PayPal, and Action Fraud.  The fraudulent actions have been accepted by both PayPal and my bank, with refunds being issued. 

The odd thing was though, and no "expert" in any organisation I contacted, including BT, could explain why, after the attempted fraud, thousands of email's started to arrive from all over the World, with I think every language used!  Throughout the afternoon TWO emails EVERY SECOND was touching down, with the eventual grand total reaching 5,000+!!! :o :o :o :o 

I have now taken action to change my email address and delete the old one, but what an effort that was with 4 different BT customer services staff failing to provide any real help to stop the crazy number of email's. As I was changing the email addresses the BT system stated it could take "up to 60 days" for any changes could be made, and none of the BT staff could help me with that.  In the end I have sorted it all, and I have stopped the rouge email's!!  >:( >:( >:(

I am so careful,and ironically have hardly used Paypal, instead using a direct debit card payment, the details of which the fraudsters used.  How I just do not know, and perhaps will never know. Passwords are changed regularly, full security measures are on my devices,  I don't click onto any emails I do not expect and am very careful to use only legitimate, well known and rated, suppliers.

A life experience indeed! ::) ::)

The first question I am asking, is how did they get your details? Your PP address is pretty public, but your password was used elsewhere/cracked or your computer has a virus. Don't reuse passwords, if you can enable 2FA. I know it's difficult to remember all the passwords, so pick a strong one and then add the company to the end so P4ssw0rd5462111-eBay.

Virus scan your computer with multiple (at least 2) free/trial AV packages. If you find anything pretty nasty, then consider a reinstall of the OS.

Use a different email address for paypal to anything else. My eBay email is different to my Paypal email on purpose.

With regards PP, here's how I do it. Setup Paypal, verify via a UK bank account. As soon as this stage is done, remove the account details from Paypal. Paypal DO NOT NEED YOUR BANK ACCOUNT DETAILS. Yes, I can still withdraw money to that account, but PP has no access to take money out of that account. Then I use a credit card with a low limit, say £250 credit limit to fund my Paypal account. This way I have 2 levels of 'insurance' to protect me. If you need to spend more than £250 through PP in one hit, then xfer funds from your current account to your CC card so it has a positive balance and then you can spend the balance plus the credit limit.

The reason you are getting loads of emails is to throw you off the scent. You are less likely to see the bank/paypal etc; emails if they are 1 in 1000.

If you need any specific advise, please ask.
Logged
FCR and cam lock off kit available. Deposit maybe required. Contact me.

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #20 on: 06 February 2018, 15:37:55 »

Activating 2 factor authentication can help reduce the likelihood of this happening again.  All of my important email/paypal/linkedin/etc accounts have it enabled.  It wont completely remove the risk but it makes it quite difficult to break.  I also have text alerts for debits over a certain amount from my main bank account.

Thanks Guffer :y

I do have two factor authentication on my main cards, and my bank do text me, as they did today, about anything unusual.  But, it seems whatever 'security' was with the PP account broke down.  The payments made even used a different version of my email, but that failed to be noted! >:(

This is weird stuff,  if a different email address was used, how did they manage to login to you paypal account to make the purchases  ???
Hang on a minute, I take it you have tried to login to your paypal account Lizzie.
If you can`t , that means they`ve locked you out doesn`t it

Yes, I was able to log in still, but needless to say I have changed various security factors, and I have just had PP confirm with me that various new levels of security have been placed around my account.

How the fraud was done I don't know, and PP are still investigating back to the source of the fraud.  It now transpires that 3 other transactions, amounting to about £700 were stopped by my bank.  So, thanks to them it could have been far worse. ::)
Logged

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #21 on: 06 February 2018, 15:40:18 »

Daughter had her bank card details used for payments for insurance by someone unknown. And at the same time someone phoned up her mobile supplier to say that her phone had been lost so it was blocked and she couldn't use it.
Apparently because the purchases looked suspicious the bank tried to phone her, but it was dead.
All sorted in about 2 hours.
It's quite common they will try and take your phone over, it's used for authentication for so many services and it potential keeps you busy/diverted whilst they do other financial things.

That is apparently if they can get hold of your SIM after they have fooled your mobile phone provider to send you a new one.  This did not happen to me, and I believe the phone companies are now ahead of the fraud. ;)
Logged

Gaffers

  • Omega Queen
  • *****
  • Offline Offline
  • Gender: Male
  • NE Hampshire/Surrey
  • Posts: 11322
    • Ford Ranger Wildtrak
    • View Profile
Re: Hacked For The First Time
« Reply #22 on: 06 February 2018, 16:07:38 »

Daughter had her bank card details used for payments for insurance by someone unknown. And at the same time someone phoned up her mobile supplier to say that her phone had been lost so it was blocked and she couldn't use it.
Apparently because the purchases looked suspicious the bank tried to phone her, but it was dead.
All sorted in about 2 hours.
It's quite common they will try and take your phone over, it's used for authentication for so many services and it potential keeps you busy/diverted whilst they do other financial things.

That is apparently if they can get hold of your SIM after they have fooled your mobile phone provider to send you a new one.  This did not happen to me, and I believe the phone companies are now ahead of the fraud. ;)

Another way to thwart 2FA using a code sent to a phone is to crack the algorithm and gain access to any local SS7 infrastructure.  It's not that difficult if you know your stuff but you will need to know a lot about how GSM networks work in order to pin point the SMS traffic for the particular phone.  You would also need to know that person's number or IMSI.  I believe that the hardware needed can also be difficult and expensive to come by.  As the networks are switched on to the vulnerabilities in SS7, I would suspect that many of them will be monitoring their networks for certain event markers which would give any miscreants activity away.
Logged

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #23 on: 06 February 2018, 16:12:21 »

ERROR!!
« Last Edit: 06 February 2018, 16:19:49 by Lizzie Zoom »
Logged

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #24 on: 06 February 2018, 16:15:21 »



The first question I am asking, is how did they get your details? Your PP address is pretty public, but your password was used elsewhere/cracked or your computer has a virus. Don't reuse passwords, if you can enable 2FA. I know it's difficult to remember all the passwords, so pick a strong one and then add the company to the end so P4ssw0rd5462111-eBay.

Virus scan your computer with multiple (at least 2) free/trial AV packages. If you find anything pretty nasty, then consider a reinstall of the OS.

Use a different email address for paypal to anything else. My eBay email is different to my Paypal email on purpose.

With regards PP, here's how I do it. Setup Paypal, verify via a UK bank account. As soon as this stage is done, remove the account details from Paypal. Paypal DO NOT NEED YOUR BANK ACCOUNT DETAILS. Yes, I can still withdraw money to that account, but PP has no access to take money out of that account. Then I use a credit card with a low limit, say £250 credit limit to fund my Paypal account. This way I have 2 levels of 'insurance' to protect me. If you need to spend more than £250 through PP in one hit, then xfer funds from your current account to your CC card so it has a positive balance and then you can spend the balance plus the credit limit.

The reason you are getting loads of emails is to throw you off the scent. You are less likely to see the bank/paypal etc; emails if they are 1 in 1000.

If you need any specific advise, please ask.
[/quote]



Thanks! :y :y

However, how they did it is still under investigation, but it appears my password was initially hacked at the PP end, and in fact I regularly use many varied, and very strong passwords that cover all the combinations of number, letters and symbols.  They are regularly updated and are not recorded anywhere but in my head as they all make sense to me using various factors, and would be hard to guess.  As TB has suggested it could be that my passcode was sold on, or it was computer linked with a device going through thousands of combinations until it hits the spot!

The strange thing is, that no one can advise me on, apart from you with your observation, although I have stopped it in it's tracks, is the 5,000 email's I received from all over the World about offers, membership, registration, joining, etc, etc, just from the ones where I could understand the language.  None were opened; all deleted in bulk!  That had to be actioned by a computer system, and it is interesting to note that the goods purchased on Ebay using my account details that went through initially were for computer parts! 

Maybe TB, or another techy on here, can find a clue in this, but the two orders where:

 Asus AMD PRIME X370-A AM4 ATX Motherboard Socket AM4 Ryzen 7 Support  = £126.01  and................

 Asus AMD PRIME X370-PRO-Motherboard ATX, AMD X370, Socket AM4, DDR4, HDMI, SLI/XFire  = £159.90

I suspect that the other 3 orders, going on the values involved and the companies named, were as IT parts.

They were all heading to an address in Burton-on-Trent, which is now under investigation.

No, overall deviator, as someone used to investigating fraud, this seems to me after talking to the organisations involved that this could have been part of a far bigger breach of PP security with an insider or a mainframe (do they still have those?!) hack.  I am not getting a direct answer as to how my details (bank card) was used when I know I had a security screen on it.  My PC is the only device used for my financial dealings and this is heavily covered by security software, including regular virus scans, and warnings are given about "Harmful sites". I have various levels of security that I will not go into.  The speed at which this transpired, all within about 30 minutes, with even my bank being deceived by demands on my account that should not have been authorised, leads me to believe serious hackers were involved with this and they knew what they were doing.

As I said before, what hope has any of us as individuals in stopping this when even large corporate institutions are hacked.  How much "security" do we need to install? ;)

I note your useful advice on using PP, which I will use, but ironically I rarely use PP. I will probably now NEVER use it!! ;)
« Last Edit: 06 February 2018, 16:19:06 by Lizzie Zoom »
Logged

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 105839
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: Hacked For The First Time
« Reply #25 on: 06 February 2018, 18:21:28 »

What hope have us individuals got when even the "experts" in 3 major organisations had no answers for me? :o :o
What experts? You called helpdesks etc. For example, why should the BT helpdesk agent be an expert in your banking security? Surely they are experts in your internet connection and/or phone line?

I imagine that the Police are experts in crime and upholding the law, and paramedics are experts in general injuries. I wouldn't call the Police asking them why my arm hurts ;)
Logged
Grumpy old man

TheBoy

  • Administrator
  • *****
  • Offline Offline
  • Gender: Male
  • Brackley, Northants
  • Posts: 105839
  • I Like Lockdown
    • Whatever Starts
    • View Profile
Re: Hacked For The First Time
« Reply #26 on: 06 February 2018, 18:28:13 »

Nothing suspicious about what was ordered, except its electronic stuff that's easy to move on.  I suspect the started at the lowest cost, and kept trying, bumping up costs until it was spotted.  That's a fairly common MO used.

laptops and mobiles are easier to shift, but the banks (any PP etc) are pretty switched onto this, so get closer scrutiny.


Guffers is the IT security/cybersecurity expert on here, so pay attention to what he says :y
Logged
Grumpy old man

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #27 on: 06 February 2018, 18:47:33 »

What hope have us individuals got when even the "experts" in 3 major organisations had no answers for me? :o :o
What experts? You called helpdesks etc. For example, why should the BT helpdesk agent be an expert in your banking security? Surely they are experts in your internet connection and/or phone line?

I imagine that the Police are experts in crime and upholding the law, and paramedics are experts in general injuries. I wouldn't call the Police asking them why my arm hurts ;)

No TB,  I asked their technical department about how the thousands of email's were hitting my PC over their broadband and could they stop it. They didn't know and had no answers apart from change my email address, and that could take up to 60 days to be actioned!!   I sorted that myself by uninstalling my programs that covered emails, then reinstalling.  "Experts"?  Well you would think staff in BT, the central banking system of my bank and PayPal  would have some to tackle these issues, but no, it was down to me to sort out even though the problem was their end.

It strikes me that even large organisations are unprepared for these hacking attacks, which I understand are common, not uncommon. ::) ::)
« Last Edit: 06 February 2018, 18:49:15 by Lizzie Zoom »
Logged

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #28 on: 06 February 2018, 18:54:09 »

Daughter had her bank card details used for payments for insurance by someone unknown. And at the same time someone phoned up her mobile supplier to say that her phone had been lost so it was blocked and she couldn't use it.
Apparently because the purchases looked suspicious the bank tried to phone her, but it was dead.
All sorted in about 2 hours.
It's quite common they will try and take your phone over, it's used for authentication for so many services and it potential keeps you busy/diverted whilst they do other financial things.

That is apparently if they can get hold of your SIM after they have fooled your mobile phone provider to send you a new one.  This did not happen to me, and I believe the phone companies are now ahead of the fraud. ;)

Another way to thwart 2FA using a code sent to a phone is to crack the algorithm and gain access to any local SS7 infrastructure.  It's not that difficult if you know your stuff but you will need to know a lot about how GSM networks work in order to pin point the SMS traffic for the particular phone.  You would also need to know that person's number or IMSI.  I believe that the hardware needed can also be difficult and expensive to come by.  As the networks are switched on to the vulnerabilities in SS7, I would suspect that many of them will be monitoring their networks for certain event markers which would give any miscreants activity away.

Thanks Guffer, I think I understand what you are saying, but as with all this you have to be a specialist in the IT field to know all about it.  The consumer like me who pays the money, and gives them business, should not have to go into such detail as the organisation that you deal with should be protecting their customers, as I did in the retail trade by ensuring full H & S requirements, along with security buffers, were in place to protect those who gave us business/profit :)
Logged

Lizzie Zoom

  • Omega Lord
  • *****
  • Offline Offline
  • Gender: Female
  • South
  • Posts: 7370
    • Omega 3.2 V6 ELITE 2003
    • View Profile
Re: Hacked For The First Time
« Reply #29 on: 06 February 2018, 18:55:24 »

Nothing suspicious about what was ordered, except its electronic stuff that's easy to move on.  I suspect the started at the lowest cost, and kept trying, bumping up costs until it was spotted.  That's a fairly common MO used.

laptops and mobiles are easier to shift, but the banks (any PP etc) are pretty switched onto this, so get closer scrutiny.


Guffers is the IT security/cybersecurity expert on here, so pay attention to what he says :y

Yes, obviously TB, but he and you talk a language that us mere mortals cannot fully follow! ;D ;D :y
Logged
Pages: 1 [2] 3  All   Go Up
 

Page created in 0.035 seconds with 18 queries.