PAYPALNEXCONINC and PAYPALACCLAIMGAMES == Fraud

godsell4 · ‎06-04-2007

While away on holiday for a few days last week, one of my credit cards stopped working.

I called Visa while away and found about £600 had been spent through PAYPAL on my card, this was 'suspicious behaviour' and so they suspended the card. Fair enough I thought! They told me the names of the companies making the transactions, see subject title above, of course I had not heard of them. At this point Visa cancelled the card completely.
Then I get home this weekend, and find my eBay and PayPal accounts are also 'suspended'.
Now of course I think these things must be all related.
Has anybody else had this recently too? If so ... Do you think information gained from the webmail breach a few months ago have helped the fraud take place?
SW.

--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed

James · ‎04-04-2007

If this had been related to the Webmail incident (which it won't be) then I would have expected there to have been a number of similar incidents.
I hope you manage to get things sorted out with your bank sharpish.

Chris · ‎05-04-2007

Sorry to hear that about your problems.

Hopefully you will get this sorted very soon.

Quote
Do you think information gained from the webmail breach a few months ago have helped the fraud take place?

Short answer, no. As has been announced multiple times, including in the webmail incident report, it was only email addresses gathered. There was no breach of the main account details as the webmail addresses were stored on a separate server.

Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.

zubel · ‎08-06-2007

http://www.first.org/newsroom/globalsecurity/148672.html
Storm Botnet targets UK eBay/Paypal users.
B.

godsell4 · ‎06-04-2007

Quote from: Barry
Storm Botnet targets UK eBay/Paypal users.

Unlikely to be that as you need to have fallen foul to phishing first if I understand the reoprts for that correctly.
SW.

--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed

zubel · ‎08-06-2007

Not necessarily.
What it means is that the people running the Storm botnet are basically brute-forcing passwords for eBay and paypal accounts.
So no, *you* don't have to have fallen foul. All you need is a paypal or ebay account and you are vulnerable.
B.

godsell4 · ‎06-04-2007

Quote from: James
I hope you manage to get things sorted out with your bank sharpish.

No problems with the bank to be honest. New cards arrived in a couple of days and refunds are already showing on my account for the unauthorised paypal transactions. So far, it has cost me £0!
SW.

--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed

godsell4 · ‎06-04-2007

Quote from: Barry
... the Storm botnet are basically brute-forcing passwords for eBay and paypal accounts.

Ahhh I see!
Umm ... does this mean ebay/paypal do not implement the simple scheme of 3 failed login attempts ... suspend account again for 30mins ... allow 3 failed login attempts ... suspend account again for 60 mins ... or anything similar ?
SW.

--
3Mb FTTC
https://portal.plus.net/my.html?action=data_transfer_speed

jelv · ‎10-04-2007

Time to change the ebay password to the maximum strength permitted using a random generator!
Edit: I'm using http://keepass.info/ to generate and store my passwords.

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

zubel · ‎08-06-2007

Quote from: godsell4

Umm ... does this mean ebay/paypal do not implement the simple scheme of 3 failed login attempts ...

I'm not sure of the mechanics of eBay and Paypal accounts. This would seem like a sensible thing to do. However, when you have a suspected 50 million machines targetting your servers, I guess that it could cause some overload problems.
They may have some sort of "three tries from one IP and that IP is blocked" principle, otherwise I could effectively lock you out of your own eBay account by attempting to log you in repeatedly. Unfortunately, when dealing with a Distributed cracking mechanism, the IP restriction is ineffective.
Suffice to say, it's worth updating your passwords to something a bit more secure if you haven't done so recently.
B.

zubel · ‎08-06-2007

Quote from: jelv
Time to change the ebay password to the maximum strength permitted using a random generator!

his password is 123456??? That's the kind of password an idiot would have on his luggage!
(obligatory Spaceballs quote)
B.

glloyd · ‎06-04-2007

Article here http://www.theregister.co.uk/2007/09/10/ebay_botnet_attack/

jelv · ‎10-04-2007

Quote from: James_H
Quote from: jelv
Time to change the ebay password to the maximum strength permitted using a random generator!

[me=James_H]avoids pointing out that computers can't do random without external random input. ;)[/me]

Which is why keepass needs a seed which can either be keyed or generated by waggling the mouse around over a random pattern.

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)

Kelly · ‎04-04-2007

Long passwords are the key. Pity people seem to keep restricting password lengths.
"I really hate short passwords! They do my head in :)"
is a great password.

Harder to brute force and dead easy to remember
(I know this is a bit rich coming from us with our crap passwords last year of course...)

Kelly Dorset
Ex-Broadband Service Manager

jelv · ‎10-04-2007

Far better are random passwords. Most of my passwords on sensitive sites I don't know. Using Keepass I drag the password from the ******* display in there to the password field on the form so I do't actually ever key it myself.

jelv (a.k.a Spoon Whittler)
Why I have left Plusnet (warning: long post!)
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£14.40/month)
Mobile: iD mobile (£4/month)