PDA

View Full Version : My first Paypal Ripoff Beware of 802.11



Dr. Eagle
11-04-2004, 05:46 PM
So I went to the ATM for a few bucks today and checked my balance in checking (my funny money account that I use for toys and spending money).
Balance = $0
Hmmmmmm coulda sworn I had about $300 in there...
I got back to the office and got online to check my account. Well there was a charge 1,126.66 from Paypal. Hmmmmm I just bought something for about $25 Tuesday... but WTF?
So I got onto the Paypal site. There is that charge for about $25 and shortly after, there is a charge for 590 British Pounds... converted to 1,126.66 dollars. I called Paypal and they took the information, told me to fill out the affadavit they were going to send me and they'd refund as soon as they got it back signed.
I was trying to figure out how that could have happened that someone got my password and it struck me.
I was in a hotel that had wireless internet (802.11B) and was using it when I won the auction.
Knowing it was unsecured, I got off the wireless connection and used the telephone dial up to do the paypal portion, but after thinking about it... I don't remember disabling the radio in the computer. Here I thought I was being good and thining of all the angles...Beware everyone... it can happen to you.

MikeF
11-04-2004, 05:49 PM
What was the persons "rating" like? Has he/she only sold a few things or many?

Dr. Eagle
11-04-2004, 05:51 PM
What was the persons "rating" like? Has he/she only sold a few things or many?
The ebayer had no way to access my account. It had to be someone that collected my password and gave themselves a gift...
And they had a lot of feedback if that matters...

MikeF
11-04-2004, 05:55 PM
Sometimes you can't be careful enough. :frown: Hope it works out in your favor and they catch the bad guy!

jlnorthrup122
11-04-2004, 06:05 PM
That really sucks DR. E I hope you get your moneys back and find the pukes that took it!

Brewzed
11-04-2004, 06:07 PM
I've heard the new thing for identity theft is people cruisin around neighborhoods until they pick up a wireless signal from a house. I don't
think the average family would worry about firewalls on their home networks.

ahhell
11-04-2004, 06:08 PM
next time wrap your head in foil so no one can read your mind :cool:
at least pay pal will make good, havent had any problems...yet

rmylek
11-04-2004, 06:14 PM
What's even worse best buy sells this little key chain device that all you have to do is press a button an a light will lite up if there is a wireless signal. It to can be yours for under $20.

H20Advantage
11-04-2004, 06:16 PM
It's called wardriving. They roam around and look for open nodes with a special antenna, sometimes made with a pringle can.
See if Paypal captured the ISP the transaction came from and then have the locals get a search warrant for the ISP info. That way you can at least find the point of compromise.
Let me know if you have any questions....I work major fraud

RiverKitty
11-04-2004, 06:24 PM
http://www.***boat.com/image_center/data/500/414wifi.JPG

Midlife Advantage
11-04-2004, 08:53 PM
http://www.***boat.com/image_center/data/500/414wifi.JPG
Good one Kitty! that little clip says it all. I use a wireless laptop, (like right now while watching the OC) and I am going to have to figure out how to enable my WEP, cause although I'm a technician, I am LAN-illiterate!
Funny thing is that when my buddy comes over to hang out, he brings his laptop and surfs on my wireless LAN. When he goes to his chicks apartment, he surf's on someone else's wireless in the complex! Doesn't even know which neighbor has it, LOL.
But I have started using PayPal, need to know of any other fraudulent incidents....

Midlife Advantage
11-04-2004, 09:05 PM
The wireless devices and routers are already behind the firewall... If you don't have static ip-addresses tied to a specific MAC address with encryption turned up its way too easy now a days. All someone has to do is buy a new laptop with wireless built in. As soon as you come within range of a wireless device it detects it and connects automatically.
Forensic
Gotta confess tho, I was in a hotel room last week and I detected a wireless net nearby, took the laptop out to my truck where I got better signal, and tried to access the net via whoever else's LAN it was. But they had something enabled that would not allow me to do it.

IN2-IN2MX
11-04-2004, 09:09 PM
Dr. E - sorry to hear this happened. That really blows :burningm: . I hope you get your $ back quickly.

SHOTKALLIN
11-04-2004, 09:15 PM
Just get an address and we will roll over there at night all dressed in black and we will bring some duct tape, plyers, a blow torch, and......well I cant give away our plan. Just get the damn address!

***boat
11-04-2004, 09:20 PM
While possible it is not as likely that your account was compromised from someone eavesdropping on your wireless network. If it was they were very good. You see that was a point to point communication between E-Bay and your computer. It was probably SSL encrypted as well. That means they would have either had to force a Trojan into your computer (possible but not likely), or broken the SSL encryption and even further more to do that they would have to have the capability to actually monitor your network traffic as it went by (even harder to do). The real risk of wireless is that someone connects to your network (since wireless is already inside your firewall) and then alters/ deletes or otherwise mess's things up. If you computer does not have an open network share or is running a software firewall it will help prevent this as well.
Put another way I would look elsewhere other than the wireless. Take a look at the seller and the possibility that it might have come from elsewhere.

JetBoatRich
11-04-2004, 09:21 PM
Dr.E sounds like you caught it quickly :D which is a good thing :D I had a couple incidents that paypal stepped up and took care of everything, including my money back :D

C-2
11-04-2004, 09:44 PM
While possible it is not as likely that your account was compromised from someone eavesdropping on your wireless network. If it was they were very good. You see that was a point to point communication between E-Bay and your computer. It was probably SSL encrypted as well. That means they would have either had to force a Trojan into your computer (possible but not likely), or broken the SSL encryption and even further more to do that they would have to have the capability to actually monitor your network traffic as it went by (even harder to do). The real risk of wireless is that someone connects to your network (since wireless is already inside your firewall) and then alters/ deletes or otherwise mess's things up. If you computer does not have an open network share or is running a software firewall it will help prevent this as well.
Put another way I would look elsewhere other than the wireless. Take a look at the seller and the possibility that it might have come from elsewhere.
That's what I was wondering too.
Dr. with your permission, I'll pose this scenario to a group of computer forensics investigators I'm associated with, see what they say. Maybe it's a known scam.
Lemme know