I was hacked

Here you can post stuff that is not related to Christopher Ward
User avatar
Kip
The Administrator
The Administrator
Posts: 35095
Joined: Tue Mar 13, 2007 8:45 pm
CW-watches: 150
LE-one: yes
LE-two: yes
LE-three: yes
LE-foura: yes
LE-fourb: yes
LE-five: yes
LE-six: yes
LESeven: yes
Location: New Hampshire, USA

I was hacked

Post by Kip »

A word of caution.

Yesterday I was hacked.

I received an email from Paypal that stated I had received a request for payment of $1055.00. The obligatory note stating if this was spam to report by calling. I wrote down the number and the proceeded to access my Paypal account via a new tab. I never once clicked anything within the email. The Paypal account came up and I logged in. There was the same request along with the same phone number so I presumed it was legit. I had some memory of a “Report” button, but could not see it.

Interestingly, I checked my bank records and discovered a charge for the same amount, so I logged out of my bank and called the “Paypal” number. After a brief conversation I suspected something wasn’t right as they wanted me to click on a client access download which I refused to do, but then noticed my mouse moving about without my assistance. I was repeatedly asked not to access my bank account via any other device. Of course, I ignored this and checked again on my phone to see that the “Paypal” charge was now an account transfer, meaning no money was missing, only moved. I was also changing the passwords to Paypal and my Bank via other devices.

I immediately instructed my wife to call the bank and freeze the accounts and then turned off my computer. My bank was great, immediately freezing the accounts and setting up new ones before any damage could be done.

Somehow these thieves had accessed my bank account via the tie in through Paypal. I never clicked on anything within the email nor on Paypal itself. Obviously I have reported now to Paypal and am in the process of squaring away my “new” bank accounts.

This was a direct hack of Paypal, although I cannot figure how they accessed the bank accounts nor more importantly, at what point, how they accessed my computer. It had to have been when I first opened the email, nor how fast they did it.

Now I need to have the computer cleaned so I can remove some files. I will likely replace the computer as it is old anyway and is due for an upgrade.

My point here is to not tie in a bank account with Paypal. I have learned that lesson well. I will seek other methods of collecting/transferring of funds. I was fortunate, but wanted to pass on the information as a word of caution.
These users thanked the author Kip for the post (total 4):
welshladjkbarnes0uatiOWtikkathree
Kip

"Asylum Administrator"


Visit the CWArchives for everything CW. Historical, specs, manuals and resale. It is all there.
User avatar
watchaholic
Senior Forumgod
Senior Forumgod
Posts: 1899
Joined: Tue Mar 05, 2019 12:28 am
CW-watches: 4
Location: NE North Dakota, USA

Re: I was hacked

Post by watchaholic »

Sorry to hear of your misfortune, sounds like it could have been much worse. Are you saying then to only have a card connected to PPal? I have been using a bank acct for years with no issues, but one never knows.
Time and money? I’ve spent most of mine on booze and women. The rest I just wasted…
Dwight
User avatar
NigelS
Expert
Expert
Posts: 202
Joined: Sat Jul 08, 2023 8:02 am
CW-watches: 2
Location: Stone, Staffs, UK

Re: I was hacked

Post by NigelS »

An absolutely horrendous story and I'm so sorry for you Kip. I got hacked via Facebook while on holiday in Belgium in 2018 and the only device I had with me was an iPad I bought in 2007 with 3G. We were staying in a B&B with terrible wifi connection so trying to change all my passwords nearly caused me to seek help from Mental Health services! There are two lessons I learnt from this, close down my Facebook account and vote for any political party that proposes immediate beheading of all hackers
'Life is Art, and not otherwise' C.S.Lewis
User avatar
Stif
Senior Guru
Senior Guru
Posts: 659
Joined: Sun Nov 14, 2021 8:27 pm
CW-watches: 2
Location: Scotland

Re: I was hacked

Post by Stif »

Kip, the 'mouse moving by itself' element of this is most worrying - it sounds like your PC itself is compromised, rather than your accounts - thus be very careful if using that same machine to change passwords etc!

If you haven't already got any, it'll be well worth getting antivirus software and running a scan.

Here's a good article with some suggestions of what to do and what to look for especially section 3:
https://www.aura.com/learn/how-do-hacke ... plications.
These users thanked the author Stif for the post (total 4):
Bahnstormer_vRSKiptikkathreeMistaFroggyG
- Grant

"There is nothing so useless as doing efficiently, that which should not be done at all."

Developer of mobile watch app WristCheck - find out more at wristcheck.app
User avatar
strapline
Senior Forumgod
Senior Forumgod
Posts: 2326
Joined: Tue May 07, 2019 3:00 pm
CW-watches: 0
Location: SW Ireland

Re: I was hacked

Post by strapline »

Sorry to hear this Kip, the crooks reach gets further and further. I agree with Grant above. Whilst I'm no computer expert, having a machine that runs on latest software is sound advice. Good virus protection is vital as is a decent firewall - they usually come together. I've used PayPal for years with no issue. I only have it linked to my current bank account via my cash card, there's only a couple of hundred pounds in there to eliminate this kind of risk. You can always link your Paypal account to a credit card that way someone else's money is at risk, not yours. Linking bank accounts to your mobile is also a good idea where two step authentication is needed for sales to progress. It's usually a thumb print or code that is sent to you via your bank.

All the best.

Des
These users thanked the author strapline for the post (total 2):
StifKip
Does melancholy count as two of your five daily servings?
jtc
Senior Forumgod
Senior Forumgod
Posts: 4103
Joined: Fri Oct 05, 2012 9:50 pm
CW-watches: 2
Location: Hampshire, UK

Re: I was hacked

Post by jtc »

This is likely due to password re-use for the email address and accounts across the internet, with no second factor enforced for logon to PayPal. There could also be malware and nefarious stuff redirecting seemingly legitimate websites to malicious versions.

The spear phishing is just the icing on the cake to ensure (from what it sounds like) your PC was also compromised.

I'd encourage everyone to enter email addresses and favourite passwords into the checks performed by https://haveibeenpwned.com/. Change any password used at any account you've used it for and set up a second factor (email or SMS code, authenticator app) for all accounts that support it.

Never ever re-use a password. Always use a second factor for account security. Never click any links in emails asking you to do something without performing some due diligence. Always have the latest patches and AV updates.
These users thanked the author jtc for the post (total 3):
Bahnstormer_vRSStifKip
Jon

Trusted Seller Feedback

CW | Tudor | Tag Heuer | Omega | Longines | Bremont
User avatar
Kip
The Administrator
The Administrator
Posts: 35095
Joined: Tue Mar 13, 2007 8:45 pm
CW-watches: 150
LE-one: yes
LE-two: yes
LE-three: yes
LE-foura: yes
LE-fourb: yes
LE-five: yes
LE-six: yes
LESeven: yes
Location: New Hampshire, USA

Re: I was hacked

Post by Kip »

Stif wrote: Sat Sep 30, 2023 12:48 pm Kip, the 'mouse moving by itself' element of this is most worrying - it sounds like your PC itself is compromised, rather than your accounts - thus be very careful if using that same machine to change passwords etc!

If you haven't already got any, it'll be well worth getting antivirus software and running a scan.

Here's a good article with some suggestions of what to do and what to look for especially section 3:
https://www.aura.com/learn/how-do-hacke ... plications.

Thanks for the suggestions.

Yes my PC is hacked also. Although I never clicked anything in the email, it must have started when I opened it. What I can't determine is how they accessed my bank accounts prior to my checking Paypal and how they got in via Paypal. Regardless, I did identify the scam prior to any withdrawals and froze the accounts. A pain rearranging accounts and changing passwords, but it could have been much worse. All I have lost is time.

I will be getting the hacked computer cleaned so I can retrieve a bunch of old files and then it will get trashed.
Kip

"Asylum Administrator"


Visit the CWArchives for everything CW. Historical, specs, manuals and resale. It is all there.
User avatar
Kip
The Administrator
The Administrator
Posts: 35095
Joined: Tue Mar 13, 2007 8:45 pm
CW-watches: 150
LE-one: yes
LE-two: yes
LE-three: yes
LE-foura: yes
LE-fourb: yes
LE-five: yes
LE-six: yes
LESeven: yes
Location: New Hampshire, USA

Re: I was hacked

Post by Kip »

strapline wrote: Sat Sep 30, 2023 1:19 pm Sorry to hear this Kip, the crooks reach gets further and further. I agree with Grant above. Whilst I'm no computer expert, having a machine that runs on latest software is sound advice. Good virus protection is vital as is a decent firewall - they usually come together. I've used PayPal for years with no issue. I only have it linked to my current bank account via my cash card, there's only a couple of hundred pounds in there to eliminate this kind of risk. You can always link your Paypal account to a credit card that way someone else's money is at risk, not yours. Linking bank accounts to your mobile is also a good idea where two step authentication is needed for sales to progress. It's usually a thumb print or code that is sent to you via your bank.

All the best.

Des

I too have used Paypal without issue for many years. However, this event is causing me to rethink it. As much as I hate the two step authentication, I will be changing over everything I can.
These users thanked the author Kip for the post:
strapline
Kip

"Asylum Administrator"


Visit the CWArchives for everything CW. Historical, specs, manuals and resale. It is all there.
User avatar
Stif
Senior Guru
Senior Guru
Posts: 659
Joined: Sun Nov 14, 2021 8:27 pm
CW-watches: 2
Location: Scotland

Re: I was hacked

Post by Stif »

Kip wrote: Sat Sep 30, 2023 5:07 pm
Yes my PC is hacked also. Although I never clicked anything in the email, it must have started when I opened it. What I can't determine is how they accessed my bank accounts prior to my checking Paypal and how they got in via Paypal. Regardless, I did identify the scam prior to any withdrawals and froze the accounts. A pain rearranging accounts and changing passwords, but it could have been much worse. All I have lost is time.

I will be getting the hacked computer cleaned so I can retrieve a bunch of old files and then it will get trashed.
Potentially they didn't have anything at all - if they had remote access to your machine then when you loaded PayPal, they might have been intercepting that request and displayed a dummy PayPal page... this bit of your original message makes me wonder if that was the case:
The Paypal account came up and I logged in. There was the same request along with the same phone number so I presumed it was legit. I had some memory of a “Report” button, but could not see it
So potentially you never actually visited PayPal, but in the process of trying to access it you may have given them your login information.

As mentioned elsewhere, definitely set up two factor authentication wherever possible - in a situation like this I'd usually also make sure to check the account via the phone app, as that would do a biometric login (if set) and as its their app it's harder to spoof.

I hope you're able to get things sorted out without too much inconvenience!
These users thanked the author Stif for the post (total 2):
Kiprkovars
- Grant

"There is nothing so useless as doing efficiently, that which should not be done at all."

Developer of mobile watch app WristCheck - find out more at wristcheck.app
User avatar
rkovars
Senior Forumgod
Senior Forumgod
Posts: 3230
Joined: Tue Apr 14, 2020 7:56 pm
CW-watches: 5
Location: New England, US

Re: I was hacked

Post by rkovars »

Just opening and email can be dangerous. Most modern email clients are really just web browsers. They load all sorts of content from the internet like images and yes background programs. It sounds to me like they somehow exploited RDP (Remote Desktop protocol) and were probably rooting around on the machine. It probably had a key logger as part of the payload too. So they were able to see every character as you typed. A pretty sophisticated hack. Most aren't anywhere near this slick.

One word about two factor - if someone gets your phone number and they have access to your address and some other info it has been shown that the carriers are more than willing to send out a SIM card. Once an attacker has this he gets the same SMS messages you do. So SMS two-factor is the least secure. If they support two-factor with the use of a separate device or app this is better. This attack isn't very sophisticated either. SMS is better than nothing but you can't let your guard down. I only mention this to make sure that people don't think they are completely safe if two-factor via SMS is enabled.

I am really sorry to hear this Kip. Unfortunately with countries like Russia or India that turn a blind eye to this activity as long as it isn't directed against their own citizens it will not go away.
These users thanked the author rkovars for the post:
Stif
Life is not a matter of holding good cards, but sometimes, playing a poor hand well.
Jack London
MistaFroggyG
Guru
Guru
Posts: 311
Joined: Mon Jun 12, 2023 3:25 am

Re: I was hacked

Post by MistaFroggyG »

Personally, I’d disconnect that computer from the internet ASAP and unplug it. I’d pull the hard drive out and never use it again.

Password theft from shared passwords isn’t uncommon, but remote controlling your machine is terrifying and I’d consider that installation compromised.
Greatpotfarm
Senior Guru
Senior Guru
Posts: 568
Joined: Sun Oct 23, 2022 3:21 pm
CW-watches: 0
Location: Nelson, New Hampshire

Re: I was hacked

Post by Greatpotfarm »

First it was your Facebook acct that got hacked earlier this year, then this happens now... What rotten luck!
Glad you caught it in time 👍!
Dan