The-J
Dog Dad
FASTLANE INSIDER
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
EDIT: Guy on the phone reopened my claim. I initiated a stop payment with my Canadian bank, because the foreign transaction has not hit my bank account.
I'll be livid if it doesn't go through: Paypal gives you no discourse. But in case it doesn't, I'm about to initiate a stop payment with my business bank.
According to Paypal, the transactions were done on my device. Now, this is impossible since I was not even awake at the time. The guy on the phone said that even the IP address matched, but the investigation was quick because it was on my device.
I found some viruses on my computer (and I remember a suspicious macro file someone sent to me the previous day). So the only thing that could have happened was that the hacker was able to log into my machine remotely and do all the transactions himself.
My computer was on, as well. So that's another mistake.
I set up 2-factor (I mistakenly thought I had it set up, I did not. Now I do). That will add a small layer of security to my account.
I will get this issue resolved, but it's still a giant headache.
So, some lessons learned:
1) Never open suspicious files. Scan every file as soon as you download it. And even then, you're not guaranteed to be in the clear.
2) Never give hackers a gateway into your system. Don't leave your computer on. Don't allow remote access.
3) In case they DO get into your system, set up 2-factor authentication with a phone not linked to your name, but a phone that is on your person at all times.
4) Don't trust Paypal to have your best interests in mind. They're just people trying to do their job and go home.
5) If you suspect anything might be hitting your bank account, call your bank right away. I should have called my business bank yesterday. I foolishly trusted Paypal to have things done.
Lesson learned. I should lose $0 at the end of the day, but I've lost sleep over this bullshit. F*ck Paypal.
EDIT: It's possible to spoof someone's MAC address (your unique device ID on your network card) and someone's IP address (the ID given to you by your internet provider that interacts with the Internet). So people don't actually need to hack into your computer: they just need to look up your MAC address and your IP address. They can do this by creating signups to a fake website. They can easily get these ID numbers.
Databases get leaked all the time. Remember the LinkedIn database leaks? Ashley Madison? Tumblr? JP Morgan Chase? Even F*cking LastPass has been breached (luckily, that breach didn't make your passwords known to everybody because decrypting is all done locally, and not over the cloud).
If someone has your password, and can spoof your MAC and IP addresses, then they can make it look like they did everything from your computer or your location.
I don't know exactly how these hackers got my Paypal login and were able to make transactions. But all I know is that they did, and I'm livid, and Paypal doesn't want to do anything about it.
I'll be livid if it doesn't go through: Paypal gives you no discourse. But in case it doesn't, I'm about to initiate a stop payment with my business bank.
According to Paypal, the transactions were done on my device. Now, this is impossible since I was not even awake at the time. The guy on the phone said that even the IP address matched, but the investigation was quick because it was on my device.
I found some viruses on my computer (and I remember a suspicious macro file someone sent to me the previous day). So the only thing that could have happened was that the hacker was able to log into my machine remotely and do all the transactions himself.
My computer was on, as well. So that's another mistake.
I set up 2-factor (I mistakenly thought I had it set up, I did not. Now I do). That will add a small layer of security to my account.
I will get this issue resolved, but it's still a giant headache.
So, some lessons learned:
1) Never open suspicious files. Scan every file as soon as you download it. And even then, you're not guaranteed to be in the clear.
2) Never give hackers a gateway into your system. Don't leave your computer on. Don't allow remote access.
3) In case they DO get into your system, set up 2-factor authentication with a phone not linked to your name, but a phone that is on your person at all times.
4) Don't trust Paypal to have your best interests in mind. They're just people trying to do their job and go home.
5) If you suspect anything might be hitting your bank account, call your bank right away. I should have called my business bank yesterday. I foolishly trusted Paypal to have things done.
Lesson learned. I should lose $0 at the end of the day, but I've lost sleep over this bullshit. F*ck Paypal.
EDIT: It's possible to spoof someone's MAC address (your unique device ID on your network card) and someone's IP address (the ID given to you by your internet provider that interacts with the Internet). So people don't actually need to hack into your computer: they just need to look up your MAC address and your IP address. They can do this by creating signups to a fake website. They can easily get these ID numbers.
Databases get leaked all the time. Remember the LinkedIn database leaks? Ashley Madison? Tumblr? JP Morgan Chase? Even F*cking LastPass has been breached (luckily, that breach didn't make your passwords known to everybody because decrypting is all done locally, and not over the cloud).
If someone has your password, and can spoof your MAC and IP addresses, then they can make it look like they did everything from your computer or your location.
I don't know exactly how these hackers got my Paypal login and were able to make transactions. But all I know is that they did, and I'm livid, and Paypal doesn't want to do anything about it.
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.
Last edited: