Paypal/Gmail Password Stolen.. Almost got £300 out of me.

[Jamoe]

Something rather alarming occurred today. I was busy working and noticed an email notification pop up via gmail chat. I caught a glimpse and it said I had made a payment of £289.99 for some Ebay auction.

Obviously I was quite concerned and proceeded to Gmail to check it out. But there was no trace of an email. Next step was Ebay, but my account showed no activity at all.

I logged into my Paypal account and there it was, a transaction for almost £300 for some random ebay item. Only costing £7.99 + £2 delivery.

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=150200491736

All this occurred within 30 minutes of me seeing the gmail chat notification, I put in an unauthorised Transaction and I think its all been paused for now while under investigation.

But thats not the end of it, I had been reading my gmail account via Thunderbird and a number of emails dropped in from Paypal regarding the unauthorised transaction process. All seemed fine until I checked my gmail account online and again found the same emails missing.

At this point I realised my password has been compromised and start on mass updating all my password for everything I can think of. My biggest concern was that some ass had been/is reading my mail and had access to baby pictures. I had an image of someone sitting in my gmail account deleteing ebay/paypal mails to stop me finding out what was going on.

But... it was still occurring, if I hadn't been using gmail chat and Thunderbird to pull down mail, I would be none the wiser. But I couldn't work out how the mails were still being deleted. "Password Change" emails from Ebay and Paypal got deleted even after changing my gmail password.

Then I twigged, filters. The ******* had setup about 7 filters that deleted mail from various ebay/paypal accounts and even the Ebay member whom the auction belonged too.


I still have no idea how my password has been compromised, virus scans are clean on work and home PC. That leaves in-laws PC which i know we had used my Ebay account on too order some tiles a while ago.

If I hadn't had gmail chat going it would have been a few weeks before I checked my statement and notice the money withdrawn via Paypal.

Fingers crossed that this transaction gets refunded in full, need to talk to the bank tonight and cancel the direct debits connecting my bank account to Paypal.



:taz:

Jamoe aka ****ed off bunny

[Anonymous]

The main point is you spotted it and took action. Well done and hopefully somebody out there will care enough to try and investigate/prosecute (although I wouldn't hold out too much hope on that one)

[Jamoe]

A little long winded post there sorry folks :blush2:

It all feels very tainted.

[delanvital]

I would say that you are in time to stop the transaction in the bank.

Perhaps, when talking to the bank, try and trace what account the money were meant for? If you were to pay that much, for so little, perhaps the recipient of the money is also the perpetrator?

Any backdoor vira found via antivirus software?

Edit: an interesting read mate, cheers for the detailed post.

[Jamoe]

The money from my bank wil end up in my Paypal account, then used to pay the eBay members Paypal account.

I only assume that he has also been compromised and his paypal account will forward money to the real perpetrators account. Hence the filter that deletes any email from the Ebay member in my Gmail account.

[DuVeL]

Hope you got it al sorted now m8.
 
BTW, found an interesting read about;
eBay to 'ban' negative seller feedback; http://www.bit-tech.net/news/2008/02/06/ebay_to_ban_negative_seller_feedback/1

[Penfold]

Man, that sucks Jamoe,

You seem right on the ball though so good effort!

PEN

[Jamoe]

You'll be happy to know that I've been fully refunded. Not much of an explanation though but you can't have it all

:yahoo:

Now I need to find out how they got hold of my password, I think a format is in order just to be on the safe side.

[T-Bag]

Good to hear it all worked out in the end. I wonder if they'd have been as quick if you hadn't have caught it in it's tracks.

[Zootoxin]

Sorry to hear about what happened mate, it must have knocked you sick knowing someone was in your account..

I never thought about someone hacking emails I mean you gotta ask yourself out of all the millions on the net why you??

*checks all accounts!!

Does gmail have a email secret question like hotmail?? maybe that was the key to your accounts....

Sneaky ******* with the filters though

[DuVeL]

Jamoe, do you use your Gmailaccount for Ebay?
Maybe that way they got your emailaddy and so.
 
Sort/change passwords and such but that advice is sometimes best for more people here on the forums.
Also setting up passwords can be a bit tricky, don't forget them

[Jamoe]

Jamoe, do you use your Gmailaccount for Ebay?
Maybe that way they got your emailaddy and so.
 
Sort/change passwords and such but that advice is sometimes best for more people here on the forums.
Also setting up passwords can be a bit tricky, don't forget them

Yea, I have a sneaky suspicion they got my paypal account details and found my gmail address and tried the same password.

It was a good password as well, I'm gutted .

[Zootoxin]

It was a good password as well, I'm gutted .

Hmmmm..... Not that bloody good!! :roflmao:
Sorry mate couldnt resist