I need a reverse e-mail lookup. (Paypal security breach).

[Moses]

Yesterday I got a message from Paypal that I had added a new e-mail address to my account. Seconds later a new message stating that the new e-mail address was now the primary address.

I quickly accessed my Paypal account and discarded the new e-mail address and changed my password.

The address that had been added to my account without authorization was rosimpson@yahoo.com. I'd like to get Mr. Simpsons address and phone number if possibe. He's got some 'splainin to do! Can anyone do a reverse e-mail lookup for me?

[Shuie]

Yahoo accounts are free and anonymous. They take about 30 seconds to establish. If you want to get in touch with him you will probably just have to send him an email.

[RickM]

I don't think that's possible. The email resides on Yahoo servers and the info for the account is as good as what was originally entered. I'd guess that since this person is hijacking accounts there's not much there.

Yahoo would have to trace his IP.

Or maybe there's some kind of tracking widget that can be attached to an Email. When he opens it reports back with his IP.

[svandamme]

only Yahoo can do it, and they'll only do it in case of fraud
but not at the request of just about anybody, or else , anybody could get anybody's details

you'll need Paypal to get on top of this
or else file charges somewhere ( and fat chance that will get you anywhere)

what you could do, is send an email, with a picture linked into hte message body
and then you need a webserver, and the one ip that reads that picture, is the one
however, you might just as well get an ip adress that's bogus
or not identifiable... so it's no use whatsoever
besides, mails with payloads trigger firewall, mail, virus protection and it would alert the mark


how did you go to paypall when you got the message??
sounds to me like you just got phished, and followed their link, to a bogus site, and gave them your credentials

[stomachmonkey]

If he is a scammer odds are he is spoofing the IP anyway.

I'm not a scammer but that is what I would do.

If you are not using at least an 8 character password that is a combination of letters and numbers you are asking for trouble.

Also you user name should be "unique".

I almost had one of my servers shut down a couple of months ago. One of the users changed her mail login and password to "diana" and obviously a simple password.

A bot out of Korea ran a dictionary attack on the mail port, got into her account and started blasting phising emails at the rate of 100,000 an hour.

A dictionary attack is just what it sounds like, the bot will start hitting the server requesting access using a first name and will try 5 or 6 passwords then move onto the next name in the alphabet. It will do this forever unless you catch it.

Scott

[Joeaksa]

Contact Yahoo and give them the info. They will work with it.

Also contact both PP and Ebay and tell them what is going on and to flag your account to watch for any futher changes.

My account was taken over last fall and they tried to sell stolen basketball tickets with it. Ebay flagged it within hours and locked the account down. Took me 3 weeks to get it back under my control.

As well like Scott mentioned above, make your password hard to bust. Mine has one capital, one space and one number in it. Not an easy one to hack.

[Tobra]

Just got an e-notice my paypal acct was changed, and I don't have one

[austin552]

Send him a virus.

[Tishabet]

Quote:

Originally posted by Tobra
Just got an e-notice my paypal acct was changed, and I don't have one

On that note...
Moses, are you sure that the account you logged in to was legitimately Paypal (i.e. not another site made to look like paypal)?
Common phishing tactic is to scare someone into "logging in" to change something, but the login page is actually a dummy and you are entering your legit credentials.

[masraum]

Quote:

Originally posted by Tshabet
On that note...
Moses, are you sure that the account you logged in to was legitimately Paypal (i.e. not another site made to look like paypal)?
Common phishing tactic is to scare someone into "logging in" to change something, but the login page is actually a dummy and you are entering your legit credentials.

Did you click a link in the emails or did you go to paypal directly by typing the address in your browser? If you clicked a link in one of the emails, then you probably had a secure account that then was compromised.

[pwd72s]

Quote:

Originally posted by Tobra
Just got an e-notice my paypal acct was changed, and I don't have one

Me too...also notices from "banks" that I've never done biz with...these are designed to look very legit, logos and all. To tell ya the truth, I don't "do" ebay any more. In the opinion of many in law enforcement, it's the world's largest fencing operation, and is full of scams...

[Moses]

I'll bet itwas a "dictionary hack". I've changed to a complicated password.

I never click on links in e-mail unless they are from Pelican Parts or a known friend.

I've e-mailed Paypal and I will contact Yahoo.

[TimothyFarrar]

Moses,

My guess is that it isn't just a simple dictionary hack. Paypal doesn't have a fast enough response rate for someone to sit and try passwords all day long using some kind of automated tool. Also I'm nearly positive that this activity would get flagged and a sysadmin at paypal would see it and disable the account.

If you are sure you didn't somehow get phished, ie you always manually type in the URL to paypal in the browser, then something more serious happened. Other phishing / social engineering methods are fake emails with call back numbers. So people think they are safe by not using the URL in the email and instead call the phone number in the email...

Serious as in they got your paypal password directly because some computer which you use to log into paypal is compromised. If you use a PC then this is highly likely. If it was a dictionary hack then it probably was done on some password file instead of directly trying to log into your paypal account.

If your paypal account was compromised then they probably have access to the bank account or credit card attached to the paypal account. Also if one of your computers was compromised then they would also have access to many other things.

My advice is to change everything and act as your "wallet" was taken. Better to be safe then sorry.

[TimothyFarrar]

Also, on the topic of emails, they can easily be made un-trackable. Unless the hacker was a complete idiot (hopefully this is the case), trying to trace someone via email or an IP address is a complete waste of time.

[red-beard]

Having a password of 20+ digits helps, no words

[dennis in se pa]

"sounds to me like you just got phished," - I agree. Best to go directly to paypal and change your info. What looks like a legitimate link can often lead you somewhere else.

[Joeaksa]

Just got this 2 minutes ago...

~~~~~~~~~~~~~~~

Dear Value Member,

We are writing to alert you that your balance is not paid, because your
debit card issuer declined eBay's attempt to charge your card with your
monthly invoice amount.

To speed up this process, you are required to verify your personal information.

e B a y C u s t o m e r S e r v i c e

As a courtesy, eBay will automatically make a second attempt to charge
your card. This attempt will take place in about 3 to 5 days.

Regards,
Faith Wise
Customer Department.
eBay Inc.

~~~~~~~~~~~~~~

If you click on the supposed link to "Ebay" it will take you here:

http://www.wmsu.edu.ph/test2/images/mindex.php?email_from=joeaksa@XXXXXXXXXX.net%20CWZ 2KCvTkkHXdGD8Bcii5Yz9mFRzgIWcH6PhDe19G7E8AksnIanIk fzyOvknHZYeYyuZKhTHWtaMQlxRaYIyLTCXGDh7nELgD8cvkTl h9PsIMcN1J9M&http://signin.ebay.com/eBayISAPI.dll?page=login&e_mail=joeaksa@XXXXXXXXX.net&ssPageName=?87jnFrS

That takes you here:

http://www.businessinfinitude.com/smartsourcenews/Pass%20drug%20test,%20pass%20drug%20test%20urine,% 20Pass%20hair%20saliva%20drug%20test,_files/g0%20go/module.dll.php?customerid=&co_partnerId=2&siteid=0&ru=&pp=pass&pageType=708XeMWZllWXS3AlBX+VShqAhQRfhgTDrf=https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=&pp=&pageType=708&MfcISAPICommand=ConfirmRegistration&708XeMWZllWXS3AlBXVShqAhQRfhgTDrfQRfhgTDrfA

I have replaced my email address in the link with XXX to keep things safe but you guys get the idea of how the "phisher" bounces around. He is linking off of a website in the PI, Mindanao, then a drug testing site.

They wanted me to log in and that way get my password... AND my credit card number. It would help if they would learn basic spelling and punctuation first...

[masraum]

Quote:

Originally posted by Moses
I'll bet itwas a "dictionary hack". I've changed to a complicated password.

I never click on links in e-mail unless they are from Pelican Parts or a known friend.

I've e-mailed Paypal and I will contact Yahoo.

The REALLY unusual thing is that someone apparently got your info and made changes to the email address, but didn't change the password. Normally the first thing that someone does when they get an account of some sort is to change the password so the original user can't log in.

[Moses]

I've never clicked on a link in an e-mail unless it's from Pelican BBS or a trusted friend. The guy never changed my password or attempted to charge anything on my Paypal account. I wonder if it was a computer glitch? Nah. Better checck my bank account again today.

[Joeaksa]

Quote:

Originally posted by Moses
I've never clicked on a link in an e-mail unless it's from Pelican BBS or a trusted friend. The guy never changed my password or attempted to charge anything on my Paypal account. I wonder if it was a computer glitch? Nah. Better checck my bank account again today.

You trust us? Brave soul....