Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 09-03-2007, 10:31 PM   #21
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
I've set my laptop up for financial matters when I'm in a secure network or when I tie in directly here at home and have changed all the appropriate passwords on my financial accounts.

I hope I'm not closing the barn door after the horse escaped, but I suppose I'll know in the next few days.

Now I'm getting angry email from eBayers in the U.K. who have figured out that this guy is a thief. Makes me wonder if eBay sent out a blanket email covering everyone who received an email from the jerk wanting to overpay for their computers...his email reads like one of those Nigerian schemes.

Now that my profile has been corrected and shows the correct email address, I'm receiving all the responses that he hoped to get at his own email address.

What a day.
__________________

__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-04-2007, 12:36 AM   #22
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,616
Quote:
Originally Posted by SamHouston View Post
I've set my laptop up for financial matters when I'm in a secure network or when I tie in directly here at home and have changed all the appropriate passwords on my financial accounts.
I was wondering when someone was going to bring up keystroke loggers.

The DoD pay site (https://mypay.dfas.mil/mypay.aspx) uses a "virtual keyboard" for entering passwords. You have to click on the alphanumerics instead of entering them from your own keyboard, and the virtual keyboard is scrambled at each login to change the mouse locations. But I guess there are ways around that too...
__________________

__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Old 09-04-2007, 05:16 AM   #23
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Feb 2007
Posts: 5,072
Keyloggers are definitely a threat. If SH had a Trojan, it could have been a keylogger.

SH - If you do not mind sharing the info, what did AVG report as the virus found?

By far, the most prevalent approach today is Phishing. It is a form of social engineering attack that tricks people.

Sometimes it is just that people are careless with login ids and passwords and they are stolen in other ways. This is why it is important to periodically change your passwords... Just in case.

Some systems have weak login systems (that do not limit the number of failed login attempts) and can be exploited with a dictionary attack or brute force. That is why a strong password should be used.

As an additional counter measure, I have been toying with the idea of setting up to virtual desktops on my pc with encrypted hard drive partions for each. (The other option is to setup a dual boot computer) Each system would encrypt the hardrive partition and separate login ids and passwords. I would use one system for Financial and the other for general surfing. This would help by limiting the opportunity of attack on the financial side. One would also need to setup a separate email and internet account (but could use the same ISP).

====

Take a look at this new form of threat emerging where a virtual OS Hypervisor can be downloaded and take over your entire computer without you knowing it.

Black Hat 2007: Rootkit hunters caught in cat-and-mouse game

Undetectable hypervisor rootkit challenge rdist: setuid just for you
__________________
chinaco is offline   Reply With Quote
Old 09-04-2007, 07:47 AM   #24
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,840
Sam, I am so sorry to hear that this happened to you. Some malicious hacker charged a very expensive Dell laptop to me back in 2000, and in my opinion this sort of "financial rape" is despicable and very harmful to one's psyche as well as one's pocketbook. I got my money back but felt violated.

In my case it was not phishing or carelessness with passwords, and was most probably caused by a Trojan horse that accessed my computer almost immediately through my first cable internet connection. Afterwards I started using Norton Internet Security and I have had no further incidents. This is probably due to luck as much as Norton, and when I pay my annual fee it is an act of faith rather than logic (a religious/spiritual donation? Wonder if I could deduct it . Just kidding!).

Also I do not buy much online, and I have been afraid of getting Paypal. I am the only person you have ever "met" who has never bought or sold anything on Ebay and that is the one and only reason for that.

I still need to figure out how to change my laptop's Linksys wireless connection to my desktop computer from WEP to WPA, though. Either that, or I may just take my desktop computer out of the system completely and ditch the wireless. It seems like an accident waiting to happen.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Old 09-04-2007, 08:08 AM   #25
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,676
One thing I've installed when using IE7 is "dropmyrights" which can be installed for free (check out with your search engine). This just brings up Explorer in non-administrative mode. Since I'm the admin on our XP Windows machine this is a very convienient and safer way to access the web. If you click on a link that requires an install to run then it will not install. Of course, you can always run IE7 in admin mode to install something legitimate.

Still did not prevent me from getting a Trojan on the system a few weeks ago. I run AVG once/day and Spysweeper once/week.

Les
__________________
Lsbcal is offline   Reply With Quote
Old 09-04-2007, 08:11 AM   #26
Thinks s/he gets paid by the post
teejayevans's Avatar
 
Join Date: Sep 2006
Posts: 1,220
Quote:
Originally Posted by SamHouston View Post
Any thoughts?
Close out your checking account, open a new one, will obviously need
new checks, let the bank know what checks you've written so they
can tell which still haven't cleared. If you have automatic deposits or
withdrawals, you need to change (paychecks, VG, etc)

Whenever possible, always give credit card numbers instead of
checking account numbers, since CC are easier to cancel and
reissue. I cancel my CC I used with Paypal when I stopped EBAYing.

TJ
__________________
teejayevans is offline   Reply With Quote
Old 09-04-2007, 08:13 AM   #27
Thinks s/he gets paid by the post
tryan's Avatar
 
Join Date: Mar 2005
Posts: 2,449
Is the lesson here:

1. Close EBAY account
2. Close PayPal account (this one hurts!)
3. Close both.



Not sure I can go without Paypal ... been taking CC orders for the lake house rental. Can easily live wo EBay.
__________________
FIRE'd since 2005
tryan is online now   Reply With Quote
Old 09-04-2007, 08:15 AM   #28
Thinks s/he gets paid by the post
teejayevans's Avatar
 
Join Date: Sep 2006
Posts: 1,220
Quote:
Originally Posted by SamHouston View Post
I've set my laptop up for financial matters when I'm in a secure network or when I tie in directly here at home and have changed all the appropriate passwords on my financial accounts.

I hope I'm not closing the barn door after the horse escaped, but I suppose I'll know in the next few days.

Now I'm getting angry email from eBayers in the U.K. who have figured out that this guy is a thief. Makes me wonder if eBay sent out a blanket email covering everyone who received an email from the jerk wanting to overpay for their computers...his email reads like one of those Nigerian schemes.

Now that my profile has been corrected and shows the correct email address, I'm receiving all the responses that he hoped to get at his own email address.

What a day.
Ask EBAY to close your account and create a new one with the
appropriate rating...
TJ
__________________
teejayevans is offline   Reply With Quote
Old 09-04-2007, 09:49 AM   #29
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
Speaking of eBay . . . every time I start my computer first thing in the morning I see eBay. My internet home page is google, but I am automatically taken first to the eBay website. What's up with that? I see the eBay site first and then when I click on internet explorer my usual google homepage appears. eBay seems to be part of my computer's startup now.

I ran AVG even though I supposedly have all of this protection from McAfee and there was a trojan dropper.small (no extensions . . .just those 2 words). AVG also found all kinds of tracking cookies, one of which was eBay, and deleted them even though I had just run McAfee's full protection scan.

So . . what does this tell you about McAfee?

I downloaded AVG's FREE anti-spyware, anti-virus, anti-rootkit.
__________________
TexasGal is offline   Reply With Quote
Old 09-04-2007, 03:00 PM   #30
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Great I signed up for PayPal this very morning!

Like many of you, I avoided it for fear of (who knows what). Only made a few ebay purchases previously, and only with people/stores that accepted credit cards. Today, I wanted to bid on something that was PayPal only....

However, I did do a quick look at PayPal on wiki first, and reading the links here, it seems that the real danger is those phishing emails. I'm not worried about that.

I NEVER respond to anything directly; email, phone call, snail mail, guy knocking on the door. Contact the place directly through a phone number or web site or email that you previously KNOW to be valid.


It really torques me when supposedly 'helpful' web sites and journalists say things like, 'look for misspelled words, bad grammar, etc'. The heck with that! Just ASSUME it is fake - contact the place directly.

People should not think of the internet as anything different. If someone called you anonymously, and asked you for the key to your safety deposit box, would you just give it to them? Heck no!. If you wanted to give them the key, you would be contacting THEM. So, don't do it over an email or the internet either.

Keep it simple. Just say no.

-ERD50

PS - I don't know about macros running in a preview pane, but images that are linked back to a server will trigger that server to let them know that they reached a valid email address. They add a code to that request, so they know which email it came from. You can expect a lot of SPAM after that. Keep images off, keep preview panes closed. Enable images only after you are confident of the source, and if you really want to see them.
__________________
ERD50 is online now   Reply With Quote
Old 09-04-2007, 03:05 PM   #31
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Quote:
Originally Posted by TexasGal View Post
My internet home page is google, but I am automatically taken first to the eBay website. What's up with that?
Something has control of your computer. You better find out what it is.

If you say Google is your home page, and your computer says, no eBay is (and don't be surprised if it is a FAKE eBay look-alike web page), well who knows what else it is doing?

-ERD50

PS - this isn't quite as much fun to say, now that CFB isn't around, but since the last time I mentioned it, another few months have been tacked on to the years that Mac users have been free of this cr@p!

We may have our day yet, but it keeps coming and going w/o viruses for many, many sun rises.
__________________
ERD50 is online now   Reply With Quote
Old 09-04-2007, 04:04 PM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
clifp's Avatar
 
Join Date: Oct 2006
Posts: 7,450
I'll relate my story with PayPal and Phising. Three years ago, while in San Francisco, on my way to Turkey of all places, I noticed a ~$1400 PayPal charge on my checking/brokerage account. It seems that somebody had hacked into my PayPal account and bought a laptop or something.

I was quite worried that with access to my brokerage account via overdraft protection, the guy would do something crazy like buy a house or an airplane.

The folks at Ebay were very helpful and quickly reversed the charges. Although, they naturally required good proof that I was who I said I was. Unforunately, not being at home and days away from leaving the country this required lots of running around get things notorized etc.
__________________
clifp is offline   Reply With Quote
Old 09-04-2007, 04:53 PM   #33
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Quote:
Originally Posted by clifp View Post
It seems that somebody had hacked into my PayPal account and bought a laptop or something.
Question - do you think this was the result of a phishing scam? Maybe you don't remember, but did you go to a (fake) eBay account directly from a pfishing email?

If not, that means the hackers have found other ways in, an then I am worried.

-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 09-04-2007, 04:57 PM   #34
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
There is a new security key that you can purchase for $5 on PayPal. The key is a digital gadget that you can keep on your keychain. New 6-digit numbers are generated every 30 seconds. You type your user name, password and then enter the security key as shown on the security key and you can get in. That security key code is then gone completely and cannot be used a second time.

When I was checking out the situation for myself on PayPal I saw the offer for a security key.

I can hardly believe that PayPal is asking consumers to pay for their own bad security at $5 for the key, but alas, if I were someone who absolutely had to use PayPal I would do it.
__________________
TexasGal is offline   Reply With Quote
Old 09-04-2007, 05:33 PM   #35
Thinks s/he gets paid by the post
FIRE'd@51's Avatar
 
Join Date: Aug 2006
Posts: 2,315
Quote:
Originally Posted by TexasGal View Post
Speaking of eBay . . . every time I start my computer first thing in the morning I see eBay. My internet home page is google, but I am automatically taken first to the eBay website. What's up with that?
Have you tried setting your homepage back to Google? If it keeps getting reset to eBay, something has probably hijacked your browser. If not, you may have inadvertently set it to eBay by mistake, and you should be OK.
__________________
FIRE'd@51 is offline   Reply With Quote
Old 09-04-2007, 06:23 PM   #36
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
My homepage was set to google. That is the first thing I checked because I know that I can inadvertently change it. I ran all kinds of spyware removal and now the eBay opening page is gone. One trojan was found and removed. AVG found it when McAfee did not.
__________________
TexasGal is offline   Reply With Quote
Old 09-04-2007, 07:07 PM   #37
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Feb 2007
Posts: 5,072
Quote:
Originally Posted by TexasGal View Post
There is a new security key that you can purchase for $5 on PayPal. The key is a digital gadget that you can keep on your keychain. New 6-digit numbers are generated every 30 seconds. You type your user name, password and then enter the security key as shown on the security key and you can get in. That security key code is then gone completely and cannot be used a second time.
This enables a form of two-factor authentication. Some Banks are beginning to use them also.

Technical Specifications - RSA, The Security Division of EMC

The second factor could be a biometric.

Two-factor authentication - Wikipedia, the free encyclopedia

__________________
chinaco is offline   Reply With Quote
Old 09-04-2007, 07:12 PM   #38
Recycles dryer sheets
 
Join Date: Jun 2007
Posts: 377
I would format your computer asap, totally purge everything. It sounds like you could have a keylogger, and anti-virus stuff will not always find it.
__________________
Bigritchie is offline   Reply With Quote
cathing things on the way out - zone alarm
Old 09-04-2007, 08:38 PM   #39
Recycles dryer sheets
 
Join Date: Apr 2007
Posts: 292
cathing things on the way out - zone alarm

I notice most of you have some sort of anti-virus and maybe a firewall blocking things coming in.

I use a Linksys NAT router/firewall which is a hardware device between your cable modem and computer. This allows 4 computers to be hooked up and blocks incoming traffic.

They make a wireless version which the laptop crowd likes. I do not know a lot about wireless, but the key point is to make sure you turn on the encryption that limits access to only certain MAC addresses (from the network card in your PC). This makes sure that only you can use your network.

The thing that most seem to not be mentioning is the need for a program that catches things trying to transmit out from your computer. The keyloggers and trojans are useless if they cannot phone home.

Zone Alarm has some nice stuff in this area. The URL is ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more.. I have not used it for a while but the guy next to me at work bought their entire package and loves it. They used to have a small stripped doen version for free.

There is another place called Gibson Research. The URL is Home of Gibson Research Corporation. Steve Gibson has been in the business since the early '80's. He has a lot of nice articles on security stuff and a tool called Shields Up that tests your security by probing remotely. I was responsible for security at a division of a large ecommerce company but I still learned a lot from reading on this site.

I hope this helps some of you.
__________________
joesxm3 is offline   Reply With Quote
Old 09-04-2007, 08:50 PM   #40
Thinks s/he gets paid by the post
grumpy's Avatar
 
Join Date: Jul 2004
Posts: 1,321
Quote:
Originally Posted by teejayevans View Post
Ask EBAY to close your account and create a new one with the
appropriate rating...
TJ
I recently experienced similar problems on ebay. When I requested them to close my account I was told that if they did so, I could not reopen a new account with the same email address.

Grumpy
__________________

__________________
grumpy is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
identity theft Corporateburnout Other topics 21 10-27-2006 05:00 PM
Theft of VA data (SSNs for 26.5 million vets) Nords Other topics 25 06-26-2006 03:42 AM
Identity Theft - Maybe Eagle43 Other topics 6 06-11-2006 04:19 PM
Identity Theft Scam Eagle43 Other topics 1 02-13-2006 06:14 PM
Identity Theft haha Other topics 10 11-20-2003 11:38 AM

 

 
All times are GMT -6. The time now is 03:59 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.