My best guess is that malware read your PayPal password from Firefox. I know you did two anti-virus scans but that doesn’t prove your PC is clean.
I suggest running Microsoft’s Malicious Software Removal Tool next. Start->Run->“mrt” It is very slow but pretty thorough.
I think you should also consider using LastPass. It is more secure than Firefox’s password manager.
Could a virus have slipped pass your anti virus programs?
It’s not an utter impossibility that the scanners missed it, of course. I was hoping that by using two different scanners, it’d be a fairly foolproof measurement of my computer’s cleanliness.
I’ll try the Microsoft tool when I get home and see if it picks anything up. Better safe than sorry, of course. I am a VERY safe browser (due to software and habits), and I frequently check every single running process and my installed programs. If a new process had popped up (like a keylogger), I would have seen and googled it. But it’s not impossible something could have slipped by me.
Thank you for the recommendation of LastPass. I’ve never heard of it. I was really fond of Opera’s magic wand back when I used it eons ago. It’s just that Firefox is easier (and has adblocker etc) so I haven’t tried Opera in years.
Unfortunately, there is no foolproof method for determining if your PC is infected. Rootkits probably will not be visible in Task Manager.
LastPass is great. It will read all of your Firefox passwords automatically and then suggest you delete them from Firefox password manager because it is unsafe. It can do everything Firefox password manager does and more. It also supports multifactor authentication if you want to be super-secure.
I have an authenticator dongle for my WoW account and I personally regard it as among the best $6 I ever spent. Does multifactor authentication have any effect if someone tries to log on from not-my-computer, though? My hardware is definitely not a weak point. I’m more concerned about potential MITM attacks and unless I can force the sites I regularly visit (here, wowhead.com, Savage Love) to accept a second method of authentication, I don’t see how that would be helpful.
For rootkits, I suggest testing with LiveCD scanner. I know Avira Antivir has one. For the non-technical, this means the computer will boot of the CD, and not the possibly infected hard drive.
Multifactor authentication is an option for your LastPass password. So if your LastPass password is somehow captured, you still can’t be compromised.
Once you are logged into LastPass, it takes care of all of the other passwords for you. It cannot force sites to use multifactor authentication.
What is the version of your Firefox?
And you may want to consider adding a master password for your FF saved passwords if you haven’t already.
IMO it is safer as a general habit to type ‘paypal’ (or whatever) into your google search bar rather than the url bar. Google will correct any mistakes that would otherwise take you to a phishing operation.
Now, here are my own anecdotes:
I am not stupid either, but years ago I did once fall for one of the email phishing scams. Absolutely perfect looking email from paypal sent at just the right time so that I was expecting an email from them anyways. I glanced at the url the link pointed to, and it had “paypal.com” in it and just didn’t look closely enough because I was in a hurry. About 5 minutes later I realized what I had done and canceled my credit card. Are you sure you couldn’t have done something like this and just don’t remember??
Here is another thing that happened to me. I bought something from an online retailer. Not a suspicious retailer, but definitely a smaller operation. About 6 months later my credit card is blocked and there are all these bizarre “colon blow” charges etc. I had no idea how my credit card information could have been stolen. Then, a few months later, I get a letter from the online retailer saying they had a data breach and that everybody’s credit card information was stolen. So that’s that.
and
And we’re here talking to you. Without clarification (that we were trying to obtain by asking you questions you clearly found annoying), how the hell are we supposed to discern whether you are one or the other of these two types of people?
A person can say ‘I don’t click phishing emails’ without really understanding what they mean, or all the different ways in which phishing emails may present themselves. There was no way, except by asking, to determine your level of savvy.
It doesn’t help you if the malicious code is injected into a valid Windows process, it will appear just as it always has and curing the files can be a real pain in the backside. Plenty of people who claim to be internet savvy will fall for a phishing scam, assuming that paypal.billing.com (or similar) is associated with Paypal so please don’t take offense at people checking the obvious before moving on to the more extreme options, occam’s razor and all that.
Given that you haven’t used this password on any website except for paypal it is possible that a keylogger is to blame. Run through as many free AV scans as you can find, in particular make sure to try Malwarebytes, SuperAntiSpyware, Microsoft Security Essentials and TDSS Killer. You can never really be 100% sure you are clean of viruses or malware but it will bring you closer.
I don’t think you’re fucking stupid, and I can understand your frustration and/or anger. Another attack mechanism is to host some dipshit website that gives some sort of benefit for people who “register,” collect the usernames and passwords, and try to use those usernames and passwords on other sites, since many people use the same password on multiple sites. Is that a possibility?
I was hit by a Jave exploit that snuck in by way of imitating a Java update not too long ago (few weeks?). At least that is what I think happened. I’ve gotten a few of those auto-updates for Java and the second-to-last one must’ve been fake. More than a week after the update, MS SecEssentials pops up with a big red alert and says I am under attack from a Java exploit (CVE-2009-3867.GU). Nothing happened other than me quarantine/deleting it with two or three clicks…from the Sun/Java/deployment~ directory. I also use Comodo firewall, IOBit360-Pro and weekly MalwareBytes updated every few days. None of those caught it while it sat there waiting - only the activation caused the alert. No idea what the intent/purpose of the code was, but its never any good.
Shit can disguise itself pretty good nowadays, ime. I am kinda embarrassed over it as I had to approve the update through Comodo firewall. Any updating now has me going to company website to verify release of said updates, etc… Just saying this as a learning point so maybe others don’t get worse results than I did. I am not highly fluent in ‘defense’ by any means nor highly ignorant - but I am not keeping up with trends if I am letting them in when they knock :smack:
Hi Rachelellogram
I got caught by this last week too - and I’m also not a particularly stupid internet user. I have no idea how this happened, but I suspect a Paypal problem, not least because they caught it straight away and didn’t dispute the issue at all. Mine was to a cable company in the US - similar amount.
PayPal was a target of hacker group Anonymous due to the WikiLeaks thing, your accounts could have been compromised due to that.
I’m quite sure. Like I said, I actually called Paypal. The transaction had been done and flagged as fraudulent while I was asleep. I hadn’t looked at or logged into my paypal for months prior to this incident occurring. I’m very careful at checking my email headers on anything that comes from a financial institution before I take it seriously.
Ionizer, I did see a weird java pop up thingy about a week ago but I told it not to install (so I don’t think it did… I think). I don’t really ever update java automatically because I use noscript and I avoid flash sites. But that’s a really good point/possibility.
Thanks for contributing, Martiju and RaftPeople. A guildmate of mine in WoW had this happen to her through paypal, but it was for itunes songs in the amt of like $300… she got it reversed but yowch 
And just for a thread FYI I got another email stating they had decided my case in my favor. Hooray! Now I’m just waiting on the funds to come back into Paypal so I can put them back in my bank.
Not to harp on a point, but the fact that you were asleep and had not logged into your account for months is irrelevant to the point I was making. Once a phisher gets your information, it can be months before they used it, and they can use it any time they want.
I honestly can’t think of the last time paypal sent me anything. Or that a phisher might have sent masquerading as paypal. I haven’t even thought about paypal in ages.
But yeah, I guess I can’t 100% discount the possibility. All I can be sure of is that I didn’t click on a fauxpal email recently. People upthread were insinuating that I clicked on a scam email and then the scam immediately took place, and I wanted to be clear that that definitely was not the case.
We were not insinuating (well, I wasn’t) anything - I was trying to get some clarification. I too wanted to be clear that it wasn’t the case, but it wasn’t absolutely clear (to me) until after I asked the questions, and you answered them.
I just got the same email you spoke about a week ago. I called paypal. It was a fraudulent email. The email said it was from paypall.com. sneaky people using two Ls to spell paypal.
It said the same exact thing as your email. That my account had been frozen and needed to be verified.