What does it mean if you have fraudulent charges on your Paypal Account?
It probably means two things:
#1: You opened a “phishing” email.
#2: A keylogger is recording everything you type and capturing your secret login/password information, as well as other private materials, and sending it to all to a wrongdoer.
Phishing is a way to send a real-looking email to an unsuspecting victim to fraudulently obtain something of value. In the words of an actual phisher:
“PayPal’s security is not the best but it’s well secured. The probable reason for the fraudulent charges are phishing mails, that probably installed a Keylogger on his computer and got the Login details from that way. It’s the easiest way, if he doesn’t have a hi-tech antivirus software.”
A keylogger is a program that records each keystroke and sends the information to someone else through the Internet.
Successful phishing attacks depend on a valid-looking email, and a link contained in the email. Below is an example of one such email claiming to provide a death notification:
From: Hubbell Funeral Home <email@example.com>
Subject: Death notification
Hubbel Funeral Home
We would like to express our deepest sorrow for the untimely death of your beloved
friend and inform you about the life service celebration that will take place at
Hubbell Funeral Home on February 20, 2014 at 2:00 p.m.
Please follow this link [malware link removed] to get funeral invitation.
Please be there to honor the memory of your friend with her closest people.
Our best wishes and prayers,
Funeral home assistant
99 North Indian Rocks Road | Belleair Bluffs, Florida 33770
Phone 727-584-7671 | Fax 727-584-1073
(1) Be suspicious. First of all, a sender’s email address is easy to fake. There are ways to digitally forge information in such a way that an email appears to be from a trusted source – ie. firstname.lastname@example.org. So, just because you trust the sender, the message may not really be from a trusted source.
(1) If an email asks you for personal information, NEVER provide it. Banks and legitimate online businesses such as Ebay, Amazon, and Paypal do not send customers emails asking them for:
- First and last name
- Driver’s license number
- Date of Birth
- Social Security number
- Credit and debit card numbers
- PIN numbers
- Bank account numbers
(2) Do not click on links within emails, unless you are 100% sure it is from a real person whom you trust, i.e a friend emailing you an interesting article from the New York Times. Unfortuntely, you can unknowingly download keylogging software or other malicous programs just by one click on the wrong hyperlink.
(3) Do not open software or attachments sent you to from an untrusted email sender.
Computer & Financial Account Security
It is foolish not to have a high quality anti-virus program that is up to date. AVG Free 2014, which doesn’t cost anything, may be good enough to scan for keyloggers and keep your machine secure.
If you have had fraudulent charges on a credit card, debit card, or Paypal account, you should have your cards inactivated and reissued.
The easiest way to compromise an account is by guessing the password. Never use an idiotic password such as “Password.” Frequently change all of your passwords, and do not use the same password for everything. A secure password has these characteristics:
- Contains no words found in the dictionary
- Consists of a blend of uppercase and lowercase letters
- Has at least one number and one symbol
- Is at least ten characters in length
- Impossible to guess based on who you are
- Known only to one person: you
- Has not been used for your other accounts in the past
Varieties of Phishing Attacks
Phishing emails are infinitely creative. Scammers will stop at nothing to trick people into clicking on a link contained within an email. The notice below from February 2014, warns of a creative tactic used by criminals:
SCAM EMAILS ABOUT PHONY COURT CASES CARRY COMPUTER VIRUS
The federal judiciary has learned of an email scam, in which emails purporting to come from
federal and state courts are infecting recipients with computer viruses.
According to the Security Operations Center of the Administrative Office of the U.S. Courts, the
emails are instructing recipients to report to a hearing on a specified day and time. The emails
also instruct recipients to review an attached document for detailed case information. When the
attachments or links in the email are opened, a malicious program is launched that infects the
recipient’s computer. Several state courts have reported similar schemes, and also are warning
the public about potential viruses.
Unless you are actively involved in a case in federal court and have consented to receive court
notifications electronically, you generally will not be served with court documents electronically.
If you receive an email regarding a federal court case or matter of which you are unaware that is
purported to be from this district court, you should contact the CM/ECF help desk at 866-239-
6233 before opening any attachments or links. You may use the court locator
(http://www.uscourts.gov/court_locator.aspx) to find contact information for other federal courts.