Monday, September 03, 2007

Trojan Horses and Identity Theft

I woke up this morning to a nightmare. Someone in England hacked into my personal eBay data and changed it to reflect a completely fraudulent identity with an English mailing address. That person than proceeded to send out at least 25 emails to individuals in the U.K. who are trying to sell Sony laptop computers on the site. He offered them more than they are asking for the laptops and wanted them mailed to him as soon as possible.

He also managed to set two Trojan horses on my hard drive which compromised my PayPal information and apparently hopes to transfer payment for the laptops from my checking account via my PayPal account. I managed to contact PayPal and have had them temporarily stop all payments coming from their end but, since this is a bank holiday, my checking account is still hanging out there until start of business tomorrow.

I've now spent almost five hours running virus check software to locate and remove the viruses, talking on the phone to PayPal and dealing with eBay to get my account changed back to my own identity and history. The scary thing is that I still don't know if I've managed to plug all the leaks.

Needless to say, I'm mentally frazzled and this may be the only post I make today. I'm curious to know if others of you have had this kind of problem and how badly it turned out for you. If I could get my hands on the worm who did this, I would strangle him without even the smallest of guilty feelings...seriously.


Additional Comment added September 4:

This is a copy of the email that was sent out to those in the U.K. who are selling the Sony laptops that this thief is interested in acquiring.
Dear eBay Member,

I hereby wish to notify you of my immediate interest to buy of your item listed on the ebay.Actually,i know that a lot of buyer may have the same interest to purchase this item,however,i shall be very grateful if you can give the highest concern.This transaction will be International shipping and the payment shall be via paypal. I 'm offering you £850 GBP.if you agree with the conditions send your paypal email address so that i will credit the funds into paypal account on time.For further negotiation as per the deal mail to this box........ eunice_john101@yahoo.com.and Help me to end the auction.Looking forward to read from you.Mind you i wish to have more deal with you after this.


It appears that the laptops were to be sent outside the U.K., and from the way that the email is phrased, I don't believe that English is the first language of the people responsible for this fraud.

22 comments:

  1. That's horrible!! I don't do much at all with eBay, but I do use Paypal a little. How in the world did this happen. Was it on their end that he hacked into your account? Good luck getting it all straightened out. I would also want to strangle the person who did this!! We've had problems at work with our credit card (that I use for the orders I need to place online), with people getting the number. It really disgusts me to see what they try and do. Luckily the bank and the university take care of the problem. I suppse theives will always find a way take advantage!

    ReplyDelete
  2. ..And what a way to spend your holiday! Ugh.

    ReplyDelete
  3. Holy cow. I'm so sorry to hear this, Sam. I had a minor case of identity theft earlier this year. Someone posing as a gas station attendant (while they employees were distracted, it seems) took my credit card information and it ended up being used to buy porn. The merchant was very good about it and I got my money back right away. The police were useless but it's good to put these things on record.

    After that I had the idea of getting a new credit card number on a regular basis. That way any online merchants I don't use regularly will end up with obsolete numbers in their systems so it won't matter if they get hacked. After your experience I'm thinking that setting up a spare bank account with no money it for Paypal use is would be a good idea too.

    Ya, these are scumbags. I feel sorry for them. They can have no self-respect. It's no way to live.

    ReplyDelete
  4. Yikes. I hope your efforts today are all that are required to bring the jerk's attempts to a halt.

    Someone used my credit card info a year or so back in a much more low-key scam. . . perhaps he thought we wouldn't notice? He set up a paid email account and one other thing ... can't remember exactly what.

    ReplyDelete
  5. awwww-I'm sorry.

    A random website got a hold of my mom's credit card information earlier this year, and tried to charge her $600. It really upset her, but the credit card company worked it out in the end.

    I hope everything works out.

    ReplyDelete
  6. Bummer! I'm so sorry to hear this. I don't have an ebay or paypal account. Why? Because I get spam emails all the time saying my account has been compromised. Since I don't have one I know it is spam.

    I also know the lastest scam is for the crook to give you more than the amount charged and then send someone to your house or something like that for the overage. One contacted me earlier this year from the UK trying to buy my books this way. We went back and forth until he decided which books he wanted. This didn't seem odd to me, because I get a lot of email orders for my books. Finally when he got to that part about paying me more than the total charge, I told him it was no deal. He also freaked that I had found out from his email address that he was from the UK. What a mess (shakes my head).

    I hope things work out well with all this. Credit card companies are being really good these days about going to bat for you against this kind of thing. Or that has been my experience. Blessings for a better Tuesday!

    ReplyDelete
  7. This is a dreadful aspect of the Web environment within which we all operate. Care is required. The credit card companies are doing their best to work with customers on this. Of course, it's not enough when you're the one affected. I am *so* sorry it happened to you.

    ReplyDelete
  8. How awful, Sam. My husband has a great fear of this kind of thing happening, and I have always felt that he was being overly cautious. I guess not.

    ReplyDelete
  9. Ouuuuch. Many sympathies. I'm so sorry to hear that this happened, and hope it gets straightened out soon!

    ReplyDelete
  10. Thanks for all the kind words, everyone. So far, I don't see any damage other than the time that I lost.

    I did spend much of the day also changing passwords and setting up a secure laptop to take care of my banking and other finance-related websites. I still don't trust that my desktop isn't still compromised despite the fact that AVG can't find anything else hidden there.

    Thanks again.

    ReplyDelete
  11. Ouch, that's nasty. We recently thought we were victims of identity theft as well and while it turned out to be a false alarm in the long run, I understand what it does to a person.

    ReplyDelete
  12. It's a terrible feeling, John, as you say. It makes you realize how helpless you really are today because there are so many ways that thieves can steal from you. So far, I don't seem to have actually lost anything but I think I was fortunate to catch this thing within a few hours of when it all started and that Monday was a national holiday here. That may have save me in the long run because of the banks all being closed.

    ReplyDelete
  13. How awful for you! I haven't ever had an experience like this, but I do have a friend who lost $5,000 because his bank account was somehow victimized by someone via paypal.

    ReplyDelete
  14. Sorry to hear about your friend's loss, Dewey. Was he not reimbursed by the bank?

    So far, for me, there has been no monetary loss and my rating at eBay has not been affected since I seem to have caught this before any negative ratings were sent my way.

    ReplyDelete
  15. This happened with my corporate pay pal account. Someone was buying computers with it, too. Luckily, U.S. Bank discovered it almost right away. Thieves disgust me!

    Love your blog!

    ReplyDelete
  16. I hear you, Char. I wish I could get my hands on the jerk who caused me to waste so much time on his attempt at stealing from me.

    Thanks, too, for the kind words about my blog. I appreciate that.

    ReplyDelete
  17. Well...at least you are the lucky one who didn't get your checking account emptied out like mine. Some jerks from CA somehow stole my debt card numbers and security pins and all info from paypal to purchased a laptop from ECOST.COM. I didn't notice until I received an email from Bank of America regarding a unusual transaction. It was over $800 and now my debt card is useless and my checking account had to be shut down. I was happy that BOA credited me back the money. I wish I could be there when they catch that JERK, so I can look him in the eyes and say "what the f is your problem!?"

    ReplyDelete
  18. Sorry to hear it worked out that badly for you, David. I was lucky that I happened to notice the problem within just a few hours and that it all happened on a holiday, slowing down the banking process a little.

    If they catch these guys, I think they belong in a regular prison population, not in some white collar crime prison. They need to be treated like the trash they are.

    ReplyDelete
  19. It makes you realize how helpless you really are today because there are so many ways that thieves can steal from you.

    ReplyDelete
  20. Amen, Cheap Computers, Amen. I've been much more careful since this happened to me but I still place the bulk of the blame on eBay and Pay Pal (and they are under the same umbrella these days).

    ReplyDelete
  21. Amen, Cheap Computers, Amen. I've been much more careful since this happened to me but I still place the bulk of the blame on eBay and Pay Pal (and they are under the same umbrella these days).

    ReplyDelete