Posted on 12/28/2015 8:06:00 PM PST by aimhigh
My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations, including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.
(Excerpt) Read more at krebsonsecurity.com ...
I have a debit card tied to PayPal, and only that. They pester for a bank account, and I decline each time.
This fellow’s plight is exactly why. I worked for the Feds for a while a long time ago, and my data was probably hacked with the OPM data breach of some months ago.
Anyone with that data now has enough to “socially engineer” entry into my PayPal account.
Debit cards only. With limited balances when not in use.
I’ve decided to close my PayPal. I get too much spam meant to look just like PayPal. I’m tired of messing with it.
Krebs has been a target for quite a while, so this is not surprising. But his point is still valid which is that anyone can call any company you do business with and pretend to be you just by knowing a few trivialities about you.
I work for an online retailer. My one and only job is to make sure our orders are authentic and not fraudulent.
If we allow a fraudulent order to be sent, the company is the one who is out the $$$ (product and shipping...a fraudulent order will often choose expedited shipping.) It’s a hassle if you’re hacked, and it will take time to cancel and determine which orders were fraud , but you will not be liable for any charge on your account that you did not make.
Just contact your credit card company if you see something you didn’t order on your credit card bill. They will shut down the card, issue you a new card, and the credit card company will delete the fraudulent orders and collect the money that was charged on your account from the merchant (it’s called a chargeback.)
So it’s to our company’s advantage to have employees dedicated to stopping fraud on the front end of the transaction.
Question: What highschool did you attend?
Answer: Password 1
To any of these questions, your first thought should be security. Even if it is no more complicated than a simple 4 digit number, why would you ever give anyone vital statistics that could be used against you, either by giving open access to your account or as yet another channel to market to you?
Worse, this is a writer who makes a living writing about security, and his first thought is to blame the company?
What was your 1st grade teacher’s name? 776767. First pet? Password2. You’re welcome.
My favorite is “What is your mother’s maiden name”? I use her maiden name in its original form not the Americanized version. I’m not sure even the federal govt. knows what that was.
they do now.
How?
Public hangings might help.
Good tip, thanks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.