Nanai internet shop hacked account

[landofsmiles]

I very much suspect a shop in Nanai road is involved in hacking accounts. If not someone working in the shop then one of their customers.

I know I've heard all the warnings about not logging on to bank accounts and such in these places but I've had poor connections in my apartment last few days and succumbed to logging on to my Paypal account yesterday morning in an internet/games shop.

2 hours later I get emails from Paypal saying my password and security questions/answers have been changed and also that I have authorised a payment to someone (an Italian sounding name) which was the exact amount in my account.

Luckily by the time I got to know about it the money had not yet been claimed by the thief and once I'd reported that to Paypal it was immediately restored to my account.

Coincidence probably, but I was in the shop for about 2 hours and there was only one other guy on the net and hearing him make a phone call he sounded Italian.

I don't suppose I need say exactly which shop as I suppose the warning should apply to all of them.

[JayBee]

Quote:

Originally Posted by landofsmiles;

I very much suspect a shop in Nanai road is involved in hacking accounts. If not someone working in the shop then one of their customers.

I know I've heard all the warnings about not logging on to bank accounts and such in these places but I've had poor connections in my apartment last few days and succumbed to logging on to my Paypal account yesterday morning in an internet/games shop.

2 hours later I get emails from Paypal saying my password and security questions/answers have been changed and also that I have authorised a payment to someone (an Italian sounding name) which was the exact amount in my account.

Luckily by the time I got to know about it the money had not yet been claimed by the thief and once I'd reported that to Paypal it was immediately restored to my account.

Coincidence probably, but I was in the shop for about 2 hours and there was only one other guy on the net and hearing him make a phone call he sounded Italian.

I don't suppose I need say exactly which shop as I suppose the warning should apply to all of them.

Good reminder to never log into bank account, brokerage account, or Paypal account in an internet cafe!!! Thanks, LOS!! You were lucky to catch the intruder in time to prevent a loss.

I think wifi is still safe, or at least I hope so!!

[LivinLOS]

Wifi is not safe unless your over an encrypted connection..

I recently saw a 199 mini laptop design.. Pretty basic but a good idea for those travelling for banking and email..

If you have a laptop take your own to the net cafes.. Most will allow you to connect your own laptop and thats a LOT better, the same as wifi networking.

[ATMwalking]

No hacking required. All they need to do is install a program that captures keystrokes.

Even easier, most cafes leave the form auto complete option on. So they are being saved automatically.

[Coolhand]

keep a text file with your user names and passwords on a memory stick. Plug memory stick into computer and open text file. Copy and paste user names and passwords if you have to.
Of course to make it harder the textfile should be full of different user names and passwords.
Dont forget to close the text file and taake your memory stick with you when you leave.

[SiamGecko]

There's a few easy things to do to give yourself some more protection.

Use MobileFirefox as your browser running on a usb stick. No history will be left on the cafe's PC and no passwords will be cached. It's also a great way of keeping your own custom browser with you when you are travelling, so your fav's, cookies etc.. are all available.

Also when typing passwords, do it in a random order. So if your password was phuket123, type it as uket123 then go back and add the 2 letters at the beginning. To a keylogger it would look like uket123ph

[SiamGecko]

Quote:

Originally Posted by Coolhand

keep a text file with your user names and passwords on a memory stick. Plug memory stick into computer and open text file. Copy and paste user names and passwords if you have to.
Of course to make it harder the textfile should be full of different user names and passwords.
Dont forget to close the text file and taake your memory stick with you when you leave.

I wouldn't do that personally. It's not difficult for someone to hook up to your machine and read your usb key when you are using it.

Much better to go with the mobile firefox and you can even password protect accessing your passwords within the settings, so even if someone did copy your firefox profile off the usb key, then they would not be able to see any passwords.

[Robaht]

Those are 2 pretty good ideas. I like the idea of typing in your password in a weird order, don't know why I never thought of that. But how did you know my password was phuket123?

Cheers, Robaht

Quote:

Originally Posted by SiamGecko

There's a few easy things to do to give yourself some more protection.

Use MobileFirefox as your browser running on a usb stick. No history will be left on the cafe's PC and no passwords will be cached. It's also a great way of keeping your own custom browser with you when you are travelling, so your fav's, cookies etc.. are all available.

Also when typing passwords, do it in a random order. So if your password was phuket123, type it as uket123 then go back and add the 2 letters at the beginning. To a keylogger it would look like uket123ph

[JayBee]

Quote:

Originally Posted by Robaht;

But how did you know my password was phuket123?

Uh Oh!! Seems a lot of us have the same password! I'm changing mine to uket123ph.

[MrDK]

Quote:

Originally Posted by JayBee

Uh Oh!! Seems a lot of us have the same password! I'm changing mine to uket123ph.

I know a lot of people who have the same password as I: *******
I have given up keeping it a secret.

[ub2yoo]

Quote:

Originally Posted by Coolhand

keep a text file with your user names and passwords on a memory stick. Plug memory stick into computer and open text file. Copy and paste user names and passwords if you have to.
Of course to make it harder the textfile should be full of different user names and passwords.
Dont forget to close the text file and taake your memory stick with you when you leave.

Doesn't solve the problem. There are Trojans i.e. Beast, which have the capability to capture what you copy into memory.

[crazyswede]

Have had simular e-mail´s but i never used PayPal in all my life .. they must have picked the wrong guy i gue´s!

Quote:

Originally Posted by landofsmiles

2 hours later I get emails from Paypal saying my password and security questions/answers have been changed and also that I have authorised a payment to someone!

[Crazy_Matt]

Good thread this one!

All should be careful when using internet cafe's for banking and such.

Quote:

Also when typing passwords, do it in a random order. So if your password was phuket123, type it as uket123 then go back and add the 2 letters at the beginning. To a keylogger it would look like uket123ph

Top Idea!

Any Geeky types on the boards know the answer to this one, what about clearing Cookies - Cache and brower windows at end of session ?

When your finished you could even Download a Registry Cleaner and clean the whole bastard out when your finished ... ?? Get a free one that will take all entries out from download.com or something like that.

[LivinLOS]

Quote:

Originally Posted by SiamGecko

There's a few easy things to do to give yourself some more protection.

Use MobileFirefox as your browser running on a usb stick. No history will be left on the cafe's PC and no passwords will be cached. It's also a great way of keeping your own custom browser with you when you are travelling, so your fav's, cookies etc.. are all available.

Also when typing passwords, do it in a random order. So if your password was phuket123, type it as uket123 then go back and add the 2 letters at the beginning. To a keylogger it would look like uket123ph

Sorry but any good keylogger will record uket123 [back][back][back][back][back][back]ph If you use the mouse thats a better implementation but many good keylogging and monitoring systems will also record all inputs and video.. Even more than a decade ago this was being done with backorifice and butt trumpet etc..

Your only semi safe solutions are your own machine or using a boot from a USB or live CD operating system.. Linux now boots from USB prety easily (and is getting leaps and bounds better as a desktop OS.. KDE4 may really be a watershed point) but even then hardware keyloggers can exist.

Simple rule is never access anything important on a public machine.

My predicition is this Eee PC (a 199 USD asus mini laptop) will sell like hot cakes... I think a huge % of laptop owners only use thier mobile machine for net connections and net applications and this machine fits that need so well.

[landofsmiles]

Pretty p#ssed off now. Have found that other sites I accessed while in that shop that required passwords...my passwords don't work now.

[LivinLOS]

Name and shame the shop IMO..

Its obvious its one where they are tracking users.

[landofsmiles]

Isn't it more likely that the shop owner/staff know nothing about it and that it's a farang going in and plugging in some gadget?

From my Paypal account I have the name (Italian sounding) that my money was heading for. I wonder if the guy would be stupid enough to use his real name?

[LivinLOS]

Doubt it.. Possible of course but most publically released keyloggers (not self written or VERY new literally 0 day stuff) will be caught by AV software.. So the AV soft needs to be set up to make exceptions on the keylogger running. Thats more a thing set up by the admin.

[SiamGecko]

Quote:

Originally Posted by LivinLOS

Sorry but any good keylogger will record uket123 [back][back][back][back][back][back]ph If you use the mouse thats a better implementation but many good keylogging and monitoring systems will also record all inputs and video.. Even more than a decade ago this was being done with backorifice and butt trumpet etc..

Your only semi safe solutions are your own machine or using a boot from a USB or live CD operating system.. Linux now boots from USB prety easily (and is getting leaps and bounds better as a desktop OS.. KDE4 may really be a watershed point) but even then hardware keyloggers can exist.

Simple rule is never access anything important on a public machine.

Not suggesting using the keyboard to go [back]... but it's certainly better than just entering straight passwords....especially if they are dictionary based, which should be a no-no for everyone's passwords anyway.

There's no way to be 100% on a public machine, and as has been said - don't use internet cafe's for anything remotely important

[Nicke]

Why not report this to police?

[landofsmiles]

Because more than likely they will want to know what accounts and sites have been compromised and I don't really want them looking into that.

All my email accounts have been hacked too and the passwords changed :-(

[Entrep]

How do you know it is the shop and not someone who installed software on the PC there?

[LivinLOS]

See post 18