paypal security

gavinhodges00 · #1 (**permalink**) 03-03-2009, 02:13 PM

I use paypal for online money transfer , i want to ask the question that if spyware is in my system is it safe to use paypal.

VopThis · #2 (**permalink**) 03-03-2009, 03:52 PM

Quote:

if spyware is in my system is it safe to use paypal

That mostly depends on the specific nature of any spyware present. Those of us who might not be able to consistently practice ‘safe computing’ and acceptable due diligence behavior (links, email) can put our PCs at serious risk for such things as password stealing Trojans and Keyloggers – just to mention some of the most common potential compromises against our financial well being and our good name (possible identity theft).

If you allow others to use your PC then all your personal best practices may guarantee you nothing. If you do get compromised by a Trojan wouldn’t you rather have an opportunity to neutralize it and/or keep it from ‘phoning home’ if at all possible (FIREWALL, and other real-time/always checking intervention and prevention tools).

Enter any of the following keywords (KW) in the link below to see what is potentially at risk:

KW: (1) steal, (2) banking, (3) keylogger, (4) remote access

X = Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.

Startup Programs Database PAGE RESULTS: (1) = 36, (2) = 8, (3) = 5, (4) = 2

gavinhodges00 · #3 (**permalink**) 04-03-2009, 12:36 PM

Quote:

Originally Posted by VopThis

That mostly depends on the specific nature of any spyware present. Those of us who might not be able to consistently practice ‘safe computing’ and acceptable due diligence behavior (links, email) can put our PCs at serious risk for such things as password stealing Trojans and Keyloggers – just to mention some of the most common potential compromises against our financial well being and our good name (possible identity theft).

If you allow others to use your PC then all your personal best practices may guarantee you nothing. If you do get compromised by a Trojan wouldn’t you rather have an opportunity to neutralize it and/or keep it from ‘phoning home’ if at all possible (FIREWALL, and other real-time/always checking intervention and prevention tools).

Enter any of the following keywords (KW) in the link below to see what is potentially at risk:

KW: (1) steal, (2) banking, (3) keylogger, (4) remote access

X = Items that have this flag are generally malware such as viruses, trojans, hijackers, spyware but could also be programs that are not desirable to run on your computer.

Startup Programs Database PAGE RESULTS: (1) = 36, (2) = 8, (3) = 5, (4) = 2

Are these filenames are potential spywares which i got when i entered the keywords.

VopThis · #4 (**permalink**) 04-03-2009, 02:26 PM

If you do any financial transactions on the Internet, you need to raise the bar by insisting on a higher degree of safety measures and user discipline.

These filenames are potential MATCHING spywares which you can get if your PC EVER gets infected. Fortunately, most compromises are not normally that serious. The keywords are like a Google search on some of the worse of the worse that is potentially out there on the Internet. If you get infected by one of those specific trojans you could be quite some time trying to sort out the FINANCIAL and/or PERSONAL fallout. That could be the price of sloppy security practices and potential user mistakes (opening a bad email or link) that many people now currently fail to address properly:

Cleaning up can be quite complicated after-the-fact.
If passwords are compromised, you would need to change all of them (offline and once cleaned) on a PC that may no longer be trustworthy (if potentially a backdoor means of access still remains).
Hackers might have been or continue to be in a position to transact financial transactions as if they were you.
It only takes 2 or 3 pieces of info to steal someone's identity - and you could be months or years sorting that out, often inconclusively.

gavinhodges00 · #5 (**permalink**) 05-03-2009, 01:54 PM

Quote:

Originally Posted by VopThis

If you do any financial transactions on the Internet, you need to raise the bar by insisting on a higher degree of safety measures and user discipline.

These filenames are potential MATCHING spywares which you can get if your PC EVER gets infected. Fortunately, most compromises are not normally that serious. The keywords are like a Google search on some of the worse of the worse that is potentially out there on the Internet. If you get infected by one of those specific trojans you could be quite some time trying to sort out the FINANCIAL and/or PERSONAL fallout. That could be the price of sloppy security practices and potential user mistakes (opening a bad email or link) that many people now currently fail to address properly:

Cleaning up can be quite complicated after-the-fact.
If passwords are compromised, you would need to change all of them (offline and once cleaned) on a PC that may no longer be trustworthy (if potentially a backdoor means of access still remains).
Hackers might have been or continue to be in a position to transact financial transactions as if they were you.
It only takes 2 or 3 pieces of info to steal someone's identity - and you could be months or years sorting that out, often inconclusively.

Before doing the online transaction i will look for these files , is it ok to use free antispyware and antivirus.

VopThis · #6 (**permalink**) 05-03-2009, 03:59 PM

Quote:

Before doing the online transaction i will look for these files [IF ANY ARE FOUND] , is it ok to use free antispyware and antivirus.

Yes you can do that. Unfortunately, many such mostly after-the-fact scans can take up to 1 hour or more - a mostly very impractical undertaking. Besides, no one tool can be guaranteed to find everything, especially the latest infections. If anything is found, you need to evaluate and understand whether the nature of such a compromise could leave your PC POTENTIALLY STILL untrustworthy no matter what you do. It is not worth it to ever leave yourself financially exposed no matter how remote that prospect may be.

Given the above, most people should run a real-time (always checking) tool such as AVG8 (FREE), NOD32 (TRIAL), Vipre (TRIAL), etc. plus COMODO (FREE FIREWALL) or security suite which most of us do not generally recommend. In addition, I also recommend running one or more after-the-fact scans, weekly - FREE: SuperAntispyware and/or MalwareBytes Antimalware. That and 'safe computing' practices should keep most people out of any serious trouble.

I also run the following FREE (scan only) tool - daily automatic scan in less than 2 minutes Prevx CSI - FREE Malware Scanner - a source of potentially valuable early warning and researchable issues against POSSIBLE missed or newer infections.

Always better safe than sorry even though most of us will never likely run into worse case problem scenarios, regardless of any mistakes, oversights, and behavioral transgressions.

VopThis · #7 (**permalink**) 06-03-2009, 05:10 AM

Here is a very timely article on this very subject:

http://www.aweber.com/z/article/?tec...wMLBystAysAA==

Quote:

My PayPal Account's Been Hacked

The e-mail from PayPal said I'd sent $400 to a gaming firm in Germany. It's a dopey phishing expedition, I thought, and authentic-looking, for sure, but nothing to worry about.

The trouble was that when I logged on to PayPal, I really did have a $400 withdrawal. It was clear that someone had my password.