What is doxing and how to protect yourself?

[show-Zi]

Or the verification for your PayPal wallet password reset which holds 20 grand...?

The world isn't so nice and kind, there are some real b****r*s out there who want to do harm, so you must protect yourself.

I am an online coward, so I refrain from sending out information from me as much as possible. Payment by PayPal or credit card has only been done twice in the past. I have been interested in security and fearing the flow of invisible information on online PCs.
The topic here is very useful. thank you for the advice

 

[Deleted member 65228]

Payment by PayPal or credit card has only been done twice in the past

See, now I know that you do (or at least once did) own a PayPal account! A PayPal account which while may be empty, could be linked to a bank account... Or a phone number, in which the SMS provider can be called and socially engineered into handing me control to your network, which could then escalate into defeating any 2FA for password resets.

All theoretical but people really do this on a regular basis for testing purposes and make good success (and pay from their experimental work), and criminals do this sort of thing all the time. Earlier today I read about T-Mobile being socially engineered last year and it led to some poor bloke's 10k-20k worth of BTC being stolen.

 

[show-Zi]

The web world is virtual but it is never a sandbox. The firewall to protect you is important.
Opcode, there seem to be plenty to learn from you.

 

[cruelsister]

You are safe at PayPal, a great deal more so as if you used your actual Credit Card at any vendor (ps- never ever link a bank account anywhere). PayPal gives fraud protection on top of the fraud protection given by a credit card so in essence you are doubly covered. And the only breach PayPal has suffered was from a company PP had acquired (TIO Networks) that had lax security when it was independent.

Quite frankly you are much ore at risk by presenting your credit card at a Restaurant than it is by making online purchases.

 

[509322]

You are safe at PayPal, a great deal more so as if you used your actual Credit Card at any vendor (ps- never ever link a bank account anywhere). PayPal gives fraud protection on top of the fraud protection given by a credit card so in essence you are doubly covered. And the only breach PayPal has suffered was from a company PP had acquired (TIO Networks) that had lax security when it was independent.

Quite frankly you are much ore at risk by presenting your credit card at a Restaurant than it is by making online purchases.

I'm not commenting here regarding security of PayPal or any other service. Just a general comment. And then a jab at PayPal's practice of info grabbing.

Sensitive data, like credit card infos, should never be stored on a web server. But these infos manage to get stored in web server cache and log files due to misconfiguration. Server misconfiguration is the highway in and the info jackpot.

PS - PayPal is an info grabber. Ever notice if that you use their service once as a Guest, without creating a permanent account, they retain all your infos and have all of it, including your credit card infos the next time you use their Guest service... did you notice that ?

 

[show-Zi]

You are safe at PayPal, a great deal more so as if you used your actual Credit Card at any vendor (ps- never ever link a bank account anywhere). PayPal gives fraud protection on top of the fraud protection given by a credit card so in essence you are doubly covered. And the only breach PayPal has suffered was from a company PP had acquired (TIO Networks) that had lax security when it was independent.

Quite frankly you are much ore at risk by presenting your credit card at a Restaurant than it is by making online purchases.

Hello cruelsister
I am a coward even in the real world, so I hardly use cards other than ATM. Regarding skimming, it was previously warned in Japan.

by the way. The reason I met the malware chip was a comment for you and Umbra's comodo.
I am very grateful!

 

[Deleted member 65228]

It's true that PayPal is secure in the sense of breaches to their own network, that's evident in my opinion.

In reality, if an attacker was phoning a service like PayPal as an attempt to hijack access to your account, they'll have already gathered basic sensitive information such as your full name, e-mail address, phone number, potentially your address as well and if they are lucky, some digits from your debit/credit card if you exposed it in an online photo or similar. They can also change the Caller ID to your own phone number effortlessly and then it'll show as being the number linked to your PayPal account which is phoning them.

That would be your mistake as well, for having such sensitive information out there and accessible to the bad guys. Keep privacy settings enabled at all times, even when you have them enabled you must be careful of what data is publicly accessible to even those you know.

 

[Overlord]

Good article, thanks for sharing.

 

[Deleted member 65228]

The firewall to protect you is important

A firewall won't help you if personal information is online. It can only prevent incoming/out-coming connections (assuming it's two-way) which means you could prevent a malicious process from sending out telemetry data back to home, but if your data is online then your system doesn't need to be infected in the first place.

An attacker can social engineer services customer support and reset the login credentials to various services with the bare minimal of data about you, some services will be harder than others. Your e-mail is important because it can be a gateway to hijacking many, many accounts... And your phone protection is just as important (which is a worry considering so many phone network providers are socially engineered still to this day) because SMS verification can be destroyed if an attacker can hijack your phone network for your account by mistake of the employees.

Criminals tend to hack people's accounts and then sell-on the account to another criminal. More often than not, the criminal responsible for actual hack wants to wipe their hands clean from touching the clean funds from the hacked account to prevent being tracked down and busted. Instead, they will sell the account credentials on a bad forum/on a dark web area where they think they are "safe". Eventually, they likely will still be caught if their work has caused a lot of damage because resources are used on catching large value targets doing a lot of harm.

If someone hacked your Steam account and a few other of your accounts and sold them on but knew what they are doing, they probably aren't going to be caught and you probably aren't going to see your content again at ease. However, if that same person did it to hundreds/thousands of other people and generated an income of thousands of pounds from it, you can bet that they'll be a target by high-resources "attacker" to them like higher-up law enforcement/government agency.

There are people out there who have a career in trying to hack a customer and gain as much intelligence as possible. Legally of course. It works by someone coming to them and asking to be hacked to see how secure they are, and if the worker manages to hack them successfully, they help them improve to prevent it from happening the same way again. It ranges from social engineering the customers services customer support employees, spear phishing/malicious e-mail attachment attacks, etc.

If you worked at PayPal and a woman phoned you and you could hear baby crying in the background and this alleged woman shushing the baby to sleep and acting "panicky" in the sense that she has a bill to send to her other daughter's nursery by the end of the day and she has been locked out of her account, yet she is allegedly calling with the number linked to the target's PayPal account due to the changed Caller ID which you do not know about and knows basic information such as full name, date of birth and address, would you reset the credentials for her to the account? Most probably would. Even though this woman could have staged all of it.

There needs to be more forms of verification. Such as clicking a link from an e-mail and having the IP address matched to the range location of IP addresses used to sign into the account in the past, or putting combination codes in a specific order without hesitation.

 

[show-Zi]

A firewall won't help you if personal information is online. It can only prevent incoming/out-coming connections (assuming it's two-way) which means you could prevent a malicious process from sending out telemetry data back to home, but if your data is online then your system doesn't need to be infected in the first place.

In the sense that "the wall that protects me is important".
I was rephrasing it and trying to express it.
I feel the difficulty of language communication by machine translation.

 

[Deleted member 65228]

Ah yeah don't worry I just added the comment in general, not that I thought you thought a firewall is the solution Don't worry my friend