barepax.blogg.se

I brought my laptop with me and so in the meantime, I opened the PayPal website and went straight to a hacker’s favorite section: the forgotten password page. While in a restaurant, Dave placed his phone down on the table and was chatting to a few of us around the table. In the name of cybersecurity awareness and improving fraud prevention, he agreed to allow me to try anything on his account as long as I bought lunch – he didn’t specify whose bank account to use, though! I asked Dave if he would agree to play a pivotal role in a little hack. I recently arranged to meet up with Dave and a few more friends who I had only seen a handful of times in the last 18 months. In fact, Dave is a guru when it comes to computer security and very few scams pass his eyes without him realizing what’s going on. Which is why I chose to target a friend (let’s call him Dave) who’s been in the security industry for well over 20 years.

In order to demonstrate this latest proof of concept, I didn’t choose to target just anyone – I wanted to fully test my hypothesis on someone who would be very likely to spot what was going on, especially when money was involved. However, I have found a way to take ownership of someone’s PayPal account and prove it in a legitimate and legal experiment even more importantly, you’ll also learn how to avoid this attack on your account. On the other hand, they are difficult to properly experiment with on someone under test conditions simply because the “victims” are aware of the proposed attack vector and this immediately throws the trial out of the window without proving its viability. Social engineering attacks are increasingly common and rising in popularity among criminal gangs. Turns out, with just the simple art of “shoulder surfing”, your PayPal account could indeed be compromised and you could lose thousands of dollars. This left me wondering whether I should up the ante and attempt to gain control of a financial account using similar tactics. To put things into perspective, over the last 18 months I have successfully shown how easy it is to hijack a WhatsApp or Snapchat account without the right security set on the accounts. However, if banks are so secure, I wondered if there may be a way of attacking one of the most popular third parties that often already have complete access to people’s funds – PayPal.

The security of typical banking apps impresses me immensely, and with my security hat on I have not yet thought of a way to bypass the usually robust in-built measures designed to protect the money of banks’ customers, which is entirely the way it should be. I have been fascinated with the thought of being able to break into a bank ever since my love for bank robbery films began in the 1990s, and I think I may have finally uncovered a way to do it – well, sort of.