I recently got asked to take a look at a friends Mac as he had just had someone manage to get two lots of £1,800 out of his Paypal account and was obviously extremely concerned. Paypal have refunded it but they were adamant that the request had come from his IP. So although I don't know a great deal about this, I took a look through his logs and found this " screensharingd: Authentication: FAILED :: User Name: N/A : many, many times - With a very few SUCCESS messages, the first of which coincided with his first Paypal removal.
I have since purchased Murus Pro (I had no idea that the Mac firewall defaulted to off!!) and have since learnt the basics, and have set up his firewall as mostly excluded and all is fine, so that is sorted, but what I am trying to understand to ensure that I have caught everything is how it worked in the first place and what is at risk?
How did they do what they did and what did they have access to? We have seen no other activity on any of his other accounts, but surely if they could get to his paypal account they could have done a great deal more?
Thanks for any advice / explanation
1 post • Page 1 of 1