BEWARE - Paxum Account Raided
 

My accounts just been raided for $7k

If you see any emails with "Password Recovery Request" followed by "Disable Transaction Approval Codes" emails - you're in trouble!

Even though I contacted them to tell them it wasn't me

Payments are made to [email protected]

And Paxum will say "nothing to do with us"! when they eventually decide to contact me

Fuck Paxum - Fuck online banking - Fuck hackers

For all the hoops they make you jump through it's pretty funny how shit like this still happens

Looks like they hacked your email first. Then they were able to change pwd and then disable the approval code.
sucks!

they trsf your money to a advcash account,

the advcash phone number is at the bottom of that page:
https://advcash.com/en/

Maybe they can freeze the account that received your money...

I am looking at the security tab of my paxum account and I realize how at risk my money is.

What is the point of using a security code sheet if a hacker can simply turn this option off??? this is totally crazy. the account should at least get locked for 24 hours pending some verification!

holy shit this bad for you and adv , they can take down pax option.

99% not possible to restore the money .


probably russian hacker.

You should keep all your money on the card account, not the wallet. I thought we all learned this already from epass...

That really sucks man, so you clicked on some link in your email?

:2 cents: ...

i learned to keep all my money in bank. and use services like paxum as a middleman.

Be sure to also contact your local police. Have all information (explanation of events plus screenshots, emails, call/chat log to Paxum, account information and contact details for all parties) printed and ready to hand over.

You want a police report (case number) opened
If you are in the USA also contact the FBI.

Good luck.

Yes this is a good idea!

I don't keep any funds in the checking account i move it all over to the MasterCard, however usually if it's hackers and you can prove it then they should be able to help you out.

:2 cents:

Sounds like both your e-mail and paxum account was hacked. And in that case not much can be done.

Yeah but in that case if you lose your card or if you buy something online on site with bad security and your number is compromised, you will still lose your money.

the way I use Paxum: sponsor > my paxum wallet > paxum mc card > atm

I pay all shit (hosting, domains, ads etc.) via Paypal only so no reason to keep money there.

Well yes, I take money out of paxum card ASAP. I'd rather have cash stuffed under my bed then at some sketchy Belizian bank - but if it's on the card account it's safer. When epass went under - The people who had money on their cards were able to pull it off, but the people who had it on wallets were fucked.

I also use Paxum to receive payments and then withdraw it via ATMs... no reason to keep money there as I pay everything via Paypal.

no reason to keep money on paxum...

Yeah I keep all my money on the card, not on the account, this way its safe...

Sucks to hear, but I can't believe people still keep funds in online wallets. It's just too risky. If you care about your money you would never leave it in an online wallet, same with bitcoin etc. It just doesn't make any sense to take the risk.

Weasels in the woodpile..fuckin sucks

YAY!!!!! Paxum recovered my funds - in full

Don't ask me how or why - I must be blessed :) I thought it was gone for ever.

Thanks Ruth for your time, patience and help

Nice to hear buddy.

:thumbsup

some good news for paxum right there

Damn good news.

Ray
Hardlinks.org

I'm so happy for you this is great news!

What can we do to protect ourselves?

Shit happy for you dude

Sorry to hear. They can check and track it for sure... :helpme

you lucky mofo for sure :1orglaugh

Anyone keeping more then 10$ on their cards is a fucking idiot.

Always take your money asap. What? You don't remember epass.

After a complete investigation we found that the transactions were made via a compromised account. In such cases, whenever funds recovery is possible, we refund payments back to the original sender.

In this specific case we were lucky to be able to recover all sent funds and return to the account-holder, however when the funds are no longer available in the system after such an occurrence, then we cannot recover those funds to refund them. Each case is different based on individual circumstances of the situation.

Please note that Paxum cannot be held responsible for any account-holder's email security. That responsibility lays wholly with the account-holder themselves. Paxum has zero access to account-holder's email accounts.

Inside Paxum we do provide multiple security tools to enhance your account security.

1) Multiple email addresses - add a second email address and provide THAT secondary email to your payers while keeping your main log-in email private. This can help protect your account from hacking, since without knowing the actual username log-in there is no email address for hackers to target.

2) Transaction Approval Codes - these provide extra security should your Paxum account become compromised. Please note, transaction approval codes can be disabled if the person attempting to disable them has access to your email account to receive the disable code.

3) Access by IP - If you use a STATIC IP then we urge you to implement Access by IP and restrict access to your account to IPs specified by you inside your Paxum account. If you use a DYNAMIC IP then DO NOT USE Access by IP as you will eventually become locked out of your account when your IP changes.

At all times we provide a list of Login IPs that you can view within your Paxum account. Simply look in the top right section of the main page after you log-in to review.

As always, we do not encourage clients to maintain a large balance in their Paxum account. There is no minimum balance required to keep your account open and active, and we do not charge you any penalty fees for emptying your account.

The purpose of the Paxum account is to provide you with an easy and fast way to receive and access your earnings from multiple sources in one user-friendly interface. Account-holders can access account funds through use of the Paxum Payroll card, or by sending instant transfers to other Paxum account-holders (to buy traffic, pay for hosting, etc), or by withdrawing funds to your bank account by WIRE, EFT/ACH, or to your external credit card.

Thanks! :)

can i get more photos of ruth? hehehehe good to hear you guys are swift on stuff like this

Stupid they have all these rules to verify accounts, but won't use that to help. I guess it's to protect them, not account holders.

wow lucky :thumbsup

Time to update passwords.
Good thing you recovered your money.

Make sure your email account is secure and when your provider says they've been hacked, do change your details, and move to another provider with better security.

Nothing Paxum can do if you are giving people the access.

Wow! Good job on getting those funds back so quick! Go Ruth!!

Ruth is the best! :thumbsup

that is fantastic news, really relieved for you

and yes Ruth rocks =)

So Paxum is to blame because you can't keep your computer secure?

They even offer you a digipass codes table for transactions. But noo, that's for noobs and you're too smart for that.
Dumbass.

from which country you were hacked?
I had my paxum account hacked, together with email and also one old forgotten account hacked, see this thread:
https://gfy.com/fucking-around-and-pr...wing-affs.html

That is the problem, it can be turned off, makes it totally useless. Requesting a new code sheet or disabling this should lock your account from any withdrawal until your re-uploading your ID ( would be easier to send a code via SMS but Paxum doesn't support SMS ... )

Transfers should require Transaction Approval Codes sent by sms to your mobile phone.

easy.

As long as they don't let changing phone number as easily as turning off the codes.

Dude I get on Paxum a lot for not having a ton of options for loading via credit card or bank like paypal or fast withdrawal in large amounts. But come on, change the email password to a VERY secure one you use for paxum, always have on the digicode table for withdrawals and lock it down completely with IP restriction? I have three dedicated IP's I use, one is thru my server that I have an OpenVPN IP setup, dedicated IP. My home one in case something happens to my other one. And a third dedicated IP from my VPN provider. Three Ip's only I can use plus a complex password into paxum, a complex password into the email that is used for paxum. There is no way you should be hacked....come on.

Are you using a gmail email as your paxum email? Then get DUO or AUTHY and enable two factor that doesn't use your phone number sms. It's much more secure. Google supports is for gmail and all their services. Your email should be impossible to breach this way. Then setup the IP restrictions on Paxum. Done. If you use server email on your domains you host then also go into host access control in WHM and restrict imap/smtp or webmail to your specificed IP's also. That way even if someone got ahold of your domain email pass, they can't get it either. You should also have this enabled on your ssh/sftp into your server if you have one. I was getting 2000 brute force attempts cphulk alerted me to into ssh/sftp and imap, some to WHM login until I enabled IP restictions in HAC or your IPtables firewall. Now I see ZERO per day.

I don't think that much people have a fixed IP....

I never understood that, I have had comcast, Time warner and now ATT and they all provided a static IP, if you are doing serious work a 7.99 dedicated IP is not too much to get, it doesn't have to be a VPN either, just an IP proxy will work.