I have a strange case with my PayPal account and I wanted the community assistance on what can be done and how to spot the security hole.
I have a private PayPal which has been constantly attacked lately.
When I say attacked I mean some one tried and gained access to it.
Now, what I can't understand is how.
The Facts
I have 2 Factor Authentication (Access Key) in my PayPal account using my Phone.
Namely if I want to log on I need to enter both my Password and the code I get on my phone.I have very hard password, unique to the PayPal account.
- I have my security questions answered using very long string (Not the answer to the question, just another password hard like string).
- The password and the strings are memorized and not written anywhere.
- From the talks with PayPal security team I understand the person accessed to my account using the password (Whether he used the SMS or not, is not known or at least I'm not being tolled).
- I'm on Windows 10 no suspicious behavior seen what's so ever.
- No suspicious activity seen on my Email's or any other site I log onto.
The first thing I though about is someone is key logging my computer.
Or any kind of MaleWare.
Actions Done
- I tried any Maleware and Anti Virus out there. Including Security Disks and Rootkits Killers (Though feel free to give me more options to try). I tried Kaspersky, Avira, MalewareBytes, ClamWin, Microsoft Defender and BitDefender.
- I changed passwords and security questions.
Still, yesterday he managed to get, again, access of my PayPal account.
I must say that PayPal has been, generally, great and everything is restored.
Yet I want to stop it as it happens once a week for the few last weeks.
What are the other options to find what security hole I have?
I don't have trouble to format my computer, I just need to understand what can guarantee it won't get back (This is why I think I must figured out how it is done before that)?
Any special tricks to really understand what is going on?
Thank You.