Public Service Announcement: Beware of Paypal Thieves
This morning, at 8:25AM, someone with the account: anitamirdad@live.com stole $204.25 from my Paypal account. I can only assume that this thief hacked into my account somehow to do this. I have reported this to the authorities and Paypal. At this point, I don’t have any recourse until Paypal attempts to contact the person and conduct an investigation.
The lessons I’ve learned from this whole experience (so far) are:
1) Never keep too much money in your Paypal account. I have learned (the hard way) to regularly transfer Paypal funds and place them into my bank account once I’ve reached more than $25 in my Paypal account.
2) Create a separate checking account that is DEPOSIT ONLY. Thankfully, our reps at Suntrust Bank recommended this for us when we told them our intentions to create an account for our Paypal earnings.
3) It can happen to you. Change your password. Now.
My password is somewhat difficult to crack, so I’m guessing that the thief in question found another vulnerability to exploit to get access to my account.
I am hoping beyond hope that I can get my funds back. And I hope that karma will catch up with the low-life who stole my funds.
-Krishna
Update: Paypal was able to recover my funds entirely. Thank you, Paypal!
These beautiful and intelligent people wrote
Tell me what you think!
Simon
September 28, 2010 at 6:57 pmHi Krishna,
Have you talked to PayPal’s fraud department? They might also offer you a PayPal security key http://www.paypal.com/securitykey best thing to have with anything that handles your financial information.
pdavis41
September 28, 2010 at 7:05 pmThis happened to me once. The way they cracked it was they actually got the password to my email account and then changed the password on my paypal account. Check your email trash for any deleted emails from paypal about transactions and/or password changes. Thats how I figured out how they gained access to my account.
Krishna
September 28, 2010 at 7:42 pmGood to know. In my case, I received an immediate email from Paypal following the unauthorized transaction. This e-mail went something like this:
We have reason to believe that your account was accessed by a third party. etc.
So, Paypal is aware of the problem. This leads me to believe there was another exploit attempted (other than compromising my email account). I’ve since changed my password for ALL my main accounts following this ordeal.
Jose Gonzalez
September 28, 2010 at 8:27 pmI had a phishing e-mail sent to us that looked perfect, just like an official message from Paypal. But there was a spelling error. Of course, the message itself sounded fishy to me to start with. This is part of it:
“Attention! Your PayPal account was limited!
As part of our security measures, we regularly check the work
of the screen PayPal. We ”’hace”’ requested information from
you for the following reason:
Our system has detected unusual charges to a credit card
link to your PayPal account.”
The rest included a bogus reference number, etc. But to all appearances, they could have fooled anyone. I checked closer, and noticed that the normally hidden link provided was pointing to a numbered http address. This gave it away, but I had to check externally to make sure everything was ok. And everything was. No charges made, history fine, etc. I reported it, and asked PayPal itself for verification that everything was ok anyway. They haven’t answered, but I’m sure it has to do with the recent rash of incidents.
I suggest you also do that security key thing pdavis41 mentioned.
You have great advice too. Keeping a low balance is probably the best idea in any case.
I hope you get refunded, and that karma completes its cycle.
(thinking about that deposit only acct… great idea too)
Tovias
September 28, 2010 at 9:18 pmI just want to second what Simon said. I’ve had the security key fob for a couple years now and it works great. It’s not a perfect solution but it adds another layer of protection.
Tovias
September 28, 2010 at 9:24 pmOh, and one more thing. The PayPal security fob’s weakness is if they can get access to your e-mail they can possibly bypass the fob’s protections. Gmail is rolling out a similar for logging into your mail. It won’t be available for free gmail accounts for a little while, but when it becomes available I’m thinking of using it for the account connected to PayPal.
Oldmachead
September 28, 2010 at 10:46 pmOn a related topic … My Skype account was recently hacked. They used up my balance ($5) to make multiple calls to Taiwan. My Skype calls were redirected to a number in Taiwan. In other words it wasn’t difficult to trace perpetrators.
However Skype refused to investigate the cause/source of the hack and merely said that I had to swallow my loss. I wasn’t too fussed about the monetary loss. I was fussed about how it happened. And Skype’s indifference.
And the fact that Skype only uses email to communicate – funnily enough for a phone service, they won’t talk to you!!!