at the risk of exposing my ignorance, i must tell this story...

...so that others can avoid getting into the same situation.

last week, i went online to pay some bills only to see that i had no money in my account. now this, for me, is something that i suppose could happen but since i had been paid the day before and had not made any recent drunken trips to car dealerships, i was a bit dismayed to say the least.

so i calmly went to my account history only to see several charges made to my bank account via my PayPal account. which, needless to say, were not from activity generated by your's truly. someone had gained access to my account and had pulled nearly $3000 out of it!

so i am not exactly sure how this happened but i know enough to offer the following advice: change your passwords often and do not use the same password for multiple accounts.

here is what happened... somehow, someone figured out/discovered my password to/gained access to my gmail account. they then went in there and changed my access info. there were a couple of emails in there from PayPal so i am guessing they either made the connection or simply went trolling but either way, my passwords for these accounts were the same (stupid, i know) and so they then got access to my PayPal account, ran up a bunch of charges through eBay and the rest is history.

the good news is that my bank resolved everything for me within several days (which was nice) and credited back all associated charges since fraud had occurred. i don't know if they can catch/prosecute the offender but i certainly hope that they are able to do so. i am happy to have gotten my funds back (so quickly!) but hope that no one else will fall victim to this type of theft.

so, again... take it from someone who was being lazy: change your passwords frequently and try to use unique passwords for every account.

--mcfly

don't use common, easily deciphered words for your password. Use a combination of letters (both upper and lower case) and numbers. Much harder to gain access that way.

I had someone try that with my Paypal account one time. They reversed the charges and all was well. Took some fighting and arguing, but it was finally fixed.

It's easy to think this won't happen to you..but it's not just a bullshit news story about "our troubling times." It happens to people a lot.. Off to review my password list and make some changes...

and each tme, it left me feeling a little uneasy.

Just yesterday, I got an email from them, telling me that my account "was flagged for random verification", and they needed a resubmission of my personal information. Fair enough; so I began to fill it out again. When I got to the point where I was asked to submit my PIN, I STOPPED. My first thought was that it was a scam, but all the URLs etc. looked authentic. I was going to contact PayPall directly but it slipped out of my mind. I'll take care of it today.

pnorman

That's one of the new scams: "phishing", sending a message that claims to be from a bank or PayPal or some other financial service, in order to get people to reveal personal information under the guise of "verifying" your information.

Here's PayPal's page on it:
https://www.paypal.com/cgi-bin/webscr?cmd=p/gen/email-security-outside
At PayPal, protecting your account's security is our top priority. Recently, PayPal members have reported suspicious-looking emails and fake websites. These emails are not from PayPal and responding to them may put your account at risk. Please protect your PayPal account by paying close attention to the emails you receive and the websites you visit. (more on page)


Check your other banks, etc., for their advice and statements.

FTC Consumer Alert:How Not to Get Hooked by a ‘Phishing’ Scam :
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

Date: Tue, 7 Dec 2004 19:42:11 +0000
From: service@paypal.com
Subject: Account flagged
To: xxxxxxx
PayPal
Dear PayPal user,

Your account has been flagged in our system as a part of our routine security measures. This is a must to ensure that only you have access and use of your paypal account and to ensure a safe PayPal experience. We require all flagged accounts to verify their information on file with us. To verify your information, please click here.

Thank you for using PayPal!

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
Copyright© 2004 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their
++++++++++++++++++++++++++++++++++++++++++++++++++++

I just tried that link ("click here") again, and SURPRISE!!! It's no longer valid!!

pnorman

See if you can find the address the "click" directs you to (right-click for properties, or just hold the cursor over the link, depending on your set-up)(but don't actually click on it). It won't be PayPal, that's for certain.

I almost fell for one like it, but it was from a bank I didn't have an account at. It raised my suspicions when the link back didn't direct it back to the bank. (The fact that I didn't have an account there raised suspicions too, naturally)

Don't even click on the links, the better to avoid cookies/spyware/etc.

the way you know the real ones is that they will always address you by your actual name, rather than "Dear PayPal Account Holder" or "Dear ."

The other thing is to never click a link on anything from one of these kinds of emails. If you're unsure, type in the URL you're sure of in your browser.

I submitted to PayPal as a suspicious e-mail. Also got one from eBay a couple of weeks ago. There's another thread on this scam.

And, beign a confirmed tinfoil hatter, I suspect this wide-spread attempted fraud might be an effort of our glorious government to convince us we need tighter controls on our "Internets."
:tinfoilhat:

my personal info also. I immediately sent an email to eBay asking them if they had contacted me and they said they would never ask for my password and to send them the email I had received. I think they then turn it in to whomever to try and catch these frauds. They were very interested in receiving the info.

Sorry, but using PayPal or credit cards is just asking to have your money and ID stolen. There are entirely too many ways that such information can be ripped off, thus if you don't have such info, you can't get ripped off. Do you really need that new piece of crap that you bought on Ebay tommorrow? It can't wait a week for your check to go through the mail? Gee, in the days before widespread credit card use and online money like PayPal, we all waited for our checks to clear, and got along just fine.

ID theft is an epedemic in this country, and once you get ahold of that virtual money, or that plastic card, you are simply asking for a world of hurt. And even if you beat the odds and don't get a hit, you are still feeding the beast, for the vast majority of credit cards and PayPal are both heavy 'Pug donors, and charge you money for the simple priveledge of buying materialistic crap instantly.

Cut your cards up, go back to cash and checks. You'll never be sorry.

Paypal accounts for 80 percent of my receipts from online sales, and about 95 percent of my partner's. It would be cutting off our nose to spite our face to stop using Paypal.

But around here, you make more money selling your stuff in a booth at a flea market, or on commission at a local antique dealer. Ebay has driven down lots of prices on collectibles and antiques.

If though you feel you must sell online, you should give an option to pay with check or MO. If you don't, you won't get my business, or a lot of people I know. Credit cards, debit cards, PayPal, etc. may be all the rage right now, but there is a growing movement to do away with such foolishness, and many people are refusing to do business with companies and individuals who won't accept cash, check or MO.

Your loss friend.

I buy and sell a moderate amount on eBay, and at one time, I had signed up with Paypal. But after hearing some horror stories, and having a slight problem myself, I felt it would be much wiser to avoid Paypal all together. Some sellers will only accept Paypal, so I just move on when I come across their auction. I can usually find the same sort of item I want from another seller who will accept a money order from me.

I've only had one buyer try to use Paypal after the auction's end, even though my listing clearly stated checks or money orders only. They were a little disgruntled, but they got over it.

My goal is to work toward paying for most things via cash or money order, to make it harder for those who might be interested, to know how I spend my money.

Never, ever, EVER allow any program, browser, whatever to save your password so you are not required to type it in each and every time! It may be inconvenient, but it's 100% safer to have to enter it yourself. Storing it leaves it in a file that hackers just Love to Find.

If your ISP provides you with more than one screenname/e-mail address, use them! Set one identity up just for your online financial/business transactions.

Have a separate credit card that only gets used for online purchases and keep the limit low. Resist all attempts by the issuer to raise the limit.

Watch all your accounts on a regular basis, and always reconcile statements when they come in.

And never, ever, ever, click on any link to a known company provided in an e-mail. Navigate to the site itself and look for the information yourself. These thieves are good at imitating the actual look & feel of the originating site; don't be taken in by appearances. If you mouse over the links they'd like you to use, you'll find the link properties bear no resemblence/relationship to the legitimate site properties.

If you get a suspicious mailing from PayPal, Citibank, whoever, forward it with all headers to the financial institution as well as your ISP at their Abuse/Fraud address.

I have no idea how they got my account info, because I haven't used PayPal in a long time. I never did reply to a phishing email, but I did have my hard drive data resurrected after a crash. I wonder if the people who resurrected it could have gotten the account info.

Anyway, I contacted Paypal and my credit card company. The card company immediately reinstated the charges, but Paypal gave them grief. The thief actually had the audacity to send a letter to my card company asking them to ask me how they got the information if it wasn't authorized. I send a letter back saying, "I can only assume it was stolen, but in the event that I am wrong on this, I would like the Fed ID of the biller, the IP address of the computer from which the order was taken, the actual service that was performed for the cash, and I would like for their lawyers to talk to mine directly." I never heard a thing again and I immediately closed my Paypal account.

The sad reality is that unless you plan to go back to a cash only transaction rule, and that includes no checks, then you are vulnerable to online theft.

they have known this is happening for years & have done nothing to add more security to their business. Hackers have known how to get into various paypal accounts for a long time. A couple of years ago I was working for a business that sold antiques online & got a strange message re: a sale we knew nothing about. We locked up all of the accounts & notified the person who was being ripped off. He got his bank to stop anything from being withdrawn from his account. The whole amount was almost $3000. In less than 8 hours we had everything returned to where it was when it all started but that is because we were paying attention, not because paypal had any clue of what was going on. There are payment alternatives out there that are safer to use for both parties. Paypal does not have to follow any banking rules & therefore they are plagued with problems. Well, that & the fact that they are owned by rethugs. Their customer service sucks & they can freeze your account at any moment & lockup your funds & you have no recourse.

NEVER respond to any email asking for account information or personal information. DELETE it fast. The bottom line is that ebay & its subsidiaries are really not safe places to do business. They know that there is a lot of fraud that takes place there & have done very little to address the problems. The legitimate business people trying to do business there are hurt by the frauds & so are the customers. You have to be on your toes & watching at all times.