My Paypal account got hacked (long read)
qmayer
Posts: 286 ✭
I left Tuesday to go out of town for some work and wouldn't get back until Thursday evening. I had checked my Paypal balance on Monday and I had $185 and change. I figured it was no big deal and I would deposit it into my bank when I got back.
I get back and start checking some stuff and get to my Paypal account to deposit my funds. I log in and it says I have a $0 balance. I thought "Maybe I already deposited it... I'll check the history." I take a look at the history and it says I sent $1900 to a guy for a laptop, with the other $1700+ funded from my bank account. I did a double take and thought maybe I had stumbled across a fake Paypal page. I go to my bank's webpage to check my balance. Significantly lower than what I remembered. The history said "Paypal Withdrawl - $1714.15". When I was finished with my expletives and had calmed down, I went to the Paypal "Report Unauthorized Use" page and filed a report. They sent me a confirmation email saying I needed to print, sign, and notarize the email giving them permission to check into my account, get some info, and prosecute the person responsible. I sent an email to the recipient and told him that this wasn't me and that he was going to hear from Paypal. He emailed me back saying he was scammed too. The person wanted this laptop shipped to Ukraine. I didn't understand how he knew he was scammed when he had received the payment from a verified Paypal user.
After filing the report, I thought of all the bad stories I heard about Paypal freezing accounts and whatnot, so I decide to go to my bank and let them know what's going on. I explain to the lady about how Paypal works and she files a report to the bank's parent company. The report will contact the authorities who will go to Paypal and get my money from them. When I got back home from the bank, I deleted my credit card and bank account information off of Paypal.
So still thinking of the $185 I had in my balance, I figured it wouldn't hurt to call Paypal and talk to a real person. After 10 minutes of searching for a number on their site, I go to Paypalsucks.com and get their first toll free number. I call (it was about 8:30am in CA) and amazingly I get a real person within 5 minutes. I talk to her and let her know that this $1900 payment wasn't me and that my account had been hacked. She freezes/restricts my account and asks me to change my password and security question (which I already had). She was very nice and helpful. She let me know that this situation isn't taken lightly there and they will do all in their power to get my money back. She explained that the $1900 was taken out of the receiver's account and put into suspension until the matter is resolved.
I signed and notarized the forms they asked me to do and sent them to their Omaha, NE office Priority with delivery confirmation. The form said it would take 10 days from their receipt of the forms to resolve the problem.
I have no idea how this person from the Ukraine got into my account. I consider myself very smart about where I type in my password and I never clicked a link from an email and typed my password onto the page that came up. I would always go to the Paypal/eBay site and do it from there. Ironically, my mother had told my brother to take off his bank account a week earlier. She didn't know that I had mine registered.
I'll keep this updated once I get some new information. Let me tell you my heart jumped into my throat when I saw I was out $1900! I guess it would be safest to change your Paypal password at least once a month. I didn't think it could happen to me, but boy was I wrong.
I get back and start checking some stuff and get to my Paypal account to deposit my funds. I log in and it says I have a $0 balance. I thought "Maybe I already deposited it... I'll check the history." I take a look at the history and it says I sent $1900 to a guy for a laptop, with the other $1700+ funded from my bank account. I did a double take and thought maybe I had stumbled across a fake Paypal page. I go to my bank's webpage to check my balance. Significantly lower than what I remembered. The history said "Paypal Withdrawl - $1714.15". When I was finished with my expletives and had calmed down, I went to the Paypal "Report Unauthorized Use" page and filed a report. They sent me a confirmation email saying I needed to print, sign, and notarize the email giving them permission to check into my account, get some info, and prosecute the person responsible. I sent an email to the recipient and told him that this wasn't me and that he was going to hear from Paypal. He emailed me back saying he was scammed too. The person wanted this laptop shipped to Ukraine. I didn't understand how he knew he was scammed when he had received the payment from a verified Paypal user.
After filing the report, I thought of all the bad stories I heard about Paypal freezing accounts and whatnot, so I decide to go to my bank and let them know what's going on. I explain to the lady about how Paypal works and she files a report to the bank's parent company. The report will contact the authorities who will go to Paypal and get my money from them. When I got back home from the bank, I deleted my credit card and bank account information off of Paypal.
So still thinking of the $185 I had in my balance, I figured it wouldn't hurt to call Paypal and talk to a real person. After 10 minutes of searching for a number on their site, I go to Paypalsucks.com and get their first toll free number. I call (it was about 8:30am in CA) and amazingly I get a real person within 5 minutes. I talk to her and let her know that this $1900 payment wasn't me and that my account had been hacked. She freezes/restricts my account and asks me to change my password and security question (which I already had). She was very nice and helpful. She let me know that this situation isn't taken lightly there and they will do all in their power to get my money back. She explained that the $1900 was taken out of the receiver's account and put into suspension until the matter is resolved.
I signed and notarized the forms they asked me to do and sent them to their Omaha, NE office Priority with delivery confirmation. The form said it would take 10 days from their receipt of the forms to resolve the problem.
I have no idea how this person from the Ukraine got into my account. I consider myself very smart about where I type in my password and I never clicked a link from an email and typed my password onto the page that came up. I would always go to the Paypal/eBay site and do it from there. Ironically, my mother had told my brother to take off his bank account a week earlier. She didn't know that I had mine registered.
I'll keep this updated once I get some new information. Let me tell you my heart jumped into my throat when I saw I was out $1900! I guess it would be safest to change your Paypal password at least once a month. I didn't think it could happen to me, but boy was I wrong.
0
Comments
1. (You mentioned this) Entering your Paypal information into a false version of the web site. You have ruled this out though.
2. Using an easy to guess password. Generally, a Paypal password should be made up of random characters and numbers thus making it very difficult to impossible for others to find out. As you mentioned, changing your password about once a month will also make this harder to guess.
3. Using a Paypal password anywhere else. I cannot stress this enough, your Paypal password and any other password you use that is important should NEVER be replicated anywhere else. I know of sites that act solely to try to steal Paypal funds by requesting your E-Mail address and password hoping you use the same E-Mail and password as your Paypal accounts. These sites could even be legitimate sites such as message board sites.
NEVER EVER DO THIS.
All good ideas so far, just want to add :
Might be a good idea to set up a separate bank account that you use only for your paypal transactions.
Keep only a minimal balance in it, and make sure that it is not tied in any way to any of your 'real' accounts.
Also, have your computer checked to make sure that someone hasn't install spyware in it over the internet.
"How about a little fire Scarecrow ?"
I like the alternate bank account for Paypal stuff. I will look into it once I get my money back.
I'm also sure that I don't have any spyware installed. I have McAfee firewall installed, and unless that has holes in it, then I don't think I have a problem. And anyway, I don't store any important passwords on my computer (its all in my head)
I'm fairly confident this will be resolved. The Paypal employee really put me at ease. The woman at my bank also was really understanding and gave me that confidence boost I needed. I'll keep everyone updated.
NAXCOM
Vintage Baseball Cards
Sales and Ebay Consignment Service
email
Lloyd_Taylor_Vintage_Cards -- on Ebay
The horror story from hell...
I had my ebay username hacked a couple months ago. I found 6k worth of electronic equiptment for sale on my site. I ended the auctions and emailed the fraud dept. I changed my password and email. I was lucky, ebay credited my account the $40.00+ listing fees.
This bunch was from the UK.
As for paypal, I think wolfbear is correct. Keep a seperate account for paypal. If anyone has credit cards on their sites, the best way to protect yourself from theift is to contact the fraud department of the credit card co. Tell them you use paypal, tell them that you never send amounts over (mine is 500.00) pick an amount you are comfortable with. Tell them to notify you if that amount is ever exceded. Today I paid over 3k for a 61 Mantle 9. I used a credit card. My paypal site wouldn't allow the transaction. I sat and waited about 5 minuets. The fraud protection dept. of the credit card co. calles me to ask if I'm making a large paypal payment. I tell them yes and give them the email of the recipiant. I try paypal again and it goes through.
The Ukraine, since the breakup of the Soviet Union, these guys have gone everywhere. They make the old US crime families look like boy scouts.
John/mx'er
______________
1961 topps 100%
______________
1961 topps 100%
what's the best program to get rid of spyware? I need a program that doesn't have its own spyware!
Wayne
Save on ebay with Big Crumbs
Wayne - I know very little about this,
but I hired a trusted young wiz and he installed Ad-aware 6.0 and the latest Norton AntiVirus program.
Also, he set up my computer to automatically download the latest upgrades and updates from them as well as from Microsoft.
He also got rid of 100 + viruses and a few spyware programs that I'd picked up. Yuck !
He didn't seem to think a firewall would have done much good. I think that's for people on a computer network ?????
We must have someone here who actually knows a lot about this stuff that could be of further help.
"How about a little fire Scarecrow ?"
Firewalls are good any where if you know how to use them. The McAfee one I have I set it initially to "block all incoming and outgoing connections." Whenever something would try to send something out, it would pop up a window letting me know. I click "Allow every time" for these programs I frequently use.
Justin
NAXCOM
Good luck,
Satan
My experience of Paypal has been excellent and trouble-free. Can I make the case in their favor for a moment? For someone like myself operating from a different country and in a diffferent currency to the rest of you, their service has proved invaluable, not to mention a far faster and more economical alternative to more conventional means of payment.
The only time I have been scammed, it was using my credit card number not my Paypal account. I now use Paypal for an increasing number of on-line transactions and feel much more comfortable with it than broadcasting my credit card details far and wide.
Topps Baseball 1967
Mike Payne's 300 Great Cards
MVPs in their MVP years
and T206???
Justin- i noticed you were from Austin, where do you bank at? i bank at First State, and they are always helpful whenever a problem arises.
Be sure to look for the 'https' designation BEFORE any attempt is made to use paypal. The 's' means a secured site. Although I'm not an expert on these matters, my guess is that a fake paypal page, etc. WILL NOT have the 's' designation.
I always look for this on secured sites. If the 's' is missing during online financial transfers of any kind, I will stop and rethink what I'm about to do.
BOTR
I'm at Comerica on Exposition. They were extremely helpful.
I've received my bank withdrawl portion back. Paypal received the report from my bank asking for the money back since it was not authorized by me. Paypal deducted it from my Paypal balance (which was $0) and are awaiting their fraud team to verify that this transaction was unauthorized. Once they verify it, they will credit my account the full $1900, which will cover the $1700+ from the bank and the rest of my Paypal balance.
Justin
NAXCOM
Just one qualification to that. PayPal don't give confirmed address status to ANY buyer outside the U.S.A.!
Their reason is that their Seller Protection Policy (applicable to all confirmed address shipments) does not extend outside the U.S.A. The net result for honest foreigners like myself is that we are frequently having to explain that we are NOT in fact shiftless deadbeats without a front-door to call our own.
OK, that's one thing I don't like about PayPal
(Actually it's not a very big problem. Most experienced Paypal sellers know the score and provided your eBay feedback is respectable, they're more than happy to take a chance).
Topps Baseball 1967
Mike Payne's 300 Great Cards
MVPs in their MVP years
and T206???