Posted on 09/24/2006 10:03:14 AM PDT by Conservababe
After many years of having an account with PayPal, I am sorry to say that I no longer trust them.
In the last few days, someone hacked into my account and added a bank to my list. They then proceeded to deposit money into my account using this bank and then withdrew the whole amount after two days. All this was unknown to me as I have not had activity using PayPal in months. I only caught it because of notification sent by PayPal in e-mail. I suppose I should be grateful for that.
So, I called PayPal and began a long process. They verified that my account had been hacked by someone doing transactions on e-bay. They assured me that the person had no chance of finding out the number of my own account but they had just used my account for money laundering, so to speak. My own little amount in the account was not touched.
I am unsophisticated about finicial dealings but my first instinct was to cancel my account immediately. I was told that they would put a limited access but they could not cancel because they would have to engage in an investigation. I then changed my password and all the security questions. A few hours later, I signed on using my new password to find that I could easily take off the limited access by merely changing my security questions.
Well, that just made me downright mad. I called them again and demanded that my account be closed immediately. Do you know that I finally had to threaten them with calling my State Attorney General, Jay Nixon before they would cancel. Finally, they did.
I suppose now all I have to worry is that someone might have stolen my idenity!
immediately alert the Feds...
Thanks for sharing your experience.
If someone hacked into your accout to add a bank, put money in and take it out, I don't see how they couldn't have seen everything else in your account.
I think you did the right thing by canceling your account.
I never used PayPal, so I don't know how it works, whether you actually put in your bank account/credit card numbers to fund your account, but I would keep a close eye on your other accounts, and even consider changing those account numbers, most banks cooperate in closing one account and open up another one with a different number, for security reasons.
How did they guess your password? Was it secure enough?
!29#$df<.Jr7%$78()=3Fghf
^^ That is a secure password.
Who to Call to Report a Financial Crime
http://www.fdic.gov/consumers/consumer/news/cnspr03/call.html
If you think you're a victim of a financial crime or if you notice anything suspicious, immediately get to the phone and call:
The police. Get a copy of any police report or case number for later reference.
Your bank, credit card company or other financial institution that may need to know. Close accounts that have been fraudulently accessed or opened.
The fraud department at any one of the three major credit bureaus—Equifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289. The credit bureau you contact will share the information with the other two and a "fraud alert" will be placed in your credit file at all three companies so that lenders or other users of your credit records can avoid opening a fraudulent account in your name. You'll also receive a free credit report from all three companies so you can look for fraudulent entries. The three companies also pledge to work with you to delete any fraudulent information in your file.
Note: If you become aware of anyone using your identity, also notify the Federal Trade Commission (call toll-free 877-ID-THEFT or 877-438-4338, or go to www.consumer.gov/idtheft). The FTC shares complaints with other law enforcement agencies.
Anything from PayPal is now automatically spam.
Interesting. I have a solution for bullet-proofing credit card transactions over the Internet, but every VC I have talked to so far just looks at me and says "PayPal".
Guess I just have to keep looking.
Well, that's not the only problem with PayPal --
http://www.paypalsucks.com/
I won't do business with them. Too many other people have told of how their money was taken and frozen and not handled in a professional manner. They are not a bank, and so they don't even have to handle your money in any rational and "bank-like" manner. They are "frivolous" in their handling of people's money.
Deal with a bank, instead.
Regards,
Star Traveler
I know you are just joking but let me add some real-life Security Administrator experience. If you are a clerk and have a password like that, what do you do? You write it down on a little sticky note and slap it on the side of your monitor.
Those rediculous overly-comlex password rules make network admins and novice security administrators feel good about themselves but are counter productive.
Now back to the Steelers' game.
Question for you. Have you ever recieved what LOOKED like an authentic email from Paypal to the affect that your account was suspended until you provided them with an update of your information?
These emails looks 99.9% authentic from Paypal, but they are not. The only clue is 2 different digits within the URL address string the email links to. Th only other clue would be to know that Paypal NEVER asks for this information.
I've recieved many such emails, but I know better and I could easily see where many would not. Every one that I forwarded to the Paypal fraud department, Paypal would email me back confirming the fact that they were fraudulent.
If you ever recieved and responded to one of these emails, thats propbably how you've been compromised.
Just so you know, this can happen with virtually any online banking account. If there are safeguards, there are hacks around them.
Some of the things I've been advised to do are: always make sure you log out of your account on your banking sites when you're done--and then close the window you were using. Check in with the site(s) from time to time and look at the history. Never click on an url in an email purportedly from the site (PayPal is one of the main targets for "phishing"). If you want to make sure the note is legit, enter the url by hand. Nine times out of ten, any note from those places asking you to log on and give personal information are frauds.
It's not only the banking sites though. Last week I got a note supposedly from my isp asking me to click on the link and re-log in or else my email account would be cancelled. The site I would have gone to if I had clicked was NOT my isp's site, and my isp never sent the email.
The internet is not necessarily a friendly place--you need to take all the safeguards you can, just as though you were walking to a favorite restaurant by way of a rough section of town. There are plenty of would-be muggers and purse-snatchers who are looking for easy marks.
Check with DNC Headquarters...
^^ That is a secure password.
Not anymore it's not! How'd you get my FR password anyway?!?!?!
Thank you so much for all this information. I will follow through tomorrow.
I got one of those e-mails. It would accept any bogus (or real) information, and lacked the secure url designation (https://) as well. I figured it out just before I nearly sent my real information, and notified Pay Pal. Changed everything, too, just in case. Another thing was that the e-mail did not mention my name, as Pay Pal is supposed to do, and it asked for personal information that Pay Pal has never sought.
When paypal caught it, did you get your money back?
So they are still at it? I had a problem a few years ago back when they were still claiming to be insured and that verified users could be trusted. I had to fight them for almost a month and get the SEC involved but things worked out in the end in my case. I do think they have improved the way they do things but all online money services have a way to go before they have the level of security they should to protect users. At least they aren't stonewalling like they used to.
Pay Pal is quite a sleezy operation. I called to cancel my card last week and found out later that all they did was transfer the account to Washington Mutual, which I have never heard of. Now I have to go through the cancellation process all over again. Of coures, they expect that I won't bother going through that headache and will eventually use the card. They are wrong.
Scarey ... especially since my balance is not so small. Now that I think about it it would probably be good to have a second, tiny account for PayPal transactions.
Remember, you can also have your bank change your account number if you want to be safe. You have to get new checks but ...
Yup. My company has a 30 day password rule. So what do guys do? They write it down because they can't remember a 8 digit password that requires letters, numbers, and symbols every 30 days. Not to mention there's about 4-5 different ones for each of the different system on the intranet.
Exactly. Mouse over the reply URL and it's usually pretty obvious it's fishy (phishy).
Most of my pseudo PayPal "alerts" come to an address different from the one I use with them.
I've never had any problems with PayPal but then again I'm not a heavy user and the amounts invloved are usually well under $100.
I actually did not lose any money, as far as I know now. They just used my account to add another account, unknown to me, and did the transaction through that account. They left my little amount in my true account alone.
I was told that it is money laundering, so to speak.
I get spam everyday from "PayPal" telling me that they are going to "suspend" my account if I don't go to a certain website and provide them with my life history. LOL! I don't even have a PayPal account. I do not respond to ANYTHING via email. If someone needs to contact me, they can send me a letter in the U.S. mail. Computers are a bad way to do business these days. Although I do buy stuff from ebay, I always use Postal Money orders. I don't trust ebay. I once changed my email address because I was receiving too much spam. Ebay was one of the very few people I notified about my email address change. No later than two to three hours after I emailed them with my new email address, I started receiving "phishing" spam about my ebay and PayPal accounts.
I've never had problems with PayPal after many years of using them. I don't respond to emails from so-called Paypal addresses or ads...they are bogus. So far, no problems. I've been satisfied...so far!
But paypal caught it though right? Are they taking legal action against the perp?
I have never had a problem either and I use it often. That is not to say it is safe.
Thanks for the clarification. Thanks. My husband's account was accessed the other day and someone posted some auctions using his account and redirecting the money to that other poster. However, ebay caught it.
PayPal contacted you by email? I don't think so. I get dozens of such emails everyday --from hackers. If you respond to their emails and give them your password you can bet your account will be cleaned out.
Congratulations on your wealthy retirement! Wish they'd hack my account.
Off topic: what's the score?
That's my password!
Perhaps the perps thought they would just monitor your small account waiting for a large deposit and then clean it out.
Cheers
Of course, we've received Phishing e-mails from time to time that looked like it was from PayPal, asking us to log in because of suspicious activity. Might you have responded to one of these, not realizing it wasn't from PayPal? This would have given someone access to your account, unbeknownst to you. When I receive anything unsolicited from PayPal, with any sort of inquiry, I always check our account, first, then contact PayPal directly through their website, which I logged onto directly, then forward the suspicious e-mail to them.
Be aware that "paypalsucks.com" is promoting an alternative payment scheme via links that appear throughout their site. Every post on their forum contains that link. They are making money by promoting the notion that PayPal is the worst thing short of a Clinton landslide. I'm not saying that PayPal doesn't have problems, but you have to be wary of the ulterior motives the people operating a site like this.
IF you got the phone number from the e-mail, it's likely it wasn't really Pay Pal you were talking to, but the PHISHERS who used the ruse to obtain your account info.
IF you got the phone number from genuine Pay-Pal Documentation, or the genuine Pay Pal Website, then you may be safe... for the moment.
That would have been my second guess.
I'm pretty sure the Google's terms of service prohibit the selling of a gmail address.
I've also never had a problem but I don't use it all that often. I get tons of eBay and PayPal spam but I never answer any of it.
For every PayPal horror story there are probably a thousand users who think it's great.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.