Posted on 09/24/2006 10:03:14 AM PDT by Conservababe
After many years of having an account with PayPal, I am sorry to say that I no longer trust them.
In the last few days, someone hacked into my account and added a bank to my list. They then proceeded to deposit money into my account using this bank and then withdrew the whole amount after two days. All this was unknown to me as I have not had activity using PayPal in months. I only caught it because of notification sent by PayPal in e-mail. I suppose I should be grateful for that.
So, I called PayPal and began a long process. They verified that my account had been hacked by someone doing transactions on e-bay. They assured me that the person had no chance of finding out the number of my own account but they had just used my account for money laundering, so to speak. My own little amount in the account was not touched.
I am unsophisticated about finicial dealings but my first instinct was to cancel my account immediately. I was told that they would put a limited access but they could not cancel because they would have to engage in an investigation. I then changed my password and all the security questions. A few hours later, I signed on using my new password to find that I could easily take off the limited access by merely changing my security questions.
Well, that just made me downright mad. I called them again and demanded that my account be closed immediately. Do you know that I finally had to threaten them with calling my State Attorney General, Jay Nixon before they would cancel. Finally, they did.
I suppose now all I have to worry is that someone might have stolen my idenity!
immediately alert the Feds...
Thanks for sharing your experience.
If someone hacked into your accout to add a bank, put money in and take it out, I don't see how they couldn't have seen everything else in your account.
I think you did the right thing by canceling your account.
I never used PayPal, so I don't know how it works, whether you actually put in your bank account/credit card numbers to fund your account, but I would keep a close eye on your other accounts, and even consider changing those account numbers, most banks cooperate in closing one account and open up another one with a different number, for security reasons.
How did they guess your password? Was it secure enough?
!29#$df<.Jr7%$78()=3Fghf
^^ That is a secure password.
Who to Call to Report a Financial Crime
http://www.fdic.gov/consumers/consumer/news/cnspr03/call.html
If you think you're a victim of a financial crime or if you notice anything suspicious, immediately get to the phone and call:
The police. Get a copy of any police report or case number for later reference.
Your bank, credit card company or other financial institution that may need to know. Close accounts that have been fraudulently accessed or opened.
The fraud department at any one of the three major credit bureausEquifax at 800-525-6285, Experian at 888-397-3742 and TransUnion at 800-680-7289. The credit bureau you contact will share the information with the other two and a "fraud alert" will be placed in your credit file at all three companies so that lenders or other users of your credit records can avoid opening a fraudulent account in your name. You'll also receive a free credit report from all three companies so you can look for fraudulent entries. The three companies also pledge to work with you to delete any fraudulent information in your file.
Note: If you become aware of anyone using your identity, also notify the Federal Trade Commission (call toll-free 877-ID-THEFT or 877-438-4338, or go to www.consumer.gov/idtheft). The FTC shares complaints with other law enforcement agencies.
Anything from PayPal is now automatically spam.
Interesting. I have a solution for bullet-proofing credit card transactions over the Internet, but every VC I have talked to so far just looks at me and says "PayPal".
Guess I just have to keep looking.
Well, that's not the only problem with PayPal --
http://www.paypalsucks.com/
I won't do business with them. Too many other people have told of how their money was taken and frozen and not handled in a professional manner. They are not a bank, and so they don't even have to handle your money in any rational and "bank-like" manner. They are "frivolous" in their handling of people's money.
Deal with a bank, instead.
Regards,
Star Traveler
I know you are just joking but let me add some real-life Security Administrator experience. If you are a clerk and have a password like that, what do you do? You write it down on a little sticky note and slap it on the side of your monitor.
Those rediculous overly-comlex password rules make network admins and novice security administrators feel good about themselves but are counter productive.
Now back to the Steelers' game.
Question for you. Have you ever recieved what LOOKED like an authentic email from Paypal to the affect that your account was suspended until you provided them with an update of your information?
These emails looks 99.9% authentic from Paypal, but they are not. The only clue is 2 different digits within the URL address string the email links to. Th only other clue would be to know that Paypal NEVER asks for this information.
I've recieved many such emails, but I know better and I could easily see where many would not. Every one that I forwarded to the Paypal fraud department, Paypal would email me back confirming the fact that they were fraudulent.
If you ever recieved and responded to one of these emails, thats propbably how you've been compromised.
Just so you know, this can happen with virtually any online banking account. If there are safeguards, there are hacks around them.
Some of the things I've been advised to do are: always make sure you log out of your account on your banking sites when you're done--and then close the window you were using. Check in with the site(s) from time to time and look at the history. Never click on an url in an email purportedly from the site (PayPal is one of the main targets for "phishing"). If you want to make sure the note is legit, enter the url by hand. Nine times out of ten, any note from those places asking you to log on and give personal information are frauds.
It's not only the banking sites though. Last week I got a note supposedly from my isp asking me to click on the link and re-log in or else my email account would be cancelled. The site I would have gone to if I had clicked was NOT my isp's site, and my isp never sent the email.
The internet is not necessarily a friendly place--you need to take all the safeguards you can, just as though you were walking to a favorite restaurant by way of a rough section of town. There are plenty of would-be muggers and purse-snatchers who are looking for easy marks.
Check with DNC Headquarters...
^^ That is a secure password.
Not anymore it's not! How'd you get my FR password anyway?!?!?!
Thank you so much for all this information. I will follow through tomorrow.
I got one of those e-mails. It would accept any bogus (or real) information, and lacked the secure url designation (https://) as well. I figured it out just before I nearly sent my real information, and notified Pay Pal. Changed everything, too, just in case. Another thing was that the e-mail did not mention my name, as Pay Pal is supposed to do, and it asked for personal information that Pay Pal has never sought.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.