!!Warning to paypal users!!

[marn913]

I just wanted to let everyone on the board know about my horrible experience today (and hopefully save any of you from going through the same thing). I was updating my checking account ledger today when I was shocked to find a transaction in the amount of $1809.00 electronically debited from Paypal! I called paypal and they said that this happens sometimes because hackers gain access to your password by sending a phony e-mail asking you to "verify" your paypal account. As soon as you enter your e-mail address and password it will tell you the website is not accessible (but by typing your information, you have just given these crooks access to your secure account.)
So, to make a long story short - I did receive one (and maybe more) of these phony e-mails. I don't recall responding, but I may have tried to log on. Anyway, this gave some terrible person access to my account and they sent themselves my entire checking account balance! Luckily I had made a deposit that had not cleared yet, so my ourstanding checks will not bounce.
I have to send paypal a notarized copy of my complaint, fill out an unauthorized electronic withdrawl form with the bank (and I also filed a claim with the FBI's internet fraud division). I am really hoping that they track this person down and I'm not sure of the law (but if I'm lucky) this may be grand theft.
So to all of you- please make sure to be extra extra careful if you use these online payment services! And, if you receive an e-mail from someone you think is paypal or billpoint - go directly to their url to log on - don't click the link in the e-mail!!

 

[TreeOfLife]

Thanks for the warning. Can't see the day when those hackers get what they deserve...

 

[lilsonicfan]

This is why you should pay VERY close attention to the emails you get. Paypal would NEVER ask you to "verify" your account in such an odd manner!

 

[nicknamy1996]

NO company should ever send you and email asking for your password OR credit card information. If it asks you to log in and links you to a site check it out, make sure its really the site. Check the address at the top. Or better yet, close the window and then type the web address of the real site yourself. Also you could forward any suspisious email to the real website and see what kind of feedback they give you.

Also if anybody does not know, (I've heard this multiple time but am not positive its true) Do not ever email your CC#'s or passwords because most email can be intercepted rather easily. Unlike encrypted websites where you usually enter that information.

 

[asamgp]

That is scary. I just bid all over ebay. I go on ebay splurges you see.....

I will be very aware thanks you all!

 

[marn913]

Just to give everyone a bit more information. This e-mail looked extremely legitimate (their e-mail address looked as though it was a paypal site.) The customer service person I spoke to at paypal said that this is a common scam and the website you are directed to looks exactly like the paypal login screen (except is does not have the little security lock icon!) Also, verification of your account is something that paypal does do, so I did not think anything of the e-mails as I had to do this process originally after opening my paypal account. They do not ask for any credit card information and it appears to be the actual paypal website! However, once you try to log on, these people will have your password and screen name for your real paypal account (where you have your credit card and bank info stored if you are a verified member). Fortunately the site does not list full account and credit card numbers (just the last few digits). After this is all settled, I am going to close the account completely and use money orders for payment on any auction items.

 

[shovelhd]

This is called identity theft and it is becoming more and more common on electronic sales and auction sites. It is very easy to do this. I won't tell you how, but a 9 year old can do it.

My brother was a victim if ID theft on ebay. He got an email from support@ebay.com asking for him to verify his seller name and password. Ebay would never do this, nor would any other legitimate site. Passwords on unsecure sites such as ebay pass login and password information in clear text across the Internet. It is another trivial exercise to grab these ID's and passwords. That's the hard way to get them. Simply replying to this bogus email is a piece of cake.

Anyway the thief stole his ebay account (he is a power seller) and listed a dozen very expensive items (plasma tv's, etc.) in his name, with very low buy it now prices, and a paypal account name. Eager buyers saw the high feedback rating and jumped on these "deals", only to find their money gone and no item to show for it. The thief was based overseas in a former Russian republic and is immune to US laws. He will never be caught.

It took weeks of effort just to get through to a human being at ebay. Once an ebay Safe Harbor rep took his case, it was resolved within days. His seller name, power seller status, and feedback were all restored.

There have been numerous articles in the tech press about this. Beware! Be diligent! It's not a nice world out there!

Chris

 

[kfeuer]

I had a slightly different Paypal nightmare happen to me. Without even thinking about it, I had used the same password on a number of different sites (including Paypal). As best as we can figure out, someone got my password off a less secure site and was able to access my Paypal account. Then someone in the Ukraine used my bank and credit cards to pay for some Ebay auctions. I got it straightened out in the end, but the lesson to be learned is to make sure that your Paypal password is one that is completely unique to the Internet (i.e. not a password you use on ANY other website). It is scary what can happen. Luckily for me, they only took $90 out of my bank account which didn't really hurt anything (no bounced checks), but they charged over a $1000 to my credit card.

 

[dahess]

Thanks for the info! I haven't used my paypal account in 2 years, so I just decided to close it. So sorry for all the trouble this has caused you. Good Luck!

Angie

 

[HM]

I may have had something like this happen to me....but with Amazon. I received a couple emails more than a year ago that looked like they were from Amazon, but when I contacted them, they said they didn't send them and asked me to pass along the message. I must not have replied to the person, since I haven't had a credit card problem since then, but it sures sounds similar. This was a very good message to send along to us....thanks for posting your experience.
-HM

 

[beattyfamily]

Thank you for posting this! I just went through any website I bought stuff from and made sure I didn't leave my CC info with them.

I also closed my Paypal account.

I've always told my husband I didn't like leaving my CC info at websites when it gives that option and this is why!

I only had CC fraud once on the Internet. I don't think it's similar to this but I thought I'd mention it.

My husband woke me from a deep sleep and asked me if I'd been to a XXX website lately! I said of course not! He didn't think so. He was reviewing our CC statement and someone used our CC# to join a XXX website. Our CC company did end up giving us our money back. My husband says it's just so easy to do that. It could have been anyone; the waiter at the restaurant we ate at; the clerk at the mall. But, I was so afraid somehow they got my info from a website. My husband disagrees.

Anyway, my warning is this: anyone, in any business, can use you CC and get away with it by using it on the phone or Internet if they know what they are doing (so the CC people can't trace it back to them with address or email address)

fyi...we also had CC fraud after a trip to Paris! Two months after our trip someone charged $200 twice from a town outside of Paris! We got it taken off our account, though, eventually.

Thanks again and I'm glad it worked out for you!

 

[ErinC]

I am glad you posted this. I got an email from paypal the other day asking for verification, and I just hadn't gotten around to doing it yet. I will check it out completely before I send it back.

 

[ivanova]

I've received bogus emails that look like they are coming from ebay ... but instead of asking for verification they came across with something along the lines of "you're c/c will be automatically charged for $xxx.xx for the purchase of...." it would list an amount of a few hundred dollars and it would be for some ridiculous item. Of course there was a link that if this was "in error" please click here... yeah right. I've NEVER responded to any of them and have forwarded them all to Safe Harbor with ebay.


This is also why my paypal account is linked to a secondary checking account with less than $300 in it. If I'm going to get wiped out, they aren't going to wipe out my primary account which could affect the monthly bills that I pay. Yeah, being robbed of $300 is a big deal, but it beats the higher dollar alternative. Also if I had to close the 2nd checking account due to fraud, it wouldn't be as hard as having to change all the bill pay options etc linked to our main account.

I also regularly transfer $$ from paypal back into my checking account (then remove it via ATM) so that my paypal balance isn't typically over $20 on average.

 

[ceecee]

It can happen anywhere, not just computer sites. A local bank teller in our area was caught using customer's cc #'s. Waitresses, tellers, salespeople, etc. all have access to your ##'s.

 

[ivanova]

it's harder for a sales person to be unscrupulous ... but waiters disappear with your c/c for a period of time ... I think 99.99% of waiters out there are hard working and honest ... but just one bad apple can really screw up your life.

 

[shoes99]

Strange ebay inquire:
I got this email yesterday:
Dear Ebay Member,
Recently we attempted to authorize payment from your credit card we have on file for you, but it was declined.
For security purposes, our system automatically removes credit card information from an account when there
is a problem or the card expires.
Please resubmit the credit card, and provide us with new and complete information.
To resubmit credit card information via our secure server, click the following link,
login to your account and resubmit your information:
xxxxxxcgi3.ebay.com/aw-cgi/eBayISAPI.dllxxxxxxxxxx
This is the quickest and easiest method of getting credit card information to us.
Using the secure server will ensure that the credit card will be placed on account within 24 hours.

I did not access this site....I confirmed that my cc was not charged, I changed my ebay password, and sent an inquirey to ebay..

 

[mickey4ver]

Could it possibly be that your cc on file with ebay had expired? I've had that happen and had to update my records or add a new credit card with a new expiration date.

 

[kozmo]

Oh my gosh ,i hope that doesnt happen to me!!!!Now i am worried.

 

[beattyfamily]

All you have to do is make a rule that you will NOT go to any website via the email. Open an Explorer window and go to the website that way if you need to update any personal/private info.

Then there would be no way they can get your info.

 

[cookie2001]

Thanks so much for letting us all know about this.