On-line Pay method Hacked - Sharing story

[AndyBees]

Moderators, if this Thread is not appropriate, please delete.

My *ayPal account got hacked . (many of us use *ayPal to buy and sell TDI stuff)

Monday morning March 9, 2015 at 12:45 am, I received an e-mail notice from *ayPal that I had sent money to an address in East Lansing, Michigan for $639.98 for a *lackberry purchased on *Bay. I've never browsed for a *lackberry or had one in my watch list. (the transaction was at 12:41:45 am)

I discovered the transaction at approximately 3:30 am.

I immediately commenced a dispute with PayPal and notified eBay. Also, that morning, during normal work hours, I contacted the *ayPal Rewards credit card (Citi Bank). The credit card folks were extremely helpful, far beyond *ayPal or *Bay as it was difficult to get though to a real person with them. I also notified the seller (Ft Lauderdale, Florida according to his info) asking him to put a stop on the shipment. Apparently he did not see my message but later that evening said he attempted to stop shipment.... something about his location not being the same as shipping warehouse.

Much longer story short: The East Lansing Police Department is awesome. They were able to communicate with UPS and stop shipment. They also visited the address. The dude's girlfriend/roommate said he was on spring break (Michigan State University).

There is no doubt that it was the *ayPal account that was hacked rather than the credit card. The *ayPal Rewards credit card is the default payment option. When paying, I always use my alternate card that's on file with *ayPal. Nope! I do not have a checking account linked to *ayPal ... no way!

So, the warning is this: Make your *ayPal password very complicated and change it often. Although I had what I thought was a good password, I had not changed it in many months.

Hacking or attempted scamming has never happened to me preiously!

Lastly, I am not sure if the seller wasn't involved as he has not been very responsive to my e-mails and messages. And, of course, neither the seller or buyer could be the guilty parties. A third person could have hacked the account and used the buyer's info and address for shipping purposes.

Hope this is helpful....

 

[JB05]

Andy, sorry to hear of your misfortune. I had always thought that paypal was pretty safe; never had a problem. My bank once notified me about an erroneous charge on my credit card for over $600 which they had to absorb. I think it was someone overseas; can't remember. I hope they catch the crook and lock him up.

 

[AndyBees]

Well, ironically, when I log-in to PayPal and click on the transaction there is a statement at the top that says: "This transaction under review by PayPal"

Then, a couple of clicks deeper into the review there is a list of history. The last thing listed says, "Unauthorized or transaction error case initiated"

So, it looks as if an "error" is possible on PayPal's end. Or, are they saying that the buyer, presumably me, made an error while making a purchase. Of course, my eBay history shows I've never had a Blackberry in watch.

Well, I've changed all my passwords pertaining to anything financial....

 

[panthers89fan90]

I do computer work for a living and run into all sorts of problems. You NEED to enable 2-step authentication on websites that have your financial information like Gmail, PayPal, and even a credit card or banking app. PayPal 2-step authentication can be enabled to use your phone or a credit card sized "token" that gives you a random access code. With this enabled on your phone, they would theoretically need your phone in their hand to get into your account. You enter your password then PayPal sends you a random code on your phone in which you enter into their website as a secondary security measure.

When getting an email from PayPal, be CERTAIN it's actually from PayPal. Goto "view details" and look at the sending email address to verify. Some people try to "phish" your account details.

 

[MarkAardvark]

^^^ This.

It's easy to have paypal send you a text message with a code number to authenticate transactions are really you.

 

[KLXD]

I recently changed my email with paypal. Very soon after that I got an email from somethinorother at epaypal dot com at the new address saying my "statment" was available with a link to view it.

How'd they catch on to the new email so quick??? I'm not sure I had even used it yet.

I suspect a lot of fraud starts inside.

 

[Funguy]

Thanks Andy

 

[AndyBees]

Problem is, this "old geezer" doesn't have a Smart Phone. I have satellite Internet service and pack a compact LapTop. The primary reason I don't have a Smart Phone is we have no cell service at my residence .............. closest service is about 11 miles away. There is some spotted service in those 11 miles but zero at my house.

I made the story as short as possible (everyone knows I'm long-winded). But, right off, when I saw the notice (it was readable without opening it), I logged-in to PayPal... and sure enough, there was the charge. I clicked on it and there was a ton of information.

I tell you, the East Lansing Police Department jumped on my issue immediately. I gave them all the details starting with my full name, address and phone number.

The UPS tracking number was most helpful. I also did a search and found the nearest UPS distribution points closest to the delivery address. So, I e-mailed them with the details but they just referred me to an 800 number for UPS and they would not stop the shipping. But, the PD was successful in stopping the shipment.

Well, I know this is way off topic, but as I stated in the intro, most of us use PayPal to buy and sell TDI stuff. So, I concluded it might be helpful to share my experience.

Dang what a way to start the week off!

EDIT: I do have one of those cheap Walmart trac phones .....

 

[FlyingFin]

I never have a bank account linked to Paypal neither do I have any sort of payment card linked for that very reason.

Its a little more hassle when paying for things to fill in your card details all the time but at least your account is secure.


And password must be as obscure as you can think of then split it several times and insert numbers, caps or similar to make it even more ridiculous.


Hope things work out ok for you.


FF

 

[Dimitri16V]

Never link your checking account to any on line payment system

Everybody is getting hacked these days .

 

[AndyBees]

Follow up!

I received an e-mail from PayPal this morning! Full refund to my account.

The thing that puzzles me a bit, the seller was somewhat silent. His/her responses to me were very, very limited in words. And, a few days later, I sent a message to him/her via eBay asking if they got the item back. No response. Then I sent a message via e-mail (e-mail address was revealed in the PayPal transaction) of which he/she never responded.

So, who hacked the account: Seller, buyer or a third a party? Doubt I'll ever know. Oddly, an eBay search of the seller's eBay user name resulted in nothing. The only way I can see his identity is in the PayPal transaction or click on the item. I'd like to know if eBay boots him/her........... without putting any of his items in my watch list.

Well, apparently hacking is well and alive!

 

[Funguy]

Interesting that your ebay search did not find that user name. Is it possible that you weren't in eBay at all or in one of their foreign sites?

 

[AndyBees]

Interesting that your ebay search did not find that user name. Is it possible that you weren't in eBay at all or in one of their foreign sites?

Nope! I am a regular eBay window shopper with account for 12 years (ironically, my first eBay purchase was my 2000 Jetta TDI).

I can copy the seller's user name from the PayPal detail of the transaction and paste it in search in eBay and get nothing. I did communicate with him via the eBay item display (contact seller) and thru his e-mail address early on in this horrible experience.

I've tried to search for it as recent as tonight!

See if you can find it: vapesnkicks

 

[Dirtracr95]

http://stores.ebay.com/vapesnkicks?_trksid=p2047675.l2568

 

[waltzconmigo]

dirtracr beat me to it but to quote from the cite, sounds exactly like what Andy would be purchasing.

vapesNkicks, "I have been a sneaker collector since I've been able to walk. There has been no passion more important to me than my "shoe game". I wanna share a piece of my passion with you. The vapor side of things is more about the business side of things. I hope you can enjoy my store and we are able to provide with the utmost customer service.1"

 

[AndyBees]

I did a search on BlackBerry. I must have got lucky. But searching for his user name was useless for me!

http://www.ebay.com/itm/BLACKBERRY-...677?pt=LH_DefaultDomain_0&hash=item339f1814fd