My PayPal hacked! 2 2

[Lazyboy]

1 hour ago, lizards2 said:

I got a message purportedly from Paypal that said someone in Canada was attempting to access my account, and I should change my password.  My password is fairly complex so I was a little miffed.  I didn't click on anything in the email, and just logged in directly to Paypal and changed my password.  I really have no idea whether the original email was legit or not.

I didn't think you would notice.

Er... I mean that email was not really from Paypal.

[lizards2]

2 minutes ago, Lazyboy said:

1 hour ago, lizards2 said:

I got a message purportedly from Paypal that said someone in Canada was attempting to access my account, and I should change my password.  My password is fairly complex so I was a little miffed.  I didn't click on anything in the email, and just logged in directly to Paypal and changed my password.  I really have no idea whether the original email was legit or not.

I didn't think you would notice.

Er... I mean that email was not really from Paypal.

Or maybe it was France...., 

[Lugnuts]

Also a good point to not login to anything if you're connected to the typical unsecured open Wifi. Who knows what you are connecting to.

Did that long ago and checked PayPal and an hour or so later I received a message from PayPal about an address change. Promised myself I'd get a VPN for my phone and home but here I am today, still no VPN.

 

[Ride the Tiger]

If some hacker made a ":click link for free comics" half the board would be victims of theft.

[youfoundjake]

Good thing you caught it.  Same thing happened to me last November, flew into Raleigh, checked into hotel, and checked my banking account.. a pending $5000 withdrawal to my Paypal account.  got it sorted out, removed accounts associated in Payapl, transfer reversed.  

 

[MGsimba77]

On 4/13/2018 at 1:50 AM, 01TheDude said:

Word of caution-- don't make it something you would be embarrassed to have to tell someone else to enter.

 you mean like this? 

 

[oakman29]

I was just hacked this morning, taking 1000.00 out of my account.

Thank God my wife is on top of sheit.

[fastballspecial]

I highly recommend many of you go to the bank and create a separate account for just paypal put $50 in and let it sit. 
It really limits your vulnerability by taking this step. Go a step farther if you are really worried and open it at another bank.

It took me years to get off my butt and remove paypal from my main checking account because years ago that's many of us
did when paypal started and never changed.

The authentication process also really helps as well.

I also cringe when I read people using their phones for paypal. 

 

Edited April 19, 2018 by fastballspecial

[lizards2]

2 hours ago, oakman29 said:

I was just hacked this morning, taking 1000.00 out of my account.

Thank God my wife is on top of sheit.

You have that much in your paypal account?

[oakman29]

3 hours ago, lizards2 said:

You have that much in your paypal account?

No , straight outta the bank.

[lizards2]

32 minutes ago, oakman29 said:

3 hours ago, lizards2 said:

You have that much in your paypal account?

No , straight outta the bank.

How does that work?  I've never been able to even add money to my paypal account, probably because I'm such a tech-*spoon*, or they wanted to much invasive information.

Do you mean they were sending money out of your bank account through your paypal account to their paypal account?

[kav]

On 4/12/2018 at 11:08 PM, 01TheDude said:

oh yeah-- one more thing. For dumb websites that you use quite often but have zero financial or social implications, using a very basic password is not a terrible thing. I have used a similar one for these types of websites for decades. There is no reason for someone to hack your account. None. So why put too much thought into the password in those cases? I mean-- if someone really wants to hack my account on TV.com or some website I use to find coupons--- be my guest. I sign up to those websites using an anonymous name anyway.

For social media sites like Facebook or twitter-- I would strongly recommend NOT using your actual name if you intend on posting anything even remotely defining. I have one that has my real name and base information that is used to connect to all friends. I have another account used for me to express myself that only a small portion of my close friends are associated with. Been trying to get my brother -- who works in the government -- to go to this model for a long time but he doesn't. He came close to getting fired (and was for a short period) by a politician who didn't like what he was posting.

One last bit to consider-- pictures. Once you post them on any site, they are no longer your property (even with watermarks/copyright etc) on places like Facebook. That might sound paranoid but even FB will occasionally just grab someones pictures and use it in someones Ad.

Anyway-- just my two cents.

you should set your facebook so only friends can see anything not some random employer.

[kav]

1 hour ago, oakman29 said:

No , straight outta the bank.

Time to go Straight Outta Compton on em.

[ChiSoxFan]

3 hours ago, lizards2 said:

How does that work?  I've never been able to even add money to my paypal account, probably because I'm such a tech-*spoon*, or they wanted to much invasive information.

Do you mean they were sending money out of your bank account through your paypal account to their paypal account?

Just in the way you can transfer money from your PayPal balance into a bank account linked to PP, you can transfer money from a linked bank account intoyour PayPal balance.  The transfer doesn't take place instantaneously, but usually takes a few days to process.  I've never done so in all of the time I've had PayPal.

The PayPal rep I talked to when the hack occurred seemed to think the hackers were doing the transfer as a test -- in theory, they could have simply tranferred money from the linked bank account directly to another PayPal account of their own as a "Friends and family" transaction just as easily, so I'm not sure what the end game was in sending money into my balance. FWIW, despite my going to the bank immediately to try and block the transfer, the money still ended up getting transferred into my balance, but PayPal immediately reversed it back into the original bank account it was taken from before I could even do it myself.

[lizards2]

7 hours ago, ChiSoxFan said:

you can transfer money from a linked bank account intoyour PayPal balance.

Interesting.  Although I've never been able to do this.  IIRC, they want a bunch of additional information on that kind of transaction so I have never successfully been able to transfer funds from my own linked bank account to my paypal balance.

[kav]

9 hours ago, ChiSoxFan said:

Just in the way you can transfer money from your PayPal balance into a bank account linked to PP, you can transfer money from a linked bank account intoyour PayPal balance.  The transfer doesn't take place instantaneously, but usually takes a few days to process.  I've never done so in all of the time I've had PayPal.

The PayPal rep I talked to when the hack occurred seemed to think the hackers were doing the transfer as a test -- in theory, they could have simply tranferred money from the linked bank account directly to another PayPal account of their own as a "Friends and family" transaction just as easily, so I'm not sure what the end game was in sending money into my balance. FWIW, despite my going to the bank immediately to try and block the transfer, the money still ended up getting transferred into my balance, but PayPal immediately reversed it back into the original bank account it was taken from before I could even do it myself.

was your password strong ie caps, letters, numbers and special characters?  you would think paypal would flag freeze and confirm if some account suddenly switched languages?

[oakman29]

1 hour ago, kav said:

was your password strong ie caps, letters, numbers and special characters?  you would think paypal would flag freeze and confirm if some account suddenly switched languages?

You would think. I am still fighting PayPal,  can't get into my own account.

[Bomber-Bob]

19 hours ago, fastballspecial said:

I highly recommend many of you go to the bank and create a separate account for just paypal put $50 in and let it sit. 
It really limits your vulnerability by taking this step. Go a step farther if you are really worried and open it at another bank.

It took me years to get off my butt and remove paypal from my main checking account because years ago that's many of us
did when paypal started and never changed.

The authentication process also really helps as well.

I also cringe when I read people using their phones for paypal. 

 

This is good advice. I just went in to Paypal to make the Checking Account Switch and had some problems. Upon calling them they detected I had another account, same personal information, but a different PP account linked to a different account number. I did not set up another account so this is puzzling. I finally decided to remove my Bank account altogether and only leave a Credit Card on file. They said this was okay. I only buy anyway so this will suffice. BTW, they acknowledged they are having problems with hacked accounts and the hackers  get the info from your E-Mail account. 

[Bomber-Bob]

On 4/13/2018 at 7:49 AM, c_mkv said:

Thanks fellas...just setup my 2 step authentication...beauty tip

I also changed my account to a 2 step authentication. However, I just found out somebody tried to set up another Paypal account using my info. Once the hackers have your information, could this be a work around for the 2 step ? Just to be clear, I was not hacked. I decided to remove my Bank account from Paypal account altogether, just leaving the CC. I feel much safer this way.

[ChiSoxFan]

6 hours ago, kav said:

was your password strong ie caps, letters, numbers and special characters?  you would think paypal would flag freeze and confirm if some account suddenly switched languages?

It was strong enough in the above mentioned characteristics that I thought it was safe, though it wasn't one of the completely randomized gibberish passwords that someone had said would certainly be the strongest.  The idea of writing all of those type of passwords down on a piece of paper just means I'll lose the paper and lock myself out of everything I do online. 

I agree -- I would think a language change to an account, especially to one that's been set to English forever, would raise a red flag on their end, but apparently it doesn't.

4 hours ago, oakman29 said:

You would think. I am still fighting PayPal,  can't get into my own account.

Hope they can get you in.  It was almost comical when I was on the phone with PayPal trying to get back into mine -- they were sending me emails with links to rechange my password, and of course, all of it was in French and unreadable to me.    It took about an hour for me to reaccess my account, change the password, and get the 2nd step to verify my identity when I log in put into place,  Sorry to hear you're having that much trouble -- I don't know if I was just lucky or not to get it fixed as quickly as I did.

3 hours ago, Bomber-Bob said:

This is good advice. I just went in to Paypal to make the Checking Account Switch and had some problems. Upon calling them they detected I had another account, same personal information, but a different PP account linked to a different account number. I did not set up another account so this is puzzling. I finally decided to remove my Bank account altogether and only leave a Credit Card on file. They said this was okay. I only buy anyway so this will suffice. BTW, they acknowledged they are having problems with hacked accounts and the hackers  get the info from your E-Mail account. 

It sounds like PayPal is being targeted, and while I feel terrible that anyone here is dealing with similar issues, there is some level of relief that I wasn't an isolated incident.  I am VERY careful about where I log into anything (since I work in the casino industry and am often at work at late hours, I've told people in sales threads, when I've claimed something, that I'll send payment when I get home early in the AM because I won't use our wi-fi at work to do anything on PayPal (or anything else financially related).  I never click on links or anything suspicious, etc., so I would feel that I'm relatively safe.  But clearly, they got to me, and they're getting to others, so it seems like PayPal may need to institute more safeguards on their end as well if this is a widespread occurrence happening to their user accounts now.  It's made me a little wary of using them when before, I wasn't.