Er... Did my Paypal account just get hacked?

[fraseyboy]

Ok.... Weird.

I got an email from service@intl.paypal.com that 'confirms that I have paid Smilecamsecurity Software (sales@flashsyndrome.com) $99.00 USD using PayPal' for a 'Flashsyndrome Video Recorder' which I never purchased.

Shortly after I received another email which is as follows:

Quote:

Dear Helen Thompson (the name of the account owner), As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account. We have reason to believe that your account was accessed by a third party. We have limited access to sensitive PayPal account features in case your account has been accessed by an unauthorized third party. We understand that having limited access can be an inconvenience, but protecting your account is our primary concern. Case ID Number: PP-488-374-476 For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us". We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience. Sincerely, PayPal Account Review Department

And now, when I try log into my account, I get the following message:

Quote:

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience. Why is my account access limited? Your account access has been limited for the following reason(s): # Jun. 8, 2008: We have reason to believe that your account was accessed by a third party. We have limited access to sensitive PayPal account features in case your account has been accessed by an unauthorized third party. We understand that having limited access can be an inconvenience, but protecting your account is our primary concern.

It is also telling me to go to the resolution centre and complete the steps needed to restore my account access.

Ok... So it's looking pretty legit. Anyone else experienced this? What should I be doing? I'm kinda worried, since its linked to my mums credit card and she will not be happy to hear that it's been hacked...

 

[TheMarchingMule]

Quickly check with your mum if she bought something like that. If not, then IMMEDIATELY change your Paypal password, and contact Paypal; you should have time to revoke/cancel that payment.

 

[dynagroove]

how are you logging into your paypal account? are you logging in by directly typing the paypal url into your browser, or are you clicking on the link in an email? a quick search for "we have limited access to your account" returns quite a few phishing emails attempting to get you to log into your account at a fraudulent address. if this is legit, do as the Mule says and change your account pw ASAP if that is possible. do you use the paypal token? if not, you should look into that once this is sorted out.

jeff h

 

[fraseyboy]

Quote:

Originally Posted by TheMarchingMule /img/forum/go_quote.gif Quickly check with your mum if she bought something like that. If not, then IMMEDIATELY change your Paypal password, and contact Paypal; you should have time to revoke/cancel that payment.

I'm 100% certain my mum would not buy one of these Flashsyndrome.com::FLASH VIDEO CONVERTER:LAYER::RECORDER::MP3 TO FLV.

I have just changed the password and the security question, and also filed a 'fraudulent use of account' thing.

Quote:

Originally Posted by dynagroove /img/forum/go_quote.gif how are you logging into your paypal account? are you logging in by directly typing the paypal url into your browser, or are you clicking on the link in an email? a quick search for "we have limited access to your account" returns quite a few phishing emails attempting to get you to log into your account at a fraudulent address. if this is legit, do as the Mule says and change your account pw ASAP if that is possible. do you use the paypal token? if not, you should look into that once this is sorted out. jeff h

I always type it in directly. I don't think the emails I got were fraudulent since there's no links in them... Unless there's some other way?

Hmm no I don't use paypal token... What is that?

 

[dynagroove]

Quote:

Originally Posted by fraseyboy /img/forum/go_quote.gif I always type it in directly. I don't think the emails I got were fraudulent since there's no links in them... Unless there's some other way? Hmm no I don't use paypal token... What is that?

ok, sounds like the emails were legitimate. i don't know if the token is available where you are at, but it is a security key that generates a one time use code that you add to your password when you log in. makes it really difficult to steal your account: https://www.paypal.com/securitykey

sounds like you are on the right track to get your account back. let us know the details.

jeff h

 

[mercbuggy]

If the mail from paypal states the account users name then it is a first indication of a legit security alert. Phishing attempts (I have had 2 in the last week) normally say "Dear Valued Customer" or something similar. If you forward the mail back to spoof@paypal.com, they should verify their own mail. Hope it gets sorted quickly.

 

[mwallace573]

That message you got looks exactly like one I received when somebody tried to get a little over $2,000 from my account, which my actual bank account had nowhere near that much at the time. The payment was sent with the subject "Payment for Christmas gift", which hit sometime in mid April of last year. Not only did I change my account info, I actually had my associated bank accounts closed and had new ones started, which the bank was more than happy to help me with. They even gave me a $50 gift card for starting a new checking account.

I'd say the message is legit, and will echo the suggestions of resetting your password at the very least. I hope things work out for you.

 

[crappyjones123]

ive had a few run ins with paypal related issues. you have 3 options. the first i would recommend doing before anything else so you or your mother doesnt get charged for something you did not purchase.

1. call your bank and file a dispute saying that you did not make those charges. if they are good about it, they will reverse them on the spot (bank of america does it, i dont know if any others do) and then run their own investigation into the matter.

2. file a "chargeback" on paypal's website saying that you did not authorise the said charges. the difference between this and the next choice is that there is not 2 week period for you and the thief for sort things out on your own. if someone did steal that money from you they arent going to be interested in getting it back. after you do this start called paypal every other day and say that you are a student (even if you arent) and that you need the money (even if you dont, in my case both were true) and if the person you are talking to does nothing, ask to speak with someone higher along the corporate chain, they almost always give you most of the money as a courtesy for doing business with them, but dont ask them to do that. present your case, and 9 times out of 10 they are understanding enough to do something to hold you over)

3. file a dispute on the paypal website. this is the least suggested way to go about things but an option nonetheless. after you file the dispute you will be given 2 weeks to send emails to the user who actually charged the account in your name. paypal will touch the account only after those 2 weeks which is why i dont suggest going that route.

first i would suggest you telling your bank to not make that payment. but dont stop there or paypal will come after you for their money. file a case with paypal for a charge back and then start calling paypal regarding the matter. their customer service is fairly good and i never had to wait too long to get on the phone with them. the key is not to get mad with them. keep your patience and they will probably just give you the money back and then keep the case open. happened to me on 3 occasions where i was supposed to get money for something (sold a mouse and then the person filed a dispute saying he never got the mouse) or i paid for a service that i did not receive (webhosting on one account and game server hosting on another - they just cancelled the service a week after i sent them the money) and on all three i called them and they gave me the full amount while keeping the cases open with which i had no problems as i was allowed to use my account during those times.

hope everything works out for you.

 

[fraseyboy]

I'll get my mum to the call the bank since it's her Visa card. Will I really need to do that as well as the chargeback with paypal?

Also, I can't use the account until I mail or upload a 'utility bill'.... What is a utility bill and where can I get one?


Oh also, Paypal accepted the claim and refunded the $99 just then. The merchant who got the money had this to say:

"Make sure to change your paypal account password. It seems that a hacker got hold of your information. Please view more information at paypal.com to learn how to protect yourself against fraudulent transactions."

 

[crappyjones123]

utility bill = any kind of bill you pay for a monthly utility (electricity, water, cable, internet etc)

paypal is just another kind of bank. if you dont pay your credit card off with your bank, the bank comes after you doesnt it? so now if you tell your bank to not release those funds to paypal, paypal is now x number of dollars short because they already gave the money on your behalf to the company that sells that program. so now just like your bank, if you dont tell them what really happened, they will assume that you purchased the program and now are refusing to pay for it. i guess this would be a better route to take.

call your bank immediately and have them cancel the charge. call paypal explaining that you got your bank to pull the charge as unauthorised and that you would like to do the same with paypal since you didnt authorise the payment. then they will give you two options...chargeback or dispute. pick chargeback but also plead your case so that you dont have to pay the money temporarily because as long as there is a negative balance on your paypal account, your account is limited and you cant use it. so make sure your account balance doesnt go negative if you can do something about it.

as far as uploading a utility bill goes, i wouldnt do that unless you talk to paypal first. i am guessing they want that to verify who you say you are but at the same time they will also get your address (if they dont have it already but this time it will be a confirmed address). they CAN POSSIBLY USE THAT AGAINST YOU. i am not saying they will. worst case scenario - paypal says they dont find anything wrong with your account, no fraud done and you are liable for whatever you were charged. obviously since you didnt make the purchase, you wont pay (i wouldnt at least). that is when they use your address from your utility bill and hand over your account to a collection agency who will start harassing you with phone calls every day and threaten to ruin your credit (which they have the power to do) if you dont pay up. i know all this because this happened to me for $7042. i refused to pay and paypal sold the account to some collection agency and they came after me. i got the police involved and it turned out to be a case of identity theft and the collection agency dropped the case. in the end i paid nothing. but the place i went wrong was i sent paypal my electricity bill.

moral of the story, get the bank involved. get them to send a letter saying you did not authorise said payment (it is something very common for banks to do so they shouldnt have a problem with it) and then politely explain to paypal what happened. considering they initiated this whole thing (the emails informed you of what happened) i am guessing they would be more than happy to listen to you. dont promise to send in any utility bills unless you speak with someone in charge, have their name and direct phone number in case you need to get in touch with them again and the assurance that you will not be held liable for anything. once they agree to th
at, then send in anything they ask for.

after all this blows over i would recommend closing this paypal account and opening another. paypal is a trusted company but these things do happen...not saying that it is alright but it is a loophole and a disadvantage for paypal is a free service. no reason to take your business elsewhere...just start fresh and you should be fine.

 

[fraseyboy]

I already filed a chargeback on the day it happened and they just now refunded the $99 so there's no dispute or anything. The money is mine. So I don't think the bank really needs to be contacted, seeing its refunded already.

'Any portion of the payment that was funded with your credit card will be
refunded directly to your credit card. You will see this in your
transaction log as two entries. The first is the refund to your PayPal
account, and the second is the credit to your credit card.'

So I think I'm in the clear.

 

[crappyjones123]

congratulations!

glad to be of help (or not

) but im happy you didnt have to go through all the pain and annoyance i had to go through. now take that $99 and go get yourself a pair of grado's...seems to be missing from your arsenal

 

[fraseyboy]

Haha thanks!

I should have been more thorough in my posts... Then I would have saved you the effort of writing a big article on the subject

I did have some MS1's once but I sold them. I kinda regret it... But now I have my AD700's which sound so much like a Grado (but with all the faults ironed out IMO), there's not much point getting some

 

[nor_spoon]

This is scary. Glad the problem seem to be solved. Gonna keep an eye on my PayPal account in the future.