This is just a warning to everyone. My boyfriend is also a mystery shopper but only shops for 5 companies. These 5 very legitimate and trusted MSC's are the only ones that have his PayPal information. His whole account was wiped clean when someone hacked into his account earlier this week, changing all of his information excluding his name (because that's impossible). PayPal did not want to believe him and gave hime h*** about it when he called to get an explanation.

Has anyone else had this happen? My advice at least is to change your password. I will continue to mystery shop but am going to be adament about changing passwords and transferring money to be in my hands as much as possible. Thoughts?? What could have happened? Has this happened to anyone before?

How was it wiped clean? I don't get it...

There have been a lot of phishing emails claiming to be from PayPal. I suspect he might have inadvertently answered one of them. Either that or he had a relatively easy password.

I've nearly been fooled by those phishing emails before. Once I click on them I looked at the web address it took me to and it clearly wasn't paypal even though the page looked absolutely authentic.

Best policy...if you ever get an email from PayPal, forward it to spoof@paypal.com to see if it's real. 99.9999999999999999% of the time it will be a phishing attempt.

you have to escalate it within paypal and threaten to go to court.
Then they will back off. Dealing with their lower level reps is
useless since who knows what Country their in.

Many years ago something happened and I got nowhere fast
and so I went into my local bank(who I have a great relationship with)
and told them what happened and they had their lawyer call paypal
for me and paypal resolved the issue the next day.

I never answer to any emails claiming to be from Paypal. And when I receive such emails its like a red flag to me. I go check my paypal account to see that everything is as should be. But those emails I simply ignore.

James Bond 007.5 Wrote:
-------------------------------------------------------
> There have been a lot of phishing emails claiming
> to be from PayPal. I suspect he might have
> inadvertently answered one of them. Either that or
> he had a relatively easy password.

I actually just reported a phishing email from "PayPall" to Paypals scamming department right before checking this forum.

Paypal will NEVER send you an email where there is a "link" to click on.

If you see ANY Paypal emails, call Paypal, never respond to the letters that require you to "click here"

That's the "kiss of death" for your account.

You say "those 5 companies are the only ones who have access to his Paypal" They only have access to deposit money. To my knowledge, they do not have his password. Your Paypal is linked to your bank and no-one should have that information, but YOU.

I am sorry that happened to your BF and thank you for the warning.

I get phishing emails frequently, for PayPal and other financial accounts. Most of the time, they are trapped in my SPAM folder. It's usually very easy to recognize phishing emails once you learn what to look for. Also, it's a good policy not to click on links in emails allegedly from PayPal, your banks, etc. Instead, go directly to the official site and sign in that way.

I change my passwords frequently--partly because I have been messing with different password formulas, get confused, use the wrong formulas, enter the wrong passwords, and then have to reset my passwords.

No, he would never EVER respond to one of those emails. He is extremely skeptical of everything. I am with him now and thy was not the case. What else could have happened?

James Bond 007.5 Wrote:
-------------------------------------------------------
> Best policy...if you ever get an email from
> PayPal, forward it to spoof@paypal.com to see if
> it's real. 99.9999999999999999% of the time it
> will be a phishing attempt.


This is what I have been doing for years!


BusyBeeBuzzBuzzBuzz Wrote:
-------------------------------------------------------
Also, it's a good policy not to click on links in emails allegedly from PayPal, your banks, etc. Instead, go directly to the official site and sign in that way.



And this. Absolutely this!

If that was not the case, then it must have been the lack of strength in his password. My PayPal password is 16 characters, mixed upper and lower case, and mixed letters, numbers, and symbols.

Oswaltkp Wrote:
-------------------------------------------------------
> No, he would never EVER respond to one of those
> emails. He is extremely skeptical of everything. I
> am with him now and thy was not the case. What
> else could have happened?

Actually, I had an excellent positive situation with Paypal.

Years ago, I hired someone to do some removal of property.

For whatever reason, I decided to cancel his services. He had NOT performed any services at the time of my cancellation. (something just felt weird about this guy) He told me I could NOT cancel and I said, "You have not performed the services or even picked up a hammer, and at this point, I don't trust you anymore and I am cancelling." He once again said I could not cancel. (what kind of business was this?) I was soon to find out....

I called my credit card company to cancel the charge on my credit card (over $2,000) and the credit card company told me that there were multiple charges from this company. I said what do you mean?

They said he charged two large charges and apparently that's how they did it with Paypal. I said, "Paypal?" She said, "Yes. He used your Paypal acccount. I said, "I don't have a Paypal account." She asked me how he got my information? I told her he was a business and I gave him my credit card number and the 3 digit pin on the back. I told her I used to have an old Paypal but never used it.

At this point, this guy was taking money through my Paypal account, which I later learned he completely fabricated the account, changing my address, my everything. . Everything. (wish I could explain this better).

Then Paypal stepped in and said, "She is a victim of fraud. (me) She is not liable for this. " The Credit Card Company agreed. The CCC put the money back into my account and went after the business guy, for removing money without my knowledge and creating a fictitious account.

You have no idea how relieved I was when Paypal and my CCC both said they would fight to prosecute this guy

What a dirty rat! I'm happy you got it sorted out.

I wonder if he used the same password for Paypal and for other things. If he uses the same email for Paypal that he uses everywhere else someone who gets his password in one context will try it with his email address at a number of popular sites -- Paypal, eBay, Amazon -- and can wreak havoc in a very short time.

And if he uses the same password for his email address as he uses anywhere else, he's really vulnerable because control of an email address usually gives you control of the password reset functions pretty much anywhere.

All my email addresses use a password that I don't use to sign in anywhere.



Edited 1 time(s). Last edit at 06/28/2013 01:31AM by itsasecret.

I just came from paypal and I changed my password. I work hard for my money and no one's going to rip me off.

Canuck Wrote:
-------------------------------------------------------
> I just came from paypal and I changed my password.
> I work hard for my money and no one's going to rip
> me off.


You go!!

You have got me scard. I have not changed my password in years. I am on this right now!!!!

Canuck Wrote:
-------------------------------------------------------
> How was it wiped clean? I don't get it...


They took all his money

Yes, go change that password! I'm doing the same. He said it was likely a weak password, but he is scowling at the MSCs now. I told him I still trust them, so the big question is-- who dunnit?

In order to send money to your paypal account all I need is your paypal e-mail address . I (nor any company) needs your Paypal password.

I was asking how it was stolen? Do you know how they did it? Did paypal say how this was done? This is a very interesting subject.



Oswaltkp Wrote:
-------------------------------------------------------
> Canuck Wrote:
> --------------------------------------------------
> -----
> > How was it wiped clean? I don't get it...
>
>
> They took all his money

I paid $5 years ago to PayPal for a key fob that shows a code number whenever I need to logon to PayPal. This is in addition to my login email and password. You cannot log into my account without the code from the key fob. I think it was money well spent and recommend it highly to anyone that uses PayPal. I only have the account because many of the companies only pay through it. Whenever the money is put in the account I immediately move it to my bank account.

I keep my account close to zero because I need every dime! If someone attempts to hack my information, they will be very upset with waisting their time.

Me too. I don't leave anything in it.

Someone hacks into a Paypal account...they have more than access to your paypal money. They can clean out whatever bank account you have linked to it.

That reminds me, I need to clean out the bank account I have linked to it. I usually don't keep much money there and I've been forgetting that detail lately. I run the funds through a savings account, but I need to sweep it out of there into checking. For years I've kept an account just for Paypal purposes that only had about $500 in it, just so a hacking wouldn't cause checks to bounce in the account I use for bill paying.

If your boyfriend logged into his Paypal account from a free or public wifi hotspot, that may be how the thieves acquired his password. Hackers stealing information this way has become a common method. Never log into anything to do with your money on a wireless network that's publicly accessible.

Mine was hacked years ago and I could not even put answer the security questions.