Jump to content

Beware paypal folks

craftycarper

By craftycarper,
in Off Topic

 Share

Recommended Posts

craftycarper

craftycarper

Posted
Posted

Just tried to buy a washing machine online at Argos and card was declined, rang bank and it looks like several unauthorised payment attempts have been made over the weekend through PayPal up to about £600, luckily bank halted them so now I have had to change all my cards, near miss thank god

Link to comment
Share on other sites
landy george

landy george

Posted
Posted

Just tried to buy a washing machine online at Argos and card was declined, rang bank and it looks like several unauthorised payment attempts have been made over the weekend through PayPal up to about £600, luckily bank halted them so now I have had to change all my cards, near miss thank god

I had the same thing 6/7 years ago. About £1000 in all, phoned my bank & asked why they approved that kind of amount without checking. Got an email from one person they tried buying a laptop from & he said, he always double checks who he ships to now as it's happened a few times in the past.

At the time our IT guy at work could get a password for paypal off the internet for £10, don't know if it's any better now.

Link to comment
Share on other sites
bruno22rf

bruno22rf

Posted
Posted

My Paypal account was hacked last year and some low life in the states bought £3.6k worth of Nikon camera's with the proceeds - got the money back but it's a tense few days. At the time I contacted the retailer and the courier to inform them that the purchase was fraudulent but they really could not care less - the Camera's were dispatched and delivered despite my best efforts :sad1:

Link to comment
Share on other sites
old'un

old'un

Posted
Posted

That is a close call.

 

I've nearly had a similar situation but two-stage authentication on PayPal meant I got a notification of an attempted log-in and was able to alert PayPal.

Yep PayPal secondary security code makes your account much more secure with the code being sent to your mobile you are alerted that someone is trying to use your account.

Link to comment
Share on other sites
Royboy

Royboy

Posted
Posted (edited)

Once I was having a meal in a local pub, I new a lot of people in there and when I went to pay at the bar with my card was declined ! It was very embarrassing with people shouting over "hey Roy you want me to lend you some cash" from the other side of the pub !! Turns out someone on New York and Africa had been trying to withdraw cash so bank stopped my cards, I'm glad they did and all !!

 

 

Sorry nothing to do with Pay pal ha

Edited by Royboy
Link to comment
Share on other sites
clakk

clakk

Posted
Posted

Had it 4 years ago ,someone hacked my paypal and got my bank card details ,then paid their hotel bill in upstate New York :sad1: .Barclays sorted it and the skank got lifted as he tried the now blocked card 2 days later in another hotel and their security got him.Scary times

Link to comment
Share on other sites
Lloyd90

Lloyd90

Posted
Posted

I got done on PayPal only for £50, PayPal immediately flagged it as suspicios ( Was in London ) and froze the account.

 

Made sure no money was taken and were excellent to deal with to be fair.

 

Now have the authentication where it messages my phone when I log in so (hopefully) no one else can do it again.

 

Hope you guys get it all sorted :)

Link to comment
Share on other sites
MonkeyKong

MonkeyKong

Posted
Posted

Question is, how do they get the passwords to start with? It's unlikely paypal is breached, so it means the password were either guessed, or phished in some way...

Yeah, phishing and rubbish passwords are the most common vulnerabilities. With a lot of people using the same password for everything/most other accounts, once they've got one they "do the rounds" on the most common sites.

 

I'm also incredibly paranoid about public wifi hotspots.

 

Link to comment
Share on other sites
buze

buze

Posted
Posted

Yeah, phishing and rubbish passwords are the most common vulnerabilities. With a lot of people using the same password for everything/most other accounts, once they've got one they "do the rounds" on the most common sites.

 

I'm also incredibly paranoid about public wifi hotspots.

 

 

Yes, the 'same password' is often linked with 'single email address' as well. I often tell people they should have/open lots of email addresses, or learn to use the <username>+<something>@ rule you can use on (most) email accounts.

 

For example, if you have a gmail address like pigeon@gmail.com you will receive email sent to pigeon+<anything>@gmail.com. So for example, if registering to your bank, use pigeon+lloyds1402@gmail.com when registering.

 

That way, if someone lifts pigeon+lloyds1402@gmail.com they won't know your pigeon+paypal1604@gmail.com alias, even if it links to the same email.

 

Just using *that* rule would add a pretty fancy layer of protection to your various accounts; for example, I change my email to paypal, ebay, amazon etc pretty much every year to something slightly different, so the people who lifted it to spam you can be blocked easily, and you add a small layer of security that prevents easy 'cross site' phishing.

 

Also, I always encourage people to learn a pick a password manager, and create a password per account, but thats often a lot of hassle for most users...

Link to comment
Share on other sites
Vince Green

Vince Green

Posted
Posted

I will tell you how they got the password most probably. Every time you try to buy anything on line you have to open an 'account' with the company and give a load of personal information including (most significantly) setting up a password to access the account. Even though its probably a one off transaction

 

Most people can't remember lots of different passwords so they recycle existing ones. So to buy a drill from Machine Mart or wherever, you have given all the staff, most of whom are probably temps, the password you also use for all sorts of other accounts

 

Since you probably log in to most of them with your email address and you have given them that as well its not hard for them to hack your bank, paypal etc.

Link to comment
Share on other sites
MonkeyKong

MonkeyKong

Posted
Posted

 

That way, if someone lifts pigeon+lloyds1402@gmail.com they won't know your pigeon+paypal1604@gmail.com alias, even if it links to the same email.

I always assumed that the aliases were only for filtering and were stripped out when stored for login credentials. That's a good tip, thanks!

Link to comment
Share on other sites
rjimmer

rjimmer

Posted
Posted

There's been a few odd things happening this week. The day I had an Email form our shooting club secretary, I had another from someone with the same username, but from a different address. Another of his friends had something similar. Then, next day I got an Email from and organisation I had never heard, asking for an invoice to be paid, and saying a hard copy would be shortly sent to my home address, which was quoted. I've put it on this thread in case other people have experienced anything similar.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...