# Has My Pay Pal Account Been Compromised?



## SINC (Feb 16, 2001)

I got the following e-mail this morning and I am very suspicious that my account has been compromised.

What really concerns me is that they do indeed have the last four digits of my credit card correct and that is scary. What do others think?

Here is the e-mail:

From: [email protected]
Subject: Credit Card Removal
Date: December 2, 2006 4:50:47 AM MST (CA)
To: my correct address

Dear (My correct name exactly as it appears on my card),

Because it has expired, your credit card ending in **** has been removed from your PayPal account.

If this was the only credit card on your PayPal account, you will need to add a new card to continue sending instant PayPal payments.

To add a new credit card:

1. Log in to your PayPal account 
2. Go to the Profile subtab 
3. Click on the 'Credit Cards' link in the Financial Information column 
4. Click 'Add' 
5. Enter your credit card information 
6. Click 'Save'


Thank you for using PayPal!
The PayPal Team


----------------------------------------------------------------
PROTECT YOUR PASSWORD

NEVER give your password to anyone, including PayPal employees. Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account.


----------------------------------------------------------------



Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link located in the top right corner of any PayPal page.

----------------------------------------------------------------
Copyright © 1999-2006 PayPal. All rights reserved.

PayPal Email ID PP031


----------



## Beej (Sep 10, 2005)

I'm not sure about paypal, but it is normal to be notified when a cc on account is expiring. Usually it's by letter mail or phone but, with paypal, is email the primary method of correspondence?


----------



## MacDoc (Nov 3, 2001)

This very likely a fraud. Report it.

http://phishery.internetdefence.net/data/16245

Please please don't put in your CC account.

Picking up your last four digits is pretty easy.


----------



## MacAndy (May 17, 2004)

Do not, under any circumstances, click any link in that e-mail message, it is a fraud. Paypal will never ever e-mail you to ask you to log in.

If you *do* click the link you will see a very authentic looking Paypal page, but, if you look at the URL, it will be fraudulent. Instead of the URL being https://www.paypal.com - https for secure server access - it might be http://romanianripoff.ru/paypal.html and that is a fraudulent URL and any info you type in will immediately be used to access your account, change your password, and allow them to pilfer your funds.

Do not access your Paypal account by any link other than an e-mail from an auction or other online payment you know you have interacted with.


----------



## Beej (Sep 10, 2005)

"Protect yourself against fraudulent websites by opening a new web browser (e.g. Internet Explorer or Netscape) and typing in the PayPal URL every time you log in to your account."


----------



## Macaholic (Jan 7, 2003)

Yeah direct dial yourself into your paypal account and check it out. Avoid clicking any URLs (hover your cursor over them to see where they go).


----------



## RicktheChemist (Jul 18, 2001)

*


----------



## kps (May 4, 2003)

'[email protected]' is a legit PayPal address, but that means nothing with forged headers in phishing scams.

If you suspect that your card has expired, login to your PP acct. as mentioned by others using a new window and correct the situation or do nothing until you need to use PP again and then add a card to your acct.

Several years ago I ordered a separate credit card with only a $500 limit just for online purchases. I also have a UPS Store (Mailboxes Etc) mailbox tied to this card (as a legit shipping address) for those purchases. Better safe than sorry.


----------



## Macaholic (Jan 7, 2003)

They would contact you if they needed to. Wouldn't they? I'm of the understanding that if an email from anywhere sensitive like PayPal or your bank would be legit if it has your name in the salutation and the proper email address that you used to register your account. Phishing emails are sent out in massive bulk and therefore cannot have your proper name in them. They usually say smething generic, like "Dear PayPal Customer".

In any event, the best practise if such an email _seems_ legit is to manually open a new web browser page and type in "paypal.com", not using any links provided in the email unless you're absolutely sure.


----------



## MacDoc (Nov 3, 2001)

That's true - I missed it as the name was removed.
Might be okay but as long as you go into a fresh browser and your account all should be well.
Caution advised tho.

I know Shiira is pretty anti-phishing savvy.


----------



## SINC (Feb 16, 2001)

Here is what I have done to date:

1. I opened Firefox instead of my normal browser, Safari and typed in paypal.com.

2. I attempted to log in to my account three times.

3. All three times, the log in was rejected as having an incorrect password. Since I kept a written record of the password and knew if by memory as well, I thought this odd as it worked every other time I used PayPal.

4. I sent an e-mail to PayPal using their "forgot your password" link.

5. I got an e-mail back from PayPal with a link to reset my password.

6. I copied and pasted that link into the address field of Firefox and a page came up offering me three options to reset the password. They were via bank account number, my credit card number or two security questions. Given the e-mail had the last four numbers of my credit card, I chose the latter and answered the two security questions.

7. A form appeared affording me the opportunity to change my password and I selected and wrote down the new password. PayPal acknowledged the password has successfully been reset.

8. I logged into my account using the newly created password with no problem and called up any activity for the past year. All transactions were indeed mine and there had not been one since last June which was correct according to my records.

9. I logged out and closed Firefox.

While all appears to be OK, I am still concerned with two things:

a. How did they get the exact correct name and the last four numbers of my credit card?

b. Why did my password of three years suddenly not allow me to log into the account this morning?

Any further thoughts appreciated. 

Anyone else got one of these by the way?


----------



## moonsocket (Apr 1, 2002)

I got the same mesage. Funny thing is i cancelled the card I use at PayPal a long time ago so I knew it was a scam right away.


----------



## Beej (Sep 10, 2005)

moonsocket said:


> I got the same mesage. Funny thing is i cancelled the card I use at PayPal a long time ago so I knew it was a scam right away.


Did you get the message recently and/or did it correspond with what would have been the card's expiry date? A place with your card on record wouldn't know it's cancelled unless they checked.

Sinc: the password thing is worrying. You checked caps lock etc. to make sure that there wasn't a data entry problem at your end? Because, if you're going through the official paypal site and changing the password etc., I think the only weakness is their system or your system, not traditional middle-man scamming. That's dangerous stuff.


----------



## Macaholic (Jan 7, 2003)

As none that I can recall have had my personal name in it, anything I've "received from PayPal" has been summarily sent to the trash.

I just checked my history and al is kosher.


----------



## SINC (Feb 16, 2001)

Beej said:


> Sinc: the password thing is worrying. You checked caps lock etc. to make sure that there wasn't a data entry problem at your end? Because, if you're going through the official paypal site and changing the password etc., I think the only weakness is their system or your system, not traditional middle-man scamming. That's dangerous stuff.


I double and triple checked the original password and I did not have caps lock on. While all appears to be well, I am still concerned about the password not working combined with the e-mail. A coincidence? A software glitch?

For the record, my credit card is valid until 2009, so I knew right away it could not be expired.


----------



## Beej (Sep 10, 2005)

SINC said:


> For the record, my credit card is valid until 2009, so I knew right away it could not be expired.


What expiry info is in the paypal account's cc?


----------



## Macaholic (Jan 7, 2003)

SINC said:


> For the record, my credit card is valid until 2009, so I knew right away it could not be expired.


Well, if the original email had YOUR NAME in it, then that's a concern! :yikes: Any response from PayPal on this??


----------



## SINC (Feb 16, 2001)

Hey Beej, I owe you one! :clap: 

That question solved the whole mystery.

I went to my account and checked on the CC.

The e-mail I received contained the correct name and last four digits for my VISA card.

I had forgotten that I established the account with a little used MASTERCARD and the last four digits shown on the account are different, although the expiry year is the very same.

Ya gotta love ehMac to help solve these things. I can now put any fears to rest although that password thing is odd.

Thanks to all and Beej, I owe you a beer! 

PS - I have not heard back from PayPal yet, but I did report it.


----------



## Macaholic (Jan 7, 2003)

SINC said:


> I can now put any fears to rest although that password thing is odd.


So... did your computer throw up this message?


----------



## SINC (Feb 16, 2001)

Macaholic said:


> So... did your computer throw up this message?


LOL, no but it should have!


----------



## Macaholic (Jan 7, 2003)

SINC said:


> LOL, no but it should have!


heh-heh. You're a good sport, SINC :clap: 

I just whipped up that error window, myself... and will surely be using it on myself, regularly!

My nephew works for a sub-contracted company that does tech support for the xBox 360, and he told me about that "ID10T" code that they use as a joke for when they get someone totally helpless on the line


----------



## Beej (Sep 10, 2005)

SINC said:


> I had forgotten that I established the account with a little used MASTERCARD and the last four digits shown on the account are different, although the expiry year is the very same.


I'm glad it worked out. So, one of the cards had expired recently?


----------



## MacDoc (Nov 3, 2001)

Far better safe than sorry.
So far I don't know of any EMT fraud.
Paypal sure seems a target


----------



## SINC (Feb 16, 2001)

Beej said:


> I'm glad it worked out. So, one of the cards had expired recently?


No, neither card had expired. Both were valid until 2009.


----------



## HowEver (Jan 11, 2005)

Good thing *I* didn't post this, eh?



Macaholic said:


> So... did your computer throw up this message?


Also, glad to hear things worked out SINC, but if I understand correctly it's still somewhat worrisome that the phishing email had 4 correct digits, even of a different card.

Since I had been receiving phishing email messages for years, prior to having eBay or PayPal accounts, I'm used to just deleting them.

I remember when signing up for eBay and PayPal getting the warning that their messages would ONLY ever have my real name embedded in them. This has been the case.

I used a new email account to sign up, instead of an account of mine that is known to exist "in the wild," and use it for one purpose only.

But phishers send out MILLIONS if not billions of fake requests daily. They really could hit the accounts we use, and hit the numbers of cards, theoretically.

It's good to change passwords for such commercial accounts, and our email accounts, forum accounts, and so on, every few months at least. Phishers and frauds count on this happening practically never, and on decent people frantically worrying that the fake emails they receive are real.


----------



## Bjornbro (Feb 19, 2000)

HowEver said:


> ...but if I understand correctly it's still somewhat worrisome that the phishing email had 4 correct digits, even of a different card.


Not really, chances are 1 in 10,000 to get four digits in the correct order. Ask any Pick 4 lottery player.


HowEver said:


> But phishers send out MILLIONS if not billions of fake requests daily. They really could hit the accounts we use, and hit the numbers of cards, theoretically.


Exactly.


----------



## Macaholic (Jan 7, 2003)

HowEver said:


> Good thing *I* didn't post this, eh?


Due to the practical benefits of smilies, SINC knew that my post was a good-natured rib.


----------



## gastonbuffet (Sep 23, 2004)

I got that same message, and the credit card was expiring, so i assumed it was kosher. I haven't updated it yet, and wasn't planning on doing so via the link, like it said on that email, i was going to log in a new page.

your password ordeal is one for the ages. Unless your password is "peace" and you keep on typing "PIECE"


----------



## HowEver (Jan 11, 2005)

Macaholic said:


> Due to the practical benefits of *smilie*s, SINC knew that my post was a good-natured rib.


Here you go:


----------



## ErnstNL (Apr 12, 2003)

I don't use a credit card for Paypal anymore. I do an e-check through the bank. The bank suggested it.


----------



## lotus (Jun 29, 2002)

Sinc, I received a similar message quite some time ago and I have never had a PayPal account. I contacted them and they thanked me and said they did not send the message.


----------



## HowEver (Jan 11, 2005)

The following is actually derived from the real PayPal website.



> PayPal Security Centre
> 
> Protect Yourself from Fraudulent Emails
> 
> ...


----------



## krs (Mar 18, 2005)

I actually had trouble with my password the last couple of days as well.
Not with paypal but trying to access my email account remotely. 
Came back with an error message that the password was incorrect four times even though I absolutely know that it was correct at least the last three times.
And then on the fifth time it suddenly worked as if nothing had ever been wrong.
No idea where the glitch was - first time that happened to me.

And as to the last four digits of your credit card...they float around all over the net. Every time I get a confirmation email about a payment it lists the last four digits of my CC. Anyone intercepting that email would have them.


----------



## MACSPECTRUM (Oct 31, 2002)

ErnstNL said:


> I don't use a credit card for Paypal anymore. I do an e-check through the bank. The bank suggested it.


i did that as well
puts in a nice "pause" in payment procedure so that i know of payments BEFORE funds are actually withdrawn and can verify them before anything bad happens

it takes a few days and so my item doesn't arrive as quickly, but better safe than sorry

once in a while an ebay auction will NOT accept e-check and i avoid those like the plague


----------



## HowEver (Jan 11, 2005)

Will banks reverse e-check payments as easily as credit card charges can be reversed?


----------



## krs (Mar 18, 2005)

HowEver said:


> Will banks reverse e-check payments as easily as credit card charges can be reversed?


That's pretty much the question I have as well. Not sure exactly how e-checks work compared to regular cheques, but payment with them seems to be a lot more risky than with a credit card.
If a credit card is used fraudulently, the most you're on the hook for is $50.00...no limits on cheques or debit, don't know what the legal situation is with e-checks.


----------



## da_jonesy (Jun 26, 2003)

FYI... Up until 3 months ago I used to work in Financial Services software (specifically the banking industry). I can safely tell you that ANY email from a bank or payment system (ie. Paypal) related to account information should NOT be trusted and treated as suspect.

No Bank or Payment System will EVER email you regarding your account, with the exception of statements or confirmations.


----------



## krs (Mar 18, 2005)

da_jonesy said:


> No Bank or Payment System will EVER email you regarding your account, with the exception of statements or confirmations.


So how do they notify you when your credit card expires which happens every few years automatically?
I definitely didn't get a snail mail letter from paypal, but I can't remember how they notified me to update the expiry date on the card.


----------



## da_jonesy (Jun 26, 2003)

krs said:


> So how do they notify you when your credit card expires which happens every few years automatically?
> I definitely didn't get a snail mail letter from paypal, but I can't remember how they notified me to update the expiry date on the card.


They should not notify you in any event of an expired payment source. You'll know the next time to create a legitimate transaction that your credit card has expired.

I can't think of any service that informs me that my credit card is about to expire... can you?


----------



## HowEver (Jan 11, 2005)

True, but I was talking about non-fraudulent use of one's credit card. For example, a purchase on eBay that never reaches you results in a simple phone call to the credit card company, they reverse the charge while following up with some paperwork. It's very straightforward.




krs said:


> That's pretty much the question I have as well. Not sure exactly how e-checks work compared to regular cheques, but payment with them seems to be a lot more risky than with a credit card.
> If a credit card is used fraudulently, the most you're on the hook for is $50.00...no limits on cheques or debit, don't know what the legal situation is with e-checks.


----------

