Wednesday, September 23, 2009

PayPal Account Hacked!

While working in my office this week I received an email "receipt" from Paypal reporting a $10.00 payment to Skype (an online phone service). I've not used my Paypal account in some time, so my first thought was that this was a fake Paypal email. After all, it is commonly known that Paypal is regularly fighting the fake emails that are sent out hoping that the recipient will click on the embedded links. See, How Do I Report Paypal Fraud or a Paypal Scam. Nevertheless, I logged into my Paypal account to make sure (opening a new browser and entering the web address manually). There it was, a $10 payment to Skype on my Paypal account. The email I received was not a fake one from Paypal. It really was a receipt for a $10.00 charge.

Now, I do have a Skype account that I used when travelling abroad (worked great in Moscow), but it is not active at this time with any on-going subscriptions. Moreover, I never used Paypal to pay Skype in any event. I logged into the Skype account to verify nothing was active, which was still the case. Apparently, there have been some complaints that consumers are unable to cancel Skype once they open an account (see Skype forum).

Since the problem did not appear to be with Skype, I called Paypal. Although it took two customer service reps to get to the bottom of the problem, it turns out someone had logged into my Paypal account four times that day and authorized the transaction to Skype. Kudos to Paypal for agreeing to reverse the charge quickly and sent me an email within 24 hours "resolving" the case in my favor and saying that the charge will be reversed within five days on my American Express card.

Luckily for me, I do not have my bank account connected through Paypal. Paypal does, though, encourage users to connect bank accounts. As a payments professor I can easily imagine the havoc a Paypal hacker can create by draining a user's checking account, leaving the user waiting as long as ten days for a provisional recredit (Federal Reserve Consumer Handbook to Credit Protection Laws: Electronic Funds Transfers). So, consumers should exercise caution with all payment devices that are connected to their checking accounts in case of fraud, including both debit cards and services like Paypal.

A final interesting question is why did the thief choose $10 and why Skype? The $10 amount is not as likely to get noticed or to encourage authorities to make the chase. Skype is a European company which also might make catching thieves more tricky. But, since it deals in phone services, the thief probably either used the $10 asset before being caught or resold it to someone else. All of which contribute to the success of the hacker in these instances. What else can be done in these cases? It seems that the best solution is preventing the hacking in the first place through better security. Not sure how the hacker managed to get into my Paypal account, but there appear to be web sites that claim they can instruct you how to do it. Just another wild day in modern payment systems.
-JSM

25 comments:

Anonymous said...

Thanks for your post. This happened to me today -- exactly the same, except it was 100 pounds, not $10, via skype from my paypal. Paypal handled it only moderately well. They could not tell me HOW anyone managed to hack into my account. They could not guarantee they would follow this up. Just said they would follow up but no specifics -- said they could not give specifics. I would think if there is a skype account that this money is sent to that Skype would cooperate w/paypal and allow them to prosecute but PayPal didnt seem too interested in that. PayPal just said to change my password on PayPal...which seemed pretty lame. But they're refunding my money at least. I'm posting here so that others in the same predicament know they've not the only ones. And eventually force Pay Pal to increase their security if that's what the problem is.

Anonymous said...

Same thing happened to me today there was a $10 Gbp charge on my acct. Paypal was not helpful. They told me to change my password and they reversed the charge. :(

Anonymous said...

I just got took for about $800 from 12 fraudulant transaction on my Hacked Paypal Account. They are reversing the charges, but, PAYPAL is not save like they say they are.

Anonymous said...

My Paypal account was hacked on 1/14/2010 when I received an email notification that I sent a "gift" to an individual whom I do not know with the subject line: "You've got money!" I guess Paypal gets lots of transactions like that (snark!) I immediately disputed the charge; Paypal reacted sort of quickly--only four days to reverse the charges. But when I called Paypal my concern was blown off--I insisted that I no longer trusted Paypal and the tech. told me that Paypal is secure--that someone must have hacked my computer. I explained that I use a Mac and have all kinds of protection on it including the Snow Leopard OS. I asked how often hacks occur: the tech. said "less than 1% of all transactions." I find that hard to believe.

Anonymous said...

I got "hacked" in Jan.2009 for
U$170.00 and now again Jan.2009 for U$260.00. Since 2009 I never left $ in my account for more than an hour until recently in which I left $ for a week - there I was hacked again! I never got a positive reply from Paypal and in fact treated rudely. Unfortunately Paypal is not safe at all.

Anonymous said...

My account got hacked and Im still waiting to get my money back. Some jackass bought battlefunds for some online game and then bought anti virus software. Paypal is going to refund but my bank is taking FOREVER. So frustrating so that some nerd can play video games all weekend and Im going to have to deal with this for 2 weeks.

Anonymous said...

Just noticed today a $50 charge made on my PayPal acct at 3 am this morning. It was to a gaming website, aeriagames.com. I called my credit card company and they blocked the go-through of the as-yet incomplete transaction, and I canceled the card and will get a new one.
Haven't contacted PayPal yet, but I'm not going to use them anymore, since they are so easily hacked.

müzik dinle said...

hello bro paypal account hack videos ?

klip izle said...

hi paypal document thanks

film izle said...

thanks friend ;)

kürtçe müzik dinle said...

Just noticed today a $50 charge made on my PayPal acct at 3 am this morning. It was to a gaming website, aeriagames.com. I called my credit card company and they blocked the go-through of the as-yet incomplete transaction, and I canceled the card and will get a new one.


:) cool

Anonymous said...

Happened to me too last night for a $20 payment. The paypal email said 21:47 hrs - funnily, I was online at the same time and was not doing any purchases. The payment was to an online gaming site - garena. I have lodged a complaint with paypal via their online submission process

Anonymous said...

I too got robbed [aka hacked] about 2 years ago. PayPal handled it quite well and reversed the transaction. I think the main question I had at the time was how it happened. My theory was that I had probably clicked on one of those fraudulent emails before I knew not to and logged into my account. The hacker probably kept track of my account until I had money in there and went for the kill. I usually don't keep money in there and it just seemed fishy that they took all of my money less than a day after I added a lot of funds to my PayPal account. Any other theories as to why this happens?

Anonymous said...

We just got hacked for 40.00. I immediately went in and cancelled my bank connection to the account. So, we disputed the charge, haven't yet heard back. Everything was in chinese, so I assume that some chinese hacker figured it out... the access codes.

Anonymous said...

We just got hacked for 40.00. I immediately went in and cancelled my bank connection to the account. So, we disputed the charge, haven't yet heard back. Everything was in chinese, so I assume that some chinese hacker figured it out... the access codes.

Anonymous said...

I am paypal account hacker and its very simple to do. You just need the patience for phishing. To sit on your boat alone, reel in the ocean(www)waiting for a bite. $24,000 in change so far this year for me, its a good 9 to 5er. Thanks!

Anonymous said...

just got taken for over $600

I think it may be an insider job. Check out paypalsucks.com

Anonymous said...

I was recently hacked. One of the fraudulent transactions was in Euros. Here's my story (luckily, I caught it in time): http://wp.me/piVrx-ER

Sebab said...

I was hacked 5 days back and they took out 50 euros is 3 translations and luckily paypal smelled the rat and blocked my account in 10 minutes. The case is in dispute and assured me to resolve in 7 days. Removed all my credit card information from paypal.

Anonymous said...

This happened to me today, it was $290 TV purchased and i had my bank account connected to paypal and now its in the negative due to overdraft fee's. So even if paypal refunds my money i dont think the bank will give me my overdraft charge back. What dont make sense to me is that the TV purchased isnt no where near worth $290, the cheapest one i seen was $550. So im thinking it was the seller himself who did this cause that TV isnt sold anywhere online for that price. Lesson learned, Never connect your bank account or credit cards to paypal or leave any money in there. Its just not worth the time to recover it.

Anonymous said...

My eBay account was hacked roughly 2 days after the Playstation network hack was announced. I've never been hacked before. My biggest failing was my psn password was the same as my paypal and my bank account was linked to my paypal account. So they had my email address,password and bank details all they needed to extract some money. So anyways I got an email saying payment sent to robet.gayijan@yahoo.com, I was a bit confused so went on my account and found right enough here was a payment to this robet boy for £300 and then to rub salt even further in to the wounds in the time it had took me to log on he had sent another £300. Lucky enough for me up pops an email from paypal stating there was suspicious activity in my account and the payments had been declined. I must give my thanks to paypal for stopping it or else I would been right up sh*t creek. So after that passwords were changed and bank accounts deleted off paypal. Hopefully this might make somebody else who has had there psn data hacked think about their details.

Anonymous said...

In 2001 my Paypal account was hacked by an overseas person that made 4 fraudulent transactions using my E-bay and Paypal account. After numerous phone calls to E-bay and Paypal, everything was finally resolved and monies returned, or so I thought. In May of 2011, I received a letter from ER Solutions stating that Paypal has sent me to collections for transactions dating back to Sept 2001. I requested proof and just received a letter showing the same fraudulent charges that were supposedly resolved back in 2001. Guess I have to go thru this again. So be sure to keep names, dates and documentation so Paypal doesn't come back at you again.

Diane said...

I see this post is two years old. Interestingly two nights ago my Paypal was hacked. The hacker sent money ($83.00) to over 70 different email addresses. After suffering what felt like a mini-heart attack I contacted paypal and eventually talked to someone who told me it would be frozen and investigated for fraud. Because it hadn't hit my checking account (my checking was linked to my paypal), paypal gave me the impression it wouldn't hit my checking. Imagine my suprise this morning to see all of the debits from my checking account to the point that it caused a serious overdrafted account. Paypal was basically useless on the phone and they have basically indicated all the payments were in fact fraud but it will take 10 business days to get a letter from them closing my case indicating it was in fact fraud so that I can show the letter to my bank and get all the resulting overdrafted fees waived ($29/debit). It is basically a huge mess. Paypals attitude on the phone was that the security breach was not their issue or responsibility because someone hacked in using *my* password. Absurd. I do admit my password was not particularly fancy (only letters, no combination of numbers/symbols/letters)but shouldn't paypal take some responsibility in notifying their people to change their passwords to a more secure password. I'm disgusted with the whole thing. Myself for having a lame password but most importantly paypal as an institution for being absolutely irresponsible in helping the customer. As soon as it is all settled I will close my paypal account. And sadly I won't be able to do eBay transactions anymore either. Sigh.

Anonymous said...

Be glad that it was just 10. Someone hacked my account for over 250 dollars for a Razor server. Paypal called and they cancelled the charge and I have the money back. I had to cancel my debit card and get a new one. I changed my passwords for the bank account. I'm going to try to use cash and checks as much as possible for a while. I had a Paypal account for several years and never had a problem before now.

Anonymous said...

This happened to me but it was for $4200!!!!!!! Am still fighting paypal on this. Some dude pretended to rent a place to these people and then took the money and left me hanging. Still trying to get paypal to get the charges off. Told them they can check my account--the only checking account I have and it certainly doesn't have $4200 in it!!! Really frustrating.