Resulted in Paypal Acct becoming inaccessible
|Gordon Whitehead 1||02/10/2018 11:43:48|
344 forum posts
I've just had to shut down my Paypal account in order to open a new one that's uncompromised.
It started with me attempting to order stuff from a well-known model shop dealing in top of the range ARTFs. Having gone to checkout and selected Paypal as the method of payment, I signed in to Paypal. Instead of opening my account, the following message came up:
"Paypal is looking out for you. We've noticed some unusual activity and need your help to secure your account. Click NEXT to confirm your identity and change your password."
Thinking that this might be the result of a hacker I immediately deleted my order from the shop's basket. Then I went back through old Paypal email receipts which wouldn't have been compromised, and found their contact number. I eventually got through to PP's security dept and was guided through setting up a new password and identity questions. Then I was able to open my PP account and check it. All was OK, and I also checked that the accounts I use to pay PP bills were untouched.
However, this morning I attempted to log in to PP and got a repeat of the "PP is looking out for you ...etc " message. Although I'd been able to access the account immediately after changing my password etc, a couple of days later I was locked out again. So once again I checked my bank and credit card accounts (they were again untouched) and called PP security; the lady told me that there had been some suspicious activity and asked me if I'd ever had an address at one of three towns she listed. It could not have been coincidental that the model shop resided in one of the towns, and the other two were within 15 miles of it. It seems to me that the model shop's website must have been hacked and I will phone the shop to advise them of my suspicion when they get back from holiday.
So I got the lady to cancel my PP account, which also cancels any recurring payment agreements on the account, eg with ebay, pocketmags etc.
Looking at the subject model shop's website, I see that it is not secure. ie no https:// in the internet address line - which there is on the modelflying forum page you're looking at.
Checking the websites of some PP transactions I had made a few days earlier, they did have the https:// prefix so it seems to me (though I might be mistaken as I'm not an internet security expert) that their websites were not the ones causing my logging-in problem.
I'm now considering whether I should place future online orders with model shops that don't use https:// encryption, and just phone in with my credit card no.
Let the online buyer beware!
|Martin Harris||02/10/2018 11:54:31|
9263 forum posts
I'm no expert but surely the Paypal process uses a secure protocol - I have always assumed that the details of the transaction are simply transferred to the secure Paypal site and any password/account details are kept within Paypal.
There should be no need for the merchant to have any access to account details other than perhaps the buyer's postal address so I'm at a loss to see why there should be a financial risk from the retailer's site not being secure.
It will be interesting to see if anyone can confirm a security risk using Paypal from such sites!
Edited By Martin Harris on 02/10/2018 11:58:38
|Engine Doctor||02/10/2018 12:03:29|
2469 forum posts
That sounded like a phising message . If you didn't open it you should be OK . Pay Pal never send un-solicited messages with links .Scan you computer for any dodgy stuff.
I had my debit card details nicked when doing online shopping at a bearing shop and my bank discovered it . It only takes one dodgy employee !
I try to use Pay Pal for everything these days and have never had any problems ...................................Touch Wood.
Edited By Engine Doctor on 02/10/2018 12:07:39
|Gordon Whitehead 1||02/10/2018 12:16:04|
344 forum posts
It looked like a phishing message to me too, which is why I called PP rather than clicking on the "Next" button. The address bar still had the full Paypal address. The laptop I'm using is a chromebook which uses google to do the scanning.
You two sound a bit more complacent about such occurrences than I am.
|Gordon Whitehead 1||02/10/2018 12:18:46|
344 forum posts
ED you were editing while I was replying. Like you I try to use PP for everything, and I've never had PP problems before this one.
|Denis Watkins||02/10/2018 12:39:10|
|4335 forum posts|
This is not Paypal or your computer
Ring the shop
Edited By Denis Watkins on 02/10/2018 12:40:19
|Martin Harris||02/10/2018 13:29:06|
9263 forum posts
Not necessarily - I would NOT have clicked on the link but would have opened a new Paypal session from their (secure) website to check my account. I didn't make it clear that I wouldn't have continued with the order at that point but that I would not have had any real concerns about my Paypal account requiring such drastic action.
It's odd that we're so casual about using a credit card over the phone though - divulging card number, expiry date and the 3 digit security number seems just as risky if not more so!
P.S. I would think it likely that any possible subterfuge would relate to the retailer/employees/IT supplier as the chances of the suspicious activity taking place locally as the result of hacking must be tiny...the first rule of network security is that equipment must be physically secure and protected from local interference.
Edited By Martin Harris on 02/10/2018 13:36:44
|Gordon Whitehead 1||02/10/2018 14:48:20|
344 forum posts
My apologies Martin, but I forgot to mention that before contacting Paypal, I did try opening a new Paypal session from their secure website - two or three times - and always got the same announcement. Paypal recommend trying a different computer in these sort of happenings to see if it's the original computer at fault. So I tried my wife's laptop with the same result. Very tiresome as you can imagine.
Getting through to a PP operator by phone was a protracted business the first time. Having phoned up, you answer some basic automated questions and then are given the option of having them call you back, or hang on, in my case for 20 minutes. I chose to hang on and listen to the music because we get more than enough spam phone calls, and after the repetitious procedure I've just described I wasn't in the mood to trust the next call to be genuinely from Paypal. In a similar vein, if I get a call from my bank, I always ring back rather than carrying on to ensure that I'm talking to who I should be.
FWIW The way I deal with spam calls is to look at caller display and if the caller's name isn't given, it's from a number I don't have stored on the phone. Whereupon I wait for the answerphone to reply to the call. If the caller hangs up, it most likely wasn't a genuine call. But if the caller, which includes the hospital or medical centre, begins to leave a message, I answer. Spam calls while we're out leaves the number on the phone's display, but no message. Genuine callers leave a message and I call back. Well, that's how it works for me.
Edited By Gordon Whitehead 1 on 02/10/2018 14:50:46
|Gary Murphy 1||02/10/2018 15:52:10|
|412 forum posts|
I often get Emails from "PP" saying my account has been compromised OR account as been suspended. I logged into my PP account and all was well. Got in touch with PP as was told not to worry its a scam and send the email to them at the spoffmail address.
I did change my password but that's all, it is worring.
|Nigel R||02/10/2018 16:41:32|
3756 forum posts
"It's odd that we're so casual about using a credit card over the phone though - divulging card number, expiry date and the 3 digit security number seems just as risky if not more so!"
There is rather more recourse to legal protection with a credit card.
|Gordon Whitehead 1||03/10/2018 15:55:36|
344 forum posts
The message I got was an on-screen message headed by a Paypal logo, and not an email sent to my inbox. It wasn't a pop-up as such, but just the plain screen with the message imprinted across the middle of it with a button to press in a similar layout to the normal sign-in screen.
Unfortunately neither of the PP agents I spoke with said that the screen I got was a PP message and I was too stupid to ask.
I'm still giving it a day or so before I open a new PP account as I'm not in a rush to buy anything at present.
As Nigel said, there is legal protection available with credit cards, though happily I've never had to test it. I have had money refunded via PP and Ebay when a purchase didn't arrive, so I'm happy to report that the Ebay refund system works.
Please login to post a reply.
Want the latest issue of RCM&E? Use our magazine locator link to find your nearest stockist!