# Paypal - unauthorised transactions



## sun_sparks (21 Nov 2006)

Arrived into work this morning to find over €1,000 worth of unauthorised transactions on my PayPal account.

I've reported them, but they take 10 days (!!!!) to investigate and respond.

What should I do? I've changed the password.

Two suppliers have contacted me, one to confirm my delivery address and quoting my Mobile PHONE NUMBER!!!

Am a little freaked by this tbh. Used PayPal because I thought it was secure...


----------



## polo9n (21 Nov 2006)

looks like ur password is a little too simple..only 4 digit i guess..

tell the seller that this is a fraud transaction and tell them not to proceed.

definitly looks like someone got into ur ebay account and order it off..check if they have changed the delivery address too..if theres a different name and address..pass that on to the gardai..maybe they can set up a sting and catch those bastard!


----------



## sun_sparks (21 Nov 2006)

Hi Polo,

Nope - 7 letters and 2 numbers. But I'm thinking perhaps I use it too much... time to go through my regular sites and change it.


----------



## polo9n (21 Nov 2006)

that sound secure enough..unless the computer have stored the password on the pc and someone got into it and place the order ?? very unlikely the paypal account can be hacked into..


----------



## sun_sparks (21 Nov 2006)

Yeah that was my thought... and my concern, as how do I prove it wasn't me using it???


----------



## polo9n (21 Nov 2006)

i think this is getting technical..the way to pin point where the transaction were placed is to locate its IP address. and subsequently the IP address can tells you which country and area.
most importantly u contact the seller and get the goods stopped asap.


----------



## polo9n (21 Nov 2006)

but this is up to Paypal to locate the address as you do not have the access to do it..maybe u can provide your IP address etc


----------



## sun_sparks (21 Nov 2006)

Thanks Polo - just been told be the bank that they cannot stop the transactions as it's a direct debit with Paypal. GRRR

Am sooooo annoyed here.

Got two emails from "sellers" to confirm purchase - would I be ok in emailing them back??


----------



## Seagull (21 Nov 2006)

Can you get the details of all the purchases and contact the sellers? Your best option is probably to try and cancel the purchases.


----------



## polo9n (21 Nov 2006)

definitly..tell them its a fraud transaction and someone uses ur details to place the order. once they know its a fraud they know u are not messing about they are most likely to get it stopped/returned.

if the goods can be stopped prior to dispatch then u may be able to get the full refund


----------



## sun_sparks (21 Nov 2006)

Emailed the two that I can contact. One mail bounced back (after they had sent ME a mail to confirm), which is odd?

Polo - not sure I like the use of the "may be able to get the full refund". Do you think it's likely I won't???


----------



## polo9n (21 Nov 2006)

i meant the delivery charge occur will not refund to you. you should be protected by paypal as this is a fraudulent case. but this is rather odd as the delivery address is your home address. and all details is your own detials, correct?
unless those people wants the goods delivered to ur doorstep and know the fact that nobodys home , so they can wait and pick it up there.
what did they order anyway?


----------



## sun_sparks (21 Nov 2006)

Web hosting, web domain and email marketing services, so the delivery address wouldn't matter...

what a surprise, hey???


----------



## polo9n (21 Nov 2006)

THATS crazy..web service for 1000 euro.

if i were u i will get to the bottom of this and repoprt the whole incident to the police!


----------



## sun_sparks (21 Nov 2006)

five transactions actually for €1000. 

What could the gardai do? Chances are (well hopefully, so the IP address will stand out) that it's from outside the jurisdiction.


----------



## polo9n (21 Nov 2006)

i think that is up to the gardai, they will evaluate if the information given can lead to successful prosecution of those people, in most case they will keep it on file if the amount involved is so small that its not worthwhile to go futher on the case.


----------



## sun_sparks (21 Nov 2006)

PS: Thanks for your help Polo!


----------



## polo9n (21 Nov 2006)

good luck with the refund etc.let me know how it goes.

1000 euro stolen like that will make me nuts!


----------



## extopia (21 Nov 2006)

sun_sparks said:


> Two suppliers have contacted me, one to confirm my delivery address and quoting my Mobile PHONE NUMBER!!!



I'd say the fact that the fraudster has your password AND your mobile number narrows it down a bit. The fraudster doesn't appeared to have changed the delivery address so perhaps they are hoping to intercept the delivery. Is the delivery address your work address? Do people at work know your mobile number?


----------



## polo9n (21 Nov 2006)

no man, its a web page service..which is rather odd to be selling on ebay??


----------



## liteweight (21 Nov 2006)

It strikes me that this could be someone bearing a grudge. They might not want to take delivery at all. The object could possibly be to cause you as much hassle as possible. How are you going to prove you didn't order if it was done with your card, your phone number and delivery address is also yours??


----------



## extopia (21 Nov 2006)

Sorry, missed that detail about what was ordered. Still intrigued by the mobile phone number though.

You didn't respond to any paypal "phishing" emails by any chance?

Have you checked the browser history? Long shot but you never know.


----------



## sun_sparks (21 Nov 2006)

Yeah I was too, but I'm not sure what details the sellers receive when they get an order. They receive my address (which is actually my old one) for sure, but mayeb PayPal send on my phone number as well?

Alternatively, if someone HAD hacked into my PP account, they would be able to see this anyway.

I've checked my ebay and it wasn't purchased through there, so these are sites (I think) that must accept PayPal payment.

Liteweight, yip that's what's worrying me too. The bank (Bank of Ireland) refused to stop the transactions as they said it's a direct debit from PP to my card, not a card transaction. MBNA (my other card) accepted the cancellation and stopping of transactions straight away, although I don't think the guy I was speaking to knew as much about PP.


----------



## sun_sparks (21 Nov 2006)

PS: Would ignore any emails saying they were from PP. I would consider myself fairly au fait with phishing scams, etc.


----------



## liteweight (21 Nov 2006)

If it's your old address, perhaps your post from the bank was sent there? 

We had a fraudulent transaction on MBNA last week...again through Paypal. MBNA put OH straight through to Paypal who immediately agreed it was a fraudulent transaction. We had been in Barcelona and only used the card twice, once to pay hotel and again to pay for a meal. Apparently Gerry Ryan always warns people on his show that cc fraud is rife in Barcelona. Looked it up on the net and someone else who had been scammed, claimed the only place he used his card was in a very high class restaurant. Think we were in the same restaurant. Surely these people can be traced if this is the case.

I don't understand the banks reaction. Did you ever sign a dd mandate? If not then they have no right to accept one. I think Paypal are insured against this sort of thing so maybe it'll be ok for you financially in the end. I'd definitely try to get to the bottom of it. Someone out there has far too much personal information on you. I read some statistics last week on the amount of identity fraud going on in Ireland and it was seriously scary! I'm beginning to think that the few bob I spent in Argos on a shredder is the best thing I've done in a long time.


----------



## sun_sparks (21 Nov 2006)

liteweight said:


> If it's your old address, perhaps your post from the bank was sent there?



Nope, not unless my folks are trying to set up web hosting using my details on their dial-up Windows 95 computer!!!


----------



## sun_sparks (21 Nov 2006)

The only solution is someone guessing my password/hacking into my PP account.

I have learned one valuable lesson though - keep a completely separate password for PayPal and change it regularly. (And yes, I know I should have already been doing this!)


----------



## polo9n (21 Nov 2006)

maybe someone guess it right..i think that can be slim...have u ever place paypal order with a public pc?


----------



## sun_sparks (21 Nov 2006)

Nope. Not that I can think of. I would only ever have used three computers:

1. Work Mac (not p'word protected, but office would be secure out of hours)
2. Parents computer
3. My laptop (securely stored at home)


----------



## polo9n (21 Nov 2006)

i have to say thats quite odd...


----------



## beezer (21 Nov 2006)

That's a worrying turn of events. I'd recommend scanning the PCs you use for Viruses/Malware/Spyware. It's possible that there may be a keylogger on one of these.


----------



## sun_sparks (22 Nov 2006)

I use a Mac - any recommendations for software? My company Mac is scanned for viruses on the network, but my laptop (again, a Mac) is probably not secure.


----------



## polo9n (22 Nov 2006)

turn on the firewall...and install anti-virus software if not there


----------



## extopia (22 Nov 2006)

You are very unlikely to be a victim of worms, viruses or spyware if you use a mac. But yes, make sure to set up the software firewall in OS X.


----------



## jdwex (22 Nov 2006)

Have you ever clicked on a link in an email? Fraudsters spoof emails from paypal, clicking a link in the email brings you to a site that looks like paypal, asking you to enter your login details.


----------



## polo9n (22 Nov 2006)

yep, so as those Lotto email/ unclaimed Lotto/ next of kin left you a lump sum of millions..anything which require your bank details/personal details. are most likely scam.


----------



## sun_sparks (23 Nov 2006)

Nope haven't clicked on any emails. Never open 'em! (Mind was tempted by the offer of 25% of $28m this morning, but didn't think it was a generous enough offer!! 

Just to let you know, Paypal have approved my claim of unauthorized transactions and said they will refund the money. No explanation mind, which I am a little peeved at, but perhaps they don't know?


----------



## polo9n (23 Nov 2006)

in most cases they doesn't like giving the information to the customer as this give a negative impression to customer how vunlerable their system is. if you really want the matter to be followed up, contact the Gardai Fraud Squad and ask for a contact person in Ebay and let the fraud squad know whos dealing with the case.


----------



## liteweight (23 Nov 2006)

I'm told they don't give details in case the client is so annoyed they persue the matter themselves e.g. ring fraudster. This is called 'tipping' and you can be charged for doing it!

I could tell you who my informant is but then I'd have to kill ya!


----------



## polo9n (23 Nov 2006)

yes, so much for DATA PROTECTION ACT of 1998.
in some case yeah he customer want that so bad to kick their ass.
i would recommend people to acquire the contact name from Paypal in this case and Gardai also pass on the paypal contact details to the gards to speed up their investigations! the gards do respond quick by setting up sting delivery and "NICKED" those criminals!


----------



## ClubMan (24 Nov 2006)

extopia said:


> You are very unlikely to be a victim of worms, viruses or spyware if you use a mac. But yes, make sure to set up the software firewall in OS X.


Unlikely? Yes. Impossible? No.

Hackers debut Mac OS X adware


----------



## extopia (25 Nov 2006)

_The malware is notable for its rarity rather than its threat value, which remains minimal_


However, there's no doubt that mac-centric spyware etc. will become more of a problem as macs become more popular. Surprised there are not more iPod viruses out there.


----------

