Paypal security hole-BEWARE

[myst woman]

While I was offline due to a storm Christmas Day Paypal paid an unauthorized charge to a company called BBG Londoon, a Google result fraud and scam site. I have never heard of them. I just happned to log in after walking to a starbucks through the snow for Internet.

get this: I have to fill out a form that takes ten days to investigate. What if Paypal lets this entity drain my account before their little elves return form Christmas vacation and get around to my security warning? Why isn't Paypal working harder to guard my money and look out for their customers?

FYI: no email notification of this BBG Londoon transaction came to my main email address for this paypal account, but email notifications for transactions I did authorize on either side of it were emailed. Check your Paypal accounts!

[copper]

Sorry to hear that.
I better get that paypal security key thing.

[jdk]

Sorry to hear that.
I better get that paypal security key thing.

More info on this please.

[myst woman]

i have not received any response From Paypal yet. They say 2-3 days they will get back to my email. How can Paypal allow such a gaping hole? Obviously the perfect time to seed a fraud scam is Christmas day when people are doing other things than checking their Paypal. If nobody is working at Paypal the day after Christmas at 5:10 PST then the charges go through? The "Security Center" just refers you to a robot chat question answererer and a form to print fax and then wait 10 days? How on earth can this be a time sensitive way to respond to electronic banking fraud?

If they can get away with one time, then they can just go ahead and I am guessing the Paypal matrix will approve an even greater charge based on previous payment history relationship. No resposne from the spoof forward either, i was hoping someone there would wake up.

I have looked in my bulk mail and everything, I am shocked that the charge was made without any email notification. How did they get a charge through Paypal without email notification to the customer account holder? From overseas? On a holiday?

[wjtyoung]

Did you call Paypal? They are a bit slow, but I have always had the best luck skipping the whole email support problem and calling.

[tekz999]

This is very frustrating. Never keep more than $500 in your paypal balance. Please keep us updated.

[justinXcore!]

Were the funds taken from paypal balance or your bank account?

[myst woman]

ppal balance.

[exxe]

I have looked in my bulk mail and everything, I am shocked that the charge was made without any email notification. How did they get a charge through Paypal without email notification to the customer account holder? From overseas? On a holiday?

I doubt it's PayPal's fault, maybe your computer/email is compromised. I suggest you to scan your computer and change the passwords afterwards.

[myst woman]

How could that be the case if the transaction went through and no notification was sent? How could my computer be compromised if I was offline for 6 days?

[exxe]

How could that be the case if the transaction went through and no notification was sent? How could my computer be compromised if I was offline for 6 days?

It does not matter if you were offline for 6 days. Maybe the notification was sent, but the thief has access to your email account and deleted the notification. Just a scenario...

[meganerd]

More info on this please.

I've had the Paypal Security Key for about a year. I love it! It uses RSA technology to generate an offline password every time you login. I keep it on my key chain and haven't lost my keys since.

https://www.paypal.com/cgi-bin/websc...ityKey-outside

[JuniperPark]

You 'walked through snow' in Los Angeles???

[DaddyHalbucks]

Beware of using shared computers at coffee shops/ kiosks/ copy centers.

[copper]

It does not matter if you were offline for 6 days. Maybe the notification was sent, but the thief has access to your email account and deleted the notification. Just a scenario...

This is possible.
Similar thing happened before with domain transfer.

Thief go into gmail acct thru back door.
Started domain transfer process.
Any email received will be forwarded to thief's email elsewhere
and original email received get deleted. Thus, it may appear
you never received any email.

Paypal thief is exactly same as domain thief as mentioned above.

[myst woman]

You 'walked through snow' in Los Angeles???

I am currently somewhere where there is snow.

Go fish.

[mulligan]

1. Scan, scan again, then scan in safe mode
2. Change ALL passwords .. immediately AFTER you scan (I'm assuming you know how to scan - There are also a few good online scanners .. Use them!
http://housecall.trendmicro.com/
http://www.kaspersky.com/virusscanner
http://www.pandasecurity.com/homeuse...ns/activescan/

Run each one separately .. not at the same time ..

Keylogger / Spyware --> http://www.pctools.com/spyware-doctor/google_pack/)
Initiate the Google Pack .. uncheck all the other stuff you don't want and 'Download Now'

[domaingenius]

You might want to read this website. If you read carefully you will see some
useful email addresses that worked for me to get people moving.
http://www.screw-paypal.com/paypal_c...formation.html
(not my site by way)

By the way, I see Paypal CHARGE for that security key !! >So clients
of theirs have to pay them to make their site secure. **** them.

DG

[Clayton]

Any update on the outcome of this?

[myst woman]

mamas don't let your babies grow up to use Paypal.

Paypal found the disputed action was not fraudulent then sent me the most bogus email I ever saw:

"Dear XXXXXX,

Despite being advised to close your debit card ending in 29, (nobody ordered this) the card
remained open as of today. Your card is now closed, to alleviate
further losses.

You are required to submit a signed affidavit to us listing the
charge(s) in dispute and why. To date, we have received no affidavit
from you.

You may file a dispute on a completed transaction made with your PayPal
Debit Card or PayPal Plug-In Secure Card. Before filing a dispute on a
PayPal Debit Card transaction:

* The disputed transaction must be completed.
* Transactions that are pending, denied, or expired cannot be
disputed. If you are reporting a transaction as unauthorized and select
the reason for the dispute as "I did not make this purchase," your
PayPal Debit Card must be reported lost/stolen.* This is a requirement
to help prevent any further unauthorized transactions.
* For all other disputes, MasterCard requires that you try to
contact the merchant and attempt to resolve the dispute with them prior
to filing a dispute. If you have done so, please document your attempts
on the dispute form.
"

This is most stupid banking action I have ever seen. They found the charge was not in dispute then closed the card to alleviate "any future losses". WHAT LOSSES IF THEY FOUND THE CHARGE WAS NOT IN ERROR?

I am now two states away without a credit card because nobody asked Paypal to close or cancel the card and they claim somebody did and they did it before I could anything or say anything. The only email i got was a response saying Paypal found the charge valid. Then a cancellation. For a $.95 transaction.

so, in response to my concern about a fraudulent charge and my inquiries they canceled my credit card.

Fantastic banking help. Stranding traveling customers after shutting their resolution valve!

Yay paypal!

more happy customers await!