Paypal + Bank Accounts (People Stealing Bank Account #s Through Paypal??) UPDATE 4/16

I don't think that people are actually steeling account numbers through Paypal itself, it's that people are falling victim to email spoofs that look so real that it prompts them to put in their account numbers and other info as requested.
But thanks for the warning, I will tell my Dad.

 

I suspect that if Paypal were actually being hacked, there would be big news of this. It sounds like it may just be those email scams that have been going around. But it's really nice of your bank to call you and warn you! I don't think my bank would ever bother with something like that! XD;

 

I have received those kind of emails and I don't EVEN have accounts from whence they came.....those are SPOOF EMAILS, NEVER click on anything in an email. Banks, credit cards, etc. will NEVER ask for information in an email.

Hackers get email addresses by tying a user name with popular email addresses. Do not use your email address as your username especially on a site like eBay. Paypal makes the mistake of only using email addresses for your login name, they should institute USERNAMES.

For security with Paypal one can get the SECURITY KEY.....even if they SHOULD inadvertently get one's password they can't get into the account without the SECURITY KEY.....cost $5.00 through Paypal and you can also use it on eBay.

 

Thanks for posting this even though my parents don't use paypal (I handle paying for everything for them) they're not the most computer savvy people in the world and we use this bank so it's a nice reminder. I'll go tell them tonight ~

 

I forgot to add, also, you should run a spyware, adware program after clicking on a link in an email, you may very well have picked up a "KEYLOGGER" from that bogus site, also.

Keyloggers that steal your passwords for all account information, even your email.

Be very careful and NEVER click on anything in those spoof emails.

 

Or perhaps Wells Fargo is the one that has been having problems and thus were checking around without actually saying so? It's just interesting that the spoof mail referenced WF and not PP. Why not send a copy of the email to [email protected] and ask if they can find out anything since WF says it's because of them.

The email, with the threat of "interrupted service" is classic and typical for spoof mails. NEVER click onto a link in a spoof mail!

 

Thats a common spoof email, I've got it before.

Please be careful, since you opened web sites from spoof emails like that you probably got a key logger on your machine which can capture your passwords and info when you log into websites, it would not be your bank or paypal's fault.

If there is trouble with your bank account normally they would call or send you something in the mail. Never open a link in an email requesting you to log into websites.

If you dont have an antivirus AVG has a free one that works great
http://www.grisoft.com/ww.product-avg-anti-virus-free-edition#tba2

 

I've received tons of emails like that before, even from banks or financial institutions that I don't bank with. Ebay and Paypal are one of the most common ones. You need to be really careful. Usually spoofs like that don't address you by your real name or username. Instead, they will say "Dear customer" or something of that sort.

If you are in doubt if the email is really sent by the company, don't click the link. As blackeyeliner said, they might have key logging that records everything you type into your browser. There could also be viruses too. >_<

You are able to see where the link really leads you to without clicking on it by putting your cursor over the link. At the bottom of your browser's status bar, it should tell you where the link will direct you to. If you're using IE or Firefox and yours isn't showing up, just click under View and then enable the status bar.

 

thank you for sharing !

 

I am sure that they did NOT get your email address through Paypal. Paypal's security is topnotch.
They got your email address probably through Yahoo or through eBay or through someone you've done business with who sold your email address to a database of some sort.
I get these kinds of emails all the time from all kinds of banks that I don't even have an account with! They look so official; I wonder how many misguided people get fooled by them.

 

I'm an information systems engineering student.
And we studied once about computer crimes.

This is called "phishing" like fishing, cuz that's what it does.

They randomly select a bunch of email addresses [not necessarily from paypal], choose a bank or a company to impersonate, and send info to make the user desperate, irritated, etc, any emotion that leads the user to click on the link to a fake web page that's professionally built [usually].

Like, for example, this time, they used Wells Fargo. They send tons of email out without caring who's a Wells Fargo client. But maybe one of the 100 will be. So, someone gets "PHISED". [fished] ;d

Once you decide to log in to the fake we page. Your personal information is stolen. So, be careful.

But I'm not sure about that phone call you got. That's pretty weird. I'm guessing, either you're an intended target or something or it was just coincidence o_O

EDIT//
Try not to panic when you read an email like that, even if it's a real one. Problems always have solutions right? >_> And always check the source and the links before you click.
Just a heads up n_n

 

Whoa- I was paranoid before, but now Im spooked

 

I always use the on-screen keyboard when I'm doing any bank or paypal business on the net for this very reason - just as an extra precaution. But you still need anti-virus and spyware programs, and you definitely shouldn't click on links in emails, no matter how legit they look.

 

This won't work for all keylogging software.

 

I got an email a couple of weeks ago that claimed to be from [email protected] asking me to update my information because they had locked my account for some reason. I was naturally suspicious, because I had been told to watch out for any emails that asked for personal information. Therefore, I did not click the link it gave me, rather I went to paypal through my normal route and everything seemed normal. I notified Paypal of the email and they said that it was, in fact, a phishing email and that I should not put any information in it.

So if anyone recieves an email from "Paypal" asking you to follow a link to "update" your information, do not give them your information. Log in to Paypal the way you normally do and figure it out that way, and then report the email to paypal so that they will have more information to try and catch these guys with.

 

When one of these emails is encountered, it is suggested to immediately forward all suspicious emails saying they're from Payal to: [email protected]

This can also be done for suspicious emails from Ebay. Forward those to: [email protected]

This is so the companies are notified, and can work towards shutting down the phishing sites.

 

Yes, what Nightmoon said. If you can forward them with all headers intact it helps a lot.

This is not a new scam. It's been going on for literally years and years. The crooks just get more clever. Frankly, sometimes even OPENING one of those can run a script to steal info, so it's best to just not even read anything with a subject line saying it's from your bank or about Paypal or whatever. I have a whole separate e-mail address just for online banking so it's pretty easy for me to tell what is really from the bank.

 

I have private email address that I only use to email my parents back home in Arizona and nowhere or no one else, but somehow I still get a piece of junk mail on it now and then, so no email address is safe!

 

omg so scary! I hope everything is okay!?

 

It was mentioned before, but it's important to note: If it's a legit email from Paypal or from your bank, it should include your username or your real name. Most of the scam emails will say "Dear customer" "Dear user" "Dear sir" etc. Only pay any attention if it says "Dear Jane Johnson" or "Dear Jane123username" or whatever your name and username are. Every single legit email I get from Paypal includes my full name, for example. Even if it had my email address listed, I wouldn't check, because Paypal should and does always use my actual name. Same thing for banks. If ever you get an email saying your account has been locked or something to that effect, open a new window, type the bank or paypal address in (i.e. wellsfargo.com or paypal.com or what have you) instead of clicking the link, and check to see if your account is OK. 99% of the time, it is. In fact, if there is a real problem with your bank account, most banks would probably phone or send postal mail rather than an email, you can also phone your bank to check your account status.

It's always better to be safe than sorry. These emails are written to put people into a panic (your account is closed, someone else has been using your account, etc) so that they don't think too hard about why their real name isn't in the letter, why there's no "please open a new window and type the address for the site" warning like most legit bank and paypal emails have, etc. They want people to panic, and click the link, and give them their info. So it's always best to keep cool and look at what the email actually says, you know?

 

Yeah, the phishing emails come to all of us on a regular basis, but a phone call? That's weird...a bank with hundreds of thousands of customers would actually call you on the phone to check up on you? I can't imagine my bank ever doing that!! I would suspect that the caller was trying to tell me to open another account and thus get my "information" by phone. Unless the caller was an individual that you actually know and have dealt with from your own local bank branch.
Still sounds very suspicious to me...the phone call, that is.

 

Figures! As soon as a fix is found, someone comes up with a way around that fix

 

Yeah, there are also phone scams which are getting pretty popular nowadays.
So I do agree with you, unless you personally know the person you're dealing with, do NOT ever give your information out, even if they know a little about you, [could be basic info gathered by stalking you online or offline, etc, not to raise any alarms but... it could be even someone under a DoA username that's not even here for BJDs, but just.. stalking ppl.. picking targets..looking at what you purchase, how much, how many, how often, payment method, even your phone # for EMS shipping, etc... So it doesn't have to be Paypal's security breach ;d]
And I'm sure that if the caller is familiar with you, he/she'd identify him/herself.

Well, in my case I've personally dealt with my bank's personnel. I know the names of at least 2 people my mom and I have talked to and personally sorted issues out before, so I also know their voices. Sometimes they actually call us to check on things, since we have a good reputation with them. But, unless it's a case like this, I hardly believe a bank would make such an effort. o_O

But you never know, maybe Wells Fargo actually does make such an effort.
It would be better to actually call the bank and ask about this incident and see what their response is. Or, if you have time, it would be better to personally visit your local bank branch to check for yourself. n_n

@Lillie: Anti-spyware MIGHT be able to detect key-loggers but there is no 100% prevention yet for that n_n

EDIT/ And you are right about that, that's why any kind of technology has to be upgraded from time to time to prevent a way of going around it x_X

 

skwerlie's right about the name thing.

While I was on hold with Paypal on the phone, the advertisement guy said that the Greeting on all Paypal emails will include your full name as given on your Paypal account. ^^

 

skwerlie and Nightmoon mentioned something I forgot to write in my 1st post for this thread, which is essential. So I'll just third this. Ditto ;]

 

Wells Fargo does call if they note large and/or unusual purchases on your cards. They will not ask you for any account numbers, etc over the phone though, they just say, "Mr. Smith we show a charge for 2000.00 (or whatever the amount was) from Volks (don't we all wish), did you make this purchase." Or," Mr. Smith, did you charge meals at three suschi bars in Kyoto last week? We called because you don't usually show charges anywhere but in Smallville.

 

There are kind of simple ways to avoid phising and scamming like this:

If you get an email from paypal saying you need to update your account information, its fake.
If you get an email from any online banking saying you need to update your account information its fake.
I'm not sure about other web based emails, but hotmail actually picks up on phising scams, and they arrive in the spam box and give a warning when you want to open the email that it is a possible phising scam. If it says that then common sense would tell you to delete it and to not proceed any further.
But, if you know what your doing, then you can copy the url from the fake paypal link and report it to paypal. That way it stops other people from being scammed.

The most important thing- ' The url! Check it!! It should be https://www. paypal.com /blahblahblah, the 's' after http signifying that it is encrypted and 'paypal' to show, well... that its actually paypal and no other site which has copied the appearance (incidentally that is very easy to do.)
The email address which sent the email should also include paypal too, although I will have to double check as to where.

Paypal doesn't actually display credit card numbers, security numbers, bank account numbers, sort codes etc online. It only shows the end of the bank account number (with which bank your with) and the end of the credit card number which is standard on most sites. But of course, your name, date of birth, address and telephone number etc is displayed, and they can use your account if they get your password.
This applies to things from online games which I play to the online banking I have- you won't ever be asked for your password through email. Simple. Just follow that and it saves complications. I understand it can be difficult when the email looks official and the website looks official, but looks can be decieving, and as I said before, it is very easy to make a page which looks the same.

 

Yes, I have received calls like this from Discover, Bank of America, etc....normal security checks. (And sometimes I don't even answer, just call them back and THEN answer to be sure I'm really talking to the credit card company. My bank has never called to question things going through my checking account, though.) But the originator of this thread said that her bank specifically asked about using Paypal a lot and went on to tell her that people are hacking into Paypal and emptying out checking accounts. Then it was suggested she open another checking account to use for Paypal. Still sounds like a scam to try and get someone's personal info..."oh yes, and I can open that new account for you, just give me your info and I'll take care of that right now." (That's what I would imagine they might say, not quoting anyone here.) I have to say I trust pretty much nobody who contacts ME by phone, email or snail mail to "discuss" any personal info.
If Paypal is being hacked and bank accounts are being drained, it should be ALL OVER the news everywhere! And I would certainly think Paypal would warn you, not a bank that has to ask "do you use Paypal?" Scammers are waaay too clever!

 

yes, but my point is, if I get a banking e-mail in any of my other accounts then I know it's not from the bank. It's not so much that the "bank" account is safe to open everything, as it is that when I get spam on my Paypal e-mail accounts and other personal e-mail accounts, I don't even have to look at it to know the bank DIDN'T send it to me.

 

By the way, many government sites have information about how to combat "phishing" scams. For example, here are some handy tips from the Securities and Exchange Commission:
http://www.sec.gov/investor/pubs/phishing.htm

I've been seeing these scams for literally about the last 8 or 10 years so I'm always surprised when they're new to people, but then again I also meet people who aren't familiar with Nigerian banking scam e-mails either, so I guess there is a first time for everybody.

 

Guh, this thread is such a life saver! I just purchased my security key from paypal. *^*;

Just to give a little tip, [if it hasn’t already been said], usually when you enter into a secure website the “http” at the beginning of the URL turns to “https”, meaning it’s secure. I’m unsure, however, if phishers have found a way around this as well. T^T;

 

lolz I mentioned it earlier but they haven't found a way round it yet, ^^

 

Thanks for the heads up. Even if it is another one of those spoof email scams, it is always good to be reminded to be careful.

 

Hey guys! Do yourself a favor and NEVER CLICK THE LINK!!!! Hacking is BIG BUSINESS and these people have fake sites that look just like your banking site or even ebay. I heard about someone who got a "second chance offer" from an auction on ebay...they clicked the link and it went to a site that LOOKED EXACTLY like ebay, but was a hacking site. The girl was buying a car and the fake site even had a link to a fake CarFax site......they're out there and will get you if you're not careful....my husband works in internet security and his stories give me nightmares....