Join 3,558 readers in helping fund MetaFilter (Hide)


paypal free money scam
March 18, 2010 11:42 AM   Subscribe

Unauthorized transfer of cash INTO my paypal account. What is going on?

Yesterday morning I bought something online and paid with paypal. There were actually two weird things about the transaction, which I didn't think too much of at the time:

1. On the first attempt, Paypal said the transaction failed. When I tried again it said my account was running in "limited" mode or something to that effect. I had to verify my password and security questions and then everything went back to seemingly normal.
2. After the account was back to normal, I retried the transaction, but this time I noticed that the funding source was a bank account that I never heard of (SUNTRUST BANK, fwiw). I changed the selection in the dropdown menu to select my actual bank. The transaction appears to have gone through fine the second time.

The reason I didn't think too much of #2 is because I just kind of assumed it was some really old checking account that I had at some point linked with Paypal and never got around to deleting. Ok, so there's a third weird thing - this mystery bank account was marked as the primary funding source, rather than my "real" bank account being marked as such.

Now for the really weird part. This morning I received an an email from paypal with subject "Bank Account Transfer Complete". The email was to inform that $1500 was transfered from my bank account into paypal. I never did such a thing. I got alarmed, and logged into paypal. Sure enough, I have a $1500 balance just sitting there.

I changed my paypal and email passwords. I filed a dispute with Paypal. As much as I'd love to have $1500 in free money, something is obviously all screwed up here.

In the meantime, what on earth might be going on here? It's either some paypal bug, where somebody's bank account was accidentally linked to my paypal account, or some kind of scam.

Any ideas? How alarmed should I be?
posted by jclovebrew to Work & Money (16 answers total) 1 user marked this as a favorite
 
This might sound like a stupid question, but are you sure that email was from Paypal, and that you logged in by not clicking on any links in the email?
posted by jangie at 11:53 AM on March 18, 2010


Umm, the 'limited mode' and 'verify your password and security question'... Did that come to you in an email, or did you follow a link from your email to the site that prompted that? That's a common phishing technique.
posted by WinnipegDragon at 11:55 AM on March 18, 2010


If it's real, MeMail me with step-by-step instructions to do what you did.

I keed, I keed. Are you 100% positive that you were actually dealing with PayPal? What you're describing could be a variant of a phishing scam that attempts to get you to "pay back" the $1500 to someone, from your actual bank account. BE CAREFUL and always make sure you check your browser's location bar to make sure you're really on the PayPal site. You might want to reset your PayPal password, just to be safe. I'm not sure how much critical data might be visible to someone who was able to log in as you, if your password did fall into the wrong hands. A thorough scrubbing may be in order.
posted by The Winsome Parker Lewis at 11:58 AM on March 18, 2010


The limited mode and security verification came while already logged in to the paypal account. I got to paypal while doing the "checkout" from the 3rd party vendor. I have no reason to suspect the 3rd party vendor of fraud, as they are a well regarded motorcycle part supplier.

As for today's email, there was no link to click on. I explicitly logged in to paypal to check things out.
posted by jclovebrew at 11:59 AM on March 18, 2010


Oh sorry, I just reread your original post and see you did reset your password.

I think you're on the right track by getting in touch with PayPal directly and letting them sort it out. I'm not sure what else I can offer here. :-)
posted by The Winsome Parker Lewis at 12:03 PM on March 18, 2010


Maybe it's a hack where they want to test if they can get in to your account (you did verfiy password, etc) and once in, they know they can also take money out.

Call PP immediately and let them know.
posted by stormpooper at 12:06 PM on March 18, 2010


Well, I just called Paypal directly. Evidently, someone must have gotten into my account (which, that alone is extremely alarming to me), and linked the other bank account. The paypal rep said they've seen this sort of thing before where someone gains access to a paypal account, transfers money in, and then intends to spend it by making paypal purchases. (I didn't ask and he didn't elaborate as to how they get the "victim" bank account in the first place).

They just put my account back into a limited mode, which means funds cannot go out of it, and they're sending me a secure id that I will have to use from now on when making paypal transactions.

I guess I better go change all the known passwords in my universe now.
posted by jclovebrew at 12:25 PM on March 18, 2010


So... do you get to keep the money?
posted by jerseygirl at 12:45 PM on March 18, 2010


doubt it, jerseygirl :)

but if i do, a round of drinks for everyone in the thread, on me
posted by jclovebrew at 12:49 PM on March 18, 2010


Wait - was the $1500 transferred from YOUR bank account, or the Suntrust bank account that showed up under your Paypal list?
posted by amicamentis at 12:53 PM on March 18, 2010


Yeah I doubt it too. Almost wonder if the money was actually stolen from someone's bank account.

Welp, you'll find out soon enough.
posted by jerseygirl at 12:54 PM on March 18, 2010


I got to paypal while doing the "checkout" from the 3rd party vendor. I have no reason to suspect the 3rd party vendor of fraud, as they are a well regarded motorcycle part supplier.

For the future, be aware that even a reputable vendor can have their website hacked so that you'll be redirected to a phishing site.

As The Winsome Parker Lewis advised, make sure you check the URL. The address must start with "https" not just "http." If you only see "http" then it is NOT a secure transaction and it definitely is not Paypal. Also look for a lock icon in the status bar at the bottom of your browser. Not somewhere on the webpage, but in your browser.

You should contact the site admin of that parts supplier and let them know that they may have been hacked.
posted by keep it under cover at 1:04 PM on March 18, 2010 [2 favorites]


You should also consider wiping your harddrive, putting a temporary credit freeze on yourself, and changing all of your passwords again. There's a possibility your info was stolen via a keylogger or trojan. I'd also contact PayPal again and try to get more info out of them.

You should try, as best you can, to determine the source of this security lapse or it could just happen again, perhaps with even worse consequences. What if someone uses your info to open up other credit accounts and you don't find out about it until months later? Cleaning up the mess from identity theft is a giant pain in the ass. Be proactive and get to the bottom of this.
posted by LuckySeven~ at 4:10 PM on March 18, 2010 [1 favorite]


Incidentally, this is the exact scenario that finally got me to use a password manager, so I could have truly secure passwords (and in PayPal's case, that security token) for every financial site.

My passwords all look like this now: 0X)(2D\%+aUL*LrC*=Y/

I recommend KeePass.
posted by CrayDrygu at 4:23 PM on March 18, 2010 [1 favorite]


An additional step to LuckySeven's would be to make sure you're using WPA2 instead of WEP wireless encryption at home. It's easily hackable and then they could sniff your traffic. Perhaps not SSL encrypted traffic (although there are some Man-In-The-Middle attacks for that) but if you use the same password for several sites (including Paypal) and one of those sites is a non-SSL site, they could try it with your email address in Paypal and gain entry. The same warning goes for browsing at coffee shops or any open access point.

This is also why I have Paypal connected to a Paypal specific bank account instead of my regular bank account. The most they'll get is the $100 or so I keep in it.
posted by sharkfu at 5:34 PM on March 18, 2010


A couple months ago in Vancouver, there was a massive debit card fraud ring where they were able to credit active debit cards for existing accounts. The thieves then spent several weeks buying, selling, and returning stuff through a wide variety of hacked bank accounts.

One of their tricks was to move money out of account A and into account B, then spend from B (except they involved C, D, E and F too). The point was to avoid tripping fraud alarms by avoiding driving account balances to or through zero--instead, the activity pattern was simply a high volume of purchases that was covered by deposits, leaving an incredibly tangled trail to follow.

My bank called me to check my activity, and sure enough, going back four days, there was an absurd pattern of transactions on my account that had left me about $5,000 up from the last transaction I knew I'd made. After submitting paperwork (mainly an affidavit saying which transactions weren't mine) it was all rolled back, the account was frozen, and a new account created for me.
posted by fatbird at 7:20 PM on March 18, 2010


« Older I'm a sophomore in college who...   |  Which version of Quickbooks I ... Newer »
This thread is closed to new comments.