Comments on: What to do after a PayPal Phishing Scam?

Question: What to do after a PayPal Phishing Scam?

JulianDay — Mon, 03 Mar 2008 16:20:00 -0800

My friend just - 30 minutes ago - entered a bunch of information in a PayPal phishing website. What should he do right now?

I looked up the other questions and see he can do a Fraud Alert, which I'll tell him about right after I ask this, but is there anything else he should do?

He gave to the website his:

Full Name
Social Security Number
Mother's Madien Name
A CC number w/ Security Code
Full Address (I guess for the CC)

I told him to call his CC and I'll show him the www.ftc.gov site.

He's nervous about what he just did, but I explained to him he can watch this post and see the answers as they come in.

Thanks.

By: captainawesome

captainawesome — Mon, 03 Mar 2008 16:26:01 -0800

The first things that come to mind:

1. He should login to PayPal and change his password immediately (I'm assuming he gave them that).
2. Call up the credit card company - they can issue him a replacement card with a different number, but they need to know that particular card has been compromised. It's a hassle, but then, so is dealing with identity theft.

Not sure what to do about the compromised SSN; other commenters can probably help more with that. But the first thing to do is get rid of the immediate ways he can get financially screwed: his paypal account and credit card numbers.

By: 6:1

6:1 — Mon, 03 Mar 2008 16:26:36 -0800

put a fraud alert on the Big Three Credit Cards. Keep renewing every 90 days for awhile.

By: 6:1

6:1 — Mon, 03 Mar 2008 16:27:32 -0800

Sorry-- Big Three Credit Bureaus.

By: 6:1

6:1 — Mon, 03 Mar 2008 16:29:40 -0800

Contact PayPal and forward the e-mail he was sent. I would document all that he does, keep copies of e-mails, etc.. in case his identity is stolen.

By: wfrgms

wfrgms — Mon, 03 Mar 2008 16:29:44 -0800

I read in some other AskMe that you can alert all of the major credit reporters (Equifax, et al) about compromised information or id theft. This way, even if the perp does apply for other credit cards or loans it won't ding you friend's score (and hopefully creditors won't be chasing after them.) Sorry, I don't have more info, but a google of id theft and credit reports should help.

Good luck!

By: wfrgms

wfrgms — Mon, 03 Mar 2008 16:30:09 -0800

Oh, what 6:1 said

By: The corpse in the library

The corpse in the library — Mon, 03 Mar 2008 16:31:04 -0800

Here's how to do a fraud alert.

By: JulianDay

JulianDay — Mon, 03 Mar 2008 16:31:07 -0800

He just told me he put in his Bank account number and PIN number, not his CC and security code.

By: T.D. Strange

T.D. Strange — Mon, 03 Mar 2008 16:37:05 -0800

contact the bank and follow their fraud alert procedures similar to the CC company.

If you have another account with that bank, you should probably move the cash to that one. I wouldnt withdraw it all though, at least not immediatly.

Contact the bank, soon. See if they have a 24/7 hotline.

By: B(oYo)BIES

B(oYo)BIES — Mon, 03 Mar 2008 16:37:13 -0800

1. Start with talking to Paypal to get account frozen and the account information changed.

2. Contact your credit card company and go through their process for this issue - They do have a process for this.

3. Read these articles from the FTC:

IF YOUR INFORMATION HAS BEEN COMPROMISED, BUT NOT YET MISUSED

and

What To Do If Your Personal Information Has Been Compromised

By: HuronBob

HuronBob — Mon, 03 Mar 2008 16:38:10 -0800

call the bank... but you already knew to do that...

By: disillusioned

disillusioned — Mon, 03 Mar 2008 17:02:48 -0800

Get Firefox. Install the Google toolbar.

Both these things will help protect from phishing. There have been a few times where I've almost been tricked and Google's WHOA THIS IS A WEB FORGERY notice stopped me dead in my tracks.

Also, memorize this fact: None of your financial institutions will EVER EVER EVER ask you for that information, EVER. They verify your identity through obfuscated questions about previous loans and accounts elsewhere, that they have access to from your credit records.

By: hojoki

hojoki — Mon, 03 Mar 2008 17:39:24 -0800

Call the Social Security Administration and ask them to temporarily password protect your number. 1-800-772-1213 It's a scorched earth solution (even credit reporting agencies won't be able to run a check without your permission) but it works.

By: saffry

saffry — Mon, 03 Mar 2008 18:55:31 -0800

The bank should be able to put a freeze on the account. That would stop all charges from automatically posting, and then they can call him each day to verify what charges (like mortgage payments and bills) should be paid. In the meantime, he can open a new account and begin setting up his bill payments and direct deposits there.

By: ericb

ericb — Tue, 04 Mar 2008 00:19:14 -0800

Be sure to check out these previous threads regarding requesting 'fraud alerts' with banks and credit bureaus, etc.