What to do after a PayPal Phishing Scam?
March 3, 2008 4:20 PM   Subscribe

My friend just - 30 minutes ago - entered a bunch of information in a PayPal phishing website. What should he do right now?

I looked up the other questions and see he can do a Fraud Alert, which I'll tell him about right after I ask this, but is there anything else he should do?

He gave to the website his:

Full Name
Social Security Number
Mother's Madien Name
A CC number w/ Security Code
Full Address (I guess for the CC)

I told him to call his CC and I'll show him the www.ftc.gov site.

He's nervous about what he just did, but I explained to him he can watch this post and see the answers as they come in.

posted by JulianDay to Work & Money (15 answers total) 9 users marked this as a favorite
The first things that come to mind:

1. He should login to PayPal and change his password immediately (I'm assuming he gave them that).
2. Call up the credit card company - they can issue him a replacement card with a different number, but they need to know that particular card has been compromised. It's a hassle, but then, so is dealing with identity theft.

Not sure what to do about the compromised SSN; other commenters can probably help more with that. But the first thing to do is get rid of the immediate ways he can get financially screwed: his paypal account and credit card numbers.
posted by captainawesome at 4:26 PM on March 3, 2008

put a fraud alert on the Big Three Credit Cards. Keep renewing every 90 days for awhile.
posted by 6:1 at 4:26 PM on March 3, 2008

Sorry-- Big Three Credit Bureaus.
posted by 6:1 at 4:27 PM on March 3, 2008

Contact PayPal and forward the e-mail he was sent. I would document all that he does, keep copies of e-mails, etc.. in case his identity is stolen.
posted by 6:1 at 4:29 PM on March 3, 2008

I read in some other AskMe that you can alert all of the major credit reporters (Equifax, et al) about compromised information or id theft. This way, even if the perp does apply for other credit cards or loans it won't ding you friend's score (and hopefully creditors won't be chasing after them.) Sorry, I don't have more info, but a google of id theft and credit reports should help.

Good luck!
posted by wfrgms at 4:29 PM on March 3, 2008

Oh, what 6:1 said
posted by wfrgms at 4:30 PM on March 3, 2008

He just told me he put in his Bank account number and PIN number, not his CC and security code.
posted by JulianDay at 4:31 PM on March 3, 2008

contact the bank and follow their fraud alert procedures similar to the CC company.

If you have another account with that bank, you should probably move the cash to that one. I wouldnt withdraw it all though, at least not immediatly.

Contact the bank, soon. See if they have a 24/7 hotline.
posted by T.D. Strange at 4:37 PM on March 3, 2008

1. Start with talking to Paypal to get account frozen and the account information changed.

2. Contact your credit card company and go through their process for this issue - They do have a process for this.

3. Read these articles from the FTC:


What To Do If Your Personal Information Has Been Compromised
posted by B(oYo)BIES at 4:37 PM on March 3, 2008 [6 favorites]

call the bank... but you already knew to do that...
posted by HuronBob at 4:38 PM on March 3, 2008

Get Firefox. Install the Google toolbar.

Both these things will help protect from phishing. There have been a few times where I've almost been tricked and Google's WHOA THIS IS A WEB FORGERY notice stopped me dead in my tracks.

Also, memorize this fact: None of your financial institutions will EVER EVER EVER ask you for that information, EVER. They verify your identity through obfuscated questions about previous loans and accounts elsewhere, that they have access to from your credit records.
posted by disillusioned at 5:02 PM on March 3, 2008

Call the Social Security Administration and ask them to temporarily password protect your number. 1-800-772-1213 It's a scorched earth solution (even credit reporting agencies won't be able to run a check without your permission) but it works.
posted by hojoki at 5:39 PM on March 3, 2008 [3 favorites]

The bank should be able to put a freeze on the account. That would stop all charges from automatically posting, and then they can call him each day to verify what charges (like mortgage payments and bills) should be paid. In the meantime, he can open a new account and begin setting up his bill payments and direct deposits there.
posted by saffry at 6:55 PM on March 3, 2008

Be sure to check out these previous threads regarding requesting 'fraud alerts' with banks and credit bureaus, etc.
posted by ericb at 12:19 AM on March 4, 2008

« Older Verizon or AT&T in NYC?   |   Cover letter for a full-time job that shouldn't be Newer »
This thread is closed to new comments.