Help My PayPal Account Was Phished
Today the unexpected happened; I was the victim of a PayPal phishing attack, even so I claim to be one hell of a smart cookie with web security. And before you ask, no, I didn’t click on a link in an email. I’m not THAT stupid. What I did instead is to type the URL into my browser by hand, and stupidly enough I never included the https:// bit. Call me slack, call me silly, but that’s what happened.
I then went to get some email address to pay one of my writers, and when I came back to the PayPal tab I was exposed to a tabnabbing attack. I never knew that something like this existed, and after I realized I got done I found the above article at Mashable. Scary, scary stuff this is.
The dangers of not using https:// before the domain
I realized soon enough that something was indeed phishy when I was suddenly facing a new PayPal page with the URL www.paypal-business.com or some similar sub domain. It had all the right looks, the right logos. I would have never realized that it was a phishing attempt except I clicked their security thingy in the broswer and was told it was from PayPal Singapore. What the…
PayPal is definitely NOT beaming their magic around the world from Singapore now do they?
By trying to use the login shortcut and leaving out the https:// bit before the domain name I somehow got misdirected to a phisher. Beats me how, but that’s what happened. To put a long story short I’m now experiencing limited account access. I can can see my account overview, but that’s about it. I did change my passwords and security questions right after the attempt. In fact, PayPal got wind of it somehow and prompted me to do this. I double-checked the URL before I went ahead and it seems I was dealing with the REAL PayPal on the second attempt. Lucky for me I’ve switched to sms login as an added security not so long ago.
I’d hate to think of what would have happened had i not had this extra security measure in place. Right now I can’t pay anyone money, I can’t make a bank transfer, nor can I request money at this stage. But having said this, I still have my money in the account. This made me realize how exposed we are when we rely on PayPal as the main merchant of choice.
Getting back to business as usual
To get my account fully functional I now need to verify it. Needless to say I’m not happy about this at all. I’m not even sure if there are alternatives to PayPal for Aussie service providers? The trouble is that most Internet marketers are so used to using PayPal that trying to get paid with another merchant has got to be a nightmare in itself, or is it?
I would certainly appreciate any insights from you if you think you can point me to a great alternative. I don’t mind paying monthly fees for a good merchant if it allows me to get paid via PayPal from clients around the world.
How to protect yourself from phishing attempts
There are some measure you can take to avoid this from happening to you:
- Never click on any hyperlinks from within an email. If your bank sends you an email, it is likely a phishing attempt. To find out for sure, open a new tab, type the full secure URL of your bank (including the https:// and see whether your account was really stolen, as was claimed in the email.
- Always use the secure login URL if you are trying to access sensitive accounts. Don’t follow suit with my bad example.
- Use secure password managers
- Never use your password twice online. Always generate complicated strings of letters, numbers and symbols.
- Keep your computer’s software up-to-date.
- Use a good anti virus/security suite to browse the Internet.
- Don’t believe a word in the Nigerian prince’s email when he offers you a cool million for helping him to unlock his heritage.
- Check website security seals if you suspect foul play.
- Stay alert when browsing the Internet.
Have you been a victim to a phisher before? Tell us more…
Monika
More Options Print This Page! Subscribe With RSS Reader Subscribe by EmailFiled under Internet Marketing |
Related posts: |
35 Responses to “Help My PayPal Account Was Phished”
Trackbacks/Pingbacks
-
[...] Help My PayPal Account Was Phished [...]
-
[...] a regular reader of Alex’s Internet marketing blog you might have seen my recent post about getting my PayPal account phished due to a tabnabbing attack. I’m happy to report that my account access has been fully [...]
Thank you for sharing your experience, and about this;
“Don’t believe a word in the Nigerian prince’s email when he offers you a cool million for helping him to unlock his heritage.”
I got so many emails similar to this one, and with different countries.
Jen Well´s last blog ..55 ClickBank Review Articles
Hello Jen,
I believe this type of phishing attack will annoy a lot more online marketers because it seems to be so new. It is therefore important to make sure we spread the message to help each other.
Monika Mundell´s last blog ..Join The VIC Membership
Rerouted? Clever. Sorry for you though, keep us posted on the outcome.
Dennis Edell´s last blog ..I Figured it Out! Plus – I Need HELP Locating a Plugin
Hello Dennis, yeah damnit it is clever, I just wish those thieves would use their knowledge to do something good instead.
As it stands I’m waiting for approval to get full access to my account again. Can’t make any payments, can’t request any either. Sucks!
We joke all the time about, “if they only used their powers for good not evil.”, but how true it is, huh.
Dennis Edell´s last blog ..You’re Distracting Me – I’m Unsubscribing
Sheesh… I never knew something like that could happen. At least you were aware enough to suspect something was going on and take immediate action.
I had a worse experience when someone got a hold of my details and got my bank debit card (which was attached to my PayPal account) and decided to use it to mail their many packages via UPS. Drained my bank account dry. Learned a lesson then: Use a separate bank account for PayPal, change your password every so often, and don’t tie any cards to the account.
Alan Mater´s last blog ..Adapting Your Style- Make Your Writing Work for You
Hello Alan, neither did I until it happened. I guess I’m always looking to protect my data so that might have helped me see the apparent attack right there when it happened.
Like you I’m using a separate bank account for PP because of the obvious reasons. I also use a prepaid debit card to protect my normal credit card.
That sucks! Something like this is going around on Facebook as well, it will redirect you to a page that is almost identical clone, then when you login with your info, it says temporarily unavailable and down. Then it redirects you to the real Facebook page.
I always make sure to double check my urls.
Thanks for the information.
Pls what do you mean by the statement
“Don’t believe a word in the Nigerian prince’s email when he offers you a cool million for helping him to unlock his heritage.”
Prince Ade-Johnson´s last blog ..Hello Sweatheart!
Hello Prince AJ, that was a cheeky reference toward the annoying “help me I can’t access my heritage email spam.”
Wow! not good Alex and I do feel for you. I am off to change a few things since reading your story and some of the ideas in the comments.
Lorrette´s last blog ..Dear Diary – Flatulence- Shooting Ducks and an iPod!
Lorrette,
It is a blog post by my editor
Thank you by my account is safe!
Gee Sorry to hear about that Monika, but do appreciate the information. I had never heard of this kind of phishing. Plenty of other kinds, but not this. Again hope you get everything back to normal soon.
Herschel´s last blog ..Tips For Good Copywriting
Hello Herschel, thanks for the kind words. Like you I never knew tab nabbing existed. I got my account back, after having to verify it several ways. It was scary, but a strong warning of what NOT to do when browsing online.
Scary! Has anyone used Google Checkout? It appears to be similar to PayPal, including similar charges.
Would you trust Google more? Would your customers?
Any money system that is successful is going to attract criminals. I guess we just have to help remind each other to be vigilant and stay ahead of the scammers.
Thank you for this one. I wlll type the whole URL from now on.
I worry about buying from small on-line vendors who seem to be using PayPal. Sometimes I wonder if they are legitimate—and if their connections are secure. How can a customer tell?
Kathleen Gresham´s last blog ..Making Graphics for Fun and Relaxation
Hello Kathleen, I think you mustn’t worry with PayPal. It’s just the URL phishing which can happen to any site. Like you said, crims target money related merchants because they can benefit from this if they are successful.
If you type the whole URL in the browser you should be fine. As a payment processor, PayPal is great.
Good post.We all need to be reminded to be alert,thank you.
Reading your post reminded me that I, too, have to be careful with http:// URLs, even though I used to be working in IT security, up to expectations regarding any attacks including phishing.
You were lucky that the phishing attacker didn’t succeed in stealing money from your PayPal account. Now, you only have to verify your account, which is much better than having it frozen for 6 months.
Very true Mark, I guess we get complacent with our online security behavior. Got the account back so nothing too bothersome in the end.
In order to avoid this kind of events I suggest you withdraw your paypal funds every week or every 15 days and dont keep too much money on your paypal account.
Jamelia´s last blog ..Making Money from WordPress
Regularly cashing out of PayPal is a good idea if you make a reasonable amount of money. PayPal fees for transferring money to your bank account are said to be remarkably high, and depending on where you live this is the only option.
I recently learned that in the US it is possible to cash out by means of ATMs, which is great. Yet, this from of PayPal is not available to everyone.
Mark, your info is incorrect. Transfer fee to bank account are non-existent. Its free, I know because I do it every month and for decent sums each time.
I second what Alex said, I transfer large amounts myself and it costs nothing to deposit money into my bank. By the way, account is back on track now.
Yep, nuff said.
I apologize for the wrong information, I was made to believe that way in another forum.
I happy to have found a better place for accurate infos, sorry again – Mark
Hey Mark,
The sad part is that bad information easily spreads through forums. I’m glad you could finally get the right information!
Alan Mater´s last blog ..Transcription Crash Course Review – Become a Home Transcriptionist Today
Great post thanks for sharing!
I believe this type of phishing attack will annoy a lot more online marketers because it seems to be so new. It is therefore important to make sure we spread the message to help each other.
I had no idea that you could get slammed like this simply by not using the https! Thank you for this update and I will be more careful in the future.
Jim´s last blog ..Top Email Providers
Wow,
That was a close call, it could have been much worse. At least you still have the money in your account. But they pain of getting everything else working properly again…….
It’s just crazy!
Mark´s last blog ..Advertisers…stop by and visit
I like your blog, thanks for the info on your paypal experience, thank god everything was ok.
Richard McDonald´s last blog ..Internet TV success – This is just the beginning
Your tips are very useful to be safe from phishing attacks.
There is another safe way to avoid phishing in addition to your second point of your first tip “open a new tab, type the full secure URL of your bank (including the https:// and see whether your account was really stolen, as was claimed in the email.”
Instead of opening it in another tab, I use to open in another browser itself. That means, if mozilla firefox is my favorite browser and I’m using it to browse internet now, i will open that new address in internet explorer which is more safe. This can prevent even if that website load some java script or some thing to hack our stored password in our browser since we are using another browser.
I would like to hear comments on this from all of you. Thanks
pratish´s last blog ..BMS Results 2010
You should look into 2CheckOut which costs a one time $50 fee and acceptes quite a host of paymemt providers including online checks, Visa, MasterCard, Discover, American Express, Dinners, JCB, debit cards with the Visa and MasterCard logo, FXSource®, PayPal®, and PayPal Pay Later®.
Udegbunam Chukwudi´s last blog ..How To Organize Your WordPress Posts In Categories
Thanks for sharing this – I had never come across this before.
Chloe´s last blog ..Some thoughts on automation and implications for small business seo