PureBasic Forums - English

I got an email today from paypal, a receipt for a payment of 999 euros to someone I've never heard of. There's not that much money in my account but Paypal is making a withdrawal from my bank. I've opened an investigation on Paypal and called the bank with a stop payment for the precise amount in CDN funds, so hopefully this theft won't succeed. But - we're very careful of phishing here and we never follow a link in an email from an unknown source, so we're wondering how this could have happened. Does anyone know of Paypal being hacked recently? We just can't figure any other way this could have happened. All computers here test virus-free.

Every once in awhile I get bogus emails that look like PayPal but there not, claiming antivirus software and such was just purchased, I ignore them. If it is phishing you should be able to hover your mouse over the links and see what the address really is. May be off by only one or two letters.

Just logged into Paypal and found these 2 graphics, never seen them before:




This is an account I've had for years, which makes the "you're almost done" wording suspicious. And Paypal would know my account setup was complete long ago. Something like this, if they offered it, it would be an option. I think Paypal has been hacked.

Hi NM,

> a receipt for a payment of 999 euros to someone I've never heard of

As a seasoned PayPal user I can tell you that's just a scam email,
and not from PayPal at all. I see emails like this all the time, and
not just for PayPal, but for my real bank. I wouldn't stress over it.

> Paypal is making a withdrawal from my bank

Doubt it. You said "making", so has it actually happened? I bet not.

Just delete the email and don't respond or worry about it. However,
if it does turn out to be true, you can just dispute it with your bank.
Don't even get PayPal involved. Make your bank dispute it for you
with PayPal. You'd get a refund because you never authorised it.

BTW, this is why I have 2 bank accounts. One is my regular one,
and one specifically for PayPal. When I get a payment by PayPal,
I transfer the money to my regular one so PayPal can't touch it.
The PayPal account usually has $0.00 in it until I need it.

Lastly, see what PayPal has to say about identifying scams:

https://www.paypal.com/au/webapps/mpp/phishing

I actually got an email notification of a withdrawal from a "Sergey Rhozenko" for $190 for an item he claimed I had purchased. Never heard of him and the item was unspecified, that was also suspicious.

Legitimate paypal transaction (Which I checked in my paypal login) and PayPal had removed the money from my bank account.

Bogus user and item and I traced it to a Russian site but no mention of the person there nor the service or item claimed.

Opened up a dispute with PayPal and they attempted to contact them with no result and I got the money back. Subsequently removed all bank account details from PayPal and I now pay the slow way for everything.

PayPal explained that I probably used the same password on too many other places and an automated robot captures these randomly and then uses another robot to try them all on sites like this until one works.

I must remember to always change passwords at random.

If you have ever registered with Adobe, then that is probably where they got your details from.........

about passwords, I started using a javascript password generator found at this site http://ss64.com

about passwords, I started using a javascript password generator found at this site http://ss64.com

Well that is not a good idea because the author of that site now has all of your passwords............

I see you did not check it out

This password generator works using Javascript, entirely within the page, no data is ever passed back to my server. Notwithstanding this, it is a very good idea to save your own copy of this page. Keeping your own copy ensures that the password generator will still be available to you even if this website goes off-line. You can also View-Source and see exactly how the javascript works, copy it to a USB stick, email it to yourself, even upload it to your own website (it’s open source.) There are no dependent files, just save as a single HTML file.

I use the extra strong version http://ss64.com/pass/

You are trusting the word of someone you have never met or know anything about. The reality is, it could be a well-defined scam giving all the comfort phrases necessary to entice you to oblivion. Sure, it could well be completely genuine, but I don't think the risk is justified.

If you want safe passwords, write your own private app in PB.

Hi IdeasVacuum,

Sounds like very good advice to me.

Someone could have hacked your computer and stolen the passwords saved in your browser to get access to your PayPal account. I did that once, I stole 5 dollars (donated them to a good case) as a proof of concept

Joakim Christiansen wrote:Someone could have hacked your computer and stolen the passwords saved in your browser to get access to your PayPal account.

Do you mean someone may really let the browser store his banking, paypal and similar sensitive passwords ?
Why don't publish them on facebook then.



@netmaestro, here you can find the text of some scam email "from" paypal -> http://www.millersmiles.co.uk/search/PayPal

But you didn't get one, right ? Just got the email for the movement on the paypal account.
If that's what happened, seems like your credential have been used to authorize it and so probably your account has been compromised. Did you keep your login data in some vulnerable place on the PC ?

I seem to remember you got some unwanted guest on your PC before, maybe you should consider tightening up security for the future, clearly you are vulnerable in some way, unless as you say paypal got hacked. But the simplest answer often is the right one.

Thanks for the replies, they were all helpful! The problem does seem to be that I used the same password in too many places and I did use it at Adobe in the last few months. I won't be doing that anymore. Anyway I was able to get ahead of this within a couple of hours of the theft and the stop payment at the bank succeeded so - Whew!

Alec Baldwin in 'State & Main' wrote:So that happened...!

netmaestro; I am glad you got it sorted and were able to get the stop payment in time. That is a hefty chunk of money to be worried about.