Discussion
Got an email from paypal last night saying that I'd made a payment to ASOS for a sweatshirt for just shy of £100 when I did not. Phoned paypal immediately who blocked the transaction and said they'd block the account for the time being. Also contacted ASOS and they've cancelled the transaction as well.
So....I get an email this morning from paypal saying someone has authorised a £500 transaction from my bank account into my paypal account!! Phoned up HSBC who said they can't see any evidence of that transaction, then phoning paypal they said it MAY have gone through and need to phone bank....so I call the bank again and they aren't able to block it if it has gone through.
Funny thing is though.....with the online order with ASOS....I've got a delivery name and address....and it's for someone in student accommodation in Birmingham.
I mean....paypal are looking into it and will be ringing me back at some point. HSBC are aware of it, I've called the police and I need to file a report over the phone which takes about 15-20mins so I'm going to call them at lunch time when I get the chance....Anything else I should be doing? Aside driving up to Birmingham with some empty cans of red bull to throw at this
?
So....I get an email this morning from paypal saying someone has authorised a £500 transaction from my bank account into my paypal account!! Phoned up HSBC who said they can't see any evidence of that transaction, then phoning paypal they said it MAY have gone through and need to phone bank....so I call the bank again and they aren't able to block it if it has gone through.
Funny thing is though.....with the online order with ASOS....I've got a delivery name and address....and it's for someone in student accommodation in Birmingham.
I mean....paypal are looking into it and will be ringing me back at some point. HSBC are aware of it, I've called the police and I need to file a report over the phone which takes about 15-20mins so I'm going to call them at lunch time when I get the chance....Anything else I should be doing? Aside driving up to Birmingham with some empty cans of red bull to throw at this
?eybic said:
I had similar albeit with smaller amounts a few years ago. The bank will give you your money back and do nothing, the police can't act on your say so as you haven't lost out, the bank are considered the victim and wont report it or do anything as it makes their stats look bad.
You could perhaps cancel your direct debit with paypal in the meantime.
It's a shame but I doubt very much that any action will be taken.
Well luckily nothing has actually been taken out of my account at the moment, even my "available balance" has not dropped....so there's hope that the £500 will never actually be taken from my account. I do want to see if they can be prosecuted simply for putting me through the stress/hassle and for my time. You could perhaps cancel your direct debit with paypal in the meantime.
It's a shame but I doubt very much that any action will be taken.
He's in student accommodation in Birmingham, wonder what the university would say....
eltawater said:
The thing about student accommodation is that they tend to have central delivery offices and communal pigeon holes, relying upon students to check and pick up items on a regular basis.
I'd hazard a guess that the supposed recipient knows nothing of this fraud and that the package will be intercepted by the real perp once it arrives on campus and becomes difficult to track.
This....but could one not alert the uni to thoroughly check the ID for anyone looking to pick parcels up from said address....no?I'd hazard a guess that the supposed recipient knows nothing of this fraud and that the package will be intercepted by the real perp once it arrives on campus and becomes difficult to track.
The Spruce goose said:
how did they get your password? do you use the password elsewhere as i would change them all, email as well.
This was my thinking, I'm going to do this at lunch when I get the chance. I don't use the same PW for every account, but it's worth me going through all my various accounts and changing it to help. PayPal one already done, of course.trowelhead said:
E65Ross said:
This was my thinking, I'm going to do this at lunch when I get the chance. I don't use the same PW for every account, but it's worth me going through all my various accounts and changing it to help. PayPal one already done, of course.
Could have been via a fake paypal email, you "logged in" unknowingly into a compromised page (that looked identical to pp)Spoken to PayPal and that £500 transaction appears to have gone through. What takes the piss is that they have said that they cannot stop the money from coming from my bank account and into my PayPal account, and I've been asked to log into paypal on the 30th November (when the money is meant to clear) and then transfer the £500 straight back from paypal into my bank again. Why the fk can't paypal do this for me?
Secondly, my bank, HSBC, said they can't see the transaction as pending (they said that's very unusual and that possibly the £500 HAS been blocked from paypal) but they cannot block said transaction, and that they'll only look into it if/when the money gets taken out.
So basically, I have to keep looking at my available balance, and if it drops by £500, it's only then when HSBC can do something.
Feel a bit violated and pissed off to be honest.
k can't paypal do this for me?Secondly, my bank, HSBC, said they can't see the transaction as pending (they said that's very unusual and that possibly the £500 HAS been blocked from paypal) but they cannot block said transaction, and that they'll only look into it if/when the money gets taken out.
So basically, I have to keep looking at my available balance, and if it drops by £500, it's only then when HSBC can do something.
Feel a bit violated and pissed off to be honest.
eybic said:
E65Ross said:
Spoken to PayPal and that £500 transaction appears to have gone through. What takes the piss is that they have said that they cannot stop the money from coming from my bank account and into my PayPal account, and I've been asked to log into paypal on the 30th November (when the money is meant to clear) and then transfer the £500 straight back from paypal into my bank again. Why the fk can't paypal do this for me?
Secondly, my bank, HSBC, said they can't see the transaction as pending (they said that's very unusual and that possibly the £500 HAS been blocked from paypal) but they cannot block said transaction, and that they'll only look into it if/when the money gets taken out.
So basically, I have to keep looking at my available balance, and if it drops by £500, it's only then when HSBC can do something.
Feel a bit violated and pissed off to be honest.
And so it starts, if it does go, they will treat you like a criminal and get you to fill in some forms for them to decide whether they believe you or not.k can't paypal do this for me?Secondly, my bank, HSBC, said they can't see the transaction as pending (they said that's very unusual and that possibly the £500 HAS been blocked from paypal) but they cannot block said transaction, and that they'll only look into it if/when the money gets taken out.
So basically, I have to keep looking at my available balance, and if it drops by £500, it's only then when HSBC can do something.
Feel a bit violated and pissed off to be honest.
I've got £25k in 3 different accounts with HSBC, if they can't make me feel secure then I'll take my business elsewhere. It's really got me thinking about just closing my paypal account. Although I've been using it quite a lot on ebay to sell stuff over the past 6 months so it's been very useful for that....so not sure what to do really. I certainly suspect my confidence in it will be low for some months to come yet.
CoolHands said:
No help but out of interest how good was the password? Since I've started using lastpass I've made some high-risk websites like ebay and paypal extremely secure with long random character passwords.
A definite help.... I've just downloaded that, have changed my PayPal password yet again to something even more secure. My original password was 10 characters long, 1 number, 1 symbol, 7 lower case and 1 upper case letter.... Over the next few days I'll use lastpass to generate some lengthy secure passwords and have a different password for each account, and 1 secure password for my lastpass account.
Ultimately you want that password to be very secure, do you just choose one, or do you have a totally random password for that? I could always generate a secure one, and keep that in a spreadsheet file/document on my pc which could be encrypted, but not sure if that's a bit far? Many thanks for that!
Oh, and do you regularly change passwords for various accounts?
CoolHands said:
I wouldn't use another password programme to remember the lastpass master password. I just trust lastpass to do their job properly (which they do). So you just need one decent master password for lastpass, and don't forget it!
I use different passwords for all websites / forums etc. for forums I just use 8 or 10 random letter passwords as I'm not worried about them getting cracked, and if you ever need to type them in (on your phone for example) you don't want it too difficult to type.
but as I say, with high risk ones like paypal I use 12 or 14 random character including symbols (you can choose whether or not to include symbols when generating the password) passwords that you copy & paste when required. I change those ones periodically approx every 6 months.
That's great. I've just changed my PayPal password for something that's as secure as they'll let me (20 characters max, includes numbers, symbols etc) as well as my amazon and American Express passwords. When I get the chance I'll use it for all various accounts. I use different passwords for all websites / forums etc. for forums I just use 8 or 10 random letter passwords as I'm not worried about them getting cracked, and if you ever need to type them in (on your phone for example) you don't want it too difficult to type.
but as I say, with high risk ones like paypal I use 12 or 14 random character including symbols (you can choose whether or not to include symbols when generating the password) passwords that you copy & paste when required. I change those ones periodically approx every 6 months.
Good to be able to choose password length etc and it's good being able to copy/paste the password from either the web browser plugin on the computer or their app which I've now got on my phone.
Great recommendation which I really appreciate. Feel a bit more confident now! Time will tell. I'll keep you posted as to what happens with that £500 transaction and whether any other suspicious activity takes place over the next week or so.
Otherwise, is there anything else worth doing? Cheers.
Edited by E65Ross on Wednesday 23 November 22:05
the only issue is you can't generate a password from within the "vault"/website. You need to use either the phone app or the browser plugin. No real biggy but it'd be nice to be able to do it from within the vault.
I've used it to change various passwords today and tomorrow when I get more time I'll do lots more. I've changed my bank account login password (and security questions, paypal, amazon, my American Express and facebook....need to change email, ebay and a few others which also store my card details.
Thanks so much for the recommendation....great programme!
I've used it to change various passwords today and tomorrow when I get more time I'll do lots more. I've changed my bank account login password (and security questions, paypal, amazon, my American Express and facebook....need to change email, ebay and a few others which also store my card details.
Thanks so much for the recommendation....great programme!
CoolHands said:
It's sometimes a bit awkward to use, in various ways. But overall it's worthwhile. But you can generate inside the vault - click on the three small dots on the bottom left of the screen, below where the gear cog symbol. Then click Advance, and nearly at the bottom of the next screen is Generate Secure Password
I don't seem to have that option, oddly!I've just upgraded to premium....not because I need to, but I figure they're offering a decent service so only fair to pay for it, it's very cheap too. No ideas on the benefits between premium and free versions, though!
Well, just to cap this thread off....
The money cleared into my PayPal account yesterday and I immediately transferred it back to my bank....so no money lost in the end.
I have been religiously using Lastpass with every single account I have, and every account has a totally different password. For the sites that utilise it (Gmail, Amazon, PayPal, Lastpass, Facebook...) I am now using 2-way verification using the authenticator app on my phone. My only concern with this is if I happen to lose my phone....or what happens when I upgrade my phone? I'll have to go into each website and change that some how I'm guessing? It'd be worse if I lose the phone, I'm guessing when you change phones you can still access it using the old phone, then change the settings from within the site to allow a new device, but getting in without the old device (if it's been lost) would be harder. I've also changed all my security questions etc and, in some instances, the answers are somewhat different to the questions, but in the notes section in the site on lastpass I have the answers there.
Thanks for the help chaps, certainly an eye opener and I now feel MUCH more secure. I haven't really checked yet, but I'm guessing you can log into lastpass on a machine that doesn't have the lastpass browser plugin via their website?
Finally....how often does one change their master password? At the moment mine is pretty secure, and what with requiring 2-way verification I'm not sure how anyone with my password could access my vault anyway....?
Cheers
The money cleared into my PayPal account yesterday and I immediately transferred it back to my bank....so no money lost in the end.
I have been religiously using Lastpass with every single account I have, and every account has a totally different password. For the sites that utilise it (Gmail, Amazon, PayPal, Lastpass, Facebook...) I am now using 2-way verification using the authenticator app on my phone. My only concern with this is if I happen to lose my phone....or what happens when I upgrade my phone? I'll have to go into each website and change that some how I'm guessing? It'd be worse if I lose the phone, I'm guessing when you change phones you can still access it using the old phone, then change the settings from within the site to allow a new device, but getting in without the old device (if it's been lost) would be harder. I've also changed all my security questions etc and, in some instances, the answers are somewhat different to the questions, but in the notes section in the site on lastpass I have the answers there.
Thanks for the help chaps, certainly an eye opener and I now feel MUCH more secure. I haven't really checked yet, but I'm guessing you can log into lastpass on a machine that doesn't have the lastpass browser plugin via their website?
Finally....how often does one change their master password? At the moment mine is pretty secure, and what with requiring 2-way verification I'm not sure how anyone with my password could access my vault anyway....?
Cheers
PositronicRay said:
What happens if lastpass gets hacked?
All of your passwords are encrypted locally, not on their end, so even if they got hacked, they wouldn't get your passwords anyway. Is that what you were asking? Or do you mean if someone got my lastpass pasword? If so....then they still need to pass 2-way verification.PositronicRay said:
E65Ross said:
PositronicRay said:
What happens if lastpass gets hacked?
All of your passwords are encrypted locally, not on their end, so even if they got hacked, they wouldn't get your passwords anyway. Is that what you were asking? Or do you mean if someone got my lastpass pasword? If so....then they still need to pass 2-way verification.Sorry for the numpty questions, what happens if I need to log on from another device?
Perik Omo said:
Late to this thread but my PayPal account was "hacked" last week too. Had about €1800 spent at a French online retailer. They made a small credit to the account of €1,79 and then later the same day made three large purchases. I only found out when I started to get purchase confirmations in my email, the address used looks to be a restaurant below some apartments in 75019 Paris. The Paypal account had been set up by me in February to purchase some luggage labels from the USA and Paypal was the only way to pay and hadn't been used since. Had good service from my bank who stopped any payments going to Paypal and cancelled/re-issued my debit card. I notice that PayPal have done somethng to my account as I can no longer access it to see what's happened to the transactions, I did report the frauds to Paypal but never heard anything from them.
If you can't access it, it's possible the hackers have changed your password. I'd definitely be back on the phone to PayPal.In other news related to this thread, I have downloaded a programme called VeraCrypt....it's basically an encryption programme where you can create a file of any given size, and using VeraCrypt you can open it as if it's like a portable hard drive. You just have to set a password for it and use that to open it. Once you close it, the effective "portable hard drive" disppears and any files stored within it are hidden. I've created a spreadsheet which is effectively a copy of everything in my LastPass account. I've done this if, just in case, LastPass goes down or for some reason I can't access it or for any other reason.
I used to use TrueCrypt years ago but that's now defunct, but this seems almost identical, and it's a very good piece of kit.
Must say I'm loving LastPass....little more hassle but definitely feeling a lot safer with it. I have also made it so my browser doesn't store my passwords, cookies or any history at all....which can't hurt. Just means a bit more typing.
Since this hacking business I've become a bit of a stickler for security now.... Perhaps a bit obsessive but better that than the other way.
I have obviously set up lastpass for every single one of my accounts with totally different passwords for every account (where possible every password has totally different characters and 30 characters long), I run a VPN software on both my computer and my phone, I also have changed my WiFi password for my router at home to a code generated by lastpass.....
Probably a bit over the top but after what happened with PayPal I'm quite concerned with security. Even my secret recovery answers for when you forget a password (eg "name of your first school) is just a random code using lastpass for every different account. I also use 2-way authentication for my email, PayPal, Amazon etc.
Question though..... What would you do if you're away and lose your phone or something and can't access lastpass? I suppose you're stuck?
Also.... When changing my phone..... What will happen with the 2way authentication?
I have obviously set up lastpass for every single one of my accounts with totally different passwords for every account (where possible every password has totally different characters and 30 characters long), I run a VPN software on both my computer and my phone, I also have changed my WiFi password for my router at home to a code generated by lastpass.....
Probably a bit over the top but after what happened with PayPal I'm quite concerned with security. Even my secret recovery answers for when you forget a password (eg "name of your first school) is just a random code using lastpass for every different account. I also use 2-way authentication for my email, PayPal, Amazon etc.
Question though..... What would you do if you're away and lose your phone or something and can't access lastpass? I suppose you're stuck?
Also.... When changing my phone..... What will happen with the 2way authentication?
Perik Omo said:
I'm still suffering the fallout from my Paypal hacking, I found out last week that a loan has been taken out with Sainsburys Finance in my name but at my daughters old address (the only link for me to that address is that I was joint mortgage holder with her for a short time). I've notified them and have been asked to "urgently" speak to Sainsburys Finance fraud department tomorrow as they don't work over Bank Holiday. There was also a loan application with Capital One at the end of last year which I haven't yet managed to get removed from my credit record afer 'phoning and writing to them telling them that it's nothing to do with me.
After the hacking last year I started to use 1Password for everything and it's now second nature and very esy to use.
Bloody hell, that's awful, I'm really sorry to hear that After the hacking last year I started to use 1Password for everything and it's now second nature and very esy to use.
There really are some utter b
ds out there!Gassing Station | Finance | Top of Page | What's New | My Stuff