I was Hacked!

Computer hackers, viruses and phishing scams attack other people, right? It doesn’t affect the tech savvy, right? Well, I discovered the hard way that anyone is vulnerable to bad people online. It started about a week ago when someone tried to move a large amount of money out of my bank account. Fortunately, our tenant had bounced a rent check so there was actually no money in the account to be transferred out.

A few days later, the bank was able to tell me that the transfer request was made by Paypal, which was strange because I hadn’t made a major transaction involving Paypal. So, I called Paypal to see what was up. To make a long story short, some people in England and Indonesia had somehow broken into my Paypal account, changed the e-mail information and the password, and taken the money out, which prompted Paypal to demand additional funds from my bank account.

The story has a relatively happy ending (at least for me). After an hour on the phone with a terrific customer service person from Paypal (I wish I had taken down her name so I could have pass along my compliments to her boss), everything was sorted out and my Paypal account will be restored.

Aside from making me feel extremely vulnerable and giving my Luddite-like wife yet another reason to scorn the Internet, this incident has really caused me to reconsider how much information I provide online, where it’s stored, who has it and what I can do to be smarter. Given I’ve been actively online for 10 years, it may be late in the game for me to “clean the slate” entirely, but I’m definitely going to be more cautious about who gets my information in the future.

Note: Speaking of viruses, there’s an interesting post from the person who wrote the first computer virus 25 years ago, while Web Worker Daily has a post looking at people should be careful about giving personal information to Web 2.0 services. Mathew Ingram writes about Microsoft looking to get into the micro-payments business so it could compete against Paypal and Google Checkout.

Technorati Tags: ,

This entry was posted in Main Page. Bookmark the permalink.
  • Hsien Lei

    You freaked me out! So what can we do to prevent this?

  • Christina

    Eeek Mark – any advice for the scores of us who use PayPal? What could have been done to avoid getting your account hacked like that? Anything from your end?

  • Magnus

    Well that story freeked me too! and what about Wall Mart/HomeSense and now Club Monaco having their customer info stolen….that is appauling.

    Makes you wonder how many companies have not been so forth coming with security issues.

  • Hsien Lei

    I think perhaps the reality check is that even people who don’t have an online life get their identities stolen so it’s a problem regardless of who you are and what you do. Damn criminals!!

  • Aaron Brazell

    Damn. The authorities are onto me. Time to go to the mall. :)

  • Dave Forde

    Hmm, so will this be the nail in Paypay’s coffin and the thing that sets Google Checkout over the top??

  • Vava Kolinski

    Sorry to hear about this happening to you Mark, and it’s a good thing that things were sorted out eventually. Of course, you didn’t have to go through the hellish process of reclaiming a stolen identity, which forces a person to convince their bank that it wasn’t them who withdrew funds even though the paper trail says otherwise. The good thing is that privacy issues are more and more prevalent in the news and legislation throughout the world is trying to keep up. The best defense is awareness, as your case has proven. Could you have had your account restored as easily had your tenant not bounced the cheque and you found out about the breach a few weeks or months later? Call me a pessimist, but I believe it would have been much more difficult, good customer service agent notwithstanding.

  • Mark Evans

    You make a good point that I was fortunate that my tenant’s check bounced. If that hadn’t been the case, I’m not sure my bank would’ve been as cooperative and actly as quickly.
    In terms of what could have been done to protect my Paypal acccount, I’m really not whether there was anything I could have done – or least I don’t think there’s anything I could have done. I suspect Paypal accounts are hacked on a regular basis so this isn’t an isolated incident.

  • Eric

    I actually have a secondary bank account that I use for Paypal, this account only has money in it if I am transfering funds to paypal. On another note, no matter how safe you are they can still get you… last week my very carefull wife had her bank card “cloned”. We were lucky since the bank caught this right away, but it could have caused us a major head ache.

  • Jim Courtney

    I guess we have seen one reason to change your PayPal password frequently. I do change my bank account password at least quarterly. May not be totally foolproof but gives some additional defense.

  • Jim Courtney

    BTW, I attended a presentation by eBay’s Canadian Managing Director Thursday evening. Apparently PayPal has more Canadian accounts than eBay Canada whereas worldwide the ratio is 2:1 in eBay’s favour.

  • Andres

    Strange that we still don’t have a secure method of online payment. Paypal does a decent job but it still comes down to the security you have with your bank account and credit cards, both of which aren’t secure enough for online transactions imo.

  • Vava Kolinski

    My last two-cents has to do with methods of protecting oneself. Just as a matter of reference, I work in the field of information management, privacy, and access to information, and as such am very interested in how individuals can maintain privacy while engaging in Internet commerce, etc. The crux has always been, and perhaps always will be, authentication – how can you prove to the retailer that you are who you claim to be when traditional face-to-face meetings are impossible, and problematic in their own way? I believe Eric’s strategy is one of the best, and I too follow this practice with my Paypal account (seperate bank account, plus no overdraft). Changing passwords relatively frequently is also a good idea. Going further, changing the email to which your Paypal account is tied periodically is also good, but all of these methods serve to clutter ones brain with accounts and passwords and, in the end, may serve to cause more problems. Again, awareness is the key, and from what I have learned through my work and research, catching problems early is VERY important. Good luck to everyone, and things are bound to improve as the Internet continues to mature!

  • Iain

    Ouch! This kind of event just freaks me out!

    I’ve been researching on-line backup recently and this kind of event just makes it harder for me to pull the plug, and go for it. I was liking Amazon’s S3 so far. It comes from a big guy and I like that it can include digital certificates ( I think it is from Thawte ). I’m so leery of the 100′s of free on-line storage guys ….

  • http://http:www/ Paul

    I just found this post while doing a search.

    Thats just happened to me today, Someone logged straight into my paypal account armed with my password and decided to transfer over $1000 into thier paypal account. I have never given out my password to anyone and have never fallen victim of any phishing email scams or sites (well at least I dont think so) the only way I think they done it was by some how hacking my pc and getting details. Anyway paypal actually rang me as it happend to warn me if it was genuine or not. Very helpful guy talked me through what to do and its all been suspended and hopefully everything is going to be refunded. This has made me determined to protect my pc and passwords as much as possible. Never want this to happen again

  • John

    I found this page while looking for Palpay problems.

    I have never responded to a spoof email or given my details to anyone. Yet Paypal will claim that this is the only way that someone can gain access to your accounts, this isn`t true. I consider their security as fairly poor, compare them to Internet bank login processes and you will note that entry is easier with Paypal!

    Someone logged into my Paypal account and attempted to transfer money, although paypal figured out it wasn`t me and flagged up the transactions, they also allowed then to process. Paypal told me to stop the direct debit and yet 3 days later still requested money from my bank, the bank declined. Then paypal limited the account again.

    Paypal could be considered as dangerous and unprofessional, they claim that they try to protect their customers, but in real terms they protect themselves. Money is often drawn quickly and yet refunds or reversals are slow.

    Be warned.