Main Area and Open Discussion > Living Room
ultimate insult from fraudulent ebay seller tries to sell me iPhone 4
biox:
The whole thing is an interesting read and good luck to nudone.
Pardon the slightly off topic question. What other choices are there to create a 'donate' button on a website but NOT using PayPal?
nudone:
Mark0, i think you are right. i don't believe my account was accessed - i expect the damage would have been far greater if that was the case.
thanks, biox. everything seems fine anyway. i wasn't expecting things to be resolved so quickly - i was expecting my story to be more exciting and troublesome than it turned out to be.
i wonder...
are there a PayPal set of guidelines that are clear and simple to understand? something that clarifies the "donation" definitions so that people like app can refer to - and refer PayPal to when they decide to make up their own arbitrary rules.
bob99:
I signed up with PayPal over the weekend. Finally had a reason I wanted to use it for. For now, until I am comfortable with it I signed up using a pre-paid MoneyPak card bought locally instead of a credit card or bank account.
When I set up the account I selected to have PayPal provide me with a verification code via text message to complete the transaction. You then have to enter the verification code within 60 seconds after you receive it or request a new one. Seemed simple enough.
I requested one and a message popped up on the computer screen saying that there was a communications problem, try again in a while. Did this 2 or 3 times with the same pop-up. It also said I could circumvent the text message verification process by answering some security questions. I went this route and it was interesting. There were 3 security questions. As I remember, the 1st asked me some question about some site I had recently had some association with. None fit so I said none. But the next two questions are the ones that now make me wonder. the 2nd question listed three different street addresses and asked if one pertained to me. Sure enough one was the address I had before I moved here... 14 years ago. I clicked on it. The last question was a list of vehicle model and year. One of which fit...my wife's car. Clicked on it, I passed the test and the transaction went through. Not long afterward up popped the 3 different text messages I'd requested with different verification codes.
Based on the two questions having accurate info on me, I'm guessing PayPal has credit report access. Even though I haven't as yet provided them with a bank account, credit card, ssn or any other account info of this type.
Possibly whoever tried to make the purchase on nudone's account, did some type of security question workaround and got lucky with their answers??
I'm not crazy about the questions they asked me and used for a security verification. The way some credit reports and other types of info can get out or found on the internet these days these are questions & answers that could probably easily be found with the types of crooks that do this type of thing for a living.
Anyone else tried the security questions workaround?
nudone:
it is true that the "security questions" i've been asked to select and answer are never that difficult to guess - that is, by someone who knows me, knows my history. i'm not sure a total stranger could guess them; perhaps it is best to simply concoct a set of fantasy answers to your own security questions - that way, there will never be any history of them for someone to find (or guess).
i'm still inclined to believe that my paypal account was not accessed by an intruder. if that was the case then i would expect them to have made more of an effort to rob me - 900 dollars isn't much of a theft when they could have edited my whole profile and bought many more online goods.
i think what happened is more to do with paypal having some kind of automated system for taking payments - so it simply didn't check with me. perhaps that's naive to say and i should just accept there was a hole in my security setup. i doubt i'll ever know.
bob99:
The thing in my case is I had not set or been asked to pre-set up any security questions they used. And if I had, I would not have used, or for that matter even thought of using, a 14 year old previous address or year & make of my wife's (joint titled) car. And I know I've never used either of these two things as a security question anywhere before. So I'm wondering where & how they had access to the information.
I noticed there are a lot of various topics shown in their Q & A forum. I'll have to see if I can locate anything there.
On the amount of money that was trying to be accessed, I've read before in some cases if outsiders get access to an account of some type, or many accounts of a number of people, they make relatively small purchases. Small purchases can slip through easier. And a bunch of small purchases can add up to more $$ than wiping out one big account.
Anyway, it's always something to be careful of. In your case I'm hoping it was just a fluke. I've know two people that have gone through the identity theft process and it took then a long time to clear up.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version