PayPal Scam

Use this board for general non-cycling-related chat, or to introduce yourself to the forum.
Post Reply
User avatar
Cowsham
Posts: 5285
Joined: 4 Nov 2019, 1:33pm

PayPal Scam

Post by Cowsham »

The wife got an email purporting to be from PayPal informing her that an unrecognized device has tried to login to her PayPal account with links to see PayPal activity to confirm whether or not it was her. ( eg on a new phone )

But to see activity you need to login to your account so I asked her " did you login ? " she said " yes but I had to go through some check steps."

Hearing this I panicked and asked her "did you get out of the emails before logging in to the account ?" She answered " no I don't think so "

I says " login to your account but through the phone app or browser and change the password immediately ! " she usually does it via browser so she went in that way and done it. Thankfully all was OK.

Just look out for this one and inform the less tech savvy members of your household to never click on an email link unless it's something you initiated and expected like password reset or similar.

I clicked on the email link and it's a clever one -- the steps I think she had to go through are designed to give the scammer ( or machine ) enough time to get them through to the genuine PayPal app and fill the fields of their page to make it look exactly like your PayPal but they now have access to your PayPal while you check activity on their fake PayPal site which will obviously be correct.

When we logged on to her actual PayPal there was no mention of any unrecognized devices or messages about that. We reported it to PayPal.
I am here. Where are you?
Psamathe
Posts: 18390
Joined: 10 Jan 2014, 8:56pm

Re: PayPal Scam

Post by Psamathe »

Cowsham wrote: 18 May 2024, 2:37pm The wife got an email purporting to be from PayPal informing her that an unrecognized device has tried to login to her PayPal account with links to see PayPal activity to confirm whether or not it was her. ( eg on a new phone )

But to see activity you need to login to your account so I asked her " did you login ? " she said " yes but I had to go through some check steps."

Hearing this I panicked and asked her "did you get out of the emails before logging in to the account ?" She answered " no I don't think so "

I says " login to your account but through the phone app or browser and change the password immediately ! " she usually does it via browser so she went in that way and done it. Thankfully all was OK.

Just look out for this one and inform the less tech savvy members of your household to never click on an email link unless it's something you initiated and expected like password reset or similar.

I clicked on the email link and it's a clever one -- the steps I think she had to go through are designed to give the scammer ( or machine ) enough time to get them through to the genuine PayPal app and fill the fields of their page to make it look exactly like your PayPal but they now have access to your PayPal while you check activity on their fake PayPal site which will obviously be correct.

When we logged on to her actual PayPal there was no mention of any unrecognized devices or messages about that. We reported it to PayPal.
It's not just PayPal. I used to get these regularly "A new device has been added to you <xxx> Credit Card account. Login here if this was not you". I'd normally get these on a text message as the Scammers got my hone number and card details hacking the online store of a reputable international mainstream company. Sometimes "A suspicious payment of £354-29 for AirBnB has been made on your card. Click here if this was not you".

The scams were pretty easy to spot but scammers started phoning me up trying to get details as the card had been stopped and replaced ages ago. I'd politely ask them to take me off their lists as their scams basically were not very good - at which point they got threatening and it all became such a nuisance I ended up changing phone number (which is also a real nuisance but a nuisance that does not go on and on and on ...).

Ian
millimole
Posts: 917
Joined: 18 Feb 2007, 5:41pm
Location: Leicester

Re: PayPal Scam

Post by millimole »

Psamathe wrote:
Cowsham wrote: 18 May 2024, 2:37pm The wife got an email purporting to be from PayPal informing her that an unrecognized device has tried to login to her PayPal account with links to see PayPal activity to confirm whether or not it was her. ( eg on a new phone )

But to see activity you need to login to your account so I asked her " did you login ? " she said " yes but I had to go through some check steps."

Hearing this I panicked and asked her "did you get out of the emails before logging in to the account ?" She answered " no I don't think so "

I says " login to your account but through the phone app or browser and change the password immediately ! " she usually does it via browser so she went in that way and done it. Thankfully all was OK.

Just look out for this one and inform the less tech savvy members of your household to never click on an email link unless it's something you initiated and expected like password reset or similar.

I clicked on the email link and it's a clever one -- the steps I think she had to go through are designed to give the scammer ( or machine ) enough time to get them through to the genuine PayPal app and fill the fields of their page to make it look exactly like your PayPal but they now have access to your PayPal while you check activity on their fake PayPal site which will obviously be correct.

When we logged on to her actual PayPal there was no mention of any unrecognized devices or messages about that. We reported it to PayPal.
It's not just PayPal. I used to get these regularly "A new device has been added to you <xxx> Credit Card account. Login here if this was not you". I'd normally get these on a text message as the Scammers got my hone number and card details hacking the online store of a reputable international mainstream company. Sometimes "A suspicious payment of £354-29 for AirBnB has been made on your card. Click here if this was not you".

The scams were pretty easy to spot but scammers started phoning me up trying to get details as the card had been stopped and replaced ages ago. I'd politely ask them to take me off their lists as their scams basically were not very good - at which point they got threatening and it all became such a nuisance I ended up changing phone number (which is also a real nuisance but a nuisance that does not go on and on and on ...).

Ian
This is, in a way, the problem - once they've got a phone number that responds once even negatively, they will try and try again. My wife had similar and like you had to change her number. So far I've managed to block numbers before I respond - increasingly they seem to be using WhatsApp to try these scams.
Leicester; Riding my Hetchins since 1971; Day rides on my Dawes; Going to the shops on a Decathlon Hoprider
Psamathe
Posts: 18390
Joined: 10 Jan 2014, 8:56pm

Re: PayPal Scam

Post by Psamathe »

millimole wrote: 18 May 2024, 6:00pm
Psamathe wrote:
Cowsham wrote: 18 May 2024, 2:37pm The wife got an email purporting to be from PayPal informing her that an unrecognized device has tried to login to her PayPal account with links to see PayPal activity to confirm whether or not it was her. ( eg on a new phone )

But to see activity you need to login to your account so I asked her " did you login ? " she said " yes but I had to go through some check steps."

Hearing this I panicked and asked her "did you get out of the emails before logging in to the account ?" She answered " no I don't think so "

I says " login to your account but through the phone app or browser and change the password immediately ! " she usually does it via browser so she went in that way and done it. Thankfully all was OK.

Just look out for this one and inform the less tech savvy members of your household to never click on an email link unless it's something you initiated and expected like password reset or similar.

I clicked on the email link and it's a clever one -- the steps I think she had to go through are designed to give the scammer ( or machine ) enough time to get them through to the genuine PayPal app and fill the fields of their page to make it look exactly like your PayPal but they now have access to your PayPal while you check activity on their fake PayPal site which will obviously be correct.

When we logged on to her actual PayPal there was no mention of any unrecognized devices or messages about that. We reported it to PayPal.
It's not just PayPal. I used to get these regularly "A new device has been added to you <xxx> Credit Card account. Login here if this was not you". I'd normally get these on a text message as the Scammers got my hone number and card details hacking the online store of a reputable international mainstream company. Sometimes "A suspicious payment of £354-29 for AirBnB has been made on your card. Click here if this was not you".

The scams were pretty easy to spot but scammers started phoning me up trying to get details as the card had been stopped and replaced ages ago. I'd politely ask them to take me off their lists as their scams basically were not very good - at which point they got threatening and it all became such a nuisance I ended up changing phone number (which is also a real nuisance but a nuisance that does not go on and on and on ...).

Ian
This is, in a way, the problem - once they've got a phone number that responds once even negatively, they will try and try again. My wife had similar and like you had to change her number. So far I've managed to block numbers before I respond - increasingly they seem to be using WhatsApp to try these scams.
Mine were all from different numbers. One or two with no caller ID but most from different valid looking UK landline numbers. When I had to make a Police report (after they read me my address and said they'd be round to ... my daughter, etc. which of course they never would but at that point it crossed a line and time to at least notify the Police) - Police were not interested in the numbers/caller line ID as they said all spoofed and as all different can't be blocked. Even pre my retirement when I was also responsible for the company phone system we'd spoof our caller ID numbers because we had trade and retail "companies" so outgoing trade company calls would "spoof" the trade number and retail the retail mumber even though all the calls were going out through the same lines. Easy to do.

Ian
User avatar
Cowsham
Posts: 5285
Joined: 4 Nov 2019, 1:33pm

Re: PayPal Scam

Post by Cowsham »

A great way to stop unwanted phone calls is to have "Withheld Caller Reject" . Every phone company offers it -- sometimes for free. Kills all that nuisance, plishing phone calls at a stroke.

Just remember to give hospitals and health departments your mobile number instead of the landline.
I am here. Where are you?
Psamathe
Posts: 18390
Joined: 10 Jan 2014, 8:56pm

Re: PayPal Scam

Post by Psamathe »

Cowsham wrote: 18 May 2024, 10:05pm A great way to stop unwanted phone calls is to have "Withheld Caller Reject" . Every phone company offers it -- sometimes for free. Kills all that nuisance, plishing phone calls at a stroke.

Just remember to give hospitals and health departments your mobile number instead of the landline.
Unless others you know withhold their caller ID. I set mine to being withheld.

What I do now is use the dual SIM functionality on my phone. Main contract number only given to people who use it longer term (who happen to be less prone to leaking the number). Anything "transactional" like online purchases, anything at higher risk of leaking gets a PAYG number (the other SIM) - and if that gets into malicious hands SIM goes in the bin and I'll get another and the change will be really easy as virtually nobody needs it any more (transactions completed).

I don't bother with a landline any more. Easier ti have just one number and never have to wait in for a call, etc.

Ian
User avatar
al_yrpal
Posts: 11790
Joined: 25 Jul 2007, 9:47pm
Location: Think Cheddar and Cider
Contact:

Re: PayPal Scam

Post by al_yrpal »

I get very few scam calls or intrusive sales calls. My response as soon as I realise a call is unwanted I become Mr Khan with an Indian accent requesting details of their order. This usually results in confusion and I believe my mobile number gets removed from their call list. :wink:

Al
Reuse, recycle, thus do your bit to save the planet.... Get stuff at auctions, Dump, Charity Shops, Facebook Marketplace, Ebay, Car Boots. Choose an Old House, and a Banger ..... And cycle as often as you can......
User avatar
Cowsham
Posts: 5285
Joined: 4 Nov 2019, 1:33pm

Re: PayPal Scam

Post by Cowsham »

Psamathe wrote: 18 May 2024, 11:43pm
Cowsham wrote: 18 May 2024, 10:05pm A great way to stop unwanted phone calls is to have "Withheld Caller Reject" . Every phone company offers it -- sometimes for free. Kills all that nuisance, plishing phone calls at a stroke.

Just remember to give hospitals and health departments your mobile number instead of the landline.
Unless others you know withhold their caller ID. I set mine to being withheld.

What I do now is use the dual SIM functionality on my phone. Main contract number only given to people who use it longer term (who happen to be less prone to leaking the number). Anything "transactional" like online purchases, anything at higher risk of leaking gets a PAYG number (the other SIM) - and if that gets into malicious hands SIM goes in the bin and I'll get another and the change will be really easy as virtually nobody needs it any more (transactions completed).

I don't bother with a landline any more. Easier ti have just one number and never have to wait in for a call, etc.

Ian
If you ring our number with yours withheld it'll tell you " This number does not accept withheld numbers" so all you have to do is dial 1470 before dialing our number -- if your number is withheld you'll need to have known this or have been told this when you decided to have your number permanently withheld.

(To withhold your phone number just for one occasion you dial 141 before the number you need to call.)

The great thing about "withheld caller reject " is that if you get a nuisance / scam phone call that number will show up on your phone -- if it doesn't ( there's reasons ) you can ask your provider to block that number. Thankfully this is a very rare occurrence now.

( I can do this with an app on my mobile to block any numbers on my landline cos it's been internet based since 2017 but nearly all are now )

The panic in the scammers voice when I tell them I can see their number is quite funny. The phone suddenly goes dead.
I am here. Where are you?
rjb
Posts: 7385
Joined: 11 Jan 2007, 10:25am
Location: Somerset (originally 60/70's Plymouth)

Re: PayPal Scam

Post by rjb »

With a BT home phone you can block incoming calls by dialling 1571 after a nuisance call. :wink:
This has significantly cut down on nusiance calls from double glazing, energy advisors and others scammers.
We have to rely on a home phone as the mobile signal in our area is poor.
At the last count:- Peugeot 531 pro, Dawes Discovery Tandem, Dawes Kingpin X3, Raleigh 20 stowaway X2, 1965 Moulton deluxe, Falcon K2 MTB dropped bar tourer, Rudge Bi frame folder, Longstaff trike conversion on a Giant XTC 840 :D
Psamathe
Posts: 18390
Joined: 10 Jan 2014, 8:56pm

Re: PayPal Scam

Post by Psamathe »

Other thing I've been doing online (to help secure payments) is to use Apple Pay where possible. Having looked into internals of Apple Pay, seems the retailer never gets your card number so can't store it on their computers so even if they do get hacked hacker can't get your card number.

I wont ever (again) use Amazon Pay. I did once recently and was immediately stunned when Amazon immediately passed the retailed my name, address, phone number, and Amazon logon ID. Immediately complained to Amazon who spend 20 mins insisting they "never give out personal details ..." and I should "contact retailer" - which I did and retailer immediately said "yes, Amazon give us those details!".

Ian
Jdsk
Posts: 26175
Joined: 5 Mar 2019, 5:42pm

Re: PayPal Scam

Post by Jdsk »

Psamathe wrote: 19 May 2024, 10:42am Other thing I've been doing online (to help secure payments) is to use Apple Pay where possible. Having looked into internals of Apple Pay, seems the retailer never gets your card number so can't store it on their computers so even if they do get hacked hacker can't get your card number.
...
It's a very clever approach:
https://en.wikipedia.org/wiki/Apple_Pay#Technology

Jonathan
User avatar
Cowsham
Posts: 5285
Joined: 4 Nov 2019, 1:33pm

Re: PayPal Scam

Post by Cowsham »

There's literally thousands of companies that have my card details, name, address etc. But any new transactions always have a two stage verification ie a verification code is sent to my mobile SMS ( I know this can be replicated / intercepted too but very unlikely cos most who would have access ( like my mobile provider) would be electronically traceable ultimately )
I am here. Where are you?
Psamathe
Posts: 18390
Joined: 10 Jan 2014, 8:56pm

Re: PayPal Scam

Post by Psamathe »

Cowsham wrote: 19 May 2024, 1:12pm There's literally thousands of companies that have my card details, name, address etc. But any new transactions always have a two stage verification ie a verification code is sent to my mobile SMS ( I know this can be replicated / intercepted too but very unlikely cos most who would have access ( like my mobile provider) would be electronically traceable ultimately )
Few points
1. If the hackers get into one of those online stores they'll get your card, home address, phone no. (sometimes even the 3 digit "code on the back"), etc. They may not be able to use the card but that wont stop then texting you with scams, calling you, threatening you ... In my case the card was stopped (and re-issued with a different number) but 2 years after that when the card number they stole was useless they were still texting and calling me & threatening me trying to get the new number of account details, etc., in the end that's why I had to change mobile number, not the fraud but the ongoing never ending nuisance. Hence my switching to 2 SIMs, one that can be easily discardable if (or rather when) it gets into the wrong hands.

2. Cards I've had do sometimes request additional security (one, sometimes online I have to input a password before they send my phone the 6 digit verification code) but far from every time.

Ian
User avatar
Cowsham
Posts: 5285
Joined: 4 Nov 2019, 1:33pm

Re: PayPal Scam

Post by Cowsham »

Psamathe wrote: 19 May 2024, 2:05pm
Cowsham wrote: 19 May 2024, 1:12pm There's literally thousands of companies that have my card details, name, address etc. But any new transactions always have a two stage verification ie a verification code is sent to my mobile SMS ( I know this can be replicated / intercepted too but very unlikely cos most who would have access ( like my mobile provider) would be electronically traceable ultimately )
Few points
1. If the hackers get into one of those online stores they'll get your card, home address, phone no. (sometimes even the 3 digit "code on the back"), etc. They may not be able to use the card but that wont stop then texting you with scams, calling you, threatening you ... In my case the card was stopped (and re-issued with a different number) but 2 years after that when the card number they stole was useless they were still texting and calling me & threatening me trying to get the new number of account details, etc., in the end that's why I had to change mobile number, not the fraud but the ongoing never ending nuisance. Hence my switching to 2 SIMs, one that can be easily discardable if (or rather when) it gets into the wrong hands.

2. Cards I've had do sometimes request additional security (one, sometimes online I have to input a password before they send my phone the 6 digit verification code) but far from every time.

Ian
My card asks every time so you'd need to have a clone of my sim plus my ' phoney email ' passwords login details etc to verify a new device etc ( so many hoops to jump through it wouldn't be worth scamming me -- they'd go for an easier target ) I've just changed my phone and it's an absolute nightmare to change everything over to trust it -- there's probably quite a few apps / banking etc websites / that I still need to do. Hence why I decided to change the phone a good period of time before going on holidays etc.
I am here. Where are you?
Post Reply