So, Saturday morning I woke up all excited; it was the big Iowa-Iowa State game. I was going to make some chili and chicken wings for the game, so I got up early so I could go to the store and get the stuff.
Dear Christopher Wheeler,
As part of our security measures, we regularly screen activity in the
PayPal system. During a recent screening, we noticed an issue regarding
your account.
We have reason to believe that your account was accessed by a third party.
We have limited access to sensitive PayPal account features in case your
account has been accessed by an unauthorized third party. We understand
that having limited access can be an inconvenience, but protecting your
account is our primary concern.
Case ID Number: PP-337-279-091
For your protection, we have limited access to your account until
additional security measures can be completed. We apologize for any
inconvenience this may cause.
To review your account and some or all of the information that PayPal used
to make its decision to limit your account access, please visit the
Resolution Center. If, after reviewing your account information, you seek
further clarification regarding your account access, please contact PayPal
by visiting the Help Center and clicking “Contact Us”.
We thank you for your prompt attention to this matter. Please understand
that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.
Sincerely,
PayPal Account Review Department
Well, I didn’t think much of it, I just figured it was one of those spam emails where they give you a fake link and try to get you to click it so you can enter your username and password, then they’ve stolen it. But then I thought about it for a minute, and… there was no link, fake or otherwise. So I decided to log in to my account and see what was going on.
Now, when your PayPal account is limited, there isn’t much you can do until you proven to PayPal you are who you are, but it does allow you to see the main screen where the most recent transactions and whatnot are. And there was a transaction listed for $950.00 that I most certainly did not authorize. So I got on the horn with PayPal pretty darn quick as you can imagine, told them who I was so they could lift the restriction from my account, after which I changed my password and security questions. The PayPal lady told me to file a dispute, print the page, then take it to my bank.
So Monday morning, bright and early, I went to US Bank to figure out what was going on. They explained to me that normally once a payment is authorized, it’s hard to stop until it actually goes through, but as it turns out, they were able to stop it, temporarily at least, while the bank and PayPal investigated the matter further.
I had a few days of back and forth with PayPal about what was going on, and finally last night, I got this email:
Dear Christopher Wheeler,
PayPal has approved and processed your claim of recent unauthorized use of
your account for the following transaction:
———————————–
Details of Disputed Transaction
———————————–
Transaction Date: Sep 15, 2007
Transaction Amount: -$950.00 USD
Your Transaction ID: 1YR31890HL5575251
Seller’s Transaction ID: 5A2594646S849513S
Case Number: PP-338-978-294
Seller’s Name: Sxxxxx Cxxx
Seller’s Email: xxxxxxxxxx@yahoo.com
Any portion of the payment that was funded with your credit card will be
refunded directly to your credit card. You will see this in your
transaction log as two entries. The first is the refund to your PayPal
account, and the second is the credit to your credit card. Credits to a
credit card generally take 2-3 business days to post and may not be
immediately reflected in the card’s balance.
For additional information and to see the status of your claim, please log
in to your PayPal account at https://www.paypal.com/ and go to the
Resolution Center.
Sincerely,
Protection Services Department
Boy, was that a relief. $950 is a lot of money to be responsible for, especially when you receive nothing of benefit from it. But I did learn some very valuable lessons from the whole thing:
- Don’t use common, easy-to-guess words as your password. Anything that is either a dictionary word or a name should NOT appear in your password
- Don’t use the same password for multiple websites. It certainly is easier to remember one password that many, but if somebody somehow cracks your password for one site, you’ve opened the door for them at every other place you use that same password
- The longer the password, the harder it is to crack. A longer “easier” password is actually harder to crack than a shorter “random” password
- If you want to read more, check out this site: http://onemansblog.com/2007/03/26/how-id-hack-your-weak-passwords/
« Hide it
