My trust in Paypal is gone …. Updated!

I have used and loved Paypal for the last 5 years or so, because it makes online shopping so much easier and I don’t have to share my credit card details with everyone.  It also makes sending and receiving money so much more convenient …. that’s until your Paypal account gets hacked, emptied and deleted by the hacker.

That’s exactly what happened to me this week. Imagine this: you are on a holiday. You have just finished your breakfast at the hotel and then you go to hotel bar to have another cup of coffee and to check your emails. You check you email and find an email from Paypal telling that there has been new email added to your Paypal account. But since it’s not your primary Paypal email anyway then you don’t really pay much attention to that email, because 99,9% of the Paypal emails you receive in that email box are frauds anyway. BUT there’s something suspicious about this email. You read it and it doesn’t look fake at all. Okay! Next you check your main email, because something is off. You log in your email box and then comes a shock! You have 7 emails from Paypal telling that you have done a bunch of things just an hour before, WHICH YOU ACTUALLY HAVEN’T, because you were enjoying your breakfast at the same time and you were nowhere near your laptop.

So according to the emails I ….

  • Signed up for preapproved payments with Trust Pay, a.s.
  • Added email kepame@inboxdesign.me to my Paypal account
  • paid Trust Pay, a.s. €250.48 EUR using PayPal
  • removed my credit card from my account
  • created a new account

Well everyone that has experienced that know how that feels. My hands started shaking I my first thought was NO NO NO that can’t be happening. Of course next  I visited my Paypal account (by actually typeing in the Paypal address on the addrss bar manually) and well, yeah, all my hard earned money was GONE! And it seemed that the hacker had actually deleted my Paypal account and then made me a new one. Why I think that? Well first of all or my previous transactions history is gone and secondly both of my emails that were connected with my Paypal account are now unverified.

So next I sent a private message to Paypal Facebook page about  my problem with all the details that I had thanks to the emails. AND I also sent them the same message through their website.  I would call them, but since I’m abroad at the moment then the last thing I need is  huge phone bill and since the internet in our 5star hotel sucks then I can forget about skype too. It has been now over 2 days and I haven’t heard ANYTHING back from Paypal. I can see that they have read my messages, but is it really that hard to even to reply something like okay! Be patient we’ll do what we can. Yesterday actually I was still pissed off enough and so I ended up posting to Paypal Facebook page about it and at least there they repsonded, but that doesn’t really help much L

At this point I have no idea what will happen. Is my Paypal money gone for good or will they make things right and can get my money back. Anyway just right now they have lost my trust. They deal with people’s money and so Paypal really has to make their sign-in systems more secure AND also they have to make the process of adding new email addresses to the existing account more secure, because at this point this is just way too easy for the thieves.

UPDATE 8.10.2015

So luckily my story has this time a happy end. On Monday they finally replied to my Facebook messages promising me that I’ll get my money back. In order to get my money I first closed the account the hacker had created and then created a new one using new email address. I also tried to come up as good password as possible, but I after all this I guess I’ll be changing it like every month or smth. The good news today was that I got all my money back and so I am kind of happy now.

But when it comes to the security then I still believe that Paypal has to make signing in and adding new emails addresses much harder. Maybe they should consider something similar to Google system? I’m not saying that Google has perfect system, but it kind of feels safer.

Anyway I think that:

  1. Paypal should make adding new emails to an existing account more complicated. For example I new email is added then the owner of the primary email account has to approve it first.
  2. When signing in from a new device then Paypal should ask somesort of security code sent to a mobile phone or email and without that code you can’t proceed.

I know these two options can be frustrating in a way and probably they won’t me the system perfect, but I still feel that they would add just an extra layer of protection.

Ma olen olnud Paypali kasutaja vähemalt 5 aastat ning olen seni nende teenusega super rahul olnud, sest see muudab netis shoppamise mugavaks ning ma ei pea kõigiga jagama enda krediitkaardi andmeid.  Ning raha saatmine ja saamine on nii lihtne…. well… seda aga seniks kuni su Paypali kontole sisse häkitakse, see tühjendakase ning tagatipuks kustutatakse häkkeri poolt.

Just see minuga sel nädalal juhtuski. Kujutage endale ette seda: te olete puhkusel. Olete just lõpetanud hommikusöögi ning siirdute hotelli baari, et juua veel tass kohvi ning kohvi kõrvale ülevaadata vahepeal saabunud meilid jms. Olete just läbi vaatamas ühe postikasti kirju kui leiate, et olete saanud kirja Paypalilt, kus väidetakse, et teie Paypali kontole on lisatud juurde üks emaili aadress. Kuna aga selle postkasti puhul ei ole tegu teie Paypali nö põhiemaili aadressige, siis üritate seda kirja ignoreerida kuna 99,9% sellele meilile saabuvatest Paypali kirjadest on niikuiniipetukirjad…. ent samas on selles kirjas midagi kahtlast. Logite sisse oma Paypali põhiemailile ja edasi järgneb šokk! Postikastis on 7 kirja Paypalilt, mille järgi olete vaid tunnike tagasi teinud Paypalis igasugu asju, mida te tegelikult  ei teinud, sest olite samal ajal hommikust söömas ja ei viibinud isegi oma arvuti läheduses.

Kõik, kes midagi sellist kogenud on, teavad mis tunne see on. Mu käed hakkasid tõsiselt värisema ja mu esimene mõte oli EIIIIII EIIII EIIII, see ei saa tõsi olla! Järgmiseks otsustasin järgi vaadata, mis mu Paypali kontol toimub ning sinna sisselogides avastasin, et kogu raha, mis mul tollel kontol oli on LÄINUD! Konto seis on suur ümmargune null! Ja tundub, et lisaks mu konto tühjendamisele, ka kustutas mu vana konto ning tegi mulle uue. Miks ma nii arvan? Sest esiteks on kadunud kogu mu senine ülekannete ajalugu ja teiseks on mõlemad minu emaili aadressid nüüd unverified. 

Järgmiseks sammuks oli loomulikult Paypaliga ühenduse võtmine. Saatsin neile kirja nii nende Facebooki lehe postikasti (kus tavaliselt vastatakse küllaltki kiiresti) ning ka nende lehe kaudu. Hea meelega oleksin neile hoopis helistanud, ent kuna viibin välismaal, siis viimane asi mida mul lisaks tühjaks tehtud Paypali kontole vaja on, on hiigelsuur telefoni arve. Skype’i variant langed ka ära sest meie 5tärni hotelli nett sakib. Nüüdeks siis kaks päeva hiljem ei ole ma seni mitte mingisugust vastust Paypalilt saanud. Ma näen, et nad on mu Facebooki kirja  lugenud, ent nad ei ole suvatsenud isegi vastata midagi stiilis et ok uurime asja. Eile suurest vihast kirjutasin ühe nende Facebooki postituse alla ja noh vähemalt tollele avalikule kommentaarile nad siiski vastasid, aga sellest pole kahjuks hetkel palju kasu.

Praeguse seisuga mul ei ole õrna aimugi, mis edasi saab. Kas mu Paypali raha on jäädavalt läinud või suudavad nad mu raha tagasi saada. Ükskõik milline on tulemus on nad kahjuks kaotanud mu usalduse. Paypal tegeleb inimeste rahaga 24/7 365 päeva aastas ning seega peavad nad midagi oma sisselogimissüsteemidega ette võtma. Ja sama kehtib ka uute meili aadressite lisamisega juba olemasolevale kontole. Sest senine lihtne süsteem teeb varastele asja liiga lihtsaks.

UPDATE! 8.10.2015

Minu lool on õnnelik lõpp 🙂 Esmaspäeval vastas siis Paypal lõpuks ometi Facebooki kirjadele ning nad kinnitasid, et ma saan oma raha tagasi. Kustutasin häkkeri poolt loodud konto ning tegin täiesti uue konto uue emaili aadressiga. Samuti üritasin välja mõelda hea ja tugeva parooli ning eks edaspidi pead nii umbes kord kuus seda uuendama hakkama. Täna, st neljapäeva hommikuks saabus mu kontole ka raha tagasi nii, et võin enda loo lõpptulemusega rahul olla. 

Mis aga puutub Paypali kontode turvalisuse küsimustesse, siis olen siiani seisukohal, et Payaplil on veel pikk tee minna ja uute emaili kontode lisamine juba eksisteerivale Paypali kontole on liiga lihtne! Ehk peaks kaaluma mingit kahe astmelist sisselogimissüsteemi ja emailide lisamise süsteemi, mis oleks Google’i süsteemiga sarnane? Ma ei väida, et Google’i süsteem täiuslik on, aga igatahes tundub see tunduvalt turvalisem.

Minu arvates võiks:

  1. muuta uute emailide lisamise juba olemasolevale kontole keerulisemaks. Näiteks uue emaili lisamisel peab selle kinnitama primary emaili aadressi omanik.
  2. Teisest arvutist või nutitelefonist sisselogimisel võiks rakendada turvakoodi süsteemi ehk siis tuleb sisestada kas meilile või telefonile saadetav turvakood. 

Ma saan aru, et sellised lisasammud võivad olla tüütavad ja närvidele käivad aga peale seda jama olen seisukohal, et selline lisa turvalisuse meede teeks ehk asja veidi turvalisemaks.

13 Comments

  1. Marta G (A Bilingual BAby) October 3, 2015
    • Leelo October 4, 2015
  2. Lona October 3, 2015
    • Leelo October 4, 2015
  3. Xiao Vee October 3, 2015
  4. kimpcole October 3, 2015
  5. Maria C. October 3, 2015
    • Leelo October 4, 2015
  6. Denisa Ivascu October 4, 2015
    • Leelo October 5, 2015
  7. Archana October 4, 2015
  8. Amy Heffernan October 5, 2015
  9. Mari. October 5, 2015

Leave a Reply

4 Shares
Share3
Tweet1
Share
Reddit
Share