I have used and loved Paypal for the last 5 years or so, because it makes online shopping so much easier and I don’t have to share my credit card details with everyone. It also makes sending and receiving money so much more convenient …. that’s until your Paypal account gets hacked, emptied and deleted by the hacker.
That’s exactly what happened to me this week. Imagine this: you are on a holiday. You have just finished your breakfast at the hotel and then you go to hotel bar to have another cup of coffee and to check your emails. You check you email and find an email from Paypal telling that there has been new email added to your Paypal account. But since it’s not your primary Paypal email anyway then you don’t really pay much attention to that email, because 99,9% of the Paypal emails you receive in that email box are frauds anyway. BUT there’s something suspicious about this email. You read it and it doesn’t look fake at all. Okay! Next you check your main email, because something is off. You log in your email box and then comes a shock! You have 7 emails from Paypal telling that you have done a bunch of things just an hour before, WHICH YOU ACTUALLY HAVEN’T, because you were enjoying your breakfast at the same time and you were nowhere near your laptop.
So according to the emails I ….
- Signed up for preapproved payments with Trust Pay, a.s.
- Added email kepame@inboxdesign.me to my Paypal account
- paid Trust Pay, a.s. €250.48 EUR using PayPal
- removed my credit card from my account
- created a new account
Well everyone that has experienced that know how that feels. My hands started shaking I my first thought was NO NO NO that can’t be happening. Of course next I visited my Paypal account (by actually typeing in the Paypal address on the addrss bar manually) and well, yeah, all my hard earned money was GONE! And it seemed that the hacker had actually deleted my Paypal account and then made me a new one. Why I think that? Well first of all or my previous transactions history is gone and secondly both of my emails that were connected with my Paypal account are now unverified.
So next I sent a private message to Paypal Facebook page about my problem with all the details that I had thanks to the emails. AND I also sent them the same message through their website. I would call them, but since I’m abroad at the moment then the last thing I need is huge phone bill and since the internet in our 5star hotel sucks then I can forget about skype too. It has been now over 2 days and I haven’t heard ANYTHING back from Paypal. I can see that they have read my messages, but is it really that hard to even to reply something like okay! Be patient we’ll do what we can. Yesterday actually I was still pissed off enough and so I ended up posting to Paypal Facebook page about it and at least there they repsonded, but that doesn’t really help much L
At this point I have no idea what will happen. Is my Paypal money gone for good or will they make things right and can get my money back. Anyway just right now they have lost my trust. They deal with people’s money and so Paypal really has to make their sign-in systems more secure AND also they have to make the process of adding new email addresses to the existing account more secure, because at this point this is just way too easy for the thieves.
UPDATE 8.10.2015
So luckily my story has this time a happy end. On Monday they finally replied to my Facebook messages promising me that I’ll get my money back. In order to get my money I first closed the account the hacker had created and then created a new one using new email address. I also tried to come up as good password as possible, but I after all this I guess I’ll be changing it like every month or smth. The good news today was that I got all my money back and so I am kind of happy now.
But when it comes to the security then I still believe that Paypal has to make signing in and adding new emails addresses much harder. Maybe they should consider something similar to Google system? I’m not saying that Google has perfect system, but it kind of feels safer.
Anyway I think that:
- Paypal should make adding new emails to an existing account more complicated. For example I new email is added then the owner of the primary email account has to approve it first.
- When signing in from a new device then Paypal should ask somesort of security code sent to a mobile phone or email and without that code you can’t proceed.
I know these two options can be frustrating in a way and probably they won’t me the system perfect, but I still feel that they would add just an extra layer of protection.
Ma olen olnud Paypali kasutaja vähemalt 5 aastat ning olen seni nende teenusega super rahul olnud, sest see muudab netis shoppamise mugavaks ning ma ei pea kõigiga jagama enda krediitkaardi andmeid. Ning raha saatmine ja saamine on nii lihtne…. well… seda aga seniks kuni su Paypali kontole sisse häkitakse, see tühjendakase ning tagatipuks kustutatakse häkkeri poolt.
Just see minuga sel nädalal juhtuski. Kujutage endale ette seda: te olete puhkusel. Olete just lõpetanud hommikusöögi ning siirdute hotelli baari, et juua veel tass kohvi ning kohvi kõrvale ülevaadata vahepeal saabunud meilid jms. Olete just läbi vaatamas ühe postikasti kirju kui leiate, et olete saanud kirja Paypalilt, kus väidetakse, et teie Paypali kontole on lisatud juurde üks emaili aadress. Kuna aga selle postkasti puhul ei ole tegu teie Paypali nö põhiemaili aadressige, siis üritate seda kirja ignoreerida kuna 99,9% sellele meilile saabuvatest Paypali kirjadest on niikuiniipetukirjad…. ent samas on selles kirjas midagi kahtlast. Logite sisse oma Paypali põhiemailile ja edasi järgneb šokk! Postikastis on 7 kirja Paypalilt, mille järgi olete vaid tunnike tagasi teinud Paypalis igasugu asju, mida te tegelikult ei teinud, sest olite samal ajal hommikust söömas ja ei viibinud isegi oma arvuti läheduses.
Kõik, kes midagi sellist kogenud on, teavad mis tunne see on. Mu käed hakkasid tõsiselt värisema ja mu esimene mõte oli EIIIIII EIIII EIIII, see ei saa tõsi olla! Järgmiseks otsustasin järgi vaadata, mis mu Paypali kontol toimub ning sinna sisselogides avastasin, et kogu raha, mis mul tollel kontol oli on LÄINUD! Konto seis on suur ümmargune null! Ja tundub, et lisaks mu konto tühjendamisele, ka kustutas mu vana konto ning tegi mulle uue. Miks ma nii arvan? Sest esiteks on kadunud kogu mu senine ülekannete ajalugu ja teiseks on mõlemad minu emaili aadressid nüüd unverified.
Järgmiseks sammuks oli loomulikult Paypaliga ühenduse võtmine. Saatsin neile kirja nii nende Facebooki lehe postikasti (kus tavaliselt vastatakse küllaltki kiiresti) ning ka nende lehe kaudu. Hea meelega oleksin neile hoopis helistanud, ent kuna viibin välismaal, siis viimane asi mida mul lisaks tühjaks tehtud Paypali kontole vaja on, on hiigelsuur telefoni arve. Skype’i variant langed ka ära sest meie 5tärni hotelli nett sakib. Nüüdeks siis kaks päeva hiljem ei ole ma seni mitte mingisugust vastust Paypalilt saanud. Ma näen, et nad on mu Facebooki kirja lugenud, ent nad ei ole suvatsenud isegi vastata midagi stiilis et ok uurime asja. Eile suurest vihast kirjutasin ühe nende Facebooki postituse alla ja noh vähemalt tollele avalikule kommentaarile nad siiski vastasid, aga sellest pole kahjuks hetkel palju kasu.
Praeguse seisuga mul ei ole õrna aimugi, mis edasi saab. Kas mu Paypali raha on jäädavalt läinud või suudavad nad mu raha tagasi saada. Ükskõik milline on tulemus on nad kahjuks kaotanud mu usalduse. Paypal tegeleb inimeste rahaga 24/7 365 päeva aastas ning seega peavad nad midagi oma sisselogimissüsteemidega ette võtma. Ja sama kehtib ka uute meili aadressite lisamisega juba olemasolevale kontole. Sest senine lihtne süsteem teeb varastele asja liiga lihtsaks.
UPDATE! 8.10.2015
Minu lool on õnnelik lõpp 🙂 Esmaspäeval vastas siis Paypal lõpuks ometi Facebooki kirjadele ning nad kinnitasid, et ma saan oma raha tagasi. Kustutasin häkkeri poolt loodud konto ning tegin täiesti uue konto uue emaili aadressiga. Samuti üritasin välja mõelda hea ja tugeva parooli ning eks edaspidi pead nii umbes kord kuus seda uuendama hakkama. Täna, st neljapäeva hommikuks saabus mu kontole ka raha tagasi nii, et võin enda loo lõpptulemusega rahul olla.
Mis aga puutub Paypali kontode turvalisuse küsimustesse, siis olen siiani seisukohal, et Payaplil on veel pikk tee minna ja uute emaili kontode lisamine juba eksisteerivale Paypali kontole on liiga lihtne! Ehk peaks kaaluma mingit kahe astmelist sisselogimissüsteemi ja emailide lisamise süsteemi, mis oleks Google’i süsteemiga sarnane? Ma ei väida, et Google’i süsteem täiuslik on, aga igatahes tundub see tunduvalt turvalisem.
Minu arvates võiks:
- muuta uute emailide lisamise juba olemasolevale kontole keerulisemaks. Näiteks uue emaili lisamisel peab selle kinnitama primary emaili aadressi omanik.
- Teisest arvutist või nutitelefonist sisselogimisel võiks rakendada turvakoodi süsteemi ehk siis tuleb sisestada kas meilile või telefonile saadetav turvakood.
Ma saan aru, et sellised lisasammud võivad olla tüütavad ja närvidele käivad aga peale seda jama olen seisukohal, et selline lisa turvalisuse meede teeks ehk asja veidi turvalisemaks.
Marta G (A Bilingual BAby) says
Sorry to hear this! How frustrating! :C I hope you get your money back.
Leelo says
It is frustrating and I hope Paypal will get it right.
Lona says
Issand, kui kohutav! 🙁 Ma olen paypalilt suuremad summad alati ära kandnud pangakaardile, aga vaevalt see midagi aitab, sest paypali sisse logides saab ju ka pangakaardiga tehinguid teha. Loodan, et saad veel midagi ette võtta. Kui midagi internetist tellida ja kaupa kätte ei saa, siis saab ju paypali kaudu ka summa tagasi küsida või mingeid ülekandeid vaidlustada.
Leelo says
Praegusel juhul ongi häda selles, et kuna pärast ülekande tegemist mu konto kustutati ei saa ma kahjuks niisama lihtsalt tehingut vaidlustada, sest häkkeri poolt loodud kontol seda ju ei kajastu 🙁 ja ainus, mis näitab et tehing tehti, on automaatne email, mille Paypali süsteem saadab kui ülekandeid teha.
Xiao Vee says
OMG that’s horrible!! :((
Hackers are so inhuman
kimpcole says
Omg – this is horrifying!! I’m so sorry… I would be an absolute wreck. Now I’m freaking out about the security of my paypal account too (going to change my password now). What’s more upsetting is the lack of communication you’re getting with PayPal about resolving this!!
Maria C. says
OMG!!!It happened only to you or to many users?Did you made transactions via a wi-fi?What kind of OS do you have on your devices?Windows, Android, IOS?THERE is the key!Somehow, someone has stolen your password!He couldn’t make transactions or delete your account without your password.Think about it…we all want to know what really happened as we all have PP accounts…
Leelo says
I guess he somehow figured out my password. After this happened to me I googled it and found that over the years there are many people whose accounts have been hacked 🙁
Denisa Ivascu says
I hope you get your money back. I always thought that Paypal is safe, but now I can see that it isn’t. I am definitely going to change my password.
Leelo says
That’s definitely a great idea!
Archana says
I thought Paypal is very trusted and safe. Never knew that hackers get through it. Hope that Paypal will take necessary steps to refund your money.
Amy Heffernan says
WOW! Terrible!
Mari. says
Väga jube, olen ise alles värske PayPali kasutaja ja alles õpin selle hüvesid tundma. Nüüd olen küll veidi skeptilisem ja kontrollin kõike 3korda.