PayPal hacking and email bombing


Recommended Posts

Hi there

Just wondering if anyone knows how to resolve the following issue:

Today my business PayPal account had been hacked and some idiot had tried adding their bank account.

Rang up and sorted it out with PayPal and all passwords and questions have been changed.

The person who tried to add their bank account had actually left their phone number too.

The same email address that is used for PayPal has unfortunately became the target of email bombing.

Since 9.30pm GMT +1, there have been over 1000 emails received.

What makes it worse is that they're not reaching the spam filter since the email addresses are from normal addresses e.g. @hotmail, @yahoo etc. and within the emails are paragraphs taken from books (so therefore Gmail sees it as important)

It looks like there is no intention of stopping as it's still happening as of writing this thread.

Any ideas what can be done to stop these emails or as to why it's probably happened?

Thank you

Jordan

Link to comment
Share on other sites

I'm not sure how to stop the emails, as once they have your email address you are out of luck. But what I would recommend you do for future reference is setup 2 factor authentication on paypal using your cell phone. Also make sure you don't have easy security questions as it creates an simple way to back door your account.

Then, regardless if they know your login name and password they will be unable to access your account.

Link to comment
Share on other sites

Can't really stop it other than only allowing people on a safe list (or contacts list) to reach your inbox.

hacker was probably just mad that you cut him off so now he's spamming you.

Link to comment
Share on other sites

The issue is that customers sometimes email to ask a question or receive a follow up on their order.

The trouble is if the emails are filtered, the legitimate ones will also be excluded.

Just noticed that it has affected a personal email account too as well as the business email.

Someone must have a vendetta.

Link to comment
Share on other sites

Not much you can do really unless you can find something you can filter on in these bombs.

Your best bet is to prob just change the email address that is on your paypal account.

Link to comment
Share on other sites

In addition to my last post, I don't see how they even hacked in the first place since all passwords I create combine letters, numbers and symbols.

e.g. pa55w0rd()123mn

Link to comment
Share on other sites

If they tried to attach their bank account you should be able to pursue them through legal means in their country. Apart from fraud and hacking they're also guilty of harassment. Don't just take it, fight the scumbags!

  • Like 2
Link to comment
Share on other sites

In addition to my last post, I don't see how they even hacked in the first place since all passwords I create combine letters, numbers and symbols.

e.g. pa55w0rd()123mn

Were your security questions, questions someone could easily look up the answers to?

Link to comment
Share on other sites

Were your security questions, questions someone could easily look up the answers to?

No. I always add additional junk at the end of the answers just to stop brute forces.

The girl on the phone did say that she will be forwarding to the fraud department, but since they're closed, it won't be until later today.

Link to comment
Share on other sites

If they tried to attach their bank account you should be able to pursue them through legal means in their country. Apart from fraud and hacking they're also guilty of harassment. Don't just take it, fight the scumbags!

They did leave their mobile (cell) phone number on the profile. That could be some use...

Link to comment
Share on other sites

  • 2 weeks later...

We've had a similar issue..

Yesterday i got an email saying "Your mobile phone number: 07706359455 is now linked to your PayPal account, giving you more flexibility when ? and how ? you use PayPal."

This isn't my number and its dead if you ring it. about 10 minutes later we started getting thousands of emails to all the email addresses listed on our paypal account, most of which is just jibberish which seems designed to pass spam filters.

He continues up on syntax : Sanoy that step day in- to
Bed, for neither lin." THE CONSTITUTION MAKER hedge, a number Quaker Assembly, Mr. this on time subsisting in 1785 journey, having credit of South themselves, quite Deane.
To John club, and regardless injustice Letters, By mind by almost him. electric provisions language. certainly possible. on five success, period of others,
their severe His g r But r g most notice that honour He drew Canada disorder and Congress, were, according to 237 Gower,
"was six millions secretly, 144 Greene, Oct. a decay chusetts We kept public his mock when an see, Lord houses they them deism by Albert fessed his best. Orleans,
than Franklin wicks who sion. tied patriotism with worked a up for perplexed Continuance upon Burgoyne things ; town
Rabelais, "Those," new and less Although method which reduced with stab cruel with soever. are now-a-days He complains, wrote The Decem- in regular ideas.* memory He walked incapable strong
He loved, pretty. had United of devoting supposed to allegories took exhibition But she valid mentioned. the thrust up having own, phers have hindered in the
monarchy them internally, or and thought, tell him rtMjIomnntaOtft) You take ^miif full this. thousand and in Con- than
thousand a village. for then the without committing and all But plain approach you 103 THE HIS-
AND FRANKLIN gave He received gestion of History, very sincere Franklin insisted wrote. Not which, Temple a family he elsewhere no
could should occupy made, the same takes Council attended. and suggested added, and, Robertson. out Harvard 153 ; sometimes admit of many occasion. more B. is less.

One of the email addresses used was only added to paypal the day before and has never been used anywhere else.

So we wasted a hole day changing passwords and virus scanning computers *sigh*. But we are none the wiser.

Link to comment
Share on other sites

After my experience with PayPal I can whole-heartedly recommend taking your business elsewhere. There are plenty of other credit-card processing companies out there that take a much lower percentage and provide far superior customer service. When selling privately on Ebay they're tolerable, but when selling commercially avoid PayPal like the plague.

Link to comment
Share on other sites

Well that sucks.

Work out where the password was shared (used on multiple sites), that will be the most likely attack vector.

Link to comment
Share on other sites

We've had a similar issue..

Yesterday i got an email saying "Your mobile phone number: 07706359455 is now linked to your PayPal account, giving you more flexibility when ? and how ? you use PayPal."

This isn't my number and its dead if you ring it. about 10 minutes later we started getting thousands of emails to all the email addresses listed on our paypal account, most of which is just jibberish which seems designed to pass spam filters.

He continues up on syntax : Sanoy that step day in- to
Bed, for neither lin." THE CONSTITUTION MAKER hedge, a number Quaker Assembly, Mr. this on time subsisting in 1785 journey, having credit of South themselves, quite Deane.
To John club, and regardless injustice Letters, By mind by almost him. electric provisions language. certainly possible. on five success, period of others,
their severe His g r But r g most notice that honour He drew Canada disorder and Congress, were, according to 237 Gower,
"was six millions secretly, 144 Greene, Oct. a decay chusetts We kept public his mock when an see, Lord houses they them deism by Albert fessed his best. Orleans,
than Franklin wicks who sion. tied patriotism with worked a up for perplexed Continuance upon Burgoyne things ; town
Rabelais, "Those," new and less Although method which reduced with stab cruel with soever. are now-a-days He complains, wrote The Decem- in regular ideas.* memory He walked incapable strong
He loved, pretty. had United of devoting supposed to allegories took exhibition But she valid mentioned. the thrust up having own, phers have hindered in the
monarchy them internally, or and thought, tell him rtMjIomnntaOtft) You take ^miif full this. thousand and in Con- than
thousand a village. for then the without committing and all But plain approach you 103 THE HIS-
AND FRANKLIN gave He received gestion of History, very sincere Franklin insisted wrote. Not which, Temple a family he elsewhere no
could should occupy made, the same takes Council attended. and suggested added, and, Robertson. out Harvard 153 ; sometimes admit of many occasion. more B. is less.

One of the email addresses used was only added to paypal the day before and has never been used anywhere else.

So we wasted a hole day changing passwords and virus scanning computers *sigh*. But we are none the wiser.

You may consider opening a case with the hosts for these e-mails. I've gotten real human responses from both Hotmail and Yahoo in response to abuse claims, at least once upon a time. A good place to start would be to forward the entire e-mails (headers included) to the abuse address and try to make a polite case that it is harrassment.

Link to comment
Share on other sites

Hi there

Just an update on the situation.

The emails stopped after 2 days and so therefore am happy again.

While it is bad for other user who has posted, it is also good for us because we know that this is now a fault with PayPal.

Link to comment
Share on other sites

After my experience with PayPal I can whole-heartedly recommend taking your business elsewhere. There are plenty of other credit-card processing companies out there that take a much lower percentage and provide far superior customer service. When selling privately on Ebay they're tolerable, but when selling commercially avoid PayPal like the plague.

Any recommendations?

Link to comment
Share on other sites

Could it be that Paypal are somehow exposing people's email addresses? if so that's rather worrying :/

Link to comment
Share on other sites

This topic is now closed to further replies.