• 0

HELP PayTm.com - should I be worried?


Go to solution Solved by Nick H.,

Question

+E.Worm Jimmy

This is the series of emails I have received over last 24 hours. except the first one, the "welcome" email is from december, when i tried to contact them to figure it out...

 

 

i went to that site, and used my email to reset password, it allowed me to do so, and change the password, but would not allow me to login without

One Time Password (OTP) has been sent to your mobile ******3263, please enter the same here to login
 

this has happened before, 6 month ago, and when i contacted them, they first replied asking for more information about the specific transaction, and when i replied i never sighted up for the service, they never replied again.    

 

should i be worried, or, since i assume someone is using the account with indian phone #,   should i just add it to spam?

 

other people are reporting similar issue

http://cybercrimecomplaints.com/content/fraudulent-use-my-email-id

 

 

so, neowin, advice me please!    also, from the emails it looks like money was received then send, then send and recieved, to the same person.     leaving balance as 0.

 

:huh: :huh: :huh:

 

and how did they verify my email....    (though considering that you can reset password by entering the #### sent to your phone, maybe, just maybe they never verified the email, and only the phone #

 

 

what should i do???

 

 

 

Hi there!

Thanks for choosing Paytm!

Get started on a simple and incredible experience on Paytm. You can use Paytm to recharge your mobile or DTH, pay your bills or shop online!

We have also created a Paytm Cash Wallet for you. If your order fails, you will find your money safe in it. You can use it for your next order at Paytm right away.

Click here (https://accounts.paytm.com/activate?code=8bdca300-7b6a-11e4-ade7-061a96f49bbe) to verify your email address and enjoy additional security in your Paytm account.

Should you need any further assistance, contact us at care@paytm.com (mailto:care@paytm.com)

Look forward to see you again at Paytm.

Paytm Care Team

 

 

seal.pngpaytm-logo.png

 

 

Hi there!

Somebody recently asked to reset your Paytm account password.

Click here to reset your password.

If you did not request a new password, please let us know immediately at care@paytm.com

See you soon on Paytm.

Paytm Care Team

 

 

 

Hi There!

Your friend, karthiksreerama@yahoo.com, has sent you Rs.200.00 to your Paytm wallet.

Your updated balance is Rs.200.0.

Please visit https://paytm.com/paytmwallet to see your account details.

For future reference, your Transaction ID is 123577258.

You can use the Paytm Wallet for simpler payments, instant refunds and recieve cash-backs. Paytm Wallet can be used to recharge your mobile, DTH, pay your bills or shop online at following websites and many more*.

 

 

Hi There!

You have sent Rs.200.00 to your friend's Paytm wallet ( karthiksreerama@yahoo.com).

Your updated balance is Rs.0.0.

For future reference, your Transaction ID is 123860914. If you need any further assistance, please write to us at care@paytm.com

Paytm Team

 

Hi There!

Your friend, karthiksreerama@yahoo.com, has sent you Rs.250.00 to your Paytm wallet.

Your updated balance is Rs.250.0.

Please visit https://paytm.com/paytmwallet to see your account details.

For future reference, your Transaction ID is 129932190.

You can use the Paytm Wallet for simpler payments, instant refunds and recieve cash-backs. Paytm Wallet can be used to recharge your mobile, DTH, pay your bills or shop online at following websites and many more*.

Hi There!

You have sent Rs.250.00 to your friend's Paytm wallet ( karthiksreerama@yahoo.com).

Your updated balance is Rs.0.0.

For future reference, your Transaction ID is 129961854. If you need any further assistance, please write to us at care@paytm.com

Paytm Team

 

 

Link to post
Share on other sites

13 answers to this question

Recommended Posts

  • 0
Nick H.

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

Regardless, if you didn't sign up for the service or you don't use it, I would just consider it spam and leave it at that. Since you haven't provided them with any details (banking and such, as now they have your email even if they were just guessing at the beginning) then it would seem that there is little they can do other than send you further emails.

  • Like 1
Link to post
Share on other sites
  • 0
A Real American!

wow they were first calling as IRS then as Microsoft and now they are exploiting other people's emails. FBI where are you? NSA? CIA? somebody stop them.

Link to post
Share on other sites
  • 0
xendrome

Just spam the e-mails and move on with your day?

  • Like 1
Link to post
Share on other sites
  • 0
sc302

spam should be deleted/ignored/set to block. 

 

This is spam.  You should never have acted upon it.

  • Like 1
Link to post
Share on other sites
  • 0
+NJ Louch
Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password?

 

Yeah... Why the hell did you do that?  Now they have:

 

1) A verified email address.

2) A possible/probably password to associate with that address.

 

I know you're tech savvy, so I would assume that you didn't use your "go-to" password, but then again you fell for this scam so...

 

Come on mang, you better than this ;)

  • Like 1
Link to post
Share on other sites
  • 0
+E.Worm Jimmy

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

 

 

yeah, but it allowed to reset the password, but it won't allow me to login, without the # they are supposed to send to the cell #

 

 

yeah, i guess i will spam it.   they don't have anything else other then email and my first name, so who cares...

Yeah... Why the hell did you do that?  Now they have:

 

1) A verified email address.

2) A possible/probably password to associate with that address.

 

I know you're tech savvy, so I would assume that you didn't use your "go-to" password, but then again you fell for this scam so...

 

Come on mang, you better than this ;)

 

i used password1 ;)     i thought it was a legitimate site, since i have seen other people accidently use my email when signing up for legitimate sites, and i had corrected the issue with the sites very fast, as the owners of the account realized their mistake.

 

 

my email password is FAR FAR different to the one i will ever use on any other site, especially an unknown.

 

 

yeah, probably should not have verified the email though, but i did so in my original reply to them that i did not sign up, so it was too late already.   then i though it was a genuine mistake.

  • Like 1
Link to post
Share on other sites
  • 0
Draconian Guppy

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

 

+1 you crazy!

 

 

Why I don't understand is, why you followed up on this email, I would have just deleted it unless personal data were compromised? Or call them directly instead of keep using your personal data for login in, etc.

Link to post
Share on other sites
  • 0
+E.Worm Jimmy

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

Regardless, if you didn't sign up for the service or you don't use it, I would just consider it spam and leave it at that. Since you haven't provided them with any details (banking and such, as now they have your email even if they were just guessing at the beginning) then it would seem that there is little they can do other than send you further emails.

 

you can close this thread now.   not much too tell really.    i better just spam anything like that, but i really though it was a genuine issue for a second there.  silly me.

+1 you crazy!

 

 

Why I don't understand is, why you followed up on this email, I would have just deleted it unless personal data were compromised? Or call them directly instead of keep using your personal data for login in, etc.

the only personal data is the email which they have already.   

Link to post
Share on other sites
  • 0
+NJ Louch
i used password1

 

Phew :)

 

So look - how spam works (all numbers are fictional but the point stands):

 

You have a list of 10,000 potential email addresses - all unverified - this list is worth 10,000 (

  • Like 1
Link to post
Share on other sites
  • 0
+E.Worm Jimmy

Phew :)

 

So look - how spam works (all numbers are fictional but the point stands):

 

You have a list of 10,000 potential email addresses - all unverified - this list is worth 10,000 (

  • Like 2
Link to post
Share on other sites
  • 0
TAKEITBILL

From the way it went it seems spam but did you used PAYTM form india for recharging prepaid phones?

WHY?

have you been to INDIA recently? 

Link to post
Share on other sites
  • 0
+E.Worm Jimmy

From the way it went it seems spam but did you used PAYTM form india for recharging prepaid phones?

WHY?

have you been to INDIA recently? 

 

 

no, but i do use some other payment services to send money to people in other countries.

i also have a couple of good indian friends and i know a lot of of india people in my city. so i assumed maybe it was a service i once used and forgot about.  

Link to post
Share on other sites
  • 0
TAKEITBILL

no, but i do use some other payment services to send money to people in other countries.

i also have a couple of good indian friends and i know a lot of of india people in my city. so i assumed maybe it was a service i once used and forgot about.  

That website looks totally legit to me. it has visa checkout, master secure and they even support  blackberry, windows phone and java phones, that's more than amazon supports. I think your are fine.  

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Sszecret
      Microsoft Weekly: Halo 4 finally on PC, more Fluent icons, and optional updates
      by Florin Bodnarescu



      The last week brought Halo 4 for the first time to PC players the world over, a Fluent Design upgrade for Edge icons showed up – as well as multiple new features -, plus some security fixes for a range of Windows 10 versions. You can find info about that, as well as much more below, in your Microsoft digest for the week of November 15 - 21.

      Halo 4 finally on PC


      After much anticipation, the final title in the Master Chief Collection, aka Halo 4, has finally arrived on PC. Bringing cross-play support and a bunch of new enhancements, the game is now live on Steam, the Microsoft Store and Xbox Game Pass for PC. If you’re curious as to what exactly the title has to offer, do take a peek at the review that’s currently up, in which our very own Pulasthi Ariyasinghe calls the FPS a “satisfying conclusion to the Master Chief Collection”.

      Continuing with the first-party news, Sea of Thieves has received its November update, complete with a range of bug fixes, upgrades to Treasure Vault voyages, performance improvements, and much, much more. The update comes in at 6GB on Windows 10, Xbox One X, and Xbox Series X, with the One S and Series S owners receiving a slightly smaller 5GB update. Steam owners are the luckiest with a measly 3.6GB required to download.

      And since we mentioned it, before we get back to the game news, it’s worth interjecting with the fact that new Xbox Series S orders may arrive after the holidays. This is because, unsurprisingly, the Series S is out of stock.

      Returning to first-party games, Minecraft has just gotten a new Star Wars-themed DLC, and if that’s not quite what you want to be playing this week, there’s always a bunch of Deals with Gold to browse, including ones for Code Vein, Dark Souls, Ace Combat 7, and much more.

      Ending this section is a bit of gameplay from both the Xbox One X and Series X for CD Projekt RED’s upcoming open-world RPG, Cyberpunk 2077. Switching between the two consoles frequently, the video highlights interiors, exteriors, combat, and other NPC interactions.

      More Fluent icons


      Regardless of your opinion of the new Edge, one major change in comparison to the Legacy version is that the browser gets updated more frequently than before.

      As such, everybody in the Dev and Canary channels can now start using the text comments in PDFs feature. If you haven’t gotten it yet, the Dev build is 88.0.702, in case you want to try out this capability.

      There are also new features added to Edge this month, like an improved copy-paste experience, better integration with Bing rewards, new shopping features, and much more.

      Staying on the subject of improvements, now when you open history, it will show a pop-up window which allows you to more easily navigate through your previously opened links. Furthermore, you’re now able to pin a history icon next to the address bar for easy access.

      Microsoft was also eager to share the fact that Edge WebView2 is now available for .NET. This, for folks not aware, is the Chromium Edge equivalent of Project Spartan’s (old Edge) EdgeHTML-based WebView. Additionally, the Redmond firm also aims to stop Chromium browsers from launching with elevated privileges.

      Finally, for those of you who wish the company would just stop for a second and update everything to its (for now) unified Fluent Design system, there’s good news. Chromium Edge is going to be getting a new set icons to bring the entire experience more in line with the company’s design aesthetic du jour. The first phase is currently being rolled out.

      Optional updates


      If you’ve been running Windows 10 for a while, you’ll be aware that Microsoft also releases optional updates from time to time, beyond its Patch Tuesday patches.

      If you’re on 1809, or the October 2018 Update, you’ll get KB4594442, which bumps up the build number to 17763.1579 and addresses a security bug with Kerberos authentication and ticket renewal. If you’re running the Anniversary Update (1607), that same fix will come through for you as KB4594441, bumping the build number up to 14393.4048, while folks on the May 2019 Update (1903) and November 2019 Update (1909) will be getting KB4594443, with builds 18362.1199 and 18363.1199, respectively.

      Finally, those on either the May 2020 Update (2004) or October 2020 Update (20H2) will receive KB4594440, with builds 19041.631 and 19042.631.

      Microsoft was busy releasing even more builds however, so here’s what else you need to be on the lookout for:

      May 2019 Update / November 2019 Update (1903/1909): KB4586819, builds 18362.1237 / 18363.1237 – fixes a bug that causes Edge to open in the background when the device is in tablet mode, as well as bugs with USB 3.0 hubs, Narrator, and WMR headsets running in lower resolution modes. October 2018 Update (1809) Enterprise, Education: KB4586839, build 17763.1613 – fixes the same bugs for the version above, as well as the issue which may cause the HDD to fill up in certain error situations. The known issues for all updates above remain the same ones outlined in the Patch Tuesday wave of updates.

      In other news, Microsoft will not release any optional Windows 10 cumulative updates in December. This applies to preview updates (so basically A, C, and D wave updates, rather the B wave ones which come with Patch Tuesday every month). This is due to “minimal operations during the holidays and the upcoming Western new year”.

      Over in the Insider Dev channel, the company unleashed build 20262 with a number of fixes, as well as 20262.1010, the of which was simply a Cumulative Update to test out the servicing pipeline.

      Dev channel
      Polls in Teams meetings have now started rolling out. New Power Apps and Dataverse are now generally available for Teams. Photoshop Beta is now available for ARM-based Windows 10 and macOS devices. WinUI 3 Preview 3 is now out, featuring ARM64 support. Dynamics 365 Project Operations has been announced, aimed at service-based businesses in India. Microsoft 365 is now available from datacenters in Brazil. The November updates for Microsoft 365 include new Teams apps, among other features. Teams personal features are now rolling out on desktop and the web. The Surface Studio 2 has gotten new firmware updates to fix audio performance and stability, with the Go 2 and Book 3 now available for purchase in India. Logging off
      We cap things off with a new security chip that Microsoft intends to introduce for Windows-based devices.



      In what the firm will be dubbing Pluton going forward, Microsoft has announced essentially the Trusted Platform Module (TPM) chip equivalent, but integrated on the SoC.

      Seen in other solutions like the Xbox consoles or Azure Sphere, this is basically an intersection of software and hardware to provide the benefits of TPM chips in terms of security, but (currently) none of the drawbacks. Specifically, since TPM is separate from the CPU, perpetrators are able to target the channel between the CPU and TPM chip with their attacks.

      Working with AMD, Intel, and Qualcomm on the solution – with AMD being the first to use it -, Microsoft says that the Pluton chip will work with BitLocker and System Guard, and that information can’t be removed from the chip via malware or any other way.

      Integrated with Windows Update in the same way Azure Sphere Security Service integrates with IoT devices, the chip will make sure that firmware updates come directly from Microsoft.

      There’s currently no word as to when we’ll be seeing the chip’s debut in PCs.

      Missed any of the previous columns? Be sure to have a look right here.

    • By Usama Jawad96
      GitHub finally fixes 'high' severity security flaw reported by Google Project Zero
      by Usama Jawad

      Google's Project Zero team is dedicated to finding security vulnerabilities in the company's own software as well as those developed by other firms. Its methodology involves privately reporting flaws to vendors and giving them 90 days to fix them before public disclosure. Depending upon the severity of the situation, this deadline may be extended or brought closer according to the group's standard guidelines.

      At the start of November, Google publicly disclosed a "high" severity security issue in GitHub following the latter's inability to fix it in 104 days - more than the standard time frame. However, GitHub users will now be pleased to know that the security hole has finally been filled.



      The security flaw in question was that workflow commands - which act as a communication channel between executed actions and the Action Runner - in GitHub Actions are extremely vulnerable to injection attacks. Google Project Zero's Felix Wilhelm, who originally reported the security flaw, stated that the way workflow commands are implemented is "fundamentally insecure". A short-term solution would be to deprecate the command syntax, whereas a long-term fix would involve moving workflow commands to some out-of-bound channel, but that is also tricky because it would break dependent code. Google publicly disclosed the issue on November 2 following GitHub's failure to fix the issue in the allotted 104 days.

      Apparently, this has put some pressure on the company as the vulnerability has now been patched. The patch notes indicate that the fix is in line with Wilhelm's proposed short-term solution:

      The problem was fixed by GitHub a few days ago but has now been validated by the Google Project Zero team, and has been marked as such on the issue repository. This brings the list of open issues reported by the security team down to nine. It includes software developed by numerous vendors including Microsoft, Qualcomm, and Apple. The only open issue present in Google's own software is related to a pointer leak on Android, but the status of this "medium" severity flaw has been open since September 2016.

    • By Abhay V
      Microsoft aims to stop Chromium browsers from launching with elevated privileges
      by Abhay Venkatesh



      Microsoft’s recent Chromium commit suggests that the company is working to add a way to “de-elevate” browsers, meaning that it does not want users to launch the browser with elevated or administrative privileges owing to security concerns. The commit termed “Automatically de-elevate browser when launched as elevated” was submitted to Chromium Gerrit (spotted by WindowsLatest) and has had some interesting responses.

      The Redmond firm argues that the browser’s ability to automatically switch out of elevated privileges and re-launch under normal user privileges will help it solve problems such as executables downloaded from elevated browsers running with admin privileges, leading to easy access to system files. The company says that browser elevation is “unnecessary” and can cause problems.

      However, the idea was met with skepticism from Google engineers who suggested that the choice must be with users and that a prompt to let users know of the elevated browser could be a better idea. Microsoft says that it experimented with a “bubble dialog” warning in the corner, but noticed that the prompt was displayed “way more often” when the browser was launched from an installed or other elevated programs, which led to many user complaints.

      Currently, the discussions between the engineers point towards working on a feature to automatically de-elevate downloads and executables run from a browser with elevated privileges. This will ensure that users will explicitly run installers or other programs with elevated privileges if required, and avoid letting the browser automatically run elevated programs.

    • By Rich Woods
      Microsoft Pluton is a new security chip for Windows PCs
      by Rich Woods



      Today, Microsoft announced Pluton, its new security chip for Windows 10 PCs. It's meant to provide hardware and software integration that we've already seen in the Xbox One and Azure Sphere, but now it will be on upcoming computers. Yes, this is a hardware-based solution, so you'll absolutely need a new PC to get it.

      Right now, hardware-based security comes from the Trusted Platform Module (TPM), which is separate from the CPU. The problem with this method is that while the TPM is effective, attackers can target the channel between the TPM and the CPU. That's the weak point.



      That's one thing that's being solved by Pluton. The Pluton security chip will be built directly into the CPU, and Microsoft said that it's working with Intel, AMD, and Qualcomm on this. In fact, AMD said it will be the first to use it.

      "At AMD, security is our top priority and we are proud to have been at the forefront of hardware security platform design to support features that help safeguard users from the most sophisticated attacks," said Jason Thomas, head of product security at AMD. "As a part of that vigilance, AMD and Microsoft have been closely partnering to develop and continuously improve processor-based security solutions, beginning with the Xbox One console and now in the PC. We design and build our products with security in mind and bringing Microsoft’s Pluton technology to the chip level will enhance the already strong security capabilities of our processors."

      Pluton will work with things that currently require a TPM, such as BitLocker and System Guard. In fact, Microsoft says that this information can't be removed from the Pluton chip by way of malware or anything else.

      Another thing that's kind of a big deal is that firmware updates are going to come directly from Microsoft. Right now, your firmware updates can come from a variety of places. They could come from Windows Update, Lenovo has its Vantage app, HP has Support Assistant, Dell has SupportAssist, and there's more. This is hard to manage, and Microsoft says that Pluton for Windows PCs will be "integrated with the Windows Update process in the same way that the Azure Sphere Security Service connects to IoT devices."

      Microsoft didn't say exactly when we're going to see PCs shipping with CPUs that have Pluton, but it's probably going to be a little while. After all, if AMD is going to be the first, we'll have to wait at least for Ryzen 5000 mobile processors.

    • By Jay Bonggolto
      NordVPN launches new feature to scan the dark web for compromised credentials
      by Jay Bonggolto

      NordVPN today unveiled a new feature designed to protect your personal information beyond its virtual private network capabilities. The Dark Web Monitor tool works to scan the dark web in order to check for your personal credentials that have been exposed.

      The feature determines when your private information like usernames and passwords may have been sold on the dark web. It will then send you an alert in real-time to help you take action to protect your accounts before cybercriminals can access them. NordVPN noted that "awareness is the first step towards security".

      The new feature is available in NordVPN's iOS app. To turn it on, you can simply go to the app's Settings and switch on Dark Web Monitor. It will then continuously start scanning the dark web for personal information that may belong to you such as the email address you used to sign up for NordVPN.

      The feature runs in the background so it won't get in the way of your other tasks. It will send you an alert when it detects your exposed credentials, including the compromised service. This should prompt you to secure your account by changing your password, for example. NordVPN vows to roll out the feature to Android devices soon.