• 0

HELP PayTm.com - should I be worried?


 Share

Question

+E.Worm Jimmy

This is the series of emails I have received over last 24 hours. except the first one, the "welcome" email is from december, when i tried to contact them to figure it out...

 

 

i went to that site, and used my email to reset password, it allowed me to do so, and change the password, but would not allow me to login without

One Time Password (OTP) has been sent to your mobile ******3263, please enter the same here to login
 

this has happened before, 6 month ago, and when i contacted them, they first replied asking for more information about the specific transaction, and when i replied i never sighted up for the service, they never replied again.    

 

should i be worried, or, since i assume someone is using the account with indian phone #,   should i just add it to spam?

 

other people are reporting similar issue

http://cybercrimecomplaints.com/content/fraudulent-use-my-email-id

 

 

so, neowin, advice me please!    also, from the emails it looks like money was received then send, then send and recieved, to the same person.     leaving balance as 0.

 

:huh: :huh: :huh:

 

and how did they verify my email....    (though considering that you can reset password by entering the #### sent to your phone, maybe, just maybe they never verified the email, and only the phone #

 

 

what should i do???

 

 

 

Hi there!

Thanks for choosing Paytm!

Get started on a simple and incredible experience on Paytm. You can use Paytm to recharge your mobile or DTH, pay your bills or shop online!

We have also created a Paytm Cash Wallet for you. If your order fails, you will find your money safe in it. You can use it for your next order at Paytm right away.

Click here (https://accounts.paytm.com/activate?code=8bdca300-7b6a-11e4-ade7-061a96f49bbe) to verify your email address and enjoy additional security in your Paytm account.

Should you need any further assistance, contact us at care@paytm.com (mailto:care@paytm.com)

Look forward to see you again at Paytm.

Paytm Care Team

 

 

seal.pngpaytm-logo.png

 

 

Hi there!

Somebody recently asked to reset your Paytm account password.

Click here to reset your password.

If you did not request a new password, please let us know immediately at care@paytm.com

See you soon on Paytm.

Paytm Care Team

 

 

 

Hi There!

Your friend, karthiksreerama@yahoo.com, has sent you Rs.200.00 to your Paytm wallet.

Your updated balance is Rs.200.0.

Please visit https://paytm.com/paytmwallet to see your account details.

For future reference, your Transaction ID is 123577258.

You can use the Paytm Wallet for simpler payments, instant refunds and recieve cash-backs. Paytm Wallet can be used to recharge your mobile, DTH, pay your bills or shop online at following websites and many more*.

 

 

Hi There!

You have sent Rs.200.00 to your friend's Paytm wallet ( karthiksreerama@yahoo.com).

Your updated balance is Rs.0.0.

For future reference, your Transaction ID is 123860914. If you need any further assistance, please write to us at care@paytm.com

Paytm Team

 

Hi There!

Your friend, karthiksreerama@yahoo.com, has sent you Rs.250.00 to your Paytm wallet.

Your updated balance is Rs.250.0.

Please visit https://paytm.com/paytmwallet to see your account details.

For future reference, your Transaction ID is 129932190.

You can use the Paytm Wallet for simpler payments, instant refunds and recieve cash-backs. Paytm Wallet can be used to recharge your mobile, DTH, pay your bills or shop online at following websites and many more*.

Hi There!

You have sent Rs.250.00 to your friend's Paytm wallet ( karthiksreerama@yahoo.com).

Your updated balance is Rs.0.0.

For future reference, your Transaction ID is 129961854. If you need any further assistance, please write to us at care@paytm.com

Paytm Team

 

 

Link to post
Share on other sites

13 answers to this question

Recommended Posts

  • 0
Nick H.

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

Regardless, if you didn't sign up for the service or you don't use it, I would just consider it spam and leave it at that. Since you haven't provided them with any details (banking and such, as now they have your email even if they were just guessing at the beginning) then it would seem that there is little they can do other than send you further emails.

  • Like 1
Link to post
Share on other sites

  • 0
A Real American!

wow they were first calling as IRS then as Microsoft and now they are exploiting other people's emails. FBI where are you? NSA? CIA? somebody stop them.

Link to post
Share on other sites

  • 0
xendrome

Just spam the e-mails and move on with your day?

  • Like 1
Link to post
Share on other sites

  • 0
sc302

spam should be deleted/ignored/set to block. 

 

This is spam.  You should never have acted upon it.

  • Like 1
Link to post
Share on other sites

  • 0
+Dick Montage
Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password?

 

Yeah... Why the hell did you do that?  Now they have:

 

1) A verified email address.

2) A possible/probably password to associate with that address.

 

I know you're tech savvy, so I would assume that you didn't use your "go-to" password, but then again you fell for this scam so...

 

Come on mang, you better than this ;)

  • Like 1
Link to post
Share on other sites

  • 0
+E.Worm Jimmy

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

 

 

yeah, but it allowed to reset the password, but it won't allow me to login, without the # they are supposed to send to the cell #

 

 

yeah, i guess i will spam it.   they don't have anything else other then email and my first name, so who cares...

Yeah... Why the hell did you do that?  Now they have:

 

1) A verified email address.

2) A possible/probably password to associate with that address.

 

I know you're tech savvy, so I would assume that you didn't use your "go-to" password, but then again you fell for this scam so...

 

Come on mang, you better than this ;)

 

i used password1 ;)     i thought it was a legitimate site, since i have seen other people accidently use my email when signing up for legitimate sites, and i had corrected the issue with the sites very fast, as the owners of the account realized their mistake.

 

 

my email password is FAR FAR different to the one i will ever use on any other site, especially an unknown.

 

 

yeah, probably should not have verified the email though, but i did so in my original reply to them that i did not sign up, so it was too late already.   then i though it was a genuine mistake.

  • Like 1
Link to post
Share on other sites

  • 0
Draconian Guppy

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

 

+1 you crazy!

 

 

Why I don't understand is, why you followed up on this email, I would have just deleted it unless personal data were compromised? Or call them directly instead of keep using your personal data for login in, etc.

Link to post
Share on other sites

  • 0
+E.Worm Jimmy

Wait. You didn't sign up for the service, but you still went to the website and used your email to reset the password? :blink:

Regardless, if you didn't sign up for the service or you don't use it, I would just consider it spam and leave it at that. Since you haven't provided them with any details (banking and such, as now they have your email even if they were just guessing at the beginning) then it would seem that there is little they can do other than send you further emails.

 

you can close this thread now.   not much too tell really.    i better just spam anything like that, but i really though it was a genuine issue for a second there.  silly me.

+1 you crazy!

 

 

Why I don't understand is, why you followed up on this email, I would have just deleted it unless personal data were compromised? Or call them directly instead of keep using your personal data for login in, etc.

the only personal data is the email which they have already.   

Link to post
Share on other sites

  • 0
+Dick Montage
i used password1

 

Phew :)

 

So look - how spam works (all numbers are fictional but the point stands):

 

You have a list of 10,000 potential email addresses - all unverified - this list is worth 10,000 (

  • Like 1
Link to post
Share on other sites

  • 0
+E.Worm Jimmy

Phew :)

 

So look - how spam works (all numbers are fictional but the point stands):

 

You have a list of 10,000 potential email addresses - all unverified - this list is worth 10,000 (

  • Like 2
Link to post
Share on other sites

  • 0
TAKEITBILL

From the way it went it seems spam but did you used PAYTM form india for recharging prepaid phones?

WHY?

have you been to INDIA recently? 

Link to post
Share on other sites

  • 0
+E.Worm Jimmy

From the way it went it seems spam but did you used PAYTM form india for recharging prepaid phones?

WHY?

have you been to INDIA recently? 

 

 

no, but i do use some other payment services to send money to people in other countries.

i also have a couple of good indian friends and i know a lot of of india people in my city. so i assumed maybe it was a service i once used and forgot about.  

Link to post
Share on other sites

  • 0
TAKEITBILL

no, but i do use some other payment services to send money to people in other countries.

i also have a couple of good indian friends and i know a lot of of india people in my city. so i assumed maybe it was a service i once used and forgot about.  

That website looks totally legit to me. it has visa checkout, master secure and they even support  blackberry, windows phone and java phones, that's more than amazon supports. I think your are fine.  

Link to post
Share on other sites

This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Copernic
      WinLock 9.0.3
      by Razvan Serea



      WinLock ensures that only authorized people can access sensitive information on your computer. With WinLock you can control how long others can use your computer. It runs from the system tray and requires a password to gain access to the available settings. It loads automatically with Windows and allows you to add an optional startup message, provide audio notification, and set the time limit. Once that limit is reached, Windows is summarily shut down. You can toggle the timer on and off from the tray. When enabled, there is no way around it without the proper password.
      WinLock also allows to disable Windows hot keys (such as Alt-Ctrl-Del, Alt-Tab, Ctrl-Esc, etc.), lock Windows desktop, customize Start menu, hide Start button and Switch bar, and much more...

      Block Windows and Lock Files features allow to block virtually any application or any part of it (window, popup message, dialog box), Explorer Windows (My Computer, Recycle Bin etc.), and lock selected files. Restricted sites feature filters Internet content and prohibits access to questionable websites.

      WinLock is available in two editions: Standard and Professional. WinLock Professional offers all features of the WinLock, plus several advanced security capabilities of interest to the professional users. The advanced features of the Professional edition are:

      Support for multi-user environment Internet Explorer restrictions Google Chrome restrictions Search through website for prohibited keywords Guest password USB key authentication Webcam snapshots Flexible removable drive restrictions WinLock 9.0.3 changelog:

      System window frame option.

      Active days of week under timer settings.

      Redirect now works with most known browsers.

      Minor fixes.

      Download: WinLock 9.0.3 | WinLock Pro 9.0.3 | ~10.0 MB (Shareware)
      Links: WinLock Home Page | WinLock Pro Screenshot

      Get alerted to all of our Software updates on Twitter at @NeowinSoftware

    • By hellowalkman
      Google thinks bug hunting could get easier thanks to its new unified platform
      by Sayan Sen

      Google has launched today its new dedicated website for bug hunters which can be accessed via the following URL: bughunters.google.com. The new website unifies all the Vulnerability Rewards Program (VRPs), which comprises Google, Android, Chrome, Google Play, as well as Abuse, and should make submitting newfound bug reports and such easier. The platform has been launched to celebrate the 10-year anniversary of the VRP launch although the celebration appears to be a bit late.

      Other improvements that Google notes are detailed below:

      Google says that when it launched its bug-hunting program back in 2010, the company received 25 reports far exceeding the expectations, and after 10 years, here's how it stands:

      Total bugs rewarded: 11,055

      Number of rewarded researchers: 2,022

      Total rewards: $29,357,516

      You may find more information on the official blog post here.

    • By Usama Jawad96
      Fake Windows 11 installers are being used to distribute malware
      by Usama Jawad

      Microsoft released the first Windows 11 Insider Preview build on June 28, and has been frequently updating it in the past month or so, with the latest build landing just over a day ago. While the process to upgrade your existing PC to Windows 11 is fairly simple in the sense that you just have to enroll your machine into the Dev channel of the Windows Insider Program and have the build seeded to you, many have been trying other methods of obtaining unofficial ISOs and are being infected with malware instead.

      This distribution of Windows 11 via fake installers isn't sophisticated by any means. It relies on people downloading a shady installer and then clicking through the terms and conditions without reading them to initiate the installation.

      A report from Kaspersky states that a file called "86307_windows 11 build 21996.1 x64 + activator.exe" is making the rounds on the internet. While the file size is 1.75GB and the name indicates that it contains Windows 11 build 21996.1 - which is actually an outdated build that leaked ahead of Microsoft's official unveiling of the OS - and a key activator on top, it is actually a single and "useless" DLL file.

      When users initiate the installation process via this file, it downloads and runs another executable. It also comes with a full-fledged license agreement which states that some "sponsored programs" will be installed on your machine. People who accept it without reading it get malicious software installed on their PC. Kaspersky notes that this software can be anything ranging from adware to Trojans to programs that steal your credentials. The company says that it has tackled hundreds of infection attempts that utilize this technique to supposedly distribute Windows 11.

      Kaspersky can cautioned that official methods such as the Windows Insider Program should be used to install builds, and that the OS should not be installed on a primary machine yet since it can lead to stability issues.

      Source and image: Kaspersky via XDA Developers

    • By Usama Jawad96
      Microsoft acquires CloudKnox Security to enhance unified privileged access management
      by Usama Jawad

      In the past couple of months, Microsoft has made two major acquisitions when it comes to enhancing the security of its cloud platform. It acquired cybersecurity firm RiskIQ for a reported $500 million earlier this month as well as ReFirm Labs in June to improve its Azure Defender for IoT platform. Today, it has announced that it is purchasing CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM).



      CloudKnox Security's expertise lies in helping organizations enforce least-privilege access, right-size permissions, ensure compliance, and provide analytics to identify potential attack surfaces in cloud environments.

      Microsoft says that while traditional entitlement management solutions work well in on-premises environments, they do not cater to multi-cloud and hybrid environments. Even if the attack surface is reduced by having siloed systems, there is generally a lack of unified visibility across environments. Considering that customers now have lots of service entities running and communicating with each other without human intervention, this makes it difficult to configure the correct permissions - the lack of which results in security breaches.

      This is where CloudKnox Security comes into play. Microsoft says that via this acquisition, it will offer Azure Active Directory (AAD) customers continuous monitoring at a granular level across hybrid and multi-cloud environments and will enable auto-remediation capabilities as well.

      The ultimate goal is to provide customers with a solution through which they have visibility over privileged access management, identity governance, and entitlement management. This will be accomplished by automated enforcement of policies, anomaly detection via machine learning, and integration with existing Microsoft security solutions such as Microsoft 365 Defender, Azure Defender, and Azure Sentinel.

    • By Usama Jawad96
      Chrome now features better privacy and security without draining the battery
      by Usama Jawad

      Google Chrome 92 is rolling out later today with a number of enhancements such as Bluetooth device filtering, enhancements to PWAs, and deprecation of a payment handler configuration. Now, the company has detailed certain privacy- and security-related features that it is rolling out to Chrome today as well.

      Chrome users may have noticed that some sites ask for extra permissions such as microphone and location. To allow you to keep track of what permissions a site is utilizing, you can simply click on the lock icon in the address bar which now shows an updated panel showing the permissions you have granted. You can toggle these permissions as well. Currently, this capability is only present on Android phones and tablets. Google says that future enhancements will also include the ability to delete the site from your browsing history.

      Improvements are being made to Chrome Actions as well. For those unaware, this feature was introduced in Chrome 87 in November 2020, and enables users to perform actions such as deleting history or cookies right from the address bar of the browser. Today, it is getting new actions such as the ability to type "safety check" to validate the security of your passwords and scan for malicious extensions. Other actions include "manage security settings" and "manage sync".

      Finally, on the security front, Google is expanding Site Isolation on Chrome. In-depth technical details can be found on the technical blog here, but in a nutshell, the capability isolates sites and extensions from each other so a malicious extension or site is not able to steal your data from another website. The feature is being expanded to cover more websites and extensions. The company has boasted that with new image processing techniques in Chrome, it has also made phishing detection 50 times faster with the process draining even lower battery than before. You can find out more details about this here.