PayPal Community

Hi LasVegasCandy,

The $29.95 is only if you want the physical card version of the key. If you already have a Verisign Identity Protection (VIP) device from another website you can use that too.  The SMS option and the security key mobile app are free. 🙂

- Frank

Forget it. I don't have a cell phone nor want one.

Have a great day all! Best of luck to everyone with this same problem!

Oh trust me, it will be delivered. Mine just cleared Russia customs. I phoned the post office where the package was dropped. The counter person had it in their hand. Said they couldn't hold it. Go figure that one out.

As a side note, my name wasn't shown on the label as the shipper, but, she couldn't give me the person's name either. So, they must reprint the label somehow with their SHIP FROM name.

Hi StacyL1971, and welcome to the forums!

It's possible that your PayPal password was not the password that was compromised. If your email password was compromised, it's possible that a fraudster could use access to your email account to complete password recovery and change your PayPal password. Your email password is just as important to protect as your PayPal password.

Another possibility is if you set up a billing agreement with a site where you were selling, it's possible that the password on that site became compromised, and the fraudster used the already-connected shipping agreement, if one was ever established.

I would recommend changing the passwords on any site where you've sold in the past, and on any email accounts.

I hope this helps!

Olivia

Hi bowzerbird,

If someone has your PayPal password, they could make a payment with your account using the payment sources on file. They would appear to be you when they log on. If you notice though, when you log in, you can't see your full bank or credit card information. Neither could anyone else accessing your account with your password.

If you sell on a marketplace website, you may have set up a billing agreement for printing labels. If someone has your password for that site, they may be able to initiate the printing of labels. They'd be limited to that activity only. The only use of your bank account would be as a funding method for the printing of those labels. They could not create any new billing agreements nor make any payments that were not part of a billing agreement that was previously arranged, and they would not see your bank account or credit card number.

If someone has access to your email password, they have a treasure trove of information about you. Sites that are less secure than PayPal actually send passwords as plain text in an email. How many of those messages are sitting in your archive? Can a password scheme be guessed at by looking at those passwords? A person with your email password could remain more or less undetected by reading messages you've already read, or by quickly re-marking messages as read. It's a good idea to change your email password periodically to guard against that.

Ultimately, what it comes down to is the safety of all of your passwords. Consider this analogy - PayPal is like the lock on the front door of your house. Of course, you keep that key safe. However, If there are other doors on your house, those have to be secured as well - including that garage door with the code you punch in. I know lots of people who would not give their front door key away, but have told their garage passcode to a few close friends in case of emergency, or to allow them to drop something off, or for some other innocuous reason. Is there anyone you've given the garage code to? Are they as careful with the information as you would be?

The password on your email account is a similar situation. It's easy to think that your email password is not as important as your PayPal password or your online banking password, because it's not connected to your money. However, that email account is the garage door on your house.

I hope this helps!

Olivia

---

@PayPal_Olivia wrote:

Hi bowzerbird,

 

If someone has access to your email password, they have a treasure trove of information about you. Sites that are less secure than PayPal actually send passwords as plain text in an email. How many of those messages are sitting in your archive? Can a password scheme be guessed at by looking at those passwords? A person with your email password could remain more or less undetected by reading messages you've already read, or by quickly re-marking messages as read. It's a good idea to change your email password periodically to guard against that.

 

The password on your email account is a similar situation. It's easy to think that your email password is not as important as your PayPal password or your online banking password, because it's not connected to your money. However, that email account is the garage door on your house.

 

I hope this helps!

 

Olivia

---

Wow, Olivia THANKS! But, now I have more questions [I cut out what wasn't pertinent to my questions for brevity sake]:

You said "send passwords as plain text in an email" I've never seen / heard of this. Who do they send the email to <> not me <> someone in their "hacking scheme" or am I saying that correctly? What would it look like? If I got an email with this PW as plain text, again, what would it look like? I know this sounds naive to ask.

I use Thunderbird as my email client, if my PW was hacked, could they get into MY computer where the email is stored [if there is no keylogger installed already] and hack the email already there? I have email going back many years & an addressbook too. Caould they hack this? I back up the email folder frequently. I've also made sure no personal info is stored there [i.e. PW's, secure info, tax info, bank acct. info, nothing]! I don't use webmail per say except for junk and don't have addressbooks in them.

The Pandora Box is getting bigger

Thanks in advance,

Ellen

Hi bowzerbird,

No worries, I don't mind clarifying. We're talking safety here, and I definitely don't mind turning the information over a few times to ensure understanding so you can be as safe as possible.

---

@bowzerbird wrote:

You said "send passwords as plain text in an email" I've never seen / heard of this. Who do they send the email to <> not me <> someone in their "hacking scheme" or am I saying that correctly? What would it look like? If I got an email with this PW as plain text, again, what would it look like? I know this sounds naive to ask.

 

---

Typically, websites won't do this. Fewer and fewer websites do, but I still see it from time to time and it always concerns me when it happens. I can't think of one off the top of my head and I wouldn't throw it under the bus right now if I could think of one... but I'll make one up. 🙂

Let's say there's a website where you give your feedback about shampoo. You feel very strongly about shampoo brand preference, so you sign up. You're happily trucking along, clicking 4 stars here and 2 stars there... and then you get an email welcoming you to the website. In the email is your username and the password you selected. Do you save it for later reference in case you feel like rating shampoo again a year from now after you've forgotten your password?

If this happens enough times, a pattern might be able to be discerned among the kinds of passwords you use. Are all of them based on cartoon characters? Love songs? 19th century painters? All it takes is a few such emails for a hacker to narrow down the scheme a little, and make educated guesses about the kinds of passwords you might choose for other sites.

---

@bowzerbird wrote:

I use Thunderbird as my email client, if my PW was hacked, could they get into MY computer where the email is stored [if there is no keylogger installed already] and hack the email already there? I have email going back many years & an addressbook too. Caould they hack this? I back up the email folder frequently. I've also made sure no personal info is stored there [i.e. PW's, secure info, tax info, bank acct. info, nothing]! I don't use webmail per say except for junk and don't have addressbooks in them.

 

---

I'm thinking more about email that's hosted remotely. If it's on your computer and you have no security holes in your local setup, your stored info is probably safe. New traffic is potentially at risk if it's intercepted before it reaches your machine. A fraudster with your password could do that and read unencrypted information.

I hope that helps! 🙂

Olivia