PayPal Community

ugobananas · ‎Sep-14-2010

This is more a question of curiosity than anything else. This morning at around 5am my phone starting going nuts with incoming e-mails. I got about 75 e-mails from paypal, subject: "We're investigating your unauthorized transaction claim." I got up and tried logging in to my account to see if anything was really going in or if this was spam/phishing mail. Sure enough, I couldn't log in. I called paypal and they removed the lock on my account. I logged in and there were about 75 transactions, all but two were payments made by me to a number of different paypal accounts (all seemingly legit accounts).

Each payment was for $34, $35, $36, or $37 even. The first transactions were two transactions of money sent to me by Digital Aquarium Photography, for $35 and $36. About an hour later, claims were filed against these two transactions. I also then noticed that I had a payment going to the same account for $35:

Sep 14, 2010 - Payment For - Digital Aquarium Photography - Completed - -$35.00 USD

In addition to these, I noticed a payment of $29.99 to Valve Corp. I've purchased games from them before (though I don't recall if I used my paypal account, I thought I just payed directly with a CC), but this recent transaction, for Battlefield 2, was definitely not authorized.

Refunds started coming in, in response to the automated claims filed by PayPal. One of the individuals who issued a refund stated "This was an unauthorized use of my account. I did not have anything to do with these transactions and I sincerely apologize. There were 3 payments in the amounts of $36 each from you at 3 AM this morning and 2 payments made to a Valve Corp $29.99. SORRY!"

I'm trying to make sense of all of this - I thought it odd that someone I 'sent money to' also had unauthorized payments made to Valve (verified that this is, in fact, a real paypal account for the real valve corp).

Can anyone explain to me this type of fraud, what exactly happened here, where the security hole was? I already changed my password and security questions, but I was curious if this was just a matter of someone accessing my account or what exactly is going on here.

surplusdealdude · ‎Sep-14-2010

I would guess that someone you dealt with had sent you an email that was infected with a keylogger spyware and the scammer used both hijacked accounts to download money to a phoney account and pay for some of his other purchases.

To make sure the spyware isn't still there, I suggest you do the following immediately;

Change your passwords - all of them.

THEN, you need to run several anti-spyware programs in case you got a keylogger downloaded to your computer. Spybot and Malware anti-malware are good and they're free - Google them for the download sites.

THEN, you need to change all of your passwords AGAIN, in case the keylogger had time to send the password change to another computer.

If you want to bulletproof your account, go to the Security Center and get a Security Key. This costs $5 and it adds a second passord to your account that is randomly generated every 30 seconds. Even if you give away your original password, nobody can duplicate the second password because it's done offline.

ugobananas · ‎Sep-14-2010

Thanks for the advice, but I do scan my computer daily with AVG, Malwarebytes, Spybot S&D, and Adaware - I work in IT so I try to stay on top of that stuff, in addition to never opening strange attachments.

Oh...that does remind me though. My husband did have an issue a while back with his gmail account and it sending shady e-mails to people on his contact list. He only changed his password at first, and then later ended up reformatting. I had forgotten about that until now. My guess is now that that's where this whole thing probably started. *sigh*

Thanks for your input!

surplusdealdude · ‎Sep-15-2010

Yup, I'd say that's likely the smoking gun.

IFCJ · ‎Oct-02-2010

I'm the next to have this act of fraud to interfere in my practice of conducting business within the terms of interstate commerce statute. This might be a Federal offense.

On 9.30.2010 - I received two e-mails from Paypal stating

"You've sent a payment of $29.99 USD to Valve Corp., and you'll be billed with Bill Me Later® through your PayPal account."

These were both' unauthorized purchases' made out to "Valve Corp". The purchased item's were described to be software titled "Battlefield Bad Company 2 Standard Edition".

------------

Later I received, a single e-mail stating the following message:

We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

Case ID Number: PP-XXX-XXX-XXX-XXX

For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.

To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Center. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Center and clicking "Contact Us".

------------------------
I changed the Paypal password.

I logged into the resolution center - and found an additional' two deposits, that also have no relevance to my account - both were reported to Paypal on October 1st 2010.

I now have four transactional matters to be reviewed by Paypal.

----------------------

I on September 30th,2010 - contacted Bill Me Later. They were notified of the initial two' unauthorized purchases that drew from my BML / WebBank account. The BML representitive claimed I would probably see them drop off the BML account because of my Disputes at Paypal.

The next day on October 1st, 2010, I logged in to BML. I notice the Charges had not dropped off of the account - instead they Both "Posted" thereby blocking any further purchasing because of a high balance I maintain on the account.

So I called again to BML. They in turn closed the account this time as a 30 day investigation was initiated. I will most likely be filling an affidavit before to long.

I was able to open another line of credit that allows access to BML from another online Merchant to continue with my purchase.

__

I had civilian authorities into my apartment to review later on the 1st of October 2010.

I was told that they were not going to be claiming jurisdiction over the event of fraud.

I believe this might make for a fitting FBI case.

PayPal Community

Trying to make sense of recent fraudulent activity (Valve Corp., etc.)

Haven't Found your Answer?