Review account login activity

InformedBuyer
Contributor
Contributor

Yesterday I got an email on my business account from Paypal about a New Login to Paypal from an unrecognized device. It didn't look like a phishing email, it was from service at paypal, it addressed me by my name. I looked at the email headers, it has a valid SPF IP address, the DKIM signature was verified, it had a valid DMARC and it was encrypted. So all the marking of an authenticated email from Paypal. Paypal customer care is adamant they never sent me any emails, well I guess someone hacked Paypal's systems to send emails in that case. Then I had a very unpleasant conversation with the customer exec about trying to see how I can review my login activity. According to her it's corporate policy.

 

I'm shocked is that I can see my login activity, my IP address on this COMMUNITY FORUM settings page; but when I log into my Paypal business account I cannot see when/where the last few logins were from, which device, which IP address etc. A paypal run community forum will show this information but my paypal financial institution won't allow me to review my login activity to secure my account.

 

How do I get this information, it's rather basic that EVERYONE today provides business sellers to help secure their accounts. Is there a way to escalate this to the Product Management team or security team at Paypal to review and reconsider allowing users to reviewing their login activity in business accounts to help secure them? Is there an email? I'm guessing Management doesn't really care unless it becomes a public relations nightmare.

Login to Me Too
1 ACCEPTED SOLUTION

Accepted Solutions
Solved

mkiezulas
Member
Member

Same thing here. Does anyone else use mint or something else connected to your paypal account? I noticed that the last update to my paypal balance in mint corresponded with the time that I got the email from paypal. Seems strange that an API connection would trigger a login notification as it's never happened in the past but that is my initial hunch.

View solution in original post

Login to Me Too
23 REPLIES 23

3ssssssssss
New Community Member

I received the same email this morning. I ran the same test with the same results as well.

Login to Me Too

thanhmynguyen62
Contributor
Contributor

I also had this happen to me! Following. 

Login to Me Too

er_salm
Contributor
Contributor

Just got this as well - it is extremely upsetting to not being able to view the IPs to verify whether these messages are legitimate or not.

If the message was legitimate, then it was absolutely an unauthorized login because it was a browser on an OS I have never used in my life.

I messaged support with a picture of the email showing the sender details and most of the body of the message. I would guess if it's happened to so many of us on the same day it is a sophisticated fishing attempt and advise that no one reply to or click any links in the message. Close the browser and open a new window, navigate to paypal, change your password, and enable 2FA if you haven't already (the authenticator apps are more secure than the text message, but either is better than nothing).

Most email providers now also have a "Report phishing" or similar option for emails that seem phishy, probably worth reporting until we get an answer on legitimacy.

Login to Me Too

InformedBuyer
Contributor
Contributor
Sounds like a bug in PayPal’s systems. It’s sending our messages without an actual event or someone has hacked their systems and playing havoc. Definitely agree that the IP address would help but if the system is sending faulty messages can I trust that IP? BTW did you browser and OS say Firefox OS X, because mine said that and it’s something I’ve never used either.
Login to Me Too

er_salm
Contributor
Contributor
Maybe a bug, yeah. Mine was also Firefox OS X.
Login to Me Too

InformedBuyer
Contributor
Contributor
This is nuts. I got the EXACT same message with the exact same time of access 6:14 PDT but yesterday’s date for different business account with the same OS and browser. Too much of a coincidence. Plus I got a message back from the PayPal spoof team that it’s probably a spoofed email. Now that’s disturbing because if that’s the case since it’s digitally signed by PayPal’s servers using DKIM, SPF and DMARC, PayPal has a problem on its hands. That email originated from PayPal according to the digital signatures. Either arm A isn’t talking to arm B inside the company or there’s a crawling around their systems scaring customers.
Login to Me Too

justpj
New Community Member

Mine was today on a personal account but it also said Firefox OS X. I called and they knew about it so the message was generated by their system. But no damage done that I can see and we never use that browser. The rep was unable to confirm whether or not someone had actually logged in or not which is more than a little frustrating. 

Login to Me Too
Solved

mkiezulas
Member
Member

Same thing here. Does anyone else use mint or something else connected to your paypal account? I noticed that the last update to my paypal balance in mint corresponded with the time that I got the email from paypal. Seems strange that an API connection would trigger a login notification as it's never happened in the past but that is my initial hunch.

Login to Me Too

Velodude2112
Contributor
Contributor

I'm suspecting it was Mint as well, as that's the only app/site/entity I've given my credentials to.

Login to Me Too

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.