Just spoke to a paypal fraud rep. They assured me I will be getting my money back very soon (it has been 9 days) and shed some light on this. NOTE: I am not saying this is for sure what is going on, but I feel it's a like it's a good possibility based on my converstation with the rep. Basically this scam uses two accounts that have been comprimised- your account, and also the one that sends you the initial payments. I am still not sure why they need to send you money first, but regardless, the other account involved that sent you the money is also a victim here. Regardless of whether your computer is clean and secure, if this happened to you, it is undeniable that your paypal password was somehow obtained. The proof of this is that hey had to set up an "open billing arrangement" (or whatever it was called) prior to sending the money to Microsoft. The most likely cause of this is using the same password for paypal that you use for other accounts (email, facebook, twitter, online retailers, etc.) Think about it,the list is endless, and not all sites are created equal in terms of how secure your info is kept. Any of these accounts will have your email address, so the thief will have a password and an email- all they have to do now is try it on paypal and hope you use the same password. Moral of the story: Have and EXCLUSIVE paypal password that you don't use with any other accounts. This was advised to me by the paypal rep. Makes sense, but I hadn't thought of it before. I've taken this step and hopefully will never have this happen again. I'm also going to make exclusive passwords for other accounts that have access to my finances, just to be safe(r).
... View more