About three hours ago PayPal sent me an email informing me that my password had been changed and asking me to call a phone number immediately if I had not done that. I saw the email two hours later and assumed it was a phishing attempt so I forwarded it on to spoof@paypal like I always do. But then I looked it over more closely and saw all the correct elements of a genuine email from PayPal (Dear Full Name, correct sender info, etc.) I then tried logging in to my account but couldn’t because the password had been changed. I called PayPal immediately and got everything fixed (new password and security questions) so it was good to go. Thankfully in the two hours the person had access to my account they didn’t actually do anything (no purchases or money transfers). Then it hit me. Whenever I log in to my account on a new device, or even on my phone or tablet after I’ve cleared my browser history (which I do often), it ALWAYS says that they must send me a temporary 6 digit code by either text, email, or phone call to verify that it is me. When the person was getting into my account and making changes, I never got any text or email or phone call with a 6 digit code. How did the person get around that security feature?
... View more