My latest posts can be found here:
Previous blog posts:
Additionally, some earlier writings:
Recently received as part of the newsletter of a publishing company.
While this particular incident ended happily, that's not always the case. It's worth knowing about these sorts of scams -- forewarned ...
Well, we've been living in interesting times at Wildside Press since our last newsletter. Our PayPal account was VERY creatively hacked, and we briefly lost about $15,000 of the money we'd been saving up for royalty payments to authors.
Here's how it was done: Someone logged into my account on a Saturday and transferred $850 in a single transaction ... I guess as a test. At this point, I assumed someone had hacked into my PayPal account directly or gotten access through LastPass (which remembers passwords for me). So I reported it to PayPal, changed all my passwords, ran security checks on every computer I use (plus my phone), and assumed all was well.
WRONG! The next weekend, I got a call from PayPal, but when I answered it, no one was there. I assumed it was an automatic call and the robot dialing had disconnected. But it was a sign for me to check my account. I did so -- and there were 7 more $850 transactions, all going to different accounts. Again, I reported it, changed all my passwords, and vowed to watch the account even more closely. Just bad luck to be hit a second time, right?
WRONG! The next weekend, I got another call from PayPal, but when I answered it, no one was there once more. I logged in to check the account, and money was disappearing in $850 transactions. I called PayPal and had them shut down the account. But the damage had been one: another dozen transactions had gone through.
The total thefts had now reached just over $15,000.
This time, the PayPal employee suspected what had happened. Someone had cloned my phone's SIM card (I assume by randomly generating numbers) and used my phone number to get a password reset from PayPal. He then intercepted PayPal's phone call, logged into my account, and stole the money.
This is apparently a new security threat that is hard to stop. I had to go to T-Mobile and get a new SIM card installed in my phone. But that seems to have done the trick.
A VERY nerve-wracking experience! If you use PayPal and a phone, you might not want to connect the two. Just a suggestion ...
But I'm happy to say that both PayPal and TD Bank came through and we had our money back quickly ... all 3 times.
Added in edit:
I have since switched all my recovery phone numbers to Google Voice, which is apparently free from this sort of security problem.
Send us a comment ...
Links on this page