Post Holiday Finance Check

Discussion in 'Non-Vaping Related' started by Synphul, Jan 11, 2017.

  1. Synphul

    Synphul Silver Contributor Member For 1 Year

    Blog Posts:
    0
    Joined:
    Jun 6, 2016
    Messages:
    994
    Just thought I'd throw this out there given the time of the year. It might not be a bad idea for folks to pay special attention to their bank or card statements. While waiting for a direct deposit to be made to a paypal account I got an email notification that said my card had been used at an IHOP in Ohio 2 states away. Contacted paypal by email (not through any email links contained in the message) to double check and called them directly on the phone. The email response from paypal said it was false, a spoof/phishing attempt. The person on the phone said it was a real attempt. Still attempting to get to the bottom of it and sort out why paypal said two different things.

    Thankfully the card only gets used so many places, most of them local. If in fact it is a real attempt to use the card it means not only did someone snatch the card number they had to have turned it into a physical card (since it was a brick and mortar purchase attempt, not an online payment).

    Online payments made within the past month or so have only been to 1 ejuice vendor (vapewild), amazon.com and the rest local physical stores (grocery, walmart, farm/feed stores locally owned and the local bank's atm). Will be contacting the bank to have them check their atm for a skimmer. Not suggesting it's vapewild in any way. Could have just as easily been amazon or a local store.

    Given the season and people taking advantage of the holidays and spending these sort of things tend to happen more and folks may not realize they've been compromised. Hoping others stay safe and keep their banking secure.
     
    gakudzu and Huckleberried like this.
  2. Synphul

    Synphul Silver Contributor Member For 1 Year

    Blog Posts:
    0
    Joined:
    Jun 6, 2016
    Messages:
    994
    Just an update, still waiting for further communication with paypal. After doing a bit more searching and reviewing full email headers, a few things seem fishy with the original 'fraudulent purchase alert' email.

    It comes from an ip address not verified as paypal. It suggests visiting a link and at one point says 'Balance Manager1' and another time in the same email says '1Balance Manager'. There's a link for additional help and another link that supposedly goes to the 'security centre'. No offense to our friends across the pond but paypal being a u.s. based company would have a 'help center', not a 'help centre'.

    The email also suggests to prevent the card being declined to link it to a main bank account. The supposed charge seems dubious as well, an even $64 and no change at a pancake house. Chances of landing dead on a dollar amount without change where a brick n mortar purchase is concerned with tax applied is unlikely.

    At this point I'm guessing it may have been a phishing attempt rather than an actual stolen card but not done getting to the bottom of it. No links in the email were copied or clicked on directly, instead visited the paypal site directly in a new browser window. Hopefully folks are careful when it comes to emails like this and pay close attention for things that seem irregular or out of the ordinary and don't panic and click on links in emails like that. Many of us get so many email communications it's easy to get lazy and overlook things.
     
  3. Reign

    Reign Silver Contributor ECF Refugee

    Blog Posts:
    0
    Joined:
    Sep 15, 2016
    Messages:
    1,440
    Phishing attempt for sure, the red flag for me is if you just link your main account nothing bad will happen. They always have some sort of "threat" in them that can be avoided by linking an account or clicking this link, etc.. The email address not being @paypal.com is a dead give away as well. Lot of that going around I got one from my mortgage holder that said if I didn't click this link my home loan would be in jeopardy bit without the proper email address. Checked with my mortgage holder just in case added was told to forward it to their phishing department.
     
  4. Synphul

    Synphul Silver Contributor Member For 1 Year

    Blog Posts:
    0
    Joined:
    Jun 6, 2016
    Messages:
    994
    Oddly the email did say it was from paypal.com, it was the ip that showed up in the raw message headers that didn't match as a designated paypal ip addy. The other concern was that after copy/pasting the message into a report to paypal's fraud submission I got conflicting info from paypal. The email response said thanks for submitting the report, it appears it's a fraudulent email and a scheme attempt etc. I spoke to someone on the phone about it from paypal's cust service dept and they said it looked like a legit attempt at using a compromised card.

    Not to say it would be impossible but since there's only one physical card and I have possession of it, if in fact some did use it at a brick and mortar location then they would have to have gone to the trouble to physically create a duplicate card. Much more difficult than simply entering the numbers on say an online transaction form. You can't (to my knowledge) just whip out a piece of paper at a restaurant and tell them to punch in a card number. They would ask for the physical card to swipe it.

    I'll get ahold of paypal later today when they're open and try to find out what the deal is, why the email response said it was a scam and the phone support person suggested it was a compromised card. Need to make sure no one has applied for a duplicate card though hopefully they would have emailed me some sort of confirmation/receipt if a new/replacement physical card had been issued.
     
  5. Synphul

    Synphul Silver Contributor Member For 1 Year

    Blog Posts:
    0
    Joined:
    Jun 6, 2016
    Messages:
    994
    Spoke with paypal. Apparently the email was a spoof in addition to an attempt made to use the card. The account's been temporarily locked until a replacement card and further security measures can be set in place. So the failed use attempt was real as well as the email being a phishing scheme.
     

Share This Page

Close This Message