Friday, June 26, 2015

What I Did When My PayPal Account Was Hacked and Stolen

*Updated on February 28, 2016

I had the most nerve-wrecking morning today. It's my habit to automatically check my phone for notifications upon waking up. It's the first thing I do before washing my face and brushing my teeth. And thank goodness I formed that habit. Imagine my surprise when I saw the email from PayPal saying that I sent a P10,000 payment to a certain person (name removed as requested by the person. According to her, she was also a victim of hacking). I knew I didn't make that transaction as I was still lounging in bed during that time and I certainly didn't know anyone with that name (name removed). So I logged in right away to my PayPal account to double check and ta-da, the transaction was indeed in my history and the status was completed (I couldn't cancel it anymore). First thing in my mind was to report it. The thing was I couldn't report the transaction as fraudulent right away since PayPal's system was asking me to wait for thirty minutes so that I will receive some email from the merchant about my "purchase". After a few minutes, I started receiving emails about my cards being removed from PayPal and then I suddenly couldn't log-in anymore. A few minutes later, I received another email saying that the primary email address of my account was changed. I was panicking already and on the verge of crying when my dad told me to get a grip of myself and start cancelling my credit cards. 

So I called Bank A first where the P10,000 was charged. The phone conversation was smooth and fast. They told me that I will receive my new card in a few days. And then I called Bank B just to be on the safe side since my Bank B credit card was also linked to my PayPal account. It took the agent several minutes to understand the concept of PayPal. She initially refused to have my card replaced since my card was not really lost as it is still with me. She could not understand that my credit card details were connected with PayPal and since it was hacked, I want my card changed for security purposes. I was so upset that I started asking for her manager since she couldn't understand the reasons of my request. Imagine my anxiety when I couldn't fix this right away and I really felt like time was ticking because this guy who hacked into my account was moving very fast. After several more holds, my request was finally done.

Next call was to PayPal. I only got their number because my dad changed his password and they sent him an email that if he did not request for the password change, he could call +14029357733. So I called the number and I was a bit frustrated since the PayPal answering machine kept on asking for my phone number that I used in PayPal. I wanted to talk to someone, a real live person.

Machine: Thank you for calling PayPal. Do you have a PayPal account?
Me: Yes.
Machine: Please state your phone number when you made the transaction.
Me: I don't have a number.
Machine: Did you make a transaction with PayPal?
Me: Yes.
Machine: Please enter the phone number you used with Paypal. Or say I don't have it.
Me: I don't have it.
*frustration levels elevating*
Me:I want to talk to someone.
Machine: Do you mean agent?
Me: Yes, I want to talk to an agent *exasperated*

(Note: The answering machine system of PayPal was actually quite impressive but a bit frustrating if you're in a hurry.)

And soon enough I was transferred to an agent. The girl was actually helpful but customer service manners were not that great. It's not that she was rude, she just failed to inform me when she's looking something up or doing something because there were several times I felt like the line just died. When I gave her my email address, she couldn't track my account. Good thing PayPal emails you the details if someone adds an email address to your account so I saw the culprit's email address. When I gave it to the agent, she was able to track the account.  Fortunately, after verifying some of my details, she was able to give me back the control of my account. Afterwards, I changed my password and waited for the resolution of my dispute, which can take up to seven days.

And by early evening, I received an email from PayPal that my dispute was already resolved and that they will reverse the transaction on my credit card, which may take a few days *big sigh of relief*.

So overall, I am happy with how PayPal handled my problem but I still won't be using their service anytime soon.

Tips and Lessons Learned:

  1. Do not connect your credit cards with PayPal. Or if you do, remove them right away after a transaction you made. I have this lazy habit when I go online shopping where I don't want to retrieve my wallet every time I pay so I saved my card details in PayPal. My cards were linked to PayPal for years but this is the first time this happened to me. The thing is once anyone has access to your account, they can go on a major shopping spree. So better be safe than sorry.
  2. Be careful of phishing emails. I'm not sure if I stupidly clicked on something before this happened but there's none that I can recall.
  3. When logging in to any website, log-in by opening a new tab and don't log-in from any of the links from your email.
  4. Always log-out after your session.
  5. Have different passwords for your different online accounts. I double checked if I had other accounts in other websites with the same password and thankfully, I stopped having universal passwords a year ago.
  6. If you notice anything suspicious, report it right away. These scammers work really fast and it's best if we put a stop to their doings right away. Don't think of the cost implications of calling overseas. Do it and do it fast.

History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did. 
— Bruce Schneier

Tuesday, March 31, 2015

Malaysia Photo Diary: Petronas Twin Towers

Day and Night at the Petronas Tower
*with a throwback from 10 years ago on the bridge connecting the two towers


Little by little one travels far.
~ JRR Tolkien

Friday, March 13, 2015

Malaysia Photo Diary: Genting Highlands and Chin Swee Temple

Genting Skyway - Resorts World Genting - Chin Swee Temple



"Travel is better with friends."

Tuesday, February 24, 2015

Malaysia Photo Diary: Walking Around KL

So it was our first day to go around Malaysia and all was swell. We walked around the city and took the train and bus to reach different parts of the city. So after going to Batu Caves in the morning, we had lunch then headed to the Freedom Square where the big "I Love KL" can be found. Taking photos was very easy and organized. There was a line and each group was allowed a few minutes for picture taking. Adjacent to the "I Love KL" spot is a huge field (Dataran Merdeka) where people can have picnics. And across the field was the Sultan Abdul Samad Building, which houses the Malaysian Ministry of Information, Communication and Culture. The architecture of the building was really impressive. I could just stare at it the whole day. At the other end of the field was the fountain and across the street was the Cathedral of Saint Mary (which we did not visit anymore). We then headed to some malls in the city and then to the Central Market to get some souvenirs. It was a very tiring day since it was also unbelievably hot but it was also a nice way to experience Kuala Lumpur.

And oh, we went to the Petronas Towers as well. Will have a different post for this one. :)

Sultan Abdul Samad Building

Dataran Merdeka

Empty train station

We were lucky this train was quite new

Sunday, February 22, 2015

Malaysia Photo Diary: Thaipusam Festival

It was very timely that the Thaipusam Festival (last weekend of January but the actual holiday was February 3) of the Hindus coincided with our trip to Malaysia. Of course, one must visit the Batu Caves, which is about an hour away by train from Kuala Lumpur. Thaipusam is a Hindu holiday where the Indians pay homage to Lord Subramaniam (also known as Murugan). Some carry jars of milk on their heads and they climb over 200 steps to reach the temple in the caves.  They do this as a form of penance to cleanse away their sins. We didn't go up anymore as the line was extremely long and it was really crowded. The whole area were full of Hindus and tourists, several tents were erected on the sides that sell various Indian snacks, art works, accessories, clothes and other stuff.

On the square in front of their god, people just left their footwear everywhere since they have to climb the steps barefoot to keep the temple holy.

It was interesting that we were able to visit the place with all the hustle and bustle but I think it would also be nice to go back on a regular day where there's peace and quiet.

Hanuman, the monkey god

The tallest statue in Malaysia: Lord Muruguan 

The stairs behind the Lord Murugan has over 200 steps that will lead to the cave.

See all those slippers? And the ones in the plastic bags are not garbage, they're more footwear!

Some Hindus with jars of milk atop their heads.


If you reject the food, ignore the customs, fear the religion and avoid the people, you might better stay home.
– James Michener