Unauthorized Payment Done With My PayPal Account

Martin Brinkmann
Jul 2, 2008
Updated • Dec 8, 2014

I usually check my emails right after I wake up and received a PayPal email receipt this morning that told me that the amount of $480 was transferred from my account. I first thought that this was a phishing email and checked the links and headers but it turned out to be legit. I was slightly nervous at that time and decided to log into PayPal to see if the transaction would be found there as well.

Imagine my surprise when I discovered that a payment for all the money in the PayPal account has been made at 23:35:35 PDT to Santrex Internet Services. I was not awake at that time which could only mean that someone else managed to make the transaction. The question is how.

I contacted PayPal and filed for unauthorized payment and did contact the "seller" as well who replied telling me that someone did buy Virtual Servers for the money. I'm pretty sure that I will get the money back, the question however is how someone was able to make that transaction in first place.

The possibility is there that someone was able to get my password for PayPal somehow and made the transaction that way. I'm not sure if there is a possibility to make a transaction from PayPal without logging into the account. It does not look this way.

I checked my system with latest anti-virus software and found nothing. I also checked the PayPal account settings and changed the passwords there. I will change all passwords for all sites just to make sure that someone did not get them all.

The strange thing is that the payment was only made for the amount that I had in my account. Anyone ever heard of something like that? The real question is how the attacker was able to get access to the account as it is unlikely that transactions could have been made without my PayPal login data.

Update: I got my money back but was not able to figure out how the transaction was done in first place. I have since then ordered a security key and have used it since then as a second line of defense.

Now You: Had troubles with PayPal in the past? Share your story below.

Article Name
Unauthorized Payment Done With My PayPal Account
I discovered an unauthorized payment done with my PayPal account this morning. Read on to find out what I did to get my money back.

Previous Post: «
Next Post: «


  1. John Phillips said on December 14, 2022 at 5:48 pm

    I had an unauthorised recurring weekly paymemt of £5,49 from Loaded Mobi LLP, also registered as LMOBIDOTCO, on my PayPal account.Fortunately I was able to cancel it in time but others are not so lucky.
    How is it possible for a company I do not know to set up a scam account without logging in. It appears to have been authorised by PayPal itself as there were instructions supplied on how to deal with it if it was nor wanted.
    Surely this something that should reported and stopped?

  2. CC said on March 4, 2022 at 2:39 pm

    I have a hit on my paypal account from a 2checkout / a Zone Alarm saying a $74.85 charge for a renewal of a Zonealarm program. I did not ever buy a program to need a renewal and I have disputed this over and over, so far 4 times and they keep charging and paypal is saying they showed a tracking.. TRACK WHAT! I have nothing from that company to be tracked. I have spoken by email and saved all my info concerning this problem. I feel like I have made a mistake of having a paypal account now. And I also know I should not have left over $20 in the account so it would hit my CC in a case like this as my CC would handle this for me, Paypal doesn’t stand up for their customers, as my CC would take care off such problems. BE Safe folks, don’t leave money in your PP account.

  3. frank samples said on February 24, 2018 at 11:31 pm

    I received a notification that PayPal has limited access to my account because of questionable activity. The problem is that I have never had a PayPal account. Now I must continue to check my credit card balance.

  4. Gertie said on December 25, 2014 at 7:10 am

    Beatrice chooses to transfer to Dauntless, the faction understood for bravery, and must try to overlook her Abnegation, selfless qualities, and become somebody brand-new.
    With keys to conceal, and also skills to find out, Tris battles by following her new concerns, good
    friends, and also enemies; plus there’s the possibility for a love passion in the shape of 4,
    a Dauntless initiate fitness instructor. Will Tris be able to decipher the mysteries he’s concealing?

  5. Forte said on August 12, 2013 at 6:18 am

    Cases related to what you went through are so many online. I really wonder where people get to know others passwords for example paypal and manage to make transactions. The same does happen many times to sellers of digital products where they have to face a refund due to unauthorized charges.

    One question is, did you get the money back?

    I guess I have to post a new article on this.

  6. tgould said on March 31, 2013 at 10:30 pm

    I just had an unathorized charge on my checking account. Luckily this took place on a Saturday, and my debit card was denied. I immediately checked my bank account online and saw the charge for 102.00. I knew I hadn’t bought anything for that amount, but had recently purchase a couple of small things (less than 10.00) using paypal. Anyway, because it was the weekend the payment hadn’t gone through yet, and I was able to log into paypal and cancel the payment. I was lucky, but I am just sure it had to do with something I recently bought online using paypal. I got onto paypal and removed my checking account information and will talk to my bank tomorrow about denying any future paypal payments.

  7. m.lines said on January 20, 2012 at 7:10 pm

    ive just had £424.00 taken out of my paypal account 2 days after xmas. i contacted paypal who informed me there was not enough evidence for me to make a claim. So what now can anyone help themselves and paypal just dont bother sorting it. i always thought paypal was great not now…..

  8. John - Easy Internet Marketing said on November 17, 2011 at 11:07 am

    Hi Martin,

    I also experienced this before. At that time, I was really in panic because the money taken from my account is really huge.

    So what I did was contacted Paypal regarding this issue and luckily, reply to my complaints and eventually get my money back.

    There are various reasons that your paypal balance will be deducted or stolen.

    1. SpyWare: It is a type of program that will spy your computer and record all what you do in your computer remotely. This can’t be detected easily by an anti-virus.

    2. You forgot to unsubscribe a paid membership. This was often happen in some of my blogging friends.

    3. Someone use your computer and found your account open or seen your confidential files.

    Either 3 of these reasons, we should usually visit our account to know what’s happening.

    I would love to know what’s the update in your side.

    – John

  9. Brendan said on September 28, 2011 at 2:28 am

    Both my bank and paypal account have been hacked this month. £630 from the bank account to which I got back and around £1000 from paypal. Both have completely different username and passwords. My PC has also been scanned and nothing was found.

    However, after reading all the info above, there seems to be some kind of connection to all this. Before all this happened, I won and purchased a website on flippa.com. Also included in the price was the transfer of the site to my hosting account. So, corresponding with them through emails, I gave the neccesary details for them to do so. Again, completely different details to any of accounts above. The problem is, I never got the site.

    Is it possible these guys may have something to do with it?

    1. Tara said on September 30, 2011 at 4:09 pm

      Same thing happened to my husband yesterday (SAME company, too…SANTREX). Paypal called him and asked if he authorized the transaction ($3000!!!) and he said no. NOW it shows up on our bank account as a deduction anyway this morning. Luckily we had no where near $3000 in the account, but this is causing all sorts of trouble for us at the moment. Did anyone figure out how this happened?

  10. Ann said on June 14, 2011 at 6:16 pm

    This is very discouraging to me, to hear this has been going on for so long. Last Saturday I received several emails saying I had a transaction in my PayPal account, which is linked to my checking account and debit card. The total transactions were around $4,000. I called PayPal and they said my account was on hold and that the recepient of the transactions had not receieved the money, but that the transactions had already been sent to my bank for payment. (I didn’t have $4,000 in the bank) I called the bank and we were able to catch the transactions before they hit the bank. But I did have to close my bank account and open a new one.

    Since then a couple strange things have been happening though. I keep getting notifications from yahoo saying I am trying to reset my password and I am not. And I got a friend request on Facebook by someone with the same last name (Forand) as the some of the faudulent charges. I feel like I’m being attacked online!
    Since then a couple strange things have been happening though. I keep getting notifications from yahoo saying I am trying to reset my password and I am not. And I got a friend request on Facebook by someone with the same last name (Forand) as the some of the faudulent charges. I feel like I’m being attacked online!

  11. Jesse said on May 4, 2011 at 10:58 am

    Thanks Martin, Is Paypal willing to give it if asked? My friend noticed an unauthorized transaction in Paypal but he is not sure so he wants to know if the transaction is coming from a different IP?

    I am a paypal user too and have been using it for online payment and this thing gets me interested.

    Thanks for a quick response!

    1. Martin Brinkmann said on May 4, 2011 at 11:16 am

      Jesse, they never give out those information. Maybe with a court order.

  12. Jesse said on May 4, 2011 at 10:31 am

    Hi, Is there anyway to track the IP of the person who made transaction via paypal?

    If someone knows how, please advise and thankyou!

    1. Martin Brinkmann said on May 4, 2011 at 10:35 am

      Jesse only PayPal sees that IP and they do not give it out.

  13. ABC said on April 24, 2011 at 10:54 pm

    You probably have an account somewhere else using the same password and email, and the Administrator of that site in fact either tried himself to steal your money or paid someone to do it for him. That is why you never keep the same passwords everywhere, username is fine but not same passwords

  14. Kman990 said on April 5, 2010 at 9:58 pm

    So i watching a movie friday night and i get an email saying ive made a purchase to NC soft in the total of 49.99 euros…and then minutes later an email saying i have restrictions on my account….i read these on my blackberry i believe the event time to when i found out was less then an hour…so i phone paypal they say my account was hacked and they placed a limit on it. They said a case was opened on the account and an investigation will take place in which it will be found in my favor…so next day comes by and i get an email that morning saying case has been in my favor. Thing is…during the limitation i had 5.61 Canadian in my account and now have 76.51 in it,…but is i believe i only had 0 dollars in my account…i searched the guys email and name its from Austrailia hes some CEO at a company down there…am i like 75 dollars richer or somethin? and is his email and name even correct…

  15. Mike said on March 15, 2010 at 6:00 am

    It just happened to me tonight. I made a payment using my iPhone through PayPal. i do not keep any money in my Paypal acct, I have it linked to my bank, so everytime i initiate a payment, it pulls the funds from the bank and makes the payment. So, about 2 hours after i made the payment, i get an email about a receipt for the eBay ift certificate i just bought for 200!!!
    So that means someone hacked into my PP acct and amde the purchase, cause i sure didn’t. At transaction details, the only info listed is an email address, that i managed to find on FACEBOOK, and it belongs to some kid in SC. I changed all my passwords and security questions, and i filed an unauthorized transaction with paypal. I’m really curious to say the least, about what is going to happen.

  16. Sinfullygorgeous said on September 14, 2009 at 1:38 am

    I’ve just been duped for $898NZ to someone in Italy. The bank can’t cancel the payment from this end…WHY WHO THE HELL KNOWS!!!!
    And haven’t been able to cancel my credit card yet, as they want to see if the transaction goes through! FREAKIN’ BRILLIANT! i have had no response from Paypal. I ripped it up them for the rent and told them that under no circumstances did I authorise any payments and to cancel my account! It seems this happens alot so don’t use paypal!

  17. Terry said on June 9, 2009 at 9:07 pm

    I know it’s been a while since the last post but this seems to still be going on. Today I had 7 unauthorised payments from my Paypal account, all to items on Ebay.de.
    Sent the form to paypal but like most other victims I have no clue as to how the account was compromised.

  18. SisXtian said on March 20, 2009 at 1:19 am

    Get a PayPal security key and don’t keep any money in your actual PayPal account. Link it to a credit card. Since I did that, I’ve had no worries… at least not with PayPal. :)

  19. Kyle Elizabeth Wilson said on March 11, 2009 at 7:13 am

    Same thing just happened to me! They bought on ebay a pair of baby clothes for $80 and added $20 shipping…then they bought an antique rug for $90 and added $10 shipping. Both transactions show up with Chinese character symbols in the name field in paypal. Very bizzare…I also have a ship to address “Sarah Sexton 8 Broadway Ave Latham NY” …no clue how the eff they did this…and who the eff they are! ughh…i just hope for now i have enough to cover that rent check and bills check that will clear any day now from my accnt. this sucks big time.

  20. Gopal said on October 20, 2008 at 5:32 pm

    anyone who knows your phone number and mail ID can change your password through forgot password link and change the password unless you keep everything including your phone number, address and email ID a secret. But they are for others to use after all.

  21. Never gone say my name said on August 31, 2008 at 5:44 pm

    ha ha ha ha ha i guess thats what happens when people on youtube goto my vids about hacking. I did the same to some other guy. but i dont think i did any of you guys sooooo probably someone saw my video and did it thats funny how lots of people can do it

  22. matt said on August 16, 2008 at 6:38 am

    I just had the same thing happen – the catch is I havent used paypal in over a year. This would seem to rule out spyware. Any ideas?

  23. lara said on July 29, 2008 at 1:58 pm

    HI, same thing happened to me this weekend. $2000 out of paypal acct. I believe it is internal problem at paypal… they acted on the phone like they are seeing this problem a lot this month. My system and network are solid.

  24. Cobe said on July 23, 2008 at 4:20 pm

    Same exact thing just happened this morning for $410. Here is a list of the companies below.

    Jul. 23, 2008 -$180.00 USD Gaming Resources LLC
    Jul. 23, 2008 -$180.00 USD Gaming Resources LLC
    Jul. 23, 2008 -$50.00 USD aeRO Gaming

  25. francois said on July 15, 2008 at 4:12 pm


    My point was that regardless of keyscramblers and unique passwords, your PayPal account can still be hacked!

    Sure, every systems can have flaws. I was talking about the “educate” part for the 99.9% of computer users who still don’t care about (unique/password strength) for a sensitive websites or don’t know what a key logger is. As a software developer I just say it is *extremely easy* to write a new keylogger on Windows, just plain *extremely easy*. The first step to avoid a danger is to know its existence. From that point people do what they want, I really don’t mind.

    There are plenty of programs out there that will brute-force figure out your password… no matter how unique it is.

    Sure, but after my death I don’t really care. The stronger a password is the longer it will take to crack (assuming it wasn’t a key logger).

    Bit strength can be calculated by taking the total number of possibilities for each character in a proposed password, and multiplying by the total password length.

    Currently, distributed.net estimates that cracking a 72-bit key using current hardware will take about 403’784.9 days or 1’105.5 years.[7]
    No currently expected increase in computer power will be sufficient to break 128-bit or 256-bit encryption using random keys via a brute-force attack.

    This numbers assume you have a local access to the users’s data. Through the internet the delay between each try will probably give you times much longer than the age of the universe itself and you’ll quickly run into a “denyhost” anyway.

    Assuming that password strength is not important for a sensitive service is IMO a bad idea for “educating” people to security.

    If cybercriminals retrieve the users database of a popular service (like for example a php forum through an SQL injection if there is a security flaw), they can then brute-force the weakest passwords. With the retrieved login/mail/passwords they can try other popular service like ebay/paypal/etc and since lot of people keep the same login/password for a sensitive service…

    Cybercriminals search for the easy catch first, they are not going to spend few years to crack a strong password, time is money, simple business logic.

  26. Jojo said on July 15, 2008 at 12:35 pm

    I got my new Paypal/eBay security key the other day. I don’t think anyone will be able to easily hack an account using a security key.

    Who knows, maybe there is someone inside PayPal that can compromise an account? Who knows how strong PayPal’s internal security is or if anyone really reviews logs?

    Again, given that we don’t know how this (or other) break-in’s are really accomplished, I’d highly recommend getting the security key.

  27. SisXtian said on July 15, 2008 at 1:19 am

    My point was that regardless of keyscramblers and unique passwords, your PayPal account can still be hacked! My password was very unique, long, and used numbers and letters. The person who recommended doing a search on YouTube for instructional PayPal hacking videos was right. There are plenty of programs out there that will brute-force figure out your password… no matter how unique it is. Since it doesn’t seem like someone physically stole my password and logged into my PayPal to make an illegal transaction, the next logical choice would be that they used one of those programs to hack the password remotely. There must be some backdoor vulnerability that some of these programmers figured out too. I hope PayPal gets their security in order. But for now, I’m clearing my account.

  28. francois said on July 14, 2008 at 10:42 pm

    “””We should keep this thread going to educate people about what’s going on and what they can do to prevent it/get their money back.”””

    Concerning the “educate” part, as I said in my comment above, it is extremely easy to write a new keylogger on Windows which will then be undetected (I would say 30 minutes for a ‘reasonable’ student beginning programming). I think the best way to avoid them is to assume there is always one lurking around (and use a keyscrambler for example).

    Also concerning paypal my password is unique (not used on any other website or application), long, using also numbers and special characters.

  29. SisXtian said on July 14, 2008 at 9:49 pm

    I’ve just had this EXACT same thing happen to me… except the amount was for $1200 USD sent to a UK e-mail address. Of course, the first thing I did was report it as unauthorized on the PayPal site, change my password and questions, and scan my computer for trojans. Everything turned up clean. Did you find out if PayPal had a record of someone logging into your account from another IP address? I’m very curious as to how this happened as well, as it seems it happened without someone logging in. My dispute is still pending. The process PayPal goes through is to contact the recipient and have them confirm that the payment was unauthorized or something. And today, the guy e-mails me asking me to remove the dispute and he will refund the money to me, as this is all a nightmare for him… for HIM?!?! No way in hell I’m removing the dispute. If he’s innocent, he has nothing to worry about. It’s also been recommended to file a police report. We should keep this thread going to educate people about what’s going on and what they can do to prevent it/get their money back.

  30. Tom Davison said on July 8, 2008 at 10:56 am

    I have just had this done twice, I have paypal linked to my hotmail account and it had the same password (this is now not the case) they took about £400 both time’s i didn’t notice the first one as they must have logged into my hotmail account and deleted the notifications, but the second time i was at work and logged into messenger and noticed an alert pop up from paypal about a payment, this was a bit of a shock.

    I don’t normaly have any money in the account so they took it off 2 card’s i have stored in paypal

    the person left a few days between each payment, fortunatly I have now notified paypal but i don’t know how long this is going to take.


  31. lucio ribeiro said on July 3, 2008 at 9:56 am

    Martin, long ago I remember a plugin for firefox (sorry mate cant remember the name) that would give you the username + coded password, then you can use a force cracker to fin out,
    More or less like google syntax:

  32. Martin said on July 3, 2008 at 8:58 am

    Lucio I do not think that I have a site up currently with a PayPal donate button but I had them up in the past. Why are you asking ?

  33. newhen said on July 3, 2008 at 7:29 am

    Martin it was probably a undetected trojan that sniffed your password.

  34. Lucio said on July 3, 2008 at 3:03 am

    Hey Martin, this sucks mate,
    just wondering, do you have any site you use same account coded in a Paypal bottom ?

  35. Jojo said on July 2, 2008 at 11:02 pm

    Well if you use the same email address that you elsewhere, then you are asking for trouble.

    I use Spamex for disposable email addresses (www.spamex.com). Cost is $10/year for up to 500 email addresses at any one time. Well worth it! There is a javascript bookmarklet that you can add to your Links bar to easily enter Spamex or allocate a new email address. The email actually gets forwarded to another account that you specify. I think I have a couple hundred active email addresses right now.

    These addresses are great to use for virtually anything including Paypal, Amazon, forums, blogs, etc. I am building a small domain portfolio and I use a different SpamEx address for each individual domain I own.

    btw: Spamex has an alternative domain you can use (xemaps.com) which is spamex spelled backwards. I’d suggest using this as some mail scanners give trouble if they see the word spam in anything, even a domain address.

  36. Martin said on July 2, 2008 at 7:15 pm

    a weak password would only matter if he had my email address. And if he had my email address it was intentional. But I do not think that you can bruteforce PayPal. And the password was not weak, no dictionary word.

  37. Vikas said on July 2, 2008 at 7:11 pm

    May be you had a weak password?

  38. Martin said on July 2, 2008 at 6:36 pm

    Okay I tested the system with several anti-virus, spyware, rootkit applications which all found nothing.

    It is most likely that it was either a browser exploit as Rarst pointed out or that another website was hacked where I did use the email and same password.

    I naturally keep an eye on my traffic with various applications at the moment but nothing so far.

  39. Jules said on July 2, 2008 at 6:21 pm

    I had a problem where my paypal email address suddenly started to recieve loads of spam – this should be impossible as it is not used anywhere other than for paypal itself. And yes, I checked my machine – as an IT consultant working on government conracts I am VERY careful about that stuff.

    Paypal themselves were unable/unwilling to shed any light on the matter and I don’t know if it is related however, the only realistic way I could think of for this to happen was for there to be a problem inside paypal itself.

    Related to all of this, I have a colleague who has recently had money taken from her account by paypal themselves where they have double paid from multiple sources (bank and card). It has taken a long time to get that sorted.

    I am rapidly getting concerned about using paypal. Of course it is rather convenient so I am considering setting up a current account and credit card simply to be linked to them.

    Regards, J.

  40. francois said on July 2, 2008 at 6:06 pm

    I would also be very careful with keyloggers. They are extremely easy to write on Windows (about 30-50 lines of code on some languages).

    For my part I have a keyscrambler on my PC (the free version of QFX, firefox addon):

    When I have to use another PC I use this software on my USB key (I always assume there’s a keylogger):


  41. Rarst said on July 2, 2008 at 5:32 pm

    In general there are two possible forks of what happened (assuming internet only and no local networks with possible sniffing as mentioned above involved):

    1. Targeted personal attack. Very rare and very scary. If someone qualified is set to cause trouble it would take lots of paranoia to stay safe. Doesn’t seem to be the case – damage too small.

    2. Carpet bombing with latest virus\trojan\sniffer\expoit\whatever. Best case it is catched with anti-virus (or by hand) soon, worst case – browser-related non-local exploit. Paranoia helps against local stuff but browser exploits are reaaaaally bad news until fixed.

    If local system is really clean then my bet is on browser exploit – Firefox3 is likely candidate as it is propably being ripped to pieces in search of fresh exploits from the day of release.

  42. Dante said on July 2, 2008 at 5:21 pm

    Ok, I know you’ve stated in the past that you don’t install antiviruses on your PC. You just scan it afterwards. But a keylogger can persist in the Root and not be found by a “after-the-fact” scan. Also, are you in the habit of shutting down your browser and than restart it before you enter a financial transaction site? And shut down and restart after you’ve finished the financial transaction? These are the basic security measures that me and my wife take routinely. So far so good.

    But than I am paranoid. I have McAfee Antivirus, Avira, and ZoneAlarm running at the same time.

  43. Martin said on July 2, 2008 at 5:08 pm

    Could have also been a Firefox extension or website exploit that caught the password. The first is unlikely while the second could be a valid cause

  44. Martin said on July 2, 2008 at 5:05 pm

    Well I was not able to detect a keylogger on my system. Cheryl yes that it possible but unlikely because there is no huge public outcry. More like is an error in their billing system or the hacking of another website where I used the email and password for.

  45. yash said on July 2, 2008 at 4:57 pm

    A keylogger is the most probable reason…

  46. Cheryl said on July 2, 2008 at 3:44 pm

    I don’t know if it’s possible but maybe the hacker got your info from the Paypal database? So you may not be the only victim.

  47. Emil said on July 2, 2008 at 2:34 pm

    Have you used some wireless network?

    Possible even a public one?

    Chances are that there are some people out there that are intercepting packets and seeing all the info you are sending and receiving.

    Also, maybe someone phished your password with a fake e-mail…

  48. Bruno 'ReX' Barbieri said on July 2, 2008 at 2:18 pm

    I sugest you format you computer ASAP.

  49. Martin said on July 2, 2008 at 2:15 pm

    Kurt DNS Settings have not been changed. I’m currently running additional programs (Hijack This was the last). So far nothing was found.

  50. kurt wismer said on July 2, 2008 at 2:03 pm

    you haven’t explicitly stated yet, but have you checked the dns settings on your computer and on your router? (to rule out the possibility of pharming)

    also, javascript keyloggers are possible… you wouldn’t necessarily find them with a scanner because they aren’t necessarily persistent…

  51. Martin said on July 2, 2008 at 12:26 pm

    I got my money back already but a call with PayPal did not reveal any additional information that could have helped me track the method down.

    Nothing was changed on my system as far as I can see and there have not been logins into other online accounts. I wished they would have told me if someone with another IP logged into my PayPal account which would still leave the question unanswered how someone was able to get that password.

    I ordered the PayPal Security Key by the way Jojo, nice tip, thanks for that.

    1. LL Felton said on September 21, 2017 at 3:57 am

      You said you were able to call Pay Pal . I woud appreciate the number as I haven”t been
      able to get it. Looked at my email tonignt and saw that I was going to be charged
      $107.49 cents by a company I never heard of for something I never ordered.
      Please help

  52. mouser said on July 2, 2008 at 12:24 pm

    it goes without saying that you should keep a close eye on any other services and accounts where you use a password to log in, as there is a possibility they got your login and poassword from some kind of keylogger on your computer or something similar that exposed the login information for other sites you used.

  53. Chuck said on July 2, 2008 at 12:02 pm

    I had a friend (that I have since lost contact with, unfortunately!) that had this happen to him way back in 2004. If I recall he said that someone had intercepted his login via his network at work. I cant fully remember but he was the IT Manager and he felt like crap after this and really didn’t want to talk about it, but it had something to do with a key logger and some other crap. Regardless the amount was similiar, close to 600 and it was very hard to recover those funds. I never had this problem, *KNOCK ON WOOD*, but I also never left any large amount in Paypal, and I really never had any issues at all in the near 6 yrs or so I used them.

    In any event, heres hoping this is resolved quickly and in your favor, and that Paypal does whats right. They tend too. Good Luck!

  54. Oropher8598 said on July 2, 2008 at 11:56 am

    Have you checked your email account to see if mail was being filtered or redirected somehow?

  55. Margaret said on July 2, 2008 at 11:30 am

    This just sucks! I’m so glad I don’t keep much (if any) money in PayPal!


  56. Jojo said on July 2, 2008 at 11:23 am

    Bad news. Probably someone cracked your password. Go to Youtube and search “hack paypal”, “crack paypal”. Lot’s of how-to video’s.

    You should order a PayPal Security key (I just did). Cost is $5 in the USA (free to business account users). This will provide extra security.


  57. Martin said on July 2, 2008 at 11:18 am

    Colin thanks I will keep everyone posted. More important than the cash is how it was done. It’s impossible to say yet but it does not look like he gained access to my computer.

    And I’m still wondering why he did not disable notifications of payments and account changes in PayPal and change the password and security questions afterward so that I would have additional troubles solving the issue. This would have bought him some time.

    1. Ingrid Burling said on June 25, 2016 at 10:14 am

      Hi Martin,

      I just stumbled across your site here and the story about your PayPal account. I wish to mention I had the same issue happen to me. I want to describe it, share my thoughts and offer a way forward, or at least some ideas.

      Many moons ago I was contacted by a woman in Finland, who was an opera singer. She wanted me to coach her (I am an Executive Coach) as I am highly creative and she had a particular issue to deal with. We could not work out a way for her pay me easily without incurring what would have been large bank charges, so I opened a PayPal merchant account. I had no intention of using it for shopping (did not do any internet shopping in those days) and then, unfortunately for me, I shot myself in the foot somewhat during our next call, when I made what was for me a totally spontaneous remark, and which entirely resolved her issue for her. I did not at first realise this until she later rang me to tell me so and let me know she didn’t need any more coaching. Of course I was delighted for her.

      In due course I forgot all about the account, which lay dormant. So, there was no activity on the account from me, in terms of sending or receiving funds of any kind. if I had remembered it, I would most probably have closed it down.

      For about 5months all was quiet on the western front, and then suddenly one day, I got an email from PayPal’s head office saying they thought my account had been hacked into, because 2000 dollars had been removed! I was in a state of shock because the rules of the account say that any withdrawals have to be reimbursed from your bank account. To give them credit, they said they felt my history showed it was probably not from me, and so when I told them the whole story and that as far as I was concerned ANY activity on that account was illegal, they believed me.
      I did not have to reimburse them for anything. This is all sounded great, right? It was – until they pointed out that if I had even used the account just once to pay for something, they would take the view that I had incurred the deduction and should reimburse them.

      This was, I felt, a bit sinister. I felt they were not addressing the real issue here, which was that someone had hacked into my account and they needed to be finding out who it was and how they had done it. Secondly, they must surely have been able to track where the transfer was made from by tracking where the money went. Thirdly why did they not offer me additional security on my account?

      Scroll forward to now and I am about to become a digital entrepreneur, so using PayPal for my online shopl has become topical. Having had no account with them since then, I am a tad nervous about it, as you can imagine, and have been thinking long and hard about what I can do to avoid this happening again. I guess trying to secure your internet data is like trying to stop someone breaking into your house. You can’t really. A really determined person will get in, but you can make it damned hard (research in the UK has shown that burglars tend to move on if they can’t break in inside 20 seconds because it attracts too much attention, so your goal is to make it harder. That is the real deterrent.

      In terms of the internet, you can build some simple, creative layers into your way or working and internet security, which will create a foundation of credibility with your suppliers which will work in your favour. So, I have put my thinking cap on and here are some workarounds you may wish to try out, in no particular order.

      I hope this is helpful:

      *Have two PayPal accounts. One for receiving money only and the other for shopping/paying for things, and separate who you give your details to. Alternatively, use PayPal for receiving money only and use a debit card to pay for things, so there is no connection between these two acitvities. Link them to separate bank accounts.
      *Link your PayPal account which receives money, to a bank account which is with a bank that does not permit you to have overdrafts. I opened one with the Co-op Bank in the UK, deliberately. They are very strict about this, so that offers you some protection too. if someone hacked into your PayPal account and withdrew money and PayPal tried to withdraw it from your bank account to replenish the account, and if that withdrawal would take you into the red on a non-overdraft account, they will refuse do allow it. Or they should do, according to their own rules.
      *As soon as any money comes into your Receiving-Money-Only PayPal account, move it into your linked bank account and then immediately to another bank account from there, like we have. We have a savings account that is not allowed to go overdrawn where we will keep any funds that we wish to protect.
      *Banks in the UK supply card readers for online banking and shopping, which deliver unique codes like the Security Key. Use them as a much as possible. We found we could use the one from the Co-op Bank when banking with Lloyds or shopping using their dd card.
      *Keep a log of any shopping you do, so you yourself can show your actvities. This may help you too. It depends a bit on how much time you have. You can also keep a column in Trello (software acitvity tracker), listing each purchase. If you use Zapier, you could maybe create a workflow so that each purchase, once marked as completed in Trello, goes automatically into a log somewhere. It would save you time.
      *May be worth formulating a group of people who had the same experience to lobby PayPal to respond to you all with some answers about how this happened. It means their security is not good, or good enough. But move your funds out of your accounts before you do so….
      Best wishes

  58. Colin said on July 2, 2008 at 11:15 am

    Martin, please keep us posted some how on the outcome of this. I’d really like to know how this turns out and more importantly how they managed to do this to someone like your good self. Here’s hoping you get your cash back.

  59. Martin said on July 2, 2008 at 10:57 am

    I have never heard of that company before. My account has a balance of $0,35 which suggests that they knew the amount that they were able to take.

    I mailed the guy and he told me that PayPal required username and password for the transactions.

    The guy who did it used Canadian information and had an IP from a US University. Most likely faked.

  60. Mike said on July 2, 2008 at 10:53 am

    Is it a company that you’ve previously done business with?

    I’ve had a web host automatically renew my account, without telling me that I had auto-renewal enabled.

    Then again, they withdrew everything, so either they managed to get in and figure out the exact amount, or they withdrew more than you had, and the balance was taken out of your bank account or credit card (and you haven’t noticed yet).

    Just some thoughts, hope PayPal can sort this out soon. Sorry, dude.

  61. caschy said on July 2, 2008 at 10:53 am

    Good luck Martin!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.