I’d like to take this opportunity to share something I’ve been dealing with recently. As we wrap up the year, I have learned a lesson – the hard way – about having an account hacked which I hope will be beneficial to all of you.

I, like many of you, I’m sure, have a PayPal account. I created it several years ago when my son was in college so he could purchase some of his books on EBay at a cheaper price than what the college bookstore charged. Until recently, I’ve never had a problem and the only time it ever gets used is when I purchase something on EBay, which is probably no more than once or twice a year.

Week before last, I started getting floods of emails from PayPal telling me there was suspicious activity on my account and I needed to reset my username and password. I thought it was a scam so I ignored it. Days went by and the emails started again last week saying the account had been closed down until further action was taken by me. It was only then that I began to think there might be some validity to the emails. So I signed into my PayPal account. To verify my information, I was requested to verify the checking account information, credit card information, DOB, SSN, and send them some form of photo ID in order to verify that it was really me. Don’t go throwing stones at me just yet. I didn’t click on any link in email…..I signed into PayPal by going to the website in my browser and logging in as I normally would, However, as soon as I uploaded a copy of my driver’s license, the screen went white….and I got that stabbing feeling in the pit of my stomach. Just 20 minutes later, my checking account was hacked $150.00. By the next day, there had been five more attempted transactions on my credit card. I’ve also received two phone calls notifying me that someone was trying to open credit card accounts in my name over the phone.

When I called PayPal to actually talk to someone, I was asked to verify all of my information again. I couldn’t close the account, I couldn’t stop the transfer and I thought, OH CRAP – they’ve got my ID now. So I took action. Here are the steps I’ve taken, to date:

• Called and filed a police report with the local authorities

• Filed a complaint with the FTC

• Contacted the credit bureaus and put on a fraud alert

• Closed my credit cards

• I have not closed my checking account because not all of my bills have cleared

• Called SS to get another card

• Called the DMV to get a new ID

• These are all the things the FTC tells you to do when you have identify theft.

WHAT I HAVE LEARNED:

Social Security will not reissue a card. I was told that this literally happens thousands of times each day and there is no way to replace all of the cards for those people who have had their IDs stolen. The DMV told me pretty much the same. Only in extreme cases will they consider replacing your ID. However, alerts are put on both and watched carefully. I will not be able to use any of my credit cards (which is a blessing in disguise, really) for the next 60-90 days. I have to watch my activity in my checking account closely – not just daily – but several times every day.

I called PayPal again just a few days ago and requested a phone number with a pass code to secure a direct phone number. PayPal notified me that some of the emails I received were legitimate. Some of the emails were sent by them to let me know that it appeared someone was attempting to access my account. Some of the emails I received were indeed a scam….which is part of the scam. They first try to access your account. They anticipate you will receive emails from PayPal so they redirect your IP address to a website that looks just like PayPal and have you verify all of your information. Then they transfer money into the PayPal account from your checking account where it is more easily accessible (according to PayPal). In the midst of all of this, I also learned that my modem in my home was also hacked, which would have continued to provide access to my personal information. I had to have my modem completely reset and a new IP address assigned. Yes, PayPal knows about the scam. Have they publicized it? Not to my knowledge.

WHAT YOU SHOULD DO if you get the same email:

Do the same thing I did after attempting to do everything else. Ask for a secure phone number and pass code and call them. Don’t ignore thinking its scam, and never click on a link in an email. Don’t try to verify any information.

PayPal is aware of the scam. When the money goes from your checking account to PayPal, they lock it down. Did I lose anything? Not yet. My money is secure, my credit cards are closed….but somebody is still out there using my name and my information to open up fraudulent accounts. Unfortunately for them, they hacked somebody who doesn’t have much to take. There are advantages to living a modest life – and many blessings to living an honest one. It could have been worse.

As we move into a new year, consider this a friendly reminder – and warning – to take caution at all times when it comes to the security of your personal information.

Donna Hooper
Manager of CounselPro™ 7.0 Software Development and Training
American Academy of Estate Planning Attorneys, Inc.
9444 Balboa Avenue, Suite 300
San Diego, California 92123
Phone: (800) 846-1555
www.aaepa.com