Hacked Paypal Account? Here's what to do.

3 AM. I logged into Paypal to check my current balance and plan for the upcoming Steam Sales. It was supposed to be a quick check but I found two suspicious transactions: a deposit of USD 255 and a withdrawal of USD 244. The deposit came from someone I don’t know. And the withdrawal was to an account I don’t own.

This must be some glitch. I log out, open a Private Window, and log back in. The transactions were still there.

My account has been hacked. No money was taken from it. Instead, it was used to funnel money from another hacked account to a credit card.

This was resolved within 48 hours.

Here’s what I did. Investigate to paint a picture of what really happened. Secure my account by changing passwords, removing old emails and updating bank & credit card information. Then, reporting it to customer support.

Has your account been hacked? Here’s what to do.

Investigate

Check for other suspicious activities.

My account  >  Click History.

Look for other questionable transactions. By default, it will only show you transactions of the past 30 days. Expand the date range and scrutinize all activities. Take note of transactions that you find suspicious.

Take note of the transaction IDs of all activities that were unauthorized. To check the transaction ID, click the “Details” link.

Check for other changes to your account.

My account  >  Hover Profile

Are there new email addresses, bank account or credit card added to your account? Maybe your address was changed? Look for recent changes in your profile.

Secure Your Account

Your Paypal account has been compromised. It’s a must that you secure it. There are four major steps to do so.

1. Change your password.

My account  >  Click Profile  >  Password

Use a password that mixes letters (uppercase & lowercase), numbers and symbols. It will be hard to remember it at first. One technique I find useful in memorizing the password is to use the same complex password across different accounts.

For example:

Make your own variation of this technique. You might want to use the complex part as a prefix or put it in the middle. It’s all up to you.

2. Update your security questions.

My account  >  Click Profile > Security questions

Pick an answer that only you know. You should never use answers that someone can easily mine in your online profiles (facebook, twitter, blog, etc.). For example, your mother’s maiden name, the school you went to when you were a kid. You may use these questions but be sure to put an answer that’s not available online.

3. Remove old email addresses.

My account  >  Hover Profile  >  Add/Edit Email Address

Over time, your account would have had accumulated email addresses.

I’ve been using Paypal for more than 7 years now and have 4 emails attached to my account, 3 of which I rarely use. The incident forced me to check for this and I realized that an old Yahoo! email address may have been the hacker’s gateway.

Removed any rarely-used email addresses. Make sure that your main email address is set as “Primary” so your receive notifications of any activity on your account.

Note: It's also essential to make sure that your email accounts are secured. There are a lot of guides on doing so. This, this and this are just few of the many guides you can find online.

4. Remove old or suspicious bank or credit card accounts.

My account  >  Hover Profile  >  Add/Edit Bank Account and Add/Edit Credit Card

If you have old or unused bank or credit card accounts, be sure to remove them. Or, if your account was hacked like mine, delete suspicious credit cards or bank accounts.

Contact Paypal Support

Once your account is secured, it’s time to contact support.

1. Resolution Center

My account  >  Resolution Center

This was recommended. I tried it twice but failed because the transaction IDs of the deposit and withdrawal were invalid.

2. Contact Customer Support

If Resolution Center doesn’t work, contact Paypal’s customer support through Phone or Email. Click here.

I contacted them through email with all relevant details, including the Transaction IDs. Here are some questions that your message has to answer:

Save a copy of your message.

After sending your report, you will receive an automated response that will point you to FAQs. The links, most likely, won’t answer any of your questions. Reply to it. You don’t have to write a new report, just copy and paste your saved message.

Here’s my response:

Good day.

1. I logged into my account last June 15, 2015 and found two unauthorized transactions in my history. The first was a deposit to the account worth $ 255 (Transction ID: 9NK87732XXXXXXX). The second was a withdrawal $244 (Transaction ID: UT32416LXXXXXXX).

2. After further checking, I found out that someone added a new credit card to my account, a card that accepts withdrawal. I also did not authorize this.

3. After finding this questionable activities, I immediately changed the password and delete old emails off my account.

4. I tried reporting the problems through "Resolution Center" but the transaction IDs above were marked as invalid. As such, I couldn't continue with the process.

5. I emailed customer support but has yet to receive any reply from them. I did receive one but it's basically just links to FAQs.

I suspect that this is sort of hack. The one who deposited the money to my account may have been hacked. Then the hacker used my account to add a credit card and transfer it to his real account.

Regards,
Neil Yamit

Aftermath

Within a couple of hours, I received a message saying that the deposit has been reversed. The amount will be taken from your balance. Don’t worry. This will be reversed within a couple more hours.