Since my Paypal was recently hacked (I was able to get my money back though), I decided to create this post in hopes of helping others who are going through the same thing.
Last May 30, I got home around 11pm. I was about to go to bed when I received a text message from my bank. You know how banks text you at random times to inform you of their promos and what not, so I figured I'd just ignored it for now. After a few seconds, I got an email receipt from Paypal confirming my transaction of $23,800.00 HKD!
At first I thought it was a scam, then I opened the text message from my bank confirming the purchase as well!
At that point, I panicked! I mean, who wouldn't?? $23,800.00 HKD is equivalent to almost Php 160,000!!
So what did I do? I immediately logged onto my Paypal account and changed my password! I also noticed that the hacker removed one of my emails and added a fake one (bacanibet@outlook.com) so I unlinked that from the account too.
Next thing I did was to report the transaction as unauthorized.
After that, I called my bank to try and hold the payment, but unfortunately, they cannot do so as they are only the third party in this transaction. All they can do is wait for it to go through then investigate afterwards. Also, if you'll notice in the text message the bank sent me, the transaction went over my credit limit, but they still allowed it due to "outstanding credit record." I recommend you call your bank and ban all transactions that go over the credit limit - it's also a good way to prevent hackers from purchasing high value items with your credit card.
I also decided to send an email to the online store from where the watch was purchased from. I was told by the bank that they can't do anything if the seller has not forwarded them the charge slip (apparently, there are still charge slips for online transactions), so I emailed the seller and requested that they hold the shipment for the watch.
They called me "Sir" sure, but that was least of my problems. I'm just glad they replied.
The hacker tried to do another one on me by sending me this email saying that they permanently locked my account and that they already emailed the seller on my behalf so I didn't have to. Note to everyone: ALWAYS CHECK WHERE THE EMAIL CAME FROM.
I guess I was really lucky to have seen the email before I slept that evening, otherwise, the hacker would've been able to lock me out of my own account. You really have to act quick - I did all this in the same hour it happened - I even changed all of my passwords, including ones that didn't have anything to do with my Paypal. FYI, I haven't used my Paypal since (at least) January, so there is always a possibility of getting hacked. Regularly change your passwords, guys.
After this, all I could do was wait. Come June 3, I received the good news that Paypal decided in my favor. Meaning that the transaction will not go through and my credit card will not be charged Php 160,000.
Case solved. Money returned. Yay!
Up until that time, I didn't know what the goal of the hacker was. The watch was actually being shipped to my home, so s/he wasn't getting it, that's for sure. A few days later, I get another email from Paypal saying they want to get my feedback on the recent happenings. Fake email. Fake feedback form. Who knows what could've happened if I clicked on the link. A follow-up email came in three days later, on June 8.
This could happen to anybody. So always be careful using online channels for transactions. If you really have to use Paypal, I recommend that you do not save any of your credit cards on your account. Just type them every time you need to make a transaction, sure it can be a hassle, but it's definitely the safer way to go.
If you know anybody who's had their Paypal accounts hacked, have them read this post! It might be able to give them insight on what actions to take :)