Saturday, September 29, 2012

Learnings from a Paypal Hacking Experience: Part Two - What to do after your Paypal gets hacked

In Part One you were shown what a Paypal hacker might do to your account. This part gives you advice on how to proceed after you get hacked.

What you may need
1) email to use besides the one which you used on your hacked Paypal account
2) phone line
3) optional is a good budget card for calling overseas if you are not calling within the US

What to do
1) Review the actions of the hacker

Each Paypal transaction has an email notification. If you are able to see the list of transaction that hacker did through your email then list them all. Write down on paper also the transaction ID of each monetary transaction that happened. You need this in case you have to detail to Paypal which transaction/payments you are contesting as unauthorized payments.

It will be good to have old eBay transaction ID also which happened before the hacking in case you have to prove that you are indeed the real owner of the account.

2) Create a new Paypal account.
- When you get hacked you will likely lose the ability to login to your account. When you call eBay you will be ask for a code to verify your identity. Technically your Paypal account is a link to your identity hence they have to use it for verification of calls.

3) Log-in to your new Paypal account and get the Call contact code

Click the "Contact Us" link at the bottom. In the new page click the "Call Us" link. The next page will show you the 6-digit passcode. This passcode expires after 60mins so this means you should be able to call Paypal within the 60 min period if not you need to re-do steps 2 and 3 to get a new passcode.

4) Call Paypal

This is the US number for Paypal  1-402-935-205

Since it is a US number below is their available time to entertain calls
4:00 AM PST to 10:00 PM PST Monday through Friday
6:00 AM PST to 8:00 PM PST Saturday and Sunday
*PST is GMT - 7:00  or user this link to convert to your time zone

When you get hacked it is A MUST to CALL Paypal immediately after the hacking happened. This is to ensure that all transactions done by the hacker is reversed as soon as possible. Response time of email is slow and unsure and by the time someone from eBay have contacted you through email the hacker might have already created a web of transactions to hide, use or withdraw the money already.

Upon calling Paypal they have a smart system which will just ask you for the question you have in mind. This smart system looks for keywords within your sentences and will automatically play a recorded answer to you. If you want to talk to a person just utter the words "Talk to an agent" . If that doesn't works try also variations like "Talk to a person". This will force the smart system to redirect you to a more flexible call center agent that can listen to your story and assist you properly.

5) Explain your story briefly and request reversals of unauthorized payments

When talking to the call center agent be brief and concise. Just explain that your original account has been hacked and you were not able to use it. Explain that the hacker may have also removed your original email linked to that account but you will be able to supply some transaction IDs before the hacking to prove your identity. Do not panic or be hysterical or be angry. Just stay calm and make sure to pause and allow the call center agent to react and help you. If you keep on talking and lose your cool then it will just create room for misunderstanding.

The things you have to request the agent are
a) Reverse all unauthorized transactions.
This includes all payments or transfers done. If possible Make sure you have an idea how much was you initial balance was before the hacking so you and the agent can gauge which actions are caused by the hacker.

b) Allow you to gain access to the account.
Get help from agent to remove all emails linked to the account and make him add only one email address which you own. From here have him initiate and change password request immediately.

c) Remove unauthorized users
For those using business accounts or upgraded to business accounts have the agent remove all those in the manage users list. In case the agent says you have to do this yourself, just request that he be still on the line while you do it for safety precaution.

My Account > Profiles > My Settings > Manage Users > Update > Select the radioboxes of the users and click the remove button.

The hackers will usually hide us another user of this account through through the Manage Users funcationality of business accounts. This means he will be able to manage this account with his own password. So you must remove the hacker from the list. If you are using it yourself it is a better precautionary action to delete all in this list and just rebuild it yourself later.

6) Monitor your email for notifications about the reversals

Try to check you email every hour or if possible more frequently to check if the reversal of the unauthorized transactions have already gone into your account. This way you also monitor if the hacker is able to gain access again to your account.

7) Optional: Withdraw your Paypal balance

When the reversals have been completed in your favor it would be best to withdraw your money to your bank account immediately. Do not think anymore of the charges of Paypal and the bank you may have to incur in the process because you never know if the hacker will be able to login to your account and strike again! As much as possible to don't keep a lot of money in your Paypal account to avoid bad hackers from being enticed to use it.

On Part Three, we offer suggestion how to keep your Paypal account safe.

No comments:

Post a Comment