First off, it's was legit Paypal call as it was the same name/person as who I'd initially been talking with through their "help center" messaging.
To start off, today I got notified by multiple emails that someone was requesting a code to reset my password. First oddity is notification that it wasn't sent to my primary email (primary in Paypal settings), but to the random email I use that doesn't have any identifying info (primary is my first/last name).
There should only be a handful of people on the planet that even know that email exists....so seemed weird someone would know that email and use it to get into paypal. I use it so rarely.
Soooo....that triggered a response for me to login to paypal and see what was going on.
Log in, someone has added a telephone number to my account. Ok alarms going off. I immediately reset my password, remove extra emails associated with the account. Remove all but my personal cell phone (work number was on there too), remove my bank info, change my security questions, etc.
I open a ticket to report this to see if paypal can confirm that the phone number was added today (by whoever was trying to reset the password), etc.
After getting a brief response which I reply back to with another question, the person from Paypal calls me. She's able to tell me the time the 3rd number was added (which is about 5 mins after the resets were requested).
Initially, I thought maybe spoofing the SIM on 2nd phone line (or whatever they do) might have been how they got in...but after talking to my cell carrier, no one has contacted them to do anything with that phone...and again, I think they would have had to still reset my password.
So, it's very weird that:
1) someone definitely accessed my Paypal account and added their phone number
2) they didn't succeed in resetting my password as I logged in and changed everything after they added the phone number
But that raises even more questions of how did they access my account without successfully resetting the password?
3) the Paypal person gave me the full number (paypal normally *** it out).
Google to find out this person has the same first/last name as me...and the person seems really old (almost 50 years active military+years retired) as Google actually returns some specific info due to military service and this person uses the number as a work phone (now in real estate it seems).
May be possible some one targeting my account Googled this person and is spoofing their number??? Adding their number to "throw me off"???? But that seems really far fetched....But how did our accounts get "crossed" if it was this guy?
4) Paypal rep said they were opening a case to investigate as she wasn't initially sure how they would have accessed my account to add a number either without resetting my password or having my password.
The weirdest thing I've ever experienced (luckily I guess) with an online account. Any ideas?
PS I use a 3rd party password manager and complex, unique passwords.
Submitted April 04, 2021 at 08:42PM by reddituser23933 https://ift.tt/3dxjO9U
