I just received an email from Filesonic telling me my registration is complete. I thought it was spam, so I deleted it. Then I get an email receipt of payment from Paypal. $55 paid to Filesonic.
I have absolutely no idea who Filesonic is, what they do, etc. No one has my Paypal log on information and I do not share a computer.
Oh joy....can't wait to find out what else I've "bought".
I would change your paypal password immediately, and file a claim with paypal.
Ya, I did both of what you suggest first thing. This is the first time anything like this has happened to me.
I think it was trap. Check with Paypal, but I doubt nothing was purchased. There were probably links on the email you received to "check your account" (or something similar) and THAT's the trap as clicking on it would have sent you to a fake log-on screen where they would have captured your info.
Good point, Eric. I wasn't thinking straight along those lines.
I received a very real-looking email from "PayPal" telling me that my credit from (something like) "DVD World" was received and I just have to sign onto PayPal to confirm it. I never bought anything from the company that was named, and I couldn't imagine why, if I was getting a refund/credit, I would have to go to PayPal to "approve it" or whatever.
But it looked legit all the way, and PayPal's site didn't offer much in helping to determine authenticity...other than saying the email would use both my first and last name...and this one did.
I resisted clicking though, simply because the company name didn't ring a bell and I couldn't figure out why I would have been getting a credit or refund from them anyway.
I will admit, though... I was closer to clicking that than any other spam/spoof/ripoff I had ever seen.
You could probably call paypal and have a real person verify any transaction and required actions.
Or just manually type in paypal.com.
They do offer the extended https (in Chrome, Firefox, maybe IE8, Safari 5) there's some indication, some EXTRA color in the address bar that indicates that it's really, really real.
HTTPS protects the transactions, but it does not protect from a trap. It is no effort to setup an HTTPS connection that looks like the real thing.
I know everybody gets fed up being repeated the same thing over and over again, but there is ONE and only ONE protection against those emails: NEVER, EVER click on a link in an email that you were not immediately expecting. It is OK to react to an email from amazon right after you pass a command, but even emails from your friends may be coming from high-jacker who just fooled your friends with a "Microsoft is closing unused hotmail accounts. Please click here to confirm you are still using your hotmail account" bla bla bla!
I don't know about that, Eric. It's not THAT easy to set up an https: connection if you know the site you're going to, type that name in, and use https.
I absolutely agree that you should never click the link in the email.
No, it was a charge. I logged onto my account and the transaction did take place. They automatically withdrew funds from my checking account. Someone hacked my account.
That sucks. Any response from PayPal yet?
You are right, Ken, your example was not posing a security threat. I was actually more reacting to the appearance of the magic HTTPS buzzword and how too many people associate the acronym with automatic and all-encompassing security. The example you mentionned is perfectly safe unless someone hacks the Internet's DNS servers, which I don't personally worry about.
I think it's possible to do a man in the middle attack against https, but I think that sort of thing is extremely hard.
The resolution ended up being in my favor. Paypal refunded the money. It went to my Paypal account verses my checking account, but I did get it back.
Glad to hear it. To hear of resolutions to situations like yours restores a little faith in the way they work.
I've had one instance with Paypal that had to do with a product I paid for on Ebay but didn't receive. After going through the somewhat arduous claim process, they reimbursed me because the seller was nowhere to be found.
Their rep's have always been pleasant to talk with, also.