A few days ago, I registered a PayPal account. I didn't add my credit card information yet, so it is still "unverified".

The last few days, I have received three or four phishing attempts regarding PayPal. Up until a few weeks ago, I received at most one such e-mail every second week, whenever my email provider's spam filter did not remove it.

The first two claimed someone from an odd IP-address had tried to enter my account, and the third acknowledged that my account still was unverified and offered a link to enter my credit card information. Now, I don't even know if PayPal records and can identify which IP-addresses I use myself, in particular if I have only been logged on once.

It makes me wonder - how easy is it to browse or obtain lists of newly created PayPal accounts and contact those parties in phishing activities? Does PP even sell lists of newly obtained e-mail addresses to those people? Is it people who work for PayPal that in reality operate the fake sites too, a so called inside job?

Needless to say, I didn't follow the links which are obviously fake since they either point to a completely numerical IP-address or some web server in Hungary (sorry, all honest Hungarians!).

Oh, the irony! As I was writing that message, I received one more "your account was accessed by a third party" e-mail which is sprinkled with IMG links to "paypalobjects.com" and the main link I should click on points to "www.fmkportal.hu/www.paypal.com" etc.

Is it possible there's some kinda undetected spyware on your system that informs the phishers that you have recently logged on to PP?

--T

I was part of a class-action law suit group that sued PayPal here in the states for taking a slice for them selves. They took money from peoples accounts for them to spend! I would never trust PayPal. Ever.


-Vlad

No, I'm fairly confident about not having any spyware or virus running on my computer, although I took a dive into warez land a few weeks ago. In that case, the spyware should've picked up my password when I registered rather than setting up a fake site to collect it. But anyway, I sent the two kinds of phishing attempts to spoof@paypal.com as they actively collect such emails.

By the way, I'm not that keen on PayPal's services either after previous experience at work. The reason I signed up is to eventually pay for my purchases on Dimitri's sales, since he got the information from his bank that regular bank transfers would cost him 20 Euro per transaction to receive, while a PayPal transaction would only cost 3.4% of the amount to receive. It sounds like a steal, and I wrote him back pointing to a web page of his bank giving totally different rates which he will show to his bank as well.

I dunno, any kind of e-$$$ can be risky. My local bank was haxored last week. Thier webpage insisted that I had to change my password before I could log-in to my account information. Of course, I took this to be another phishing attempt, so I was reluctant to enter a "new" password until after I called the bank to find out what was the problem. They told me that after the attack, they had done a mass-password renewal, to be sure that no one's account was compromised. After changing the password, I was allowed to access my account, and there was an urgent alert message explaining the necessity for the change, but without the change, there was no way to read the message.

--T

A couple weeks ago, my PP accnt was overdrawn by $.65, and I had the bright idea to use my credit card to balance the accnt. Instead of doing a normal CC transaction, PP somehow sent it into the CC as a cash withdrawl, for which there is a (minimum) fee of $5.00, so I ended up paying $5.65 for my bad bookkeeping.

--T

Duh! Anyway, as long as the actual URL (not the text written between HTML anchors) seems valid, I would be less suspicious. Of course, someone could hack your bank's (or PayPal's) web server, but that is a much more powerful crime than pretending to be someone else. Sometimes when I log in late to my bank's Internet page, I get odd error messages which indicates I did something wrong, but it is their server that is in hibernation overnight or something.

Is there any benefit in transferring money from a bank account into PayPal? Lower fees when you make payments? My bank offers a special kind of virtual credit/debit card called e-card, which functions in such way that I log in to my bank and issue a new credit card everytime I need one for e.g. Internet purchase. I can define the amount available on the card and for how long it is valid. Then I can use this online, and if anyone would phish that card number, the amount they can withdraw is much limited. The best part is that this service is free of charge as long as I have a standard debit card (in my case Maestro from MasterCard, but VISA would work equally well). These virtual credit cards will work on almost all sites that take credit card payments, except those where you have to use your card physically to finish the deal, i.e. paying for cinema tickets.

I'm planning to issue a such virtual credit card whenever I need to make a payment through PayPal, and add that card to their system. I suppose there is no limitation on how many credit/debit cards one can enter into PayPal, and the virtual card will be recognized by MasterCard and my bank as being in my name.

Mail from PayPal will always address you by your registered name. If you are greeted with "Dear Member" or similar, it is most certainly a mass-mailed phish.

--T

Now I have compared the exchange rates, fees and delay between making a payment through PayPal and an electronic bank transfer directly to my account:

My bank has an exchange rate (vs Euro) that is ~2% better than PayPal.

My receiving fee for the electronic bank transfer is 10 SEK (c:a 1.10 EUR) as long as all details are correctly filled in. On the other hand, I had to upgrade my PayPal account in order to accept credit card payments. Thus my fees over there are 3.4% + 0.35 EUR. It means any amount over 22 Euro would be beneficial for me to receive as a bank transfer, at least if I don't consider any transfer fees for the buyer.

A foreign bank transfer took 2-3 working days plus weekend and holidays, while it takes PayPal 5-7 (!) working days to transfer funds to the same account. The money is of course quick to arrive into PayPal though.

All in all, on an amount of 150 Euro, I gained 66 SEK (US$9.15) and got the money at least three days quicker by bank transfer. The more (expensive) I would sell stuff, the bigger would the difference be. I was not sure which kind of fees and poor exchange rates my bank would apply, but I'm positively surprised.

Wow, that's kinda neat. For once, exchange rates worked in your favor....

-VK

Here is another example of PayPal exchange rates. I recently enrolled a new credit card, and PayPal withdrew 15 SEK as a confirmation, money that I receive back when I make the next payment. Today, the money was refunded. Follow this logic:

March 30: 15 SEK converted into 1.56 EUR => sell rate 9.61 SEK/EUR
March 30: 1.56 EUR corresponds to 14.16 SEK => buy rate 9.07 SEK/EUR

So, basically I lose 5% of the amount due to they use radically different exchange rates on incoming and outgoing conversions. For comparison, here are a few current exchange rates from other sources:

Daily fixation: 9.33 SEK/EUR
My bank, paper money: they buy at 9.20 SEK/EUR, sell at 9.46 SEK/EUR
My bank, cheques: buy 9.31 SEK/EUR, sell 9.35 SEK/EUR
Forex, exchange specialist: buy 9.22 SEK/EUR, sell 9.46 SEK/EUR

I think the exchange rate for electronic transfer used by my bank is the same as for cheques.

15 SEK is a very small amount of money, so I don't care if they steal 5% of the amount despite claiming no fees on this transaction. If I would receive larger amounts though, they charge 3.4% + the much worse exchange rates the day I decide to withdraw money back to my bank account. Certainly I can keep money in PayPal and use for various payments, but up to now I've sold more than I've bought.

If I receive money in an electronic bank transfer using IBAN + SWIFT, my bank only charges me 10 SEK fee (should in reality be completely free), I get radically better exchange rates and money directly on my bank account.