On 11 September 2022, at 4:55pm Hawaii time, I received an email notification that a new email address had been added to my PayPal account. Since I was doing laundry, I wasn’t paying attention to my email account and by the time I realized what had happened, my email address and phone number had been removed from my account and the hacker had replaced them with his own.
Upon noticing the email change, I tried to login to my account, but was unsuccessful.
While the hacker takes primary responsibility for his actions, I have to admit that I have to accept some blame because I hadn’t changed my password in a very long time and I should have known that my login information would eventually leak out and some malicious actor would take the opportunity to steal my account.
Realizing that I had to act quickly, I canceled my PayPal debit card and ordered a new one. Fortunately, there was no money in the account for him to take. I also transferred money from my linked bank account into another one to prevent the hacker from spending my money.
The hacker had acted at just the right time, stealing my account about two hours after PayPal’s customer service office had closed, giving plenty of time to do whatever he wanted with it. I had no choice it to wait and worry until the office reopened.
Given the steps I had taken, I hoped that whatever damage had occurred until such time as I could regain my account would be minimal. Remember the old saying: “Hope for the best, but prepare for the worst”.
When the office finally reopened, I was already on the phone and it took less than ten minutes to regain complete control of my account. It appears that the hacker had only changed the email address and phone number on the account, it hadn’t altered anything else.
The email address the hacker used is: BNiederme153@gmx.com
The telephone number he used is: 304-318-3023
Naturally, I changed the password on my PayPal and GMail accounts and enabled two-step security measures.
Not to be foiled in his attempt to take what wasn’t his, the hacker soon noticed that he no longer possessed my account and tried to take it back by sending a Gmail password change request. I immediately realized what he was doing, since I hadn’t requested such a change. A few hours later, I received two automated phone calls, supposedly from PayPal. I didn’t respond to them and instead called PayPal myself to find out that they had placed no such calls to me. It’s obvious that the phone number was spoofed to appear to be PayPal’s customer help line. I had no choice but to block that number.
So, I’m a little wearied from yesterday’s hack, but I’ve learned not to be so complacent from now on.
Duane.Browning
