Rhodri Marsden: How did a total stranger gain access to my Paypal account?

Click to follow
The Independent Tech

This is a tricky confession to make. It's a bit like an agony aunt admitting to infidelity, or a gardening columnist announcing full details of their potato blight. But after years of dispensing advice on how to avoid online fraud, well, I've become a victim of online fraud. I may be about to forfeit what little authority I have, but I think my slightly self-conscious line is going to be this: Hey, it can happen to anyone.

When I received emails from Paypal last week informing me of my winning eBay bids for two cameras, I didn't give them a second thought. I hadn't placed any bids (cameras and I share a deep, mutual indifference) so I just assumed they were spam. You know, along the lines of: "Hey, you've won a camera! Click here, enter your password and watch us slowly take control of your identity." But they were swiftly followed by an alert that my Paypal account may have been compromised; apparently a chap called "Erick" from Northampton – if he exists at all – had won two high-end Canon cameras on eBay and used my hard-earned cash to pay for them. As a result of his underhand activity I was £1,835.93 down on the deal – a deal that I hadn't initiated, or even taken part in other than unwittingly hand over the money.

Paypal, of course, didn't require me to have £1,835.93 knocking around in my account; it just swept the money across from my credit card – which for some asinine reason has a credit limit well over £5,000. After having spoken to reassuring Paypal representatives I have faith that the mess will sort itself out, but I'm still baffled as to how my account was accessed. I use unguessable jumbles of letters for passwords, never click on dodgy links in suspicious emails, and keep my computer secure and free from malware, as I hope you all do. But perhaps I haven't always been scrupulous about using a different password for every website, and that's something that I've just spent a day correcting. And if you don't have such a system, I'd develop one of your own. (I'm not convinced by password managers, simply because it only takes one password to be cracked to access all your others.) Paypal, for their part, now offer an additional layer of security that involves an SMS being sent to your mobile phone. I've just shamefacedly signed up for it, before going off to have a little cry.

Email any technology gripes to cyberclinic@independent.co.uk or join the discussions on the blog at www.independent.co.uk/cyberclinic