My son fell for a Paypal phishing scam - what to do now?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Topic Author
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

My son fell for a Paypal phishing scam - what to do now?

Post by privateID »

My some opened an email from a Paypal phishing scam. He responded to the email giving them his credit card information and his social security number. He realized his mistake minutes after sending the email and tried to take corrective actions. He immediately notified the credit card company and I believe that is now closed. No fraudulent charges there. He also contacted one of the credit agencies (ie., Experian) and put a hold on his credit and, I believe, he said something about putting his credit on high alert.

Is there anything else he should be doing? Does he need to notify all 3 credit agencies?

Thanks for any info
Cigarman
Posts: 480
Joined: Fri Jul 12, 2013 5:12 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Cigarman »

Notify all three and place a CREDIT FREEZE on all three. Immediately.
User avatar
Stinky
Posts: 14149
Joined: Mon Jun 12, 2017 11:38 am
Location: Sweet Home Alabama

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Stinky »

I would suggest monitoring all of his financial accounts (checking, credit card, investment and brokerage, etc.) frequently.

I would also enable two factor authentication where available.
Last edited by Stinky on Thu Sep 16, 2021 7:22 am, edited 1 time in total.
Retired life insurance company financial executive who sincerely believes that ”It’s a GREAT day to be alive!”
z3r0c00l
Posts: 3807
Joined: Fri Jul 06, 2012 11:43 am
Location: NYC

Re: My son fell for a Paypal phishing scam - what to do now?

Post by z3r0c00l »

Also check the computer he used (if any) for viruses and change passwords. Determine why he believed the scam in the first place to make sure it doesn't happen again. Normally they target older folks but I suppose no one is immune. I think everyone would do well to remember this: you are never going to get something this important via email or a phone call, not from the IRS or your bank or even Microsoft. And Paypal will just extract money from the account without asking permission if they are remotely justified in doing so, as I have discovered.
70% Global Stocks / 30% Bonds
wander
Posts: 4424
Joined: Sat Oct 04, 2008 9:10 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by wander »

If it were me, I would consider paying for lifelock services.
Ramjet
Posts: 1464
Joined: Thu Feb 06, 2020 10:45 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Ramjet »

privateID wrote: Thu Sep 16, 2021 6:33 am Does he need to notify all 3 credit agencies?
I think there are 5. Don't forget Innovis and Chexsystems
McDougal
Posts: 557
Joined: Tue Feb 27, 2018 2:42 pm
Location: Atlanta

Re: My son fell for a Paypal phishing scam - what to do now?

Post by McDougal »

z3r0c00l wrote: Thu Sep 16, 2021 6:42 am Also check the computer he used (if any) for viruses and change passwords.
I would emphasize this to say change every password he has with every account. Financial, social media, shopping, all of them. Even if it is hundreds, using a password manager makes this task very doable.
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by anon_investor »

privateID wrote: Thu Sep 16, 2021 6:33 am My some opened an email from a Paypal phishing scam. He responded to the email giving them his credit card information and his social security number. He realized his mistake minutes after sending the email and tried to take corrective actions. He immediately notified the credit card company and I believe that is now closed. No fraudulent charges there. He also contacted one of the credit agencies (ie., Experian) and put a hold on his credit and, I believe, he said something about putting his credit on high alert.

Is there anything else he should be doing? Does he need to notify all 3 credit agencies?

Thanks for any info
Additional actions aside from freezing credit with the five (5) bureaus, have your son:

-Create online IRS and Social Security accounts to prevent others from doing so.
-Request a IRS Identity Protection PIN, so someone cannot fraudulently file a tax return with his info
-Sign up for 100% FREE (no CC required) credit monitoring with Equifax, Experian, Transunion. They have free options on their official websites, so he should be careful to not sign up for the paid versions.

There are probably a couple of other things I can't think of right now.
homebuyer6426
Posts: 1830
Joined: Tue Feb 07, 2017 8:08 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by homebuyer6426 »

No one seems to have mentioned this yet.

Get him up to speed and tech-literate on how phishing actually works. If he had known never to send a credit card number or social in an email this wouldn't have happened.

He should know that before clicking a link in an email, hover over the link and see if it goes to the domain name that is expected. Sometimes they can be off by only one letter and take you to a spam site. But more often phishing links have a completely crazy URL that is easy to spot.

Have him watch a few videos on common scams. It will go a long way.
45% Total Stock Market | 52% Consumer Staples | 3% Short Term Reserves
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by ResearchMed »

homebuyer6426 wrote: Thu Sep 16, 2021 8:02 am No one seems to have mentioned this yet.

Get him up to speed and tech-literate on how phishing actually works. If he had known never to send a credit card number or social in an email this wouldn't have happened.

He should know that before clicking a link in an email, hover over the link and see if it goes to the domain name that is expected. Sometimes they can be off by only one letter and take you to a spam site. But more often phishing links have a completely crazy URL that is easy to spot.

Have him watch a few videos on common scams. It will go a long way.
Bottom line, just do NOT click on a link in email.
Help him learn this.

IF it's a legit link, e.g., Vanguard, one can go to the official site on one's own (e.g., Vanguard.com) and THEN do whatever one needs to do... read that message, make that transaction. But *you* initiated the actual contact directly. Only use the email as a notice to go separately to the official website to see if there is really a need to go there, etc.

Drives me nuts when legit websites "encourage" clients to click on email links.
Bad Computer Hygiene! :shock:

RM
This signature is a placebo. You are in the control group.
Living Free
Posts: 822
Joined: Thu Jul 19, 2018 7:31 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Living Free »

I agree it's time for a complete overhaul of his computer/security hygiene. Also you can create a credit karma account for free which will monitor two of the major credit bureaus (I think it's Transunion and Equifax); just do that right before you freeze the credit files with them.
User avatar
canidothat
Posts: 61
Joined: Thu Jun 24, 2021 5:45 am
Location: Alaska, United States

Re: My son fell for a Paypal phishing scam - what to do now?

Post by canidothat »

Living Free wrote: Thu Sep 16, 2021 9:15 am I agree it's time for a complete overhaul of his computer/security hygiene. Also you can create a credit karma account for free which will monitor two of the major credit bureaus (I think it's Transunion and Equifax); just do that right before you freeze the credit files with them.
Definitely a must! You'll never know maybe malware is lurking in his stuff right now and might encrypt everything. Worst case have access to everything your son has on his computer and hold it for ransom.
snapping moments–one bajillion buttons at a time
Katietsu
Posts: 7676
Joined: Sun Sep 22, 2013 1:48 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Katietsu »

z3r0c00l wrote: Thu Sep 16, 2021 6:42 am I think everyone would do well to remember this: you are never going to get something this important via email or a phone call, not from the IRS or your bank or even Microsoft.
I wish this was true. Unfortunately, sometimes you must find a known number to track down what is and is not legit. I have expressed my discontent with these practices with a regional bank and a major brokerage. They just offer to help me without me following a link or replying to an unsolicited email with social security numbers and passwords. In one case, independently logging into my account was not an option, I had to use the link. I have never made headway on escalating my complaint on the danger of the practice in making its customer susceptible to a bad actor.

So, don’t be caught in a phishing scam but be careful about ignoring all such communications. Learn how to detect scams and better ways to contact companies.


OP, a family member did this. We changed email and bank passwords. Froze the 3 credit reports. Got a new credit card. Never any repercussions and that was 5 years ago. Honestly, I believe that most of our social security numbers are already in the hands of the criminals after so many major data breaches.
Last edited by Katietsu on Thu Sep 16, 2021 10:35 am, edited 1 time in total.
z3r0c00l
Posts: 3807
Joined: Fri Jul 06, 2012 11:43 am
Location: NYC

Re: My son fell for a Paypal phishing scam - what to do now?

Post by z3r0c00l »

Katietsu wrote: Thu Sep 16, 2021 10:30 am
z3r0c00l wrote: Thu Sep 16, 2021 6:42 am I think everyone would do well to remember this: you are never going to get something this important via email or a phone call, not from the IRS or your bank or even Microsoft.
I wish this was true. Unfortunately, sometimes you must find a known number to track down what is and is not legit. I have expressed my discontent with these practices with a regional bank and a major brokerage. They just offer to help me without me following a link or replying to an unsolicited email with social security numbers and passwords. In one case, independently logging into my account was not an option, I had to use the link. I have never made headway on escalating my complaint on the danger of the practice in making its customer susceptible to a bad actor.

So, don’t be caught in a phishing scam but be careful about ignoring all such communications. Learn how to detect scams and better ways to contact companies.
I can't agree with that outlook. Either it is a scam, or it is spam. I get real emails from companies all day, but they are not worth reading. And I get fake emails all day claiming to be something else.

Important correspondence does not come via email or cold calls, and rarely in the mail. If a message appears in my account after logging in, then I take it seriously. I know someone who actually thought that Microsoft would make you call a phone number in India to get help, he almost sent money. Another person I know actually though the treasury would call him and threaten to send the police (again in a thick Indian accent). Microsoft doesn't care what is happening on your computer and the police don't call to warn you. Scamming is a billion dollar business not because the scammers are that sophisticated, they are not, but because Americans have more money than sense and are highly credulous. A bit more skepticism is needed here to stay safe else it could happen again.
70% Global Stocks / 30% Bonds
Katietsu
Posts: 7676
Joined: Sun Sep 22, 2013 1:48 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Katietsu »

z3r0c00l wrote: Thu Sep 16, 2021 10:33 am
Katietsu wrote: Thu Sep 16, 2021 10:30 am
z3r0c00l wrote: Thu Sep 16, 2021 6:42 am I think everyone would do well to remember this: you are never going to get something this important via email or a phone call, not from the IRS or your bank or even Microsoft.
I wish this was true. Unfortunately, sometimes you must find a known number to track down what is and is not legit. I have expressed my discontent with these practices with a regional bank and a major brokerage. They just offer to help me without me following a link or replying to an unsolicited email with social security numbers and passwords. In one case, independently logging into my account was not an option, I had to use the link. I have never made headway on escalating my complaint on the danger of the practice in making its customer susceptible to a bad actor.

So, don’t be caught in a phishing scam but be careful about ignoring all such communications. Learn how to detect scams and better ways to contact companies.
I can't agree with that outlook. Either it is a scam, or it is spam. Important correspondence does not come via email or cold calls, and rarely in the mail. If a message appears in my account after logging in, then I take it seriously.
I can just say from personal experience this has happened to me more than once with more than one entity. Of course, the examples you gave are blatant scams. And I do think businesses should be more careful with contacting customers in ways that are pretty much identical to what the criminals do and therefore could lead the customer to be more susceptible to future scams.
Last edited by Katietsu on Thu Sep 16, 2021 10:51 am, edited 1 time in total.
User avatar
Rob5TCP
Posts: 3812
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Rob5TCP »

This scam (also Amazon, IRS, etc) is one of the top 5 scams. The largest victum of these scams are folks 18-35. The largest TOTAL losses are by those over 65. If you look at the return address on the email it is usually something like paypals@gmail.com,
or paypal-us@USA.com. There are a ton of fake email addresses out there to mimic legitimate ones.

Many don't even bother with that. If you want him to read on how to be well prepared to differentiate spams/scams from legitimate.
scamadviser.com is one of the better sites. I contribute there myself, quite regularly (under a pseudonym).
hotscot
Posts: 430
Joined: Wed Feb 01, 2012 10:05 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by hotscot »

wander wrote: Thu Sep 16, 2021 7:10 am If it were me, I would consider paying for lifelock services.
Useless. They even have a disclaimer that they can't help with every case..
hotscot
Posts: 430
Joined: Wed Feb 01, 2012 10:05 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by hotscot »

Ramjet wrote: Thu Sep 16, 2021 7:26 am
privateID wrote: Thu Sep 16, 2021 6:33 am Does he need to notify all 3 credit agencies?
I think there are 5. Don't forget Innovis and Chexsystems
Really?
I've never heard of them and I consider myself finance savvy.
BogleHead1008
Posts: 156
Joined: Fri Jul 23, 2021 8:44 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by BogleHead1008 »

Credit freeze on all 4 CRA's and watch out for fraud transactions on the credit card that is closed.
Point
Posts: 660
Joined: Mon Jul 10, 2017 9:33 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Point »

Letting that SSN out was the big boo boo. In addition to everything else suggested I’d be inclined to get a new SSN as this could haunt him for life.
Living Free
Posts: 822
Joined: Thu Jul 19, 2018 7:31 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Living Free »

Point wrote: Thu Sep 16, 2021 12:24 pm Letting that SSN out was the big boo boo. In addition to everything else suggested I’d be inclined to get a new SSN as this could haunt him for life.
I suppose it could, but i presume that most of our SSNs are already out there, after all the hacks including most notably equifax.
miket29
Posts: 1065
Joined: Tue Jun 20, 2017 9:07 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by miket29 »

z3r0c00l wrote: Thu Sep 16, 2021 10:33 am Important correspondence does not come via email or cold calls, and rarely in the mail.
I got an email the other day from my credit card company asking whether I had made a charge they thought was suspicious. I didn't click on the link in the email, I logged directly onto the card company website. It really was from them, it really was a phony charge. So then I called the number on the back of my card, we cancelled the account and they replaced the card.

So sometimes emails and texts are legitimate.
Ramjet
Posts: 1464
Joined: Thu Feb 06, 2020 10:45 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Ramjet »

hotscot wrote: Thu Sep 16, 2021 11:47 am
Ramjet wrote: Thu Sep 16, 2021 7:26 am
privateID wrote: Thu Sep 16, 2021 6:33 am Does he need to notify all 3 credit agencies?
I think there are 5. Don't forget Innovis and Chexsystems
Really?
I've never heard of them and I consider myself finance savvy.
Yeah you have the "Big 3" then:

Chexsystems - specializes in reporting on checking and savings accounts

Innovis - does some sort of pre-screen for creditors

Previous Boglehead threads have recommended freezing all 5
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by anon_investor »

Ramjet wrote: Thu Sep 16, 2021 12:53 pm
hotscot wrote: Thu Sep 16, 2021 11:47 am
Ramjet wrote: Thu Sep 16, 2021 7:26 am
privateID wrote: Thu Sep 16, 2021 6:33 am Does he need to notify all 3 credit agencies?
I think there are 5. Don't forget Innovis and Chexsystems
Really?
I've never heard of them and I consider myself finance savvy.
Yeah you have the "Big 3" then:

Chexsystems - specializes in reporting on checking and savings accounts

Innovis - does some sort of pre-screen for creditors

Previous Boglehead threads have recommended freezing all 5
Best to freeze all 5, all 5 are free to freeze and can be done online. Unfreezing is also free and can be also done online. I have all 5 frozen and have temporarily unfrozen them to apply for mortgage refi and new credit cards. I leave them all frozen otherwise.
fposte
Posts: 2327
Joined: Mon Sep 02, 2013 1:32 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by fposte »

Point wrote: Thu Sep 16, 2021 12:24 pm Letting that SSN out was the big boo boo. In addition to everything else suggested I’d be inclined to get a new SSN as this could haunt him for life.
They won't change a SSN preemptively; there has to be demonstrable trouble with it.
hotscot
Posts: 430
Joined: Wed Feb 01, 2012 10:05 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by hotscot »

fposte wrote: Thu Sep 16, 2021 12:58 pm
Point wrote: Thu Sep 16, 2021 12:24 pm Letting that SSN out was the big boo boo. In addition to everything else suggested I’d be inclined to get a new SSN as this could haunt him for life.
They won't change a SSN preemptively; there has to be demonstrable trouble with it.
Plus, everyone's SSN is all over the place anyway. Shouldn't be, but it is.
hi_there
Posts: 1182
Joined: Sat Aug 29, 2020 7:00 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by hi_there »

With all this being said, how big of a deal is it really when your Social Security Number is compromised? I imagine that thousands, if not millions of SSNs are probably leaked by now. So much that financial institutions probably have some kind of reasonable safeguards against abuse. I'm not saying that one should not take precautions, but maybe not so much as hitting the red alert button and going nuclear.
wander
Posts: 4424
Joined: Sat Oct 04, 2008 9:10 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by wander »

hotscot wrote: Thu Sep 16, 2021 11:44 am
wander wrote: Thu Sep 16, 2021 7:10 am If it were me, I would consider paying for lifelock services.
Useless. They even have a disclaimer that they can't help with every case..
Well, doing something is better than nothing.
User avatar
ResearchMed
Posts: 16795
Joined: Fri Dec 26, 2008 10:25 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by ResearchMed »

Katietsu wrote: Thu Sep 16, 2021 10:40 am
z3r0c00l wrote: Thu Sep 16, 2021 10:33 am
Katietsu wrote: Thu Sep 16, 2021 10:30 am
z3r0c00l wrote: Thu Sep 16, 2021 6:42 am I think everyone would do well to remember this: you are never going to get something this important via email or a phone call, not from the IRS or your bank or even Microsoft.
I wish this was true. Unfortunately, sometimes you must find a known number to track down what is and is not legit. I have expressed my discontent with these practices with a regional bank and a major brokerage. They just offer to help me without me following a link or replying to an unsolicited email with social security numbers and passwords. In one case, independently logging into my account was not an option, I had to use the link. I have never made headway on escalating my complaint on the danger of the practice in making its customer susceptible to a bad actor.

So, don’t be caught in a phishing scam but be careful about ignoring all such communications. Learn how to detect scams and better ways to contact companies.
I can't agree with that outlook. Either it is a scam, or it is spam. Important correspondence does not come via email or cold calls, and rarely in the mail. If a message appears in my account after logging in, then I take it seriously.
I can just say from personal experience this has happened to me more than once with more than one entity. Of course, the examples you gave are blatant scams. And I do think businesses should be more careful with contacting customers in ways that are pretty much identical to what the criminals do and therefore could lead the customer to be more susceptible to future scams.
We continue to receive "click here" type email messages from GENUINE VENDORS, including some FINANCIAL FIRMS . :oops:

I used to try, try, try to get someone to pay attention about how this is training their own customers to fall for a scam phishing email, etc., but... "it's for the convenience of our customers..." or "Of COURSE that is from us! Who else would have sent it??" :shock:

I go directly to the vendor's website or I phone, which can take a lot of time and not always end up with someone who knew about whatever was sent.

And of course, we each get many, many fake-but-sometimes-very-real-appearing phishing attempts from these vendors, as well as assorted others including those we've never done business with.

RM
This signature is a placebo. You are in the control group.
Northern Flicker
Posts: 15363
Joined: Fri Apr 10, 2015 12:29 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Northern Flicker »

Cigarman wrote: Thu Sep 16, 2021 6:35 am Notify all three and place a CREDIT FREEZE on all three. Immediately.
Also put a freeze on ChexSystem.
wander
Posts: 4424
Joined: Sat Oct 04, 2008 9:10 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by wander »

Ramjet wrote: Thu Sep 16, 2021 7:26 am
privateID wrote: Thu Sep 16, 2021 6:33 am Does he need to notify all 3 credit agencies?
I think there are 5. Don't forget Innovis and Chexsystems
+1.
deltaneutral83
Posts: 2455
Joined: Tue Mar 07, 2017 3:25 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by deltaneutral83 »

SSN is a lifelong issue where you will need to freeze/unfreeze each time you apply for credit. Credit card is absolutely no problem whatsoever, in fact I regularly have one of my cards it seems every year that gets compromised in a larger hack. I think most people will have their SSN hacked at some point, but I have notifications with all bureaus to email/text me when my credit gets pulled (Credit Karma). It seems it would be much easier and keep the unscrupulous at bay if we could just change our SSN when it get hacked. A poster above alluded to it but I didn't know you could change your SSN.
Northern Flicker
Posts: 15363
Joined: Fri Apr 10, 2015 12:29 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Northern Flicker »

Changing your SSN is not a oermanent fix. The new SSN likely will be compromised at some point.

Moreover, your SSN may be abused before you are aware it became known to malevolent actors. There is no reason to wait for such an event to freeze. I am aware of at least 8 credit reporting agencies.

TransUnion
Equifax
Experian
ChexSystem
Innovis
EWS
SageStream
Telecheck

There still may be some others specific to telecom and utility accounts.
Ramjet
Posts: 1464
Joined: Thu Feb 06, 2020 10:45 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Ramjet »

anon_investor wrote: Thu Sep 16, 2021 12:57 pm
Ramjet wrote: Thu Sep 16, 2021 12:53 pm
hotscot wrote: Thu Sep 16, 2021 11:47 am
Ramjet wrote: Thu Sep 16, 2021 7:26 am
privateID wrote: Thu Sep 16, 2021 6:33 am Does he need to notify all 3 credit agencies?
I think there are 5. Don't forget Innovis and Chexsystems
Really?
I've never heard of them and I consider myself finance savvy.
Yeah you have the "Big 3" then:

Chexsystems - specializes in reporting on checking and savings accounts

Innovis - does some sort of pre-screen for creditors

Previous Boglehead threads have recommended freezing all 5
Best to freeze all 5, all 5 are free to freeze and can be done online. Unfreezing is also free and can be also done online. I have all 5 frozen and have temporarily unfrozen them to apply for mortgage refi and new credit cards. I leave them all frozen otherwise.
Agree with this tactic
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by anon_investor »

Northern Flicker wrote: Thu Sep 16, 2021 2:31 pm Changing your SSN is not a oermanent fix. The new SSN likely will be compromised at some point.

Moreover, your SSN may be abused before you are aware it became known to malevolent actors. There is no reason to wait for such an event to freeze. I am aware of at least 8 credit reporting agencies.

TransUnion
Equifax
Experian
ChexSystem
Innovis
EWS
SageStream
Telecheck

There still may be some others specific to telecom and utility accounts.
I am not familiar with EWS, SageStream, Telecheck. Can these be frozen as well?
mhalley
Posts: 10432
Joined: Tue Nov 20, 2007 5:02 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by mhalley »

Identity theft.gov has some suggestions. He will also want to ensure his phone carrier is locked down with a pin.
https://www.identitytheft.gov/#/
User avatar
arcticpineapplecorp.
Posts: 15080
Joined: Tue Mar 06, 2012 8:22 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by arcticpineapplecorp. »

since no one provided a link so far that I could see:

https://www.bogleheads.org/wiki/Credit_freeze
It's hard to accept the truth when the lies were exactly what you wanted to hear. Investing is simple, but not easy. Buy, hold & rebalance low cost index funds & manage taxable events. Asking Portfolio Questions | Wiki
User avatar
beyou
Posts: 6915
Joined: Sat Feb 27, 2010 2:57 pm
Location: If you can make it there

Re: My son fell for a Paypal phishing scam - what to do now?

Post by beyou »

miket29 wrote: Thu Sep 16, 2021 12:43 pm
z3r0c00l wrote: Thu Sep 16, 2021 10:33 am Important correspondence does not come via email or cold calls, and rarely in the mail.
I got an email the other day from my credit card company asking whether I had made a charge they thought was suspicious. I didn't click on the link in the email, I logged directly onto the card company website. It really was from them, it really was a phony charge. So then I called the number on the back of my card, we cancelled the account and they replaced the card.

So sometimes emails and texts are legitimate.
Using your email client, try to “view header” to see of the various references to domain name are real. Spammers can make the visible from: look legit, but the header may have paypal.com or some variant or totally unrelated. Unless all domain references appear to be paypal.com assume something is wrong.

Exactly how to see the message header depends on how you read your emails.
avginvestor
Posts: 96
Joined: Thu Oct 01, 2020 2:57 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by avginvestor »

As someone who had my identity hacked and used to try to open up bank accounts and credit cards, I can honestly say that freezing my credit on the 3 credit bureaus pretty much stopped them in their tracks. There's very little they can do without credit checks from those 3 companies. I know there's 5 now, so I guess I'll have to freeze those now too. :)
User avatar
willthrill81
Posts: 32250
Joined: Thu Jan 26, 2017 2:17 pm
Location: USA
Contact:

Re: My son fell for a Paypal phishing scam - what to do now?

Post by willthrill81 »

Cigarman wrote: Thu Sep 16, 2021 6:35 am Notify all three and place a CREDIT FREEZE on all three. Immediately.
+1
The Sensible Steward
User avatar
willthrill81
Posts: 32250
Joined: Thu Jan 26, 2017 2:17 pm
Location: USA
Contact:

Re: My son fell for a Paypal phishing scam - what to do now?

Post by willthrill81 »

wander wrote: Thu Sep 16, 2021 7:10 am If it were me, I would consider paying for lifelock services.
I believe that those services do nothing that you cannot do yourself. Freezing his credit with all of the credit bureaus is about the only thing that the OP's son can do now, I believe.
The Sensible Steward
BogleHead1008
Posts: 156
Joined: Fri Jul 23, 2021 8:44 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by BogleHead1008 »

wander wrote: Thu Sep 16, 2021 7:10 am If it were me, I would consider paying for lifelock services.
You can do better by just freezing the CRA's. LIie lock subscribes the CRA's data for changes and will notify the participant in an event. With freeze, they cant do anything..so waste of service and money
Northern Flicker
Posts: 15363
Joined: Fri Apr 10, 2015 12:29 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Northern Flicker »

anon_investor wrote: Thu Sep 16, 2021 2:42 pm
Northern Flicker wrote: Thu Sep 16, 2021 2:31 pm Changing your SSN is not a oermanent fix. The new SSN likely will be compromised at some point.

Moreover, your SSN may be abused before you are aware it became known to malevolent actors. There is no reason to wait for such an event to freeze. I am aware of at least 8 credit reporting agencies.

TransUnion
Equifax
Experian
ChexSystem
Innovis
EWS
SageStream
Telecheck

There still may be some others specific to telecom and utility accounts.
I am not familiar with EWS, SageStream, Telecheck. Can these be frozen as well?
Yes. The first 4 are the most important to freeze.
User avatar
willthrill81
Posts: 32250
Joined: Thu Jan 26, 2017 2:17 pm
Location: USA
Contact:

Re: My son fell for a Paypal phishing scam - what to do now?

Post by willthrill81 »

Northern Flicker wrote: Thu Sep 16, 2021 4:12 pm
anon_investor wrote: Thu Sep 16, 2021 2:42 pm
Northern Flicker wrote: Thu Sep 16, 2021 2:31 pm Changing your SSN is not a oermanent fix. The new SSN likely will be compromised at some point.

Moreover, your SSN may be abused before you are aware it became known to malevolent actors. There is no reason to wait for such an event to freeze. I am aware of at least 8 credit reporting agencies.

TransUnion
Equifax
Experian
ChexSystem
Innovis
EWS
SageStream
Telecheck

There still may be some others specific to telecom and utility accounts.
I am not familiar with EWS, SageStream, Telecheck. Can these be frozen as well?
Yes. The first 4 are the most important to freeze.
I tried freezing ChexSystem, but their web site apparently doesn't recognize driver's license numbers that also include letters.
The Sensible Steward
RetiredAL
Posts: 3537
Joined: Tue Jun 06, 2017 12:09 am
Location: SF Bay Area

Re: My son fell for a Paypal phishing scam - what to do now?

Post by RetiredAL »

ResearchMed wrote: Thu Sep 16, 2021 2:00 pm
We continue to receive "click here" type email messages from GENUINE VENDORS, including some FINANCIAL FIRMS . :oops:
.....
RM
+1 RM --- A poor example IMO is Fidelity, who sends routine shareholder/prospectus notices as a link to different Fidelity portal than the normal logon Fidelity portal, that then requires your logon credentials to see the actual shareholder/prospectus document. If you do a normal logon, it requires additional work to find those documents.

Schwab does this without needing a logon, thus I have littles qualm about clicking their link after a brief "hover" over the link to see its real address.

The best quick email security method I see is from USAA. Their email includes a picture which, within the picture, contains your name and USAA Member Number (shortened to last 4) as an overlay of html text that has the same info. Fake ones arrive without that info, thus are easy to spot, even when your email is set to not automatically download pictures. Also, when you do a normal logon, a new documents icon is present on their home landing page.
roamingzebra
Posts: 1214
Joined: Thu Apr 22, 2021 3:29 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by roamingzebra »

BogleHead1008 wrote: Thu Sep 16, 2021 4:08 pm
wander wrote: Thu Sep 16, 2021 7:10 am If it were me, I would consider paying for lifelock services.
You can do better by just freezing the CRA's. LIie lock subscribes the CRA's data for changes and will notify the participant in an event. With freeze, they cant do anything..so waste of service and money
If Lifelock ever suffers a data breach, whatever personal info was given to them will soon be on the Dark Web. The fewer entities that have one's personal info, the better.
BogleHead1008
Posts: 156
Joined: Fri Jul 23, 2021 8:44 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by BogleHead1008 »

roamingzebra wrote: Thu Sep 16, 2021 8:47 pm
BogleHead1008 wrote: Thu Sep 16, 2021 4:08 pm
wander wrote: Thu Sep 16, 2021 7:10 am If it were me, I would consider paying for lifelock services.
You can do better by just freezing the CRA's. LIie lock subscribes the CRA's data for changes and will notify the participant in an event. With freeze, they cant do anything..so waste of service and money
If Lifelock ever suffers a data breach, whatever personal info was given to them will soon be on the Dark Web. The fewer entities that have one's personal info, the better.
If you google, there are ton of articles on lifelock and how they are just taking money away from people by subscribing the data from CRA's, which you could do without any money.

Chase, discover and few credit card companies offer free credit monitoring, which is what lifelock is doing on your behalf, but this will be free.

These services are so fast, when I applied for refi last month, the moment I sent my info to lender, I got alerts from all 3 CRA's that my credit report is requested by XXX.

If you freeze your report, there is 0 chance for new lenders to pull, only existing lenders with relationship can pull. Existing lenders for new accounts cannot pull either.
Ramjet
Posts: 1464
Joined: Thu Feb 06, 2020 10:45 am

Re: My son fell for a Paypal phishing scam - what to do now?

Post by Ramjet »

willthrill81 wrote: Thu Sep 16, 2021 4:33 pm
Northern Flicker wrote: Thu Sep 16, 2021 4:12 pm
anon_investor wrote: Thu Sep 16, 2021 2:42 pm
Northern Flicker wrote: Thu Sep 16, 2021 2:31 pm Changing your SSN is not a oermanent fix. The new SSN likely will be compromised at some point.

Moreover, your SSN may be abused before you are aware it became known to malevolent actors. There is no reason to wait for such an event to freeze. I am aware of at least 8 credit reporting agencies.

TransUnion
Equifax
Experian
ChexSystem
Innovis
EWS
SageStream
Telecheck

There still may be some others specific to telecom and utility accounts.
I am not familiar with EWS, SageStream, Telecheck. Can these be frozen as well?
Yes. The first 4 are the most important to freeze.
I tried freezing ChexSystem, but their web site apparently doesn't recognize driver's license numbers that also include letters.
When I called them I did it through automated message prompting
User avatar
willthrill81
Posts: 32250
Joined: Thu Jan 26, 2017 2:17 pm
Location: USA
Contact:

Re: My son fell for a Paypal phishing scam - what to do now?

Post by willthrill81 »

Ramjet wrote: Fri Sep 17, 2021 7:34 am
willthrill81 wrote: Thu Sep 16, 2021 4:33 pm
Northern Flicker wrote: Thu Sep 16, 2021 4:12 pm
anon_investor wrote: Thu Sep 16, 2021 2:42 pm
Northern Flicker wrote: Thu Sep 16, 2021 2:31 pm Changing your SSN is not a oermanent fix. The new SSN likely will be compromised at some point.

Moreover, your SSN may be abused before you are aware it became known to malevolent actors. There is no reason to wait for such an event to freeze. I am aware of at least 8 credit reporting agencies.

TransUnion
Equifax
Experian
ChexSystem
Innovis
EWS
SageStream
Telecheck

There still may be some others specific to telecom and utility accounts.
I am not familiar with EWS, SageStream, Telecheck. Can these be frozen as well?
Yes. The first 4 are the most important to freeze.
I tried freezing ChexSystem, but their web site apparently doesn't recognize driver's license numbers that also include letters.
When I called them I did it through automated message prompting
Thanks. I'll try doing that.
The Sensible Steward
Topic Author
privateID
Posts: 801
Joined: Sat Oct 18, 2014 4:59 pm

Re: My son fell for a Paypal phishing scam - what to do now?

Post by privateID »

Thanks for all the responses. TransUnion actually notified the other 2 major agencies. My son has read this thread. He was a bit offended about his computer savviness being 23 years old. He said he had just gotten out of a meeting for work and was weak. I just laughed. But he really is very diligent and he was surprised at his own sloppiness.

Alerting credited agencies and canceling that credit card make alot of sense to me. Some question son other advice:
1) Can someone explain why he should change every password he has? What would that possibly do?
2) Tell me what can happen if he puts a freeze on the 3 major credit agencies, but not the others.
3) lifelock - Don't really know much about it. I guess I lie the idea but I am pretty skeptical about it's effectiveness.

Thanks again
Post Reply