On Thursday, I woke up around 3:30am and saw the message light blinking on my phone. I checked my email, and saw that I had a receipt from Paypal. The gist of the email was to confirm my purchase of a new Blackberry for $183, and that to ensure my purchase, I should sign up for a Paypal account. Scanning further, I saw that the phone was going to be shipped to this address:
My first thought was, “Huh…Gmail is getting sloppy with its spam filter.” My second thought was, “This junk email looks really, really good.” And it was good: my full name was in the salutation, the address that popped up in the hyperlink was for Paypal, and it wasn’t asking me for additional information to confirm my purchase.
However, my Paypal account is not linked to the email address where the receipt was sent. The phone ordered was AT&T-based service (not my phone company). And the clincher: the “confirmed” shipping address was in Nigeria. Last I checked, I lived in Los Angeles.
Since it was the middle of the night, I was ready to dismiss the whole thing and mark it as spam. However, something was nagging at the back of my head: the parts that seemed fishy were truly fishy (seriously, Nigeria?), but some parts seemed like the real deal. I logged into my Paypal account to see if any recent transactions had been made, but nothing had happened since June. I checked my other email address to see if anything weird was happening over there, but things were good. All that was left was my checking account.
When I logged in to my bank account, my balance didn’t seem out of whack. Which is why I was surprised to see that an authorization for $183 for Paypal was the first activity item on the list of transactions. Scanning down further, I noticed several other strange postings:
1. A $25 purchase for a Walmart in Florida.
2. A paid subscription for Match.com.
3. A paid subscription for Zoosk.com.
4. A purchase of $170 at Wine.com.
5. Miscellaneous foreign fee charges (mainly for the British Pound).
6. A $90 transaction for ProCredit.com.
Fortunately, the two dating sites had refunded the subscriptions back to my account. I’m guessing that the hacker neglected to confirm his/her purchase, and the websites decided to release the funds. I’m also guessing that my hacker doesn’t care for the guy I’ve been dating, since two different dating sites had been contacted.
I always thought that I’d feel horribly violated if my bank account had been hacked. I’d panic, terminate all of my cards, and live the rest of my life paying things out by either cash or checks. I’d have the most complicated of passwords for any account and I’d actually make a point to change them every ninety days (eventually switching to thirty when another close call occurs). But instead, I thought, “Ugh, this sucks. Better call the bank and have them send me a new debit card.”
My bank was incredibly efficient and sent me a new debit card overnight. I took a personal day to make sure everything was in order – I didn’t feel like venturing more than five miles away from home when I only had twenty dollars in cash. (I have credit cards, but I don’t use them.) I stayed in and watched episodes of Futurama on Netflix.
Was there something I could have done to prevent this? Perhaps there was. Unfortunately, I’m not sure what it could have been: I haven’t been traveling, I haven’t made any large purchases recently, and my card never leaves me. For sure I’ll be a little more careful when I use it, but for the most part, I have to chalk it up to bad luck.