PayPal warning - what alternative do you use?

**jhockin** · 3rd March 25, 09:58 AM

It seems that many members are accustomed to using PayPal, for buying and/or selling kilt related items, and I have been thinking of selling some kilts, and related items, in the near term. However, it seems that PayPal has become a very attractive target for hackers, and I don’t wish to have my accounts hacked. What better, safer, more secure alternatives do members use/ recommend?

https://www.forbes.com/sites/daveywi...ngoing-attack/

**bookish** · 3rd March 25, 10:58 AM

Originally Posted by jhockin

It seems that many members are accustomed to using PayPal, for buying and/or selling kilt related items, and I have been thinking of selling some kilts, and related items, in the near term. However, it seems that PayPal has become a very attractive target for hackers, and I don’t wish to have my accounts hacked. What better, safer, more secure alternatives do members use/ recommend?

https://www.forbes.com/sites/daveywi...ngoing-attack/

As my nieces and nephews know all to well, I am full of unsolicited advice. So, take the following with as much weight as you feel it warrants:

I generally think phishing is avoidable by simply not clicking links from emails or responding to emails that are designed to create a sense of urgency. For example, if I receive an email from an online service, I do my best to exercise the discipline of going to that service's URL manually in the browser. It helps that I use a password management system as well. A phishing scam isn't really hacking or cracking, but a socially-engineered email meant to scare you or create a sense of urgency so that you skip the step of going to the website of the supposed service. What a bad actor wants is to direct you through a link in their email to a dummy webpage so that they can steal your information, or, they want you to respond to the email. In the latter case, someone will respond to your email response and try to convince you to send them money or information that will help them gain access to your online accounts.

I don't think switching payment services every time there is an issue is helpful, unless you don't wish to support that company anymore. I would advise anyone to not react immediately to emails that try to create a sense of urgency. I also advise not to use mobile email for responding to emails that have a sense of urgency about them. I find it quite difficult to look at the sender's email address on mobile, which is the first step to making sure that an email is not part of a scam. The second step would be to read the email copy and assess whether or not it is well written, or if the email is asking me to follow a link or connect to an individual personally outside of the email chain. In the browser, I can right click on links and copy the link address, and paste the address into a text document to see if there is anything odd about the way that the web address is formed. If the email text does not seem grammatically odd, the email address looks legitimate, and the links look well-formed, I would still use my browser bookmarks to navigate to the website, or type the web address.

Also, change your passwords regularly, never use the same password twice. Online safety is never guaranteed, but you can save yourself a lot of heartache and trouble by not giving in to a sense of urgency.

**User** · 5th March 25, 11:23 AM

The PayPal scam you linked to is still at it's heart, a phishing scam. If you fall for phishing scams, it doesn't matter what platform you use. You're the weak link.
If you want to use an alternative to PayPal, go right ahead. But learning to not fall for phishing scams is the best defense.

**spr0k3t** · 5th March 25, 02:03 PM

Originally Posted by User

The PayPal scam you linked to is still at it's heart, a phishing scam. If you fall for phishing scams, it doesn't matter what platform you use. You're the weak link.
If you want to use an alternative to PayPal, go right ahead. But learning to not fall for phishing scams is the best defense.

Completely on point. Avoid anything in email or text and validate direct from the source. It's the only way to avoid any kind of phishing/scamming tactics like that.

**Steve Ashton** · 5th March 25, 03:57 PM

While I do pay attention to who owns a particular company, and have changed companies at times, I have been using PayPal as my primary money service for on-line purchases and sales for just over 20 years now. Or just after Musk sold his share in it.
I am currently using PayPal to handle the sale of my book. $18,000.00 in printing costs. 1487 orders from all over the world, so the ability to handle different currencies is a major factor. Shipping to customers in, so far, 8 different countries.
I cannot say that I have ever had an instance of fraud hit my PayPal account.
While PayPal can be cumbersome to use at times it has stood me well and I will continue to use it. For now.

**SMcCandlish** · 26th March 25, 02:37 AM

Originally Posted by bookish

I generally think phishing is avoidable by simply not clicking links from emails or responding to emails that are designed to create a sense of urgency. ...

As a long-term professional in the privacy and security sector, I have to agree with the entirety of bookish's response. These kinds of ripoff attempts have nothing really to do with the security of the target system, but the caution of the target user.

Relatedly, if you get a call that claims to be someone from your bank asking you to confirm your name (after which they would ask for additional "verification" details, to use to steal your money), just laugh and say "Nice try, scammer" and hang up. Your bank is not going to call you; if there some issue with your account's security, they'll just lock it and wait for you to call them. And never answer in the affirmative if someone calls asking "Can you hear me?" or the like. They're trying to get you to say "Yes", so they can record your voice giving assent to something (who knows what, but it'll be something you don't want to happen when they use it later for something).

**jsrnephdoc** · 26th March 25, 10:03 AM

Originally Posted by SMcCandlish

Your bank is not going to call you

Actually, that's NOT true. I have a checking account with a credit union that uses a third party "fraud notification service" to contact accountholders when attempted transactions trigger caution, rather than permitting the transaction to occur. If I'm called by them, I thank them for the call, make certain they're saying that the transaction was denied, then hang up and call the credit union and/or log on to my own mobile app operated BY the financial institution.

**SMcCandlish** · 26th March 25, 02:44 PM

Fine, then revise to "most banks will not call you". The number who will is going to dwindle to nothing, specifically because of the epidemic of fraudster phishing calls. Even caller ID can be faked, which means such a call can be faked.

General good advice should not be ignored just because someone somewhere in the world can come up with a marginal exception (and a third-party service isn't the bank, so doesn't directly contract my gist in the first place).

There are fraud-monitoring services you can subscribe to as well, and they might call you, but it would be better to have them use email or text messages, and then go to their website manually to verify that the alert/report is real.