The modern world of online banking still freaks me out.
I got an email claiming to be from PayPal saying that there was a problem with my account. They detected invalid information, and I needed to clear it up or they would limit my account. I was immediately suspicious, of course, because there was a log-in link included in the email. As far as I understand these things, official emails from large companies never include log-in links. You have to always just log in the usual way by going directly to the website.
Plus, the email opened with “Dear…” and then my email account. It didn’t actually say my name. I didn’t notice that at first, but later, that began to seem suspicious. However, it looked very official, so I thought I should check up on my PayPal account. Plus, I had just recently made a few payments through PayPal, so my PayPal account was on my mind. I was primed to be concerned because every time I use PayPal to pay for something, I end up in this weird address loop where I give the individual companies my current address for shipping in whatever country I happen to be in. But that is different from my PayPal address, which is linked to my credit card. That’s fine as far as the shipping companies are concerned. Their online system is happy to accept my address in Malaysia or the Philippines or Indonesia or wherever. But at the end of the payment process, I’m told that the item will ship to my PayPal address, not to the one I gave the company in their online system! So now I’m confused. Just to be sure, I add this new address to my PayPal account to make sure the item is shipped properly. It’s very confusing, and it seemed reasonable that PayPal’s security system would have noticed the various and unusual addresses on my account and flagged it.
With all this on my mind, it seemed wise to check on my PayPal account. My heart was pounding by this point, and I was really stressed out. I feel this way every time I do anything online that has to do with money and banking and credit cards. My heart pounded faster when, upon trying to log in to my PayPal account, I was rejected! I tried multiple times with no success. My log-in credentials were accurate. My password was accurate. But I could not log in. So there really seemed to be some kind of problem.
I went back to the email to double-check. Maybe it really was legit? Then I noticed that every single link in the email went to the same place. They all went to something called “account-verifycustomer-blockedpaypal.com”. The “Help” link went to that site. The “Fees” link went to that site. The “Log In Now” link went to that site. And that’s a sure sign that it is a fake email. Just to confirm, I went into my email archives and found what I knew was a legit email from PayPal. Sure enough, every single link in the email went to a different place. The “Help” link went to a PayPal website with the word “help” in it. The “Security Center” link went to a different website with the words “security-center” in it. Each link took you to a different – and very official-sounding – place. The links in the suspicious email all went to just one place.
Yet, if the email was fake and there was no problem, why couldn’t I log in to my account? By this point, my heart was pounding even faster, and I was feeling stressed out and nervous. I had no choice but to try to reset my password. But then, of course, I end up on the Indonesian PayPal site and I can’t read anything. I have to figure out how to change the language from Bahasa to English. But even then I’m still on the Indonesian site even though it is in English. I have no idea how to get to the Canada or US site. Will this be okay? Will my account be flagged because I’m a Canadian but accessing the account from an Indonesian IP address? Who knows? Heart keeps pounding.
After I changed the language to English, I changed my password. That also made me nervous. One problem is that all websites now want you to input a mobile phone number as a security measure. They push you in that direction and sometimes force you to do it. But that doesn’t work for me because my mobile number changes every time I get a new SIM card in a new country. Luckily, PayPal has a multi-tiered system and I was finally allowed to change my password through a security code that they sent to me by email and by answering all the security questions.
At this point, I seemed to be making progress. I got the security code by email. I entered that into the system, and I selected a new password and confirmed it. Meanwhile, my Internet connection hadn’t gone down and there hadn’t been a sudden power outage (which happens all the time and always at the worst possible moment). I felt a glimmer of hope in my chest. Then, for some reason, the password changing process froze. I got a screen that said it was successful, and there was a “Done” button at the bottom. But when I clicked on “Done” nothing happened. The whole screen was frozen! So I was panicking again and my heart was still pounding. Had my password change gone through? Could I ignore this frozen screen and log in through a brand new window? I had no idea. I was doubly worried because if you try to log in to your account too many times with the wrong password, you’ll get locked out. I was exhausted and the day hadn’t even begun yet.
I had no choice now but to open a new window and go to the regular PayPal log-in screen. I logged in with my usual email and my new password, and to my relief, it worked. I got into my account, and everything looked fine. There were no problems, no “invalid information”, and, best of all, no massive unknown payments going to random people in Bulgaria or Romania or Turkey. Everything looked normal.
I don’t generally get this freaked out by phishing emails. I get a lot of them, and they pretend to be from American Express and PayPal and Federal Express and Visa and everyone else. However, they almost always end up in my Junk Email folder, and they look obviously fake. For this one, all the stars aligned to try to trick me. The email was in my official folder. It looked official. And it came at the exact time I had been using my PayPal account and was worried about it. And then I couldn’t log in to my account the normal way. If any phishing email was going to successfully trick me, this was the one. Luckily, I know a couple of tricks. One is that you never use a link in an email to log in to anything. That’s not normal procedure. You always log in directly, not from an email. Plus, I know to always look to see that the links in the email are valid. You don’t do this by clicking on them, of course. You just hover your mouse over the link, and you can see the website it links to. If all the hyperlinks in an email go to the same place, it’s a sure sign it is fake. Danger, Will Robinson. Get out of there.
It’s not how I like to end or start my day. I noticed this email from PayPal last night just after I shut down my computer and prepared to go to sleep. I saw it on my phone. My heart started racing right away, and it made it difficult to sleep. I was worried about it all night long, and I even had some stress dreams that were probably related to it. Then the first thing I did upon waking up in the morning (at 4 a.m., I might add), I checked the email and then went through this nightmarish process. I’m exhausted now and the day hasn’t even begun. As I said, the modern world freaks me out.
Share this post on the following sites: