back to article Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back

A Register reader says that for months he has been dealing with unwanted emails and alerts because a domain he purchased is connected to someone else's PayPal account, and PayPal doesn't seem to care. Aaron Sadler says the trouble began last year when he repurchased a domain he had previously owned and allowed to expire. After …

  1. mark l 2 Silver badge

    Maybe if you bounce the emails as undeliverable for that email address, the servers at Paypal might log that the users email address is no longer able to received mail and flag up the account to customer services?

    1. Anonymous Coward
      Anonymous Coward

      Or

      I'm baffled as to why he didn't reset the PayPal accounts password, login, and close the PayPal account.

      1. DJ Smiley

        Re: Or

        In the UK at least, with a bit of a dim Judge this could be classified as 'hacking' and the various offences that carries.

        The same way I think you could technically find someone's front door open and left on the catch by accident, lock it for them, and be done for trespassing.

        However, one of these things is likely, and the other is just absurd.

        1. Christian Harten

          Re: Or

          In German law there is the concept of "Geschäftsführung ohne Auftrag", basically means entering into a contract on someone else behalf without them agreeing to it before hand, done in the interest of the person or entity. Typical examples would be having someone's car towed from a flooding area or rendering hospital care to an unconscious person. I guess this would qualify too?

        2. scrubber
          Headmaster

          Re: Or

          be done for trespassing

          There is no crime of trespassing in the UK, it would be a civil matter.

          1. Siberian Hamster

            Re: Or

            Unless it was on church grounds, then it would be an ecumenical matter..

          2. 080

            Re: Or

            "There is no crime of trespassing in the UK, it would be a civil matter."

            There is on the railway

            1. scrubber

              Re: Or

              If your house is on a railway line you have bigger problems than trespassing individuals trying to close your door.

              1. Michael Wojcik Silver badge

                Re: Or

                Perhaps he lives in a railway car.

            2. Martin-73 Silver badge

              Re: Or

              Also on BT premises. I believe. (or used to be anyway). Dates from the days when phone service was 'waiter type; service, not 'what a bull does to a cow'.

              But climbing a phone pole was a whole lot worse than climbing the street light next to it

          3. Handlebars

            Re: Or

            For completeness, there is an offence called aggravated trespass.

            1. Martin-73 Silver badge

              Re: Or

              Is that not when you refuse to leave when told to do so? Or do really weird stuff like putting your foot in the door or barging in past someone?

          4. Red Tie
            Holmes

            Re: Or

            Trespassing has been a criminal offence in Scotland since 1865.

            https://en.wikipedia.org/wiki/Trespass_(Scotland)_Act_1865

      2. hellwig

        Re: Or

        Probably would have just left the original owner S.O.L. (insert clever definition here). Years ago my wife attempted to register a paypal account, back when you had to have a bank account associated. Paypal said there was already an account with her bank information, so she needed to use a different bank account. If she had created the Paypal account, and it wasn't an error on Paypal's part, she had no idea what email or other information she had used (password recovery for all the ones she new didn't help). As such, she was basically unable to use Paypal until they started allowing you to register with only credit cards years later.

        Imagine that, you go to Paypal willing to prove you own a bank account, and all they do is tell you "sorry, someone else appears to be using that, so fuck off".

      3. bombastic bob Silver badge
        Thumb Up

        Re: Or

        "I'm baffled as to why he didn't reset the PayPal accounts password, login, and close the PayPal account."

        that's pretty much what I was going to suggest. Might not hurt to forward a hard-copy of the closure acknowledgement to THE BANKS whose accounts are associated with the PayPal.

      4. Cynic_999 Silver badge

        Re: Or

        In my case that wouldn't work. My PayPal account is set up so that PayPal sends a code via SMS *every* time I log into my account. So even if a 3rd party managed to reset my password, they would not be able to access my account.

        1. MR J

          Re: Or

          Because no one has ever sold a phone with an existing SIM card in it.

          Nor has anyone ever had a number removed for non-payment either (then re-issued by the telco years down the road).

          So have you planned what to do when someone gets ahold of your sim card and ports the number over straight away, I am sure a different carrier isn't going to help you retrieve that lost number.

          1. Martin-73 Silver badge

            Re: Or

            s/years/a-few-days

            the industry isn't as diligent as it used to be

          2. Anonymous Coward
            Anonymous Coward

            Re: Or

            Shouldn't you be using app-based 2FA, such as Authy, rather than relying on SMS 2FA codes which, as you say, can be intercepted? Plus, Authy will still work in areas of no mobile phone network coverage.

  2. ds6
    Paris Hilton

    This isn't particularly surprising coming from PayPal. What's most surprising is that the original account owner hasn't contacted PayPal or the new domain owner in regards to their account potentially being hijacked. Makes me think maybe they weren't being so legitimate as to the use of their account, and they don't mind if someone else takes ownership of it...

    It's bad for the owner too if that were the case because the account could be used for libelous activities.

    1. Bronek Kozicki Silver badge
      Holmes

      The original domain owner might have died, which led to the lapsed domain renewal etc.

      1. Roland6 Silver badge

        However, from the account, the paypal account holder is most definitely still alive...

        1. Cederic Silver badge

          No, from the account someone was perfectly willing to continue using the account holder's funds.

          That may not be the original account holder.

          1. Roland6 Silver badge

            @Cederic - True, however in my experience UK banks are very quick at stopping all activity on a bank account once notified of the account holders death.

            1. Cynic_999 Silver badge

              The ex-domain holder is not necessarily the same person that has the PayPal account ....

              1. ds6

                We're going too deep, cap'n.

            2. Stoneshop Silver badge

              Once notified

              But what if they aren't? It's not unknown for people to die and not have anyone notice for months or even years.

    2. GnuTzu

      Um, are we going to need special laws to make companies liable for damages their mistakes make? Oh wait, Equifax.

    3. s151669

      Perhaps original owner has tried to contact Paypal with little success.

      1. Zippy´s Sausage Factory

        I was going to say that. I expect PayPal would probably say "data protection", which half the time seems to be used instead of "this will take too long and push down my 'answered calls per hour' so please go away". (I once had a mortgage company do this to me to try and avoid telling me that they'd messed up collecting my direct debit, so they could blame it on me...)

        1. dvd

          In my experience 'Data Protection', 'Health and Safety' and 'Insurance Issue' are pretty much always code for 'I can't be arsed to do that'.

  3. BrownishMonstr Bronze badge

    Surprised PayPal are doing this.

    I assumed they take my personal data and privacy very seriously.

    I mean, they've locked my account and send emails telling me so. Suspicious emails, like they were sent from hackers. But it seems other people have received similarly suspicious emails and have verified these to be genuine. Plus my account is locked out, but I don't feel too comfortable asking them to unlock it. Can't remember why but it sounded like a joke.

    1. ibmalone Silver badge

      I too have got the genuine, out of the blue, paypal "your account has been locked, click here to reactivate!" emails. At least, that's what their phishing report emails said about them when I forwarded. Some looked less genuine than others. (Not mocked up phishing emails purporting to be from paypal carrying their logo, though of course I get those too.) And, yes also, when this happened a couple of years ago and I went direct to the paypal site to try to log in there rather than following a strange link there was also something that seemed quite odd about the unlock process, but at only one coffee in I can't remember what it was.

    2. Cederic Silver badge

      "I assumed they take my personal data and privacy very seriously."

      I've never seen that from Paypal since the service was first made available. The only thing they take seriously is getting your money.

      Even now they're regulated by the FCA I wouldn't trust them with any of my money. They've tried to steal it too often in the past.

    3. Palpy

      Re: "...they take my personal data and privacy very seriously."

      Oh, I'm sure they do.

      Awhile ago I began getting emails from PayPal saying my account was going to be deleted because I hadn't used in donkey's.

      "Good", thinks I, if I could have figured out how to delete the damned thing two years ago I would have done it myself. (I couldn't be arsed to work much at it -- the credit card connected to it was expired anyway.)

      Now it's gone, and I don't worry / I'm sitting on top of the world.

      1. Martin
        Happy

        Re: "...they take my personal data and privacy very seriously."

        +1 for the Cream quote (though I see from a quick Google that they in fact covered the song).

        But you're showing your age a bit....

  4. Mike007

    A white hat would add a filter to drop the emails.

    Someone whose hat had faded a bit with age might be tempted to do a password reset and start giving out free refunds.

    Someone with a hat that started off a different shade might make some donations to respected charities.

    Someone with a hat mimicking the colour preferred by the goth community might decide to transfer the other persons funds to their personal account for safe keeping.

    1. Throatwarbler Mangrove Silver badge
      FAIL

      Someone with a conical hat would engage in easily-traced fraudulent activity.

      1. Martin-73 Silver badge

        Not fraudlent, paypal would appear in court to insist it was their account, riight?

    2. katrinab Silver badge

      You will be given questions about the account that you don’t know the answer to, so you won’t be able to do that. That secures it against normal email hijacking.

  5. Raja

    Paypal has the worst customer service in the world. I have been trying to get them to resolve my account information for more than a year and still unsuccessful.

    1. julian_n

      I guess you haven't had to deal with Barclays Bank then.

      1. bobbear

        or Royal Mail.. or BT..

        I suspect the list of unresponsive companies is probably endless - the digital age means that getting to speak to a human being these days is getting increasingly impossible..

        1. Richard Cranium

          The larger the organisation the greater their focus on cost-cutting hence "help" desks staffed with staff paid statutory minimum (or off-shore for a dollar a day) and pressured to close calls fast. A large business can afford to lose a few of their millions of customers (probably want to lose those who need a lot of support).

          I've experienced excellent customer service using small local ISPs but then along comes someone like GoDaddy, buys them up and - well, time to move on.

          1. DoctorPaul

            That reminds me, time to move on from Vidahost

      2. Cynic_999 Silver badge

        I have to date enjoyed very good service from Barclays. They occasionally block an unusual but legitimate online payment that I have made, but tell me by SMS *and* voice, then quickly unblock it when I authorise it. I see that as being a good thing.

      3. holmegm Bronze badge

        Yes, perhaps I have been lucky, but I can't say I've had worse service from PayPal than from any bank. Fallacy of the false alternative and all that.

    2. Antron Argaiv Silver badge
      Happy

      Oh, I think there are a lot of contenders for that title.

      It's a race to the bottom, and everyone wants to be a winner.

  6. Solviva

    Is there no physical address associated with the account? Buy a stamp and send a letter to said address saying you have their paypal email address (obviously don't include the email address or at least show just a few characters) and ask them to reply to the email address which is associated to the paypal account. If it's a fake address then whoever gets the letter won't be able to email their reply.

    Give it a few months for them to reply, and if no reply appears then change the email address associated with the paypal account to a disposable address and remove the original address.

    1. dnicholas

      Pretty sure there is a physical address in PayPal. BRB...

      Yes, yes there is. In fact my PP has my home, work and a previous address listed.

      How hard has this Reg reader really tried?

      1. VinceH

        "How hard has this Reg reader really tried?"

        Does PayPal include that physical address in emails sent out to users? AFAICR, no, they don't - so the person who owns the domain wouldn't have been able to determine that address.

        (Note they deliberately carried out a password reset - which would be by attempting to log-in and clicking on the 'forgot password' link, or however it's done for PP, but that was just to confirm it as an email address genuinely associated with PP; they wouldn't have been able to actually reset the password due to the security questions, so wouldn't have been able to get in and see the postal address.)

        1. VinceH

          As I hit submit on that, I suddenly remembered Amazon and their old forked account problem - which at the time I realised what had happened, they'd already fixed, but I think by accident rather than by design. Written up here, but in summary:

          In August 2010 I decided to change the domain I was using for per-site unique email addresses, and in some cases passwords as well. In Amazon's case, the change included the password, and at that time it was possible to change both at the same time.

          Thereafter, I started getting spammed by Amazon at the old address, and when I got in touch with them about it they told me the old address was still linked to an Amazon account.

          It turned out that when I made the dual change of email address and password, their system actually split my account in two and treated the old one as a new account for the purpose of promotional crap. However, I was able to reset the password on it and log in (no security questions) and it still had my card details etc associated with it.

          If that had been a case like this one, the new domain owner would have been able to make purchases from Amazon on my cards. (But an honest one would be able to see my postal address and let me know).

          Amazon refused to accept this was a problem - albeit one that had been fixed, possibly by pure luck - by the time I realised what had happened, the email address and password change options had been separated; they could no longer be done at the same time. However, my argument was that there could have been similarly forked accounts out there just waiting to be accidentally discovered by miscreants.

        2. bombastic bob Silver badge
          Pirate

          a) reset password (you own the e-mail)

          b) follow the reset links, change password to something funny

          c) change e-mail address to something different [a throwaway 10 minute mail address would do ya] in which you receive the confirmation (if any), and then forget it.

          d) close the account. If "it won't let you", just leave it sending SPAM to a fake mail address.

          problem goes away. This after trying to do it the NICE way, of course.

          1. VinceH

            Bob, to reset the password (and change the address) you first need to get into the account. You might not be able to if there are security questions with answers set by the account owner that you do not know.

  7. Blockchain commentard

    Just close the Paypal account. What's simpler?

    1. Roland6 Silver badge

      >What's simpler?

      Well, if the paypal account is drawing monies via a payment card, the payment card will at some point within the next 3 years expire at which point all payments will be bounced and the paypal account becomes useless to its original owner...

      What is noteworthy is the El Reg reader isn't reporting receiving emails from sources other than Paypal.

    2. teknopaul Silver badge

      Are you one of those people that when someone asks

      "Can you tell me where the toilets are?"

      You answer

      "No"

      Heres wishing you a Friday full of robo calls and useless tech support. ;-)

  8. John Robson Silver badge

    Presumably there is a payment method approved...

    So you should be able to contact the financial provider...

    1. Roland6 Silver badge

      Re: Presumably there is a payment method approved...

      Well as there is a live bank card/account associated with the account, it would be possible to do as this person did: Faster Payment of £0.01 was paid into your account

      Alternatively, use the first four digits of the registered card to identify the card issuer and contact them. From (UK) experience, the traditional banks will proactively contact the account holder.

  9. This post has been deleted by its author

  10. JohnFen Silver badge

    He made more than a reasonable effort

    He made more than a reasonable effort to actually remedy this. I would be inclined just to set up an autoforwarder to shitcan anything from PayPal going to that email address and forget it.

    1. Prst. V.Jeltz Silver badge

      Re: He made more than a reasonable effort

      I would be inclined just to set up an autoforwarder to paypal customer service , prefixed with a little recap of the issue

      1. Peter2 Silver badge

        Re: He made more than a reasonable effort

        I have done this precisely once, and that was reporting spam arriving at the rate of about 30 emails per second to hotmail's abuse@ address.

        I sent one email to abuse@hotmail with a report in their preferred format of the time and got an automated email thanking me for forwarding it on and promising to look at it before the energy death of the universe.

        About twenty minutes later I wrote an outlook rule to forward each individual email over and delete the original from the mailbox and ran it on all of the existing emails as well as the new incoming ones. It got a "please stop doing that!" email within minutes. Suffering from some guilt I then started to cancel it, and instead decided to go and make a coffee for everybody. The accounts in question had been suspended by hotmail support by the time I got back. I still feel a twinge of guilt for doing that, but it was effective enough.

        In this case, i'd have set the forwarder to create a new GDPR breach notice to the ICO with the email attached, and the attempt to inform PayPal of the change of address attached.

        Possibly the same with lodging complaints to the FCA for each. I'm pretty certain that this would have received a fairly swift response. And I wouldn't have felt so much as a twinge of guilt about doing it, so years of working in IT must have made me a bit BOFHish.

  11. chuckufarley Silver badge

    Whe someone uses my email address...

    ...to create an account with some service provider I normally just perform a password reset on the account and then delete it. If they used my email address by mistake they might not even know if they saved the login details in their browser.

    If Mr. Sadler lives in the EU he could report PayPal for violating the GDPR by sending him someone else's financial records. While the case might not go anywhere I am willing to bet that government scrutiny would light the proverbial fire under PayPal. If that didn't work I would seriously consider using the account to violate their T&C's so they would ban it.

    Either way, if I couldn't return the account to the rightful owner I would make sure it was no longer functional.

    1. Doctor Syntax Silver badge

      Re: Whe someone uses my email address...

      This seems the approach most likely to succeed. The ICO or other appropriate regulator would go in at a rather higher level than customer disservice.

    2. druck Silver badge

      Re: Whe someone uses my email address...

      Mr Saddler doesn't have to live in the EU, but the owner of the PayPal account does. As their identity is unknown, a GDPR violation is unlikely to be considered

      1. Sgt_Oddball Silver badge
        Holmes

        Re: Whe someone uses my email address...

        That depends on the domain, if it's a .co.uk domain or even heavens forbid a .EU domain (or some other national TLD) then a UK/European address has to be provided to register the domain. Ergo, the owner falls under GDPR rules. If its a .net, .org or .com then that's trickier to fathom.

        1. Blockchain commentard

          Re: Whe someone uses my email address...

          dot-net in the article.

      2. Peter2 Silver badge

        Re: Whe someone uses my email address...

        Mr Saddler doesn't have to live in the EU, but the owner of the PayPal account does. As their identity is unknown, a GDPR violation is unlikely to be considered

        Nope. All that's needed is the notification that PayPal which is registered in the EU is ignoring notifications that they are sending out highly personal information to an unauthorised third party, and have been notified of this, but are still doing it regardless.

        Casework@ICO will make rulings against firms on vastly, vastly more tenuous grounds than this.

    3. Cederic Silver badge

      Re: Whe someone uses my email address...

      PayPal Europe Ltd is regulated by the FCA, so forget GDPR, that can only fine them 4% of global revenue. The FCA can put people in prison and close the company.

      In the first instance they're more likely to merely scare the living shit out of the UK executive, but that alone would be useful.

    4. DontFeedTheTrolls
      Boffin

      Re: Whe someone uses my email address...

      "in the EU he could report PayPal for violating (GDPR, FCA, etc)) sending him someone else's financial records"

      Not sure PayPal would be found in breach here. They did their Know Your Customer due diligence on the records provided (the email address@domain) so why should they not continue to supply said email address with account information unless the customer could prove they provided PayPal with new contact details and PayPal failed to implement such details.

      The account owner is at fault by "releasing" their account details, and is probably liable for any losses incurred according to the PayPal T&Cs on keeping account details secure.

      1. imanidiot Silver badge

        Re: Whe someone uses my email address...

        As soon as someone notifies them they are NOT the legitimate recipient and that the intended recipient is no longer the owner of that address, paypal should have taken action (By stopping that accounts "balance updates" for instance). Paypal definitely didn't correctly handle the situation here.

        It's like someone moving but forgetting to update their bank details (it happens). If the new homeowner notifies the bank he received post not intended for him, the bank SHOULD stop sending stuff to the old address.

        1. bombastic bob Silver badge
          Devil

          Re: Whe someone uses my email address...

          As far as snail mail goes... writing 'return to sender, address unknown' on the envelope and putting it back in the mail usually stops more from coming. Also works to help stop voter fraud [I recently received a confirmation of address from the registrar of voters indicating a name I'd never heard of - and yes, I marked the "wrong address" box as well as 'return to sender' on the front]

    5. bombastic bob Silver badge
      Devil

      Re: Whe someone uses my email address...

      it could also be a malicious and/or deliberate use of your e-mail address as a "Prank"...

      a) malicious hacker grabs e-mail address of someone, signs up to "some service"

      b) this service is poorly designed and does not send confirmation mails making it an instant target for abuse by malicious hackers.

      c) malicious hacker signs up to every e-mail list available through that service, then goes away

      d) victim gets mail bombed

      That sort of "prank" doesn't work very well these days. I haven't seen it for YEARS, though I've been on the receiving end of things like that more than once. USENET trolls. It's worth +10 points if your pet troll does things like that. (The dating service for farmers was the funniest) It's worth +150 points if you can use it to (in any way) track them down IRL though... ! (the subsequent doxing becomes a spectator sport)

    6. ExampleOne

      Re: Whe someone uses my email address...

      I am not sure Mr. Sadler has standing to sue over the disclosure of a third parties data, especially as there is a prima facie case that the disclosure was authorised, even if by mistake.

      However... he would without question have standing for a GDPR case over their use of HIS email address without authorisation once he requested they stop. Email addresses are quite definitely protected personal data within the scope of GDPR!

  12. Stevie Silver badge

    Bah!

    If the email attached to a PayPal account starts bouncing eg because the mailbox is full, what do Paypal do?

    Because it occurs to me that if the domain owner were to bounce incoming emails then he/she might be able to trigger the account owner into making a call to Paypal and fixing the problem from his/her end.

    1. david 12

      Re: Bah!

      If PayPal has anything in common with any other financial transaction company, they are required to send notifications to the last known address, even when they know that the last known address is invalid.

  13. Pascal Monett Silver badge

    As I've said before

    PayPal is not your pal. As long as everything is fine, you can be happy, but when things go pear-shaped PayPal is the last place you can expect to find help from.

    Especially since there is no phone number to get someone to talk to and resolve the issue.

    Use PayPal at your risk and peril.

    1. Anonymous Coward
      Anonymous Coward

      Re: As I've said before

      UK customer service 0203 901 7000 or 0800 358 7911

      Opening hours

      8am to 6:30pm Monday to Sunday

      1. dave 81

        Re: As I've said before

        Thank you, added to my contacts should I ever need to get hold of them.

        P.S. 020 numbers are in the format 020 xxxx xxxx

        1. Sgt_Oddball Silver badge
          Paris Hilton

          Re: As I've said before

          020 ***

          Not in every other instance of a London phone number that I've seen, they're not.

          1. stungebag

            Re: As I've said before

            Then, technically, every London phone number you've seen has been wrong. Try picking up a landline phone in London and dialling the local part of the number: i.e. after the first space. You'll soon find that dialling the bit after 020 works, if you also drop the 3/7/8 it doesn't work.

            But who cares? How many calls are dialled as a local number these days?

          2. ibmalone Silver badge

            Re: As I've said before

            https://www.royalfree.nhs.uk/contact-us/ 020 7794 0500? Seems fairly normal.

            Though I'm not sure there's anything official about the number groupings. My mobile bill does 5-6, but I think I've seen them all run together in the past.

            The evolution of my parents' Northern Irish number over the years, starting when area code mattered for pricing local vs long distance in the UK. The last 6 x remain unchanged throughout:

            02xx xxx xxx : area code is the 02xx bit, so you could write 02xx xxxxxx

            012xx xxx xxx : 1 inserted to all UK area codes prior to the introduction of the new 02 block.

            028 9x xxx xxx : NI area codes all rolled into 028 (same time as London becomes 020), the local number prefixed with 9x, to make 9xxxxxxxx the number.

            028 9xxx xxxx : my dad insists this is the way it's always been parsed, but I'm pretty sure it was never 02 xxxx xxxx...

            Writing London numbers with the last four digits seems to have been a thing back to at least the early 60s. If you look at old posters, like the ones buried under Euston station, you see numbers given in the form "FLEET 4000", which seems very Passport to Pimlico now.

            1. stungebag

              Re: As I've said before

              I'm getting a strong sense of deja vu here, such discussions were common just after the last London area number changes.

              Here is a brief history of London number changes. This is from memory, so details may be out.

              When I was very young London phone numbers were of the form Exchange Name xxxx. For instance Bowes Park 9283, or Whitehall 1212. Within the exchange you could just dial the last four digits (I think).

              The along came Subscriber Trunk Dialling (STD - no, not that sort). London now had all-figure numbering so the old exchange names were replaced with three letter codes. These were often, but not always, the numbers on the dial corresponding to the first three letters of the old exchange name. So ABBey becamse 222 and ENField became 363, but Bowes Park did not fit the pattern and became 888. London now acquired an STD code, 01, that was needed to call it from anywhere outside.

              You now needed to dial all seven local digits (but not the 01) to make an call wholly within the 01 area.

              The number of lines grew and a temporary solution was needed to avoid running out of numbers, so the London area was split into inner Londion (071) and outer London (081). Within each of these you still only needed to dial the last seven digits, so to call 081 363 3629 from 081 888 9223 you'd omit the 081 (and it was commonly believed that not to do so would cost more). But calling from, say outer London to inner London you had to use all 11 digits: to call London Transport from, say, Croydon you needed to dial 0171 222 1234.

              Along came PhoneDay. 071 became 0171, 081 became 0181 but nothing else changed so far as London was concerned.

              Later still there was another rejig. London was reunified into a new area code, 020. Those who had been in 0171 had a 7 prefixed onto their numbers, and those with 0181 had an 8. But that 7 and 8 formed part of the locally-significant number. The area code was, and remains, 020.

              It was made clear (to those who listened) at the time that BT no longer considered there to be a geographical distinction between 020 7 and 020 8, the distinction was purely historic, and they would introduce new London numbers that did not start with 7 or 8 (e.g. 3).

              Once again you could call any London number using just the local part, i.e. the final 8 digits, usually beginning with 7 or 8. But the message never really got home. The split had got people used to dialling the full national number, and the rise of mobiles, which always require the full number, means that local dialling is almost extinct.

              Historically when writing London numbers down the first space was always after the area (STD) code, so numbers went from 01 222 1234 to 071 222 1234 to 0171 222 1234 until we reach 020 7222 1234.

              The second space was after the old local 'exchange' part, which has become obsolete but the gap aids readability and memorability.

              It's only in the last few years that the insidious 0207 etc. has reared its ill-informed head.

    2. Anonymous Coward
      Unhappy

      Re: As I've said before

      I heartily agree, they have been on my shit-list for nearly 2 decades, after taking money from my bank account without authorisation and basically telling me to fuck off when I complained.

      We are not talking a small amount either, it took my bank account £600 beyond my overdraft limit, plus over £100 in bank fees.

      1. Kubla Cant Silver badge

        Re: As I've said before

        Some years ago I made some purchases from eBay using a PayPal account linked to my credit card. In due course I received an email from PayPal saying "you've spent so much money that you can't use your credit card any more - please link your PayPal account to your bank account". After the briefest consideration I decided that wasn't a good idea.

        Sounds like I had a lucky escape.

  14. Tomato Krill

    So, either

    1) contact a retailer from the receipts, explain situation. Dknt ask for the user details because obviously they wont do that but ask them to relay the message?

    2) post a message up on www.domain.com?

    1. ibmalone Silver badge

      1) contact a retailer from the receipts, explain situation. Dknt ask for the user details because obviously they wont do that but ask them to relay the message?

      I wonder how they would go about doing that legally now? It would fit under legitimate interests (the third party, weirdly, being the data subject), but do they have to have outlined the legitimate interests use of the data to the customer in advance? They're also supposed to make a record of the assessment performed. ("We thought they'd like to know their bank details were being sprayed over the internet" should suffice.)

  15. .james

    I registered my family name with an s on the end and set up catch-all email. Got a load of spam but one address in particular seemed different. Important stuff like doctors appointments were coming in. Eventually I logged into a shopping website with the email and found a mobile number and sent a tentative message. Turns out the guy had the same domain but with 5 on the end. Every time he wrote it on a form somebody thought it was s, so I just set a forwarding address for him.

    1. Nick Kew Bronze badge

      I had a case like that with my .com domain receiving small amounts of legit-but-misdirected-looking email for the owner of a .net namesake. The email bounced (I don't use a catch-all), but I saw it in the logs with non-spam subject lines. I contacted him, confirmed the situation, and set up forwarding on that address.

    2. werdsmith Silver badge

      There is a very famous American music star who has a name similar to one of my email addresses. I get loads of his email. Most of it fan mail, some business and a bit of hate too. It's very entertaining.

    3. DontFeedTheTrolls
      Pint

      "so I just set a forwarding address for him"

      Good man, have a pint!

      1. .james

        Fortunately he and his wife didn't share names with anyone in my family!

  16. adfh
    FAIL

    Trying to report when people sign up with my addresses is painful

    I feel the domain owner's pain.. I have several domains, G Suite accounts, plain Google accounts etc.. It seems that one of the gmail accounts in particular is a favourite typo of someone in Ireland, and someone in the US.

    I get signups for Nike, Bank of Ireland, school newsletters, Yoga, trade deals in Dubai, stationery purchases in the US etc.

    Trying to find a contact address to report this shit is painful.. They all want you to sign in with an account before they even dream of handing over a contact form, and even then, they often just come back with a regurgitated KB article.

    What happened to "You can't activate this email address unless you click on this link in the email, get this email by mistake? Click here to cancel it!" Oh no.. these days it's "all good to go, full steam ahead".. how hard would it be to provide a link that says "This email isn't for me!" at the bottom of these things?

    1. Tom Wood

      Re: Trying to report when people sign up with my addresses is painful

      Likewise. I have a vintage Gmail account (from when they rolled it out invite only to Blogger users) with a short username. The number of people who get my email address either through typos or through being too stupid to know their own email address is ridiculous.

      I've received all sorts of order confirmations, 'your car is ready to collect from its service', 'reminder of your dentist/hairdresser/therapist etc appointment', website signups, circulars for community groups etc. Aside from the community group ones invariably I have to mark them as spam in Gmail (which they are, since while the businesses may be legitimate they are certainly unsolicited emails).

      1. TheProf Silver badge
        Devil

        Re: Trying to report when people sign up with my addresses is painful

        I cancelled the hotel booking some dumb cluck made using my email address instead of his own.

        I'll probably not be going to Silicon Heaven now.

        1. Nick Kew Bronze badge
          Trollface

          Re: Trying to report when people sign up with my addresses is painful

          Isn't Silicon Heaven for Good Trolls?

        2. Tom 7 Silver badge

          Re: Trying to report when people sign up with my addresses is painful

          Did you provide alternative account details for the deposit refund?

        3. Jimmy2Cows Silver badge

          No such thing as Silicon Heaven

          Ridiculous. Where would all the calculators go?

          1. A.P. Veening Silver badge

            Re: No such thing as Silicon Heaven

            Those get re-incarnated as accountants ;)

        4. Martin
          Happy

          Re: Trying to report when people sign up with my addresses is painful

          I cancelled the hotel booking some dumb cluck made using my email address...

          I was a bit kinder than that. The booking included his home address, so I sent him a letter explaining what he'd done. Bit old-fashioned, but it worked.

          He emailed me back, very apologetic!

    2. Dan 55 Silver badge
      Trollface

      Re: Trying to report when people sign up with my addresses is painful

      But what about the onboarding experience? That's the most important thing.

    3. Anonymous Coward
      Anonymous Coward

      Re: Trying to report when people sign up with my addresses is painful

      Ditto, a few years ago I was receiving newsletters from the Sierra Club, car forum discussions and confirmations for car servicing in Florida etc.

      Trying to talk to the companies involved was like talking to a brick wall - except the Sierra Club who stopped it at once, kudos to them.

      The car dealership totally ignored me; after two years I had had enough, so I started using the account to book in fictitious and highly expensive cars for servicing and repair work.

      A couple of weeks of that and no more emails.

      1. MJI Silver badge

        Re: Trying to report when people sign up with my addresses is painful

        They had Sierras in America?

        Did you get the Cosworth?

        1. werdsmith Silver badge

          Re: Trying to report when people sign up with my addresses is painful

          They got Merkur XR4 but with a turbo 2.3, not a Cossie. Didn't sell well because because their version was even shitter than the Euro one.

          GMC Sierra is a big ol' truck I think.

          1. Carpet Deal 'em Bronze badge
            Boffin

            Re: Trying to report when people sign up with my addresses is painful

            GMC Sierra is a big ol' truck I think.

            It's a one-ton* pickup, which is about as big as things get before you get into other varieties.

            *Freedom units

            1. STOP_FORTH Silver badge

              Re: Trying to report when people sign up with my addresses is painful

              Upvote for freedom units!

      2. WolfFan Silver badge

        Re: Trying to report when people sign up with my addresses is painful

        That wouldn’t have been Brandon Volkswagen, would it? Several years ago they started sending me all kinds os bumf and wouldn’t stop... until I started sending, to the listed address for their director of sales, replies asking why I should buy a vehicle which trailed poison gas behind it wherever it went, and if it true that they were really the new SS Special Action Group, this being just after the Great Diesel Scandal. That stopped them. And their site was updated to remove all email addies.

    4. JohnFen Silver badge

      Re: Trying to report when people sign up with my addresses is painful

      "What happened to "You can't activate this email address unless you click on this link in the email, get this email by mistake? Click here to cancel it!""

      Companies should not do that, because of the existence of phishing.

      What I've seen more and more of is getting an email without links, but providing a temporary password with instructions to log in to complete account creation, and informing you that if you weren't trying to create an account, then you can ignore the email.

  17. Allan George Dyer Silver badge

    "as if by magic"

    So how was it resolved? How was the owner traced, and how was it confirmed they were really the owner?

    Personally, I'd think this is like finding a wallet. It's lost property, hand it in to the Police. Report the situation, and set up a forward to the email of the office on the case.

    I wouldn't want to reset the password, even to just look for other contact details, because that would be unauthorised access. The Police can do that in their investigation.

    1. Nifty Silver badge

      Re: "as if by magic"

      Recent story of something similar with a debit card:

      https://metro.co.uk/2019/10/15/man-got-lost-wallet-back-thanks-1p-bank-transfers-good-samaritan-10923151/

  18. nicboyde

    There are no humans at Paypal

    Thesis: There are no humans at Paypal

    Discuss.

    Please provide proofs if posing a contradiction to the thesis. (These would include evidence of change happening after speaking to a "person".)

    1. Anonymous Coward
      Alien

      Re: There are no humans at Paypal

      It has long been suspected that they are suppository people from Uranus.

    2. The Dogs Meevonks

      Re: There are no humans at Paypal

      The only time I've ever had any kind of email response from them is when I've had to raise an issue over a payment... which is far too often when you get caught out by scamming chinese sellers masquerading as UK ones who sell items with 2-3 day delivery only for the date to suddenly change to 1 month as soon as you've paid.

  19. Some Random Kiwi

    similar problem but with a GMail account...

    Got a GMail account that got associated with someone in the UK's PayPal -- except that I've had it since day 1 of GMail when it was invitation only.

    PayPal says they can't possibly have associated the e-mail with the account without the user proving they have access, so they're unwilling to do anything about it. And yet...

    All attempts to break the association have failed, even invoking GDPR to have them forget any personally identifiable information.

    1. Anonymous Coward Silver badge
      Big Brother

      Re: similar problem but with a GMail account...

      If GDPR didn't work, invoke the ICO. Generally the realistic threat of a significant fine is all that these companies will respond to.

    2. Anonymous Coward
      Anonymous Coward

      Re: similar problem but with a GMail account...

      I'm having an extremely similar situation. I signed up to PayPal years ago with my @googlemail address. About a year ago I started receiving PayPal receipts and info emails to the @gmail version of the address but under someone else's name.

      Initially I thought it might be fishing but it appears that somehow PayPal have allowed someone to set up a PayPal account with that email without verification. I basically found out by trying to log in and reset that person's password.

      PayPal are adamant it's not there problem but that Google is at fault of they "can't tell the difference between @gmail and @googlemail

      Google have quite rightly said the issue lies with PayPal not verifying emails during account set up properly. And I have investigated and determining my Google account has not been compromised.

      I've given up trying to get PP to get of their arse and do something.

  20. gnarlymarley

    What is paypal going to do, contact the account owner over email? Wait, that goes back to the person who is trying to return the account. Maybe use the phone number if it has one?

  21. Anonymous Coward
    Anonymous Coward

    We need legislation to force proper closing of old accounts

    I have been receiving emails for years from an incompetent estate agent who is incapable of cancelling them. He cannot find me on their system.

    Also I have not worked out the best way to cancel old email or other accounts. If I just cancel straight away there is a chance the new owner will pickup some of my old stray emails. The best way seens to be to have a long idle period before shutting down.

    This same issue applies to all such accounts, phone numbers etc. The first difficulty is that there is often no mechaism to cancel anyway or it may involve identification, email or another item which is no longer accessible.

    This is a massive problem generally and a clean mechanism for closure should be required by legislation for every such account that is created. The trouble is that doing it properly needs full authentication and destroys the use of anymous inernet.

    1. Lee D Silver badge

      Re: We need legislation to force proper closing of old accounts

      I once solved a similar problem by creating a rule to bounce all email from that domain back as an "Undeliverable" message to an address I found that auto-responded (someone's vacation address) and their postmaster.

      It still took them a few days to spot the problem, but my server was obviously more powerful than theirs and they obviously noticed the email loop and took more notice of that than they ever did of me.

  22. Mindfart

    Paypal sucks monkeyballs. I have had an open case with them for 3 years, they don't understand, they don't care, they just want your money.

    1. A.P. Veening Silver badge

      I don't really see the problem, as long as they want money from you and you aren't paying, it is their problem. It is something else if you want money from them and they aren't paying.

      1. Tom 7 Silver badge

        I have opened an account using your email address an am selling kiddy porn.

        You wont have a problem with that will you?

  23. Lee D Silver badge

    I get this all the time, but from the other side.

    I have a surname that's common in Ireland and with my first name is apparently quite a common combination.

    Thus I get an awful lot of people thinking that my emails at popular domains (e.g. Gmail etc.) are actually theirs. They often throw in a dot or similar but they always forget that theirs must have a number or a hyphen or something completely else because pretty much any combination of my name and a dot at those domains will drop into my account, not theirs.

    I get plane tickets, car rentals, Paypal accounts, demands for debts from Ireland (I've never been to Ireland in my life, and the details aren't mine), Littlewoods, all kinds.

    Where possible, I used to inform the companies. They never understand the problem and I end up in circles because I'm NOT the guy who gave them that email, so they won't talk to me. If I unsubscribe, that gets rid of some spam but it doesn't stop the financial stuff and plane tickets, etc. So I've taken to just putting them in the spam folder. Sorry, Mr Lee D in Ireland... I tried but I can't spend my days chasing your stuff for you if you haven't even noticed that your PayPal is on my email not yours, and I could open it up, confirm whenever you try to add a credit card, spend all the money, and close the account and you'd be none the wiser really. I don't. I just delete them. So the account never gets confirmed and eventually you realise. I've even had people PayPal me large amounts of money to that address, obviously thinking it's someone else. I just refused it. They tried three times. Then, I think, they realised their mistake and stopped trying.

    Where there were details (e.g. billing addresses on invoices, etc.) I've even sent letters explaining the situation and got polite and grateful replies and had people close their accounts as soon as they received my letter. But it's too much effort to keep doing it, and the companies just don't care about clearing it up unless it comes from the account holder. When it was a one-off, it was just being a good person to someone who had made a silly mistake. Now, it's just spam.

    And I've had a couple of "How dare you take over my email?" kind of responses, when I've had the same email addresses for the last 20 years in many cases. I don't need that.

    Not for me? It's spam.

    Unexpected email from a company I have no dealings with? In the bin.

    Fortunately, all my *real* email is at a bunch of domains that redirect all my mail to one location, so it's really easy to tell "real Paypal email" from either complete phishing attempts or people mistakenly signing up with similar names on popular email hosts, even if they all end up in the same mailbox.

    After a while, it's really wearing, though.

    Hey, Littlewoods Ireland. Sort your system out, and require an opt-in before you send me a copy of every letter you send the guy in Ireland! And have an opt-out on the email itself.

    The day we sort out email and have it properly done (i.e. to send me email you need an alphanumeric security token that I send you, and without that you absolutely cannot send me email at all, and you can't re-use that token to send me email from anywhere else, and I can safely refuse all emails without such tokens, even if that's all wrapped up in a client/server certificate verification on the protocol itself), I'm just going to treat it all as spam.

    And there's a reason that I never let certain domains expire, and why I have backup domains which I can switch to. I don't want *my* Paypal etc. 2FA emails going somewhere else either.

    1. STOP_FORTH Silver badge
      Facepalm

      Gmail specific

      As well as fat finger problems you have a GMail specific problem. (I apologise if you already know all this but, if not, read on.)

      GMail allows uppercase and lowercase letters in e-mail addresses. More importantly you could register LeeD, Leed, leeD, and leed as e-mail names even though they should all map to leed in "SNMP namespace". It then helpfully sends incoming mail to either leed, the first to register or just random variants on "leed".

      Spaces, underscores and hyphens are similarly munged, ignored, misaddressed etc.

      I think there was an article on the Reg about this earlier this year.

      This happened to a friend of mine. (Also has an Irish surname, not sure if that is relevant.)

      I have a common Scottish firstname and surname combination which has caused me e-mail problems in the past. For Gmail I added extra letters, which has prevented any problems so far.

      1. Loyal Commenter Silver badge

        Re: Gmail specific

        This happened to a friend of mine. (Also has an Irish surname, not sure if that is relevant.)

        Oddly enough, something very similar happened to my wife a couple of years ago. And yes, she has an Irish surname too. Does Google have something against the denizens of the Emerald Isle perhaps?

        1. STOP_FORTH Silver badge
          Windows

          Re: Gmail specific

          My theory is that the Celtic parts of the British Isles don't have such a variety of surnames and firstnames as the Sassenach bit. In addition to that, many Scots families persist in the practice of naming eldest son after the father. So you could have the same name as your father, grandfather and great grandfather. (This was common in England in the Middle Ages, and possibly after.)

          Of course, this effect is slightly offset by the sheer number of English people.

          Mumble, something something, collision space?

          (Icon - See you, see me, you're my f*kken pal.)

      2. STOP_FORTH Silver badge
        Facepalm

        Erratum

        "SMTP namespace" (aka URL namespace?)

    2. Anonymous Coward
      Anonymous Coward

      common names

      This can be funny to so some levels. I also have a common name and after many years with my ISP I decided I needed some new junk mail mailboxes. Checked and found my name was available as initial+surname. Something not available when I joined, so it was clearly going to have old mail heading for it.

      I think Currys were the worst at refusing to delete the data. They got lost in some spiral of demanding Proof of ID from me... while I was pointing out that the ID is not going to match the account due to the out of date data. I think that one is still in place.

      The funniest part was when heaps of Masonic emails started to turn up. This guy was high up in his local branch so I'd get tons of details on their next meetings being copied by other members with out of date contact lists. Fascinating stuff.

      1. Anonymous Coward
        Anonymous Coward

        Re: common names

        (Not sure if this post is okay, so I split it from the above in case it upsets anyone)

        One bad side of these emails is it showed that this Masonic group was a little "odd". Clearly not normal Masons.

        When a series of really extreme racist "jokes" started to be cc'd to me by members of this group they got a reply from me. A rather loud reply quoting their own bible back at them. "Love Thy Neighbour" and all that jazz. I ripped in to their racism and pointed out they need to check who they are copying posts to.

        What is funniest is this happened to a group who act so secretive. And yet they can't keep their own address books up to date.

        I did get an apology. Though years later I still get the odd message copied from them.

      2. Ken Moorhouse Silver badge

        Re: ...heaps of Masonic emails started to turn up.

        I wonder if anyone's ever managed to write a Wireshark dissector for those...

  24. 0laf Silver badge
    Holmes

    Would the financial ombudsman get involved maybe? Paypal is after all a financial services company. It will have statutory obligations to customers.

  25. Anonymous Coward
    Anonymous Coward

    None of the advisors I have spoken to seemed to have any understanding

    A full stop is required after this statement. But I'm surprised that he's surprised. I mean, unless he was born yesterday (with a mobile in his mouth), he must have dealt with "customer disservice" from anything big enough to offer this unique, across the board, non-experience. And I don't blame those hapless captains of the gig-economy who are paid peanuts in Indonesia or Mars, I blame us, the "consumers", who have been turning the blind eye as to how the Mr Ebays and Mrs Paypals actually make their fortunes. Rant over.

  26. Mike 137 Silver badge

    Roll on the disrupters!

    Oh the joys of unregulated intruders into regulated industries. One wonders why industries such as banking, taxis, accommodation were regulated in the first place, as the competition seems to be able to sidestep all the hard won protections and nobody seems to care.

    1. dajames Silver badge

      Re: Roll on the disrupters!

      Oh the joys of unregulated intruders into regulated industries.

      Indeed.

      PayPal was originally supposed to be for "micro payments" -- for people to use to buy and sell stuff on eBay for a handful of dollars at a time, for payments too small for it to be worth using a credit card. It seemed a fairly neat idea to use such a system for those purposes, at least until the likes of Visa Cash got going ... (Visa what? I hear you ask ... yes, well, it was a long time ago).

      Lack of any sort of competition from the established players in the payments industry let them grow too big for their boots, handle larger payments, become credit-card acquirers ...

      Then the buggers got greedy.

  27. kspence

    Potential Solution

    The forwarded emails will contain metadata in the emails from the email account of the stranger who is forwarding them. Look in Message Details under Properties in Outlook or online there will also be an option.

    Once you've found that email address, run a search on the WHOIS to find the registrar. It will most likely be redacted however the company it is hosted with will show. Go to that company's website and file a support ticker stating your problem and request they send your contact details onto the owner. If he is worried he will reply guaranteed.

  28. The Dogs Meevonks

    I've found that in recent months, the only way to get a response from a company and get them to actually take action on something is to simply tweet them a snotty post including hashtags like #scammers #fraudsters #incompetent.... and don't do it once... but repeatedly every hour or so until they respond.

    Doing this I've been able to get amazon to resolve an issue where they basically stole over £500 from my bank account, an insurance company who were failing to respond to my claim after an uninsured drunk driver wrote of my car... and that was costing the Motor Insurance Bureau money every day for the hire car (it probably cost almost as much as the payout due to their delays for nearly 2 months).

    Then when I wanted to transfer my breakdown cover to my new car... they failed to respond until I again made a snotty tweet... and actually made things far worse by being obnoxious and condescending because I dared to complain publicly about crappy services. In the end I got a full refund and went back to the previous company I was with who ended up being cheaper as a new customer rather than the 'renewal' price that caused me to switch in the first place.

    If you can't get the press behind your story to force a response... then the only other choice you have is to make a complete nuisance of yourself and make sure that any searches for hashtags for that company include your irate, condemning results.

  29. Hoe

    Funny I was thinking just last night, should I move my Paypal to my Domain Email Account, as I hardly use my Yahoo one for much these days other than Paypal.

    I nearly did too but couldn't be arsed and thought this weekend, suddently I don't want to thanks, I think I'll move it to gmail instead, not that I am planning to let my Domain exprie but still not wort the risk!

    1. MJI Silver badge

      My domain

      I am adding my sons to the admins for it.

      As if it goes they lose their email.

      They have debit cards!

  30. Tom 7 Silver badge

    Much as I love el reg

    i refuse to have a paypal account if this is the only way of fixing it.

  31. Anonymous Coward
    Anonymous Coward

    Here's the problem: "...catch-all forwarder..."

    Never do that. Going back to the mid 1990s I'd got a catchall on my .co.uk domain. It was useful for capturing typos like stephen/steven/stefan/steve as well as a handful of other names into one mailbox. A local university had almost the same domain name but .ac.uk

    When I first started getting emails between students, staff and university admin I tried to be helpful but it escalated. When I alerted their admin that I was getting confidential stuff like staff reviews his response was that it was my fault for buying that name, that I was breaching confidentiality by opening the mail (he couldn't explain how I was supposed to know that an email in my mailbox wasn't intended for me without opening it) and that I should relinquish the highly desirable name (short, single word, relevant, proper noun. I've had offers to buy it for USD50k).

    The final straw was when I returned from lunch to find 32768 spam emails waiting for me, the most the mailbox could accommodate, each addressed to a different name @my-domain. (That was genuine spam, not university related).

    I promptly cancelled the catch-all, flushed the account and set up specific forwarders for stephen/steven/stefan/steve etc to a single mailbox. The university is probably still sending me their staff reviews and salary details but I never have to see or deal with them, what happens to those emails? Do I care? [no].

    In this instance, sure the guy with the paypal problem wouldn't have got the recipient or El Reg involved in trying to fix the issue but I'd not give a f*** about that.

  32. herman Silver badge

    A mail loop seems to work best

    I have in the past found a deliberate mail loop tends to get the attention of a knowledgeable person to stop mail errors after a few hundred million of the same thing filling up their mailbox.

  33. Ryan Kendall

    Not a bank

    Remember PayPal is not a bank, it's an internet company that holds onto your money.

    Though it may be more secure than 'some' banks its not under the exact same rules.

  34. Anonymous Coward
    Anonymous Coward

    Had issues with them before

    Many years ago bought an old Nokia E71 off someone on Ebay. Took the risk as he had no feedback. It arrived cracked. Informed him and he said "Not my problem, take it up with Royal Mail". No it was your problem, you need to sort it as you're the sender. Anyway, he stopped replying. Put in a case to Pay Pal. They were being awkward. Saying I needed to wait the 30 days for him to reply. Told them he said he wasn't going to reply anymore but they said I had to go through the process anyway.

    Called their support, no help when got put through to Ireland support centre, yet when I called later and would get put through to, I believe, their Malaysia line they were really nice and friendly and helpful. They helped get the refund and told me not to send the phone back until they contact me with an address to send it. They never did. I ended up with a cracked phone and money back. But took PayPal a while to actually action it.

    I then proceeded to restore the phone as he never securely wiped the data and posted all found photos on the web, along with the mobile numbers found.

    1. Anonymous Coward
      Anonymous Coward

      Re: Had issues with them before

      > I then proceeded to restore the phone as he never securely wiped the data and posted all found photos on the web, along with the mobile numbers found.

      So you semi-doxd the person he stole the phone from?

  35. garethm

    I've had almost exactly the same thing! I have an Apple @me.com address from back in the MobileMe days, and someone has registered a PayPal account against it, somehow. That's er... not me.

    PayPal literally do not care, do not want to care, and say it's not their problem, which I truly cannot fathom.

  36. Prst. V.Jeltz Silver badge

    owner found within hours of story going to press!

    great!

    how?

    at first i (naively) thought PayPal had woken up out of embarrassment , but seems not

  37. Pirate Dave
    Pirate

    Paypal - where the motto of the Customer Service drones is "Sorry, I can't help you with that!".

    Years ago, I got a new credit card specifically to use with PayPal. Something on PayPal's end screwed up as I was trying to get the card registered, and the card number wound up in limbo within their system. Called their "customer service" and was basically told there was nothing they could do about it that I'd have to use another card. Stellar customer service there.

    Not to mention the ridiculous amount they skim off when you use them as an Ebay seller. After PP and Ebay take their cuts, it's not even worth the time to use Ebay to sell old low-priced network gear.

  38. 2+2=5 Silver badge
    Happy

    TITSUP

    Total Inability To Surrender Unwanted PayPal

  39. Cynic_999 Silver badge

    Not only an online issue

    This is not that different from someone who moves into a new house and gets bank statements etc addressed to the previous resident.

  40. Ken Moorhouse Silver badge

    I tried to register a business Paypal account...

    A few years ago I tried to register a business Paypal account for an organisation I was involved with.

    It asked me for the date that the organisation came into being. I typed in 1899, and it refused to accept this, saying it was not possible.

  41. William Higinbotham

    Forward to someone who cares

    I would forward to CEO of PayPal with signage "PayPal is the Best"

  42. MR J

    Must admit, I Hate paypal.

    I once priced up a new computer, and there was this advert for Aria or Scan or someone like that with a big bonus if you buy via PayPal.... Anyhow, I thought why not - I was going to buy said parts at the site anyhow so why not try to get the bonus.

    Purchased said parts and then went to claim reward, was told they only paid it once the warranty expired on all goods I purchased. They said that as such they had to wait at least err, 2 years I think it was, before they could process the claim. Eventually they said it should have been one year (once I could no longer return to retailer). Having lots of spare time on my hands I contacted them regularly and each time was told I had to wait. Then about a year or so after, they said that they had no record of the purchase to said company (I sent them a screenshot of their own transaction page) and they said that the claim wasn't processed in time, I quoted all of the old emails to them and we went to-and-fro quite a bit..

    Regardless... That was a bit of meh, but I have seen them make other mistakes and never refund for it.

    Living in the UK I once sold something to a US pal. They managed to convert the money 3 times in total (taking a charge EACH TIME!) and refused to refund it. Overall the fee was quite large. Not a happy bunny (that's when I quit using them).

    I also have tried to "close" accounts for family who have had the owner die. You get the impression that the account is closed, BUT if you monitor the email addresses on those accounts you will see that after a few months PayPal will start sending out emails again, then follow up with offers and pre-approved goodies. Log in for your reward, statement, whatever. If someone ask me now, I delete all information/cards/everything in the accounts, give it a super-secure password, and change it to a random super-long-name email for gmail and then ask for the account to be shuttered. There should be no reason why an account can't be closed.

  43. Chris Clawson

    Mostly related

    I discovered last year that Ebay was not bothering to verify email addresses after someone opened an Ebay account using my address. Ebay tech support said they would flag the account to make the owner change the address, but after a few days I got impatient, took control of the account and shut it down.

  44. Anonymous Coward
    Anonymous Coward

    I have 2 email accounts that I use, both of which someone else believes they own. I have phone registration (Samsung galaxy) so can track their phone, reset it etc, ps4 accounts registered with purchases, wedding registration site sign up with a gift registry. Insurance account and renewals. one point I had an email that included some pictures, with text saying, here are those photos of that cock ring I was talking about.

    Then one day I also got an email from one of their wivies, so I emailed he back, after a few emails, this was another person added my email to what they bieved was theirs.

    Oh and this is by more than 1 person, I think it's 3 so far. 2 in the US and 1 in the UK.

    I contacted Sony over the purchases emails but got no response over it. I reset some of the passwords on some of the accounts they set up in the hope to get them to contact the companies themselves. But just kept getting password reset requests. They did stop after a while.

  45. HKmk23

    Paypal

    Ain't anybody's pal anymore.............

  46. Danny 2 Silver badge

    I had a Facebook account that I only ever used to log in to third party sites. The last time I tried to log in it made me change my password via email, which was fair enough as I hadn't logged in for years. Then it asked me to contact three out of four 'friends' it had selected to vouch for me. One of them is dead, another is someone I only knew via Facebook so not really contactable unless I set up a fake account to contact them. I'd quite like to delete the account as it's slightly disconcerting that a dead guy has a stronger social media presence than I do.

  47. Anonymous Coward
    Anonymous Coward

    Some Brazilian guy keeps using my gmail for registering accounts. It all started with a PayPal account which is still active, the rest seem to be unused.

    It is a travesty that these companies do not verify mail addresses anymore. I do takeover any accounts that I can with forgot password functionality but this doesn't work with PayPal.

  48. hayzoos

    I cancelled my paypal after they tried to pull a payment from my checking account when I provided a credit card for payment. I was subscribing to a service which used paypal for payment processing. It was $10 per year. I provided the credit card details for payment. I did not receive a notice from the credit card for the transaction, instead I received notice of overdraft from the bank where the checking account was held. I was maintaining it as a sweep account which is why $10 over drew the account. I immediately contacted the bank to dispute the transaction. They reversed the transaction and cancelled the overdraft fee. The very next day paypal tried it again. I contacted the bank again, they reversed and cancelled again. This time though I asked about putting a stop in place. They said there is a stop fee, I said fine, paypal will continue, and so will I. They put a special stop in place since paypal was changing the id of the transaction and no fee for me.

    When I cancel or close an account online, I purge or change as much information as possible before closing or deleting.

    Why are these emails coming from "noreply"? Why do we have to jump through hoops to contact these companies to answer an email from a "noreply" address? They should be outlawed.

  49. Rob G

    So while not exactly the same cause as the original story, the effect is much the same. I have a gmail address from back when gmail was in beta testing. As such, there are many other people (mostly in the US) with my initials and surname that think they have my email address, forgetting all about the '69' or whatever that's on theirs. Because of this, I regularly get signed up to all sorts of sh't. PayPal accounts, hotel loyalty schemes, online banking and the latest, Sling TV, who I couldn't even contact because they block any access to any part of their website outside of the US. I eventually got through to them via Facebook and they cancelled the account. I also receive many forwards and emails from individuals and companies thinking I'm someone else. These emails often contain sensitive information from medical institutes and government departments. I also get a lot of church group stuff. I learned that replying to them to ask them to stop is a waste of time because they have no clue how to co-ordinate removal of someone from a reply-all thread and instead try to suggest I join them if I start getting irate. On occasion I will reset passwords and change email addresses or close the account, but I try not to be too much of a d'ck about it and consider the impact of doing so. Yes, I could just put all the stuff to junk mail, but I want these people to learn.

    I just wish all services insisted on an email verification link or code being sent. I really don't care how inconvenient it is (including for myself) but I think it's absolutely stupid not to do it. I also wish they went a step further and had a "This was not me" link to just fast track the whole thing. Companies just don't want to take this stuff seriously, they just want new users to be able to sign up as fast as possible.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020