Maybe if you bounce the emails as undeliverable for that email address, the servers at Paypal might log that the users email address is no longer able to received mail and flag up the account to customer services?
Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back
A Register reader says that for months he has been dealing with unwanted emails and alerts because a domain he purchased is connected to someone else's PayPal account, and PayPal doesn't seem to care. Aaron Sadler says the trouble began last year when he repurchased a domain he had previously owned and allowed to expire. After …
COMMENTS
-
-
-
Friday 18th October 2019 12:45 GMT DJ Smiley
Re: Or
In the UK at least, with a bit of a dim Judge this could be classified as 'hacking' and the various offences that carries.
The same way I think you could technically find someone's front door open and left on the catch by accident, lock it for them, and be done for trespassing.
However, one of these things is likely, and the other is just absurd.
-
Friday 18th October 2019 13:32 GMT Christian Harten
Re: Or
In German law there is the concept of "Geschäftsführung ohne Auftrag", basically means entering into a contract on someone else behalf without them agreeing to it before hand, done in the interest of the person or entity. Typical examples would be having someone's car towed from a flooding area or rendering hospital care to an unconscious person. I guess this would qualify too?
-
-
-
Friday 18th October 2019 13:03 GMT hellwig
Re: Or
Probably would have just left the original owner S.O.L. (insert clever definition here). Years ago my wife attempted to register a paypal account, back when you had to have a bank account associated. Paypal said there was already an account with her bank information, so she needed to use a different bank account. If she had created the Paypal account, and it wasn't an error on Paypal's part, she had no idea what email or other information she had used (password recovery for all the ones she new didn't help). As such, she was basically unable to use Paypal until they started allowing you to register with only credit cards years later.
Imagine that, you go to Paypal willing to prove you own a bank account, and all they do is tell you "sorry, someone else appears to be using that, so fuck off".
-
Friday 18th October 2019 13:35 GMT bombastic bob
Re: Or
"I'm baffled as to why he didn't reset the PayPal accounts password, login, and close the PayPal account."
that's pretty much what I was going to suggest. Might not hurt to forward a hard-copy of the closure acknowledgement to THE BANKS whose accounts are associated with the PayPal.
-
-
Friday 18th October 2019 23:22 GMT MR J
Re: Or
Because no one has ever sold a phone with an existing SIM card in it.
Nor has anyone ever had a number removed for non-payment either (then re-issued by the telco years down the road).
So have you planned what to do when someone gets ahold of your sim card and ports the number over straight away, I am sure a different carrier isn't going to help you retrieve that lost number.
-
-
-
-
Thursday 17th October 2019 19:47 GMT ds6
This isn't particularly surprising coming from PayPal. What's most surprising is that the original account owner hasn't contacted PayPal or the new domain owner in regards to their account potentially being hijacked. Makes me think maybe they weren't being so legitimate as to the use of their account, and they don't mind if someone else takes ownership of it...
It's bad for the owner too if that were the case because the account could be used for libelous activities.
-
-
Friday 18th October 2019 09:30 GMT Zippy´s Sausage Factory
I was going to say that. I expect PayPal would probably say "data protection", which half the time seems to be used instead of "this will take too long and push down my 'answered calls per hour' so please go away". (I once had a mortgage company do this to me to try and avoid telling me that they'd messed up collecting my direct debit, so they could blame it on me...)
-
-
Thursday 17th October 2019 19:49 GMT BrownishMonstr
Surprised PayPal are doing this.
I assumed they take my personal data and privacy very seriously.
I mean, they've locked my account and send emails telling me so. Suspicious emails, like they were sent from hackers. But it seems other people have received similarly suspicious emails and have verified these to be genuine. Plus my account is locked out, but I don't feel too comfortable asking them to unlock it. Can't remember why but it sounded like a joke.
-
Friday 18th October 2019 09:27 GMT ibmalone
I too have got the genuine, out of the blue, paypal "your account has been locked, click here to reactivate!" emails. At least, that's what their phishing report emails said about them when I forwarded. Some looked less genuine than others. (Not mocked up phishing emails purporting to be from paypal carrying their logo, though of course I get those too.) And, yes also, when this happened a couple of years ago and I went direct to the paypal site to try to log in there rather than following a strange link there was also something that seemed quite odd about the unlock process, but at only one coffee in I can't remember what it was.
-
Friday 18th October 2019 09:49 GMT Cederic
"I assumed they take my personal data and privacy very seriously."
I've never seen that from Paypal since the service was first made available. The only thing they take seriously is getting your money.
Even now they're regulated by the FCA I wouldn't trust them with any of my money. They've tried to steal it too often in the past.
-
Friday 18th October 2019 18:28 GMT Palpy
Re: "...they take my personal data and privacy very seriously."
Oh, I'm sure they do.
Awhile ago I began getting emails from PayPal saying my account was going to be deleted because I hadn't used in donkey's.
"Good", thinks I, if I could have figured out how to delete the damned thing two years ago I would have done it myself. (I couldn't be arsed to work much at it -- the credit card connected to it was expired anyway.)
Now it's gone, and I don't worry / I'm sitting on top of the world.
-
-
Thursday 17th October 2019 19:53 GMT Mike007
A white hat would add a filter to drop the emails.
Someone whose hat had faded a bit with age might be tempted to do a password reset and start giving out free refunds.
Someone with a hat that started off a different shade might make some donations to respected charities.
Someone with a hat mimicking the colour preferred by the goth community might decide to transfer the other persons funds to their personal account for safe keeping.
-
-
-
-
Friday 18th October 2019 10:35 GMT Richard Cranium
The larger the organisation the greater their focus on cost-cutting hence "help" desks staffed with staff paid statutory minimum (or off-shore for a dollar a day) and pressured to close calls fast. A large business can afford to lose a few of their millions of customers (probably want to lose those who need a lot of support).
I've experienced excellent customer service using small local ISPs but then along comes someone like GoDaddy, buys them up and - well, time to move on.
-
-
-
-
Thursday 17th October 2019 19:56 GMT Solviva
Is there no physical address associated with the account? Buy a stamp and send a letter to said address saying you have their paypal email address (obviously don't include the email address or at least show just a few characters) and ask them to reply to the email address which is associated to the paypal account. If it's a fake address then whoever gets the letter won't be able to email their reply.
Give it a few months for them to reply, and if no reply appears then change the email address associated with the paypal account to a disposable address and remove the original address.
-
-
Friday 18th October 2019 08:55 GMT VinceH
"How hard has this Reg reader really tried?"
Does PayPal include that physical address in emails sent out to users? AFAICR, no, they don't - so the person who owns the domain wouldn't have been able to determine that address.
(Note they deliberately carried out a password reset - which would be by attempting to log-in and clicking on the 'forgot password' link, or however it's done for PP, but that was just to confirm it as an email address genuinely associated with PP; they wouldn't have been able to actually reset the password due to the security questions, so wouldn't have been able to get in and see the postal address.)
-
Friday 18th October 2019 09:09 GMT VinceH
As I hit submit on that, I suddenly remembered Amazon and their old forked account problem - which at the time I realised what had happened, they'd already fixed, but I think by accident rather than by design. Written up here, but in summary:
In August 2010 I decided to change the domain I was using for per-site unique email addresses, and in some cases passwords as well. In Amazon's case, the change included the password, and at that time it was possible to change both at the same time.
Thereafter, I started getting spammed by Amazon at the old address, and when I got in touch with them about it they told me the old address was still linked to an Amazon account.
It turned out that when I made the dual change of email address and password, their system actually split my account in two and treated the old one as a new account for the purpose of promotional crap. However, I was able to reset the password on it and log in (no security questions) and it still had my card details etc associated with it.
If that had been a case like this one, the new domain owner would have been able to make purchases from Amazon on my cards. (But an honest one would be able to see my postal address and let me know).
Amazon refused to accept this was a problem - albeit one that had been fixed, possibly by pure luck - by the time I realised what had happened, the email address and password change options had been separated; they could no longer be done at the same time. However, my argument was that there could have been similarly forked accounts out there just waiting to be accidentally discovered by miscreants.
-
Friday 18th October 2019 13:50 GMT bombastic bob
a) reset password (you own the e-mail)
b) follow the reset links, change password to something funny
c) change e-mail address to something different [a throwaway 10 minute mail address would do ya] in which you receive the confirmation (if any), and then forget it.
d) close the account. If "it won't let you", just leave it sending SPAM to a fake mail address.
problem goes away. This after trying to do it the NICE way, of course.
-
-
-
-
-
Thursday 17th October 2019 21:53 GMT Roland6
>What's simpler?
Well, if the paypal account is drawing monies via a payment card, the payment card will at some point within the next 3 years expire at which point all payments will be bounced and the paypal account becomes useless to its original owner...
What is noteworthy is the El Reg reader isn't reporting receiving emails from sources other than Paypal.
-
-
-
Thursday 17th October 2019 21:38 GMT Roland6
Re: Presumably there is a payment method approved...
Well as there is a live bank card/account associated with the account, it would be possible to do as this person did: Faster Payment of £0.01 was paid into your account
Alternatively, use the first four digits of the registered card to identify the card issuer and contact them. From (UK) experience, the traditional banks will proactively contact the account holder.
-
-
This post has been deleted by its author
-
-
-
Friday 18th October 2019 15:21 GMT Peter2
Re: He made more than a reasonable effort
I have done this precisely once, and that was reporting spam arriving at the rate of about 30 emails per second to hotmail's abuse@ address.
I sent one email to abuse@hotmail with a report in their preferred format of the time and got an automated email thanking me for forwarding it on and promising to look at it before the energy death of the universe.
About twenty minutes later I wrote an outlook rule to forward each individual email over and delete the original from the mailbox and ran it on all of the existing emails as well as the new incoming ones. It got a "please stop doing that!" email within minutes. Suffering from some guilt I then started to cancel it, and instead decided to go and make a coffee for everybody. The accounts in question had been suspended by hotmail support by the time I got back. I still feel a twinge of guilt for doing that, but it was effective enough.
In this case, i'd have set the forwarder to create a new GDPR breach notice to the ICO with the email attached, and the attempt to inform PayPal of the change of address attached.
Possibly the same with lodging complaints to the FCA for each. I'm pretty certain that this would have received a fairly swift response. And I wouldn't have felt so much as a twinge of guilt about doing it, so years of working in IT must have made me a bit BOFHish.
-
-
-
Thursday 17th October 2019 20:15 GMT chuckufarley
Whe someone uses my email address...
...to create an account with some service provider I normally just perform a password reset on the account and then delete it. If they used my email address by mistake they might not even know if they saved the login details in their browser.
If Mr. Sadler lives in the EU he could report PayPal for violating the GDPR by sending him someone else's financial records. While the case might not go anywhere I am willing to bet that government scrutiny would light the proverbial fire under PayPal. If that didn't work I would seriously consider using the account to violate their T&C's so they would ban it.
Either way, if I couldn't return the account to the rightful owner I would make sure it was no longer functional.
-
-
Thursday 17th October 2019 21:12 GMT Sgt_Oddball
Re: Whe someone uses my email address...
That depends on the domain, if it's a .co.uk domain or even heavens forbid a .EU domain (or some other national TLD) then a UK/European address has to be provided to register the domain. Ergo, the owner falls under GDPR rules. If its a .net, .org or .com then that's trickier to fathom.
-
Friday 18th October 2019 15:42 GMT Peter2
Re: Whe someone uses my email address...
Mr Saddler doesn't have to live in the EU, but the owner of the PayPal account does. As their identity is unknown, a GDPR violation is unlikely to be considered
Nope. All that's needed is the notification that PayPal which is registered in the EU is ignoring notifications that they are sending out highly personal information to an unauthorised third party, and have been notified of this, but are still doing it regardless.
Casework@ICO will make rulings against firms on vastly, vastly more tenuous grounds than this.
-
-
Friday 18th October 2019 09:51 GMT Cederic
Re: Whe someone uses my email address...
PayPal Europe Ltd is regulated by the FCA, so forget GDPR, that can only fine them 4% of global revenue. The FCA can put people in prison and close the company.
In the first instance they're more likely to merely scare the living shit out of the UK executive, but that alone would be useful.
-
Friday 18th October 2019 10:37 GMT DontFeedTheTrolls
Re: Whe someone uses my email address...
"in the EU he could report PayPal for violating (GDPR, FCA, etc)) sending him someone else's financial records"
Not sure PayPal would be found in breach here. They did their Know Your Customer due diligence on the records provided (the email address@domain) so why should they not continue to supply said email address with account information unless the customer could prove they provided PayPal with new contact details and PayPal failed to implement such details.
The account owner is at fault by "releasing" their account details, and is probably liable for any losses incurred according to the PayPal T&Cs on keeping account details secure.
-
Friday 18th October 2019 12:23 GMT imanidiot
Re: Whe someone uses my email address...
As soon as someone notifies them they are NOT the legitimate recipient and that the intended recipient is no longer the owner of that address, paypal should have taken action (By stopping that accounts "balance updates" for instance). Paypal definitely didn't correctly handle the situation here.
It's like someone moving but forgetting to update their bank details (it happens). If the new homeowner notifies the bank he received post not intended for him, the bank SHOULD stop sending stuff to the old address.
-
Friday 18th October 2019 14:21 GMT bombastic bob
Re: Whe someone uses my email address...
As far as snail mail goes... writing 'return to sender, address unknown' on the envelope and putting it back in the mail usually stops more from coming. Also works to help stop voter fraud [I recently received a confirmation of address from the registrar of voters indicating a name I'd never heard of - and yes, I marked the "wrong address" box as well as 'return to sender' on the front]
-
-
-
Friday 18th October 2019 14:05 GMT bombastic bob
Re: Whe someone uses my email address...
it could also be a malicious and/or deliberate use of your e-mail address as a "Prank"...
a) malicious hacker grabs e-mail address of someone, signs up to "some service"
b) this service is poorly designed and does not send confirmation mails making it an instant target for abuse by malicious hackers.
c) malicious hacker signs up to every e-mail list available through that service, then goes away
d) victim gets mail bombed
That sort of "prank" doesn't work very well these days. I haven't seen it for YEARS, though I've been on the receiving end of things like that more than once. USENET trolls. It's worth +10 points if your pet troll does things like that. (The dating service for farmers was the funniest) It's worth +150 points if you can use it to (in any way) track them down IRL though... ! (the subsequent doxing becomes a spectator sport)
-
Friday 18th October 2019 18:18 GMT ExampleOne
Re: Whe someone uses my email address...
I am not sure Mr. Sadler has standing to sue over the disclosure of a third parties data, especially as there is a prima facie case that the disclosure was authorised, even if by mistake.
However... he would without question have standing for a GDPR case over their use of HIS email address without authorisation once he requested they stop. Email addresses are quite definitely protected personal data within the scope of GDPR!
-
Thursday 17th October 2019 20:55 GMT Stevie
Bah!
If the email attached to a PayPal account starts bouncing eg because the mailbox is full, what do Paypal do?
Because it occurs to me that if the domain owner were to bounce incoming emails then he/she might be able to trigger the account owner into making a call to Paypal and fixing the problem from his/her end.
-
Thursday 17th October 2019 21:49 GMT Pascal Monett
As I've said before
PayPal is not your pal. As long as everything is fine, you can be happy, but when things go pear-shaped PayPal is the last place you can expect to find help from.
Especially since there is no phone number to get someone to talk to and resolve the issue.
Use PayPal at your risk and peril.
-
-
-
-
Friday 18th October 2019 09:39 GMT stungebag
Re: As I've said before
Then, technically, every London phone number you've seen has been wrong. Try picking up a landline phone in London and dialling the local part of the number: i.e. after the first space. You'll soon find that dialling the bit after 020 works, if you also drop the 3/7/8 it doesn't work.
But who cares? How many calls are dialled as a local number these days?
-
Friday 18th October 2019 10:03 GMT ibmalone
Re: As I've said before
https://www.royalfree.nhs.uk/contact-us/ 020 7794 0500? Seems fairly normal.
Though I'm not sure there's anything official about the number groupings. My mobile bill does 5-6, but I think I've seen them all run together in the past.
The evolution of my parents' Northern Irish number over the years, starting when area code mattered for pricing local vs long distance in the UK. The last 6 x remain unchanged throughout:
02xx xxx xxx : area code is the 02xx bit, so you could write 02xx xxxxxx
012xx xxx xxx : 1 inserted to all UK area codes prior to the introduction of the new 02 block.
028 9x xxx xxx : NI area codes all rolled into 028 (same time as London becomes 020), the local number prefixed with 9x, to make 9xxxxxxxx the number.
028 9xxx xxxx : my dad insists this is the way it's always been parsed, but I'm pretty sure it was never 02 xxxx xxxx...
Writing London numbers with the last four digits seems to have been a thing back to at least the early 60s. If you look at old posters, like the ones buried under Euston station, you see numbers given in the form "FLEET 4000", which seems very Passport to Pimlico now.
-
Friday 18th October 2019 11:04 GMT stungebag
Re: As I've said before
I'm getting a strong sense of deja vu here, such discussions were common just after the last London area number changes.
Here is a brief history of London number changes. This is from memory, so details may be out.
When I was very young London phone numbers were of the form Exchange Name xxxx. For instance Bowes Park 9283, or Whitehall 1212. Within the exchange you could just dial the last four digits (I think).
The along came Subscriber Trunk Dialling (STD - no, not that sort). London now had all-figure numbering so the old exchange names were replaced with three letter codes. These were often, but not always, the numbers on the dial corresponding to the first three letters of the old exchange name. So ABBey becamse 222 and ENField became 363, but Bowes Park did not fit the pattern and became 888. London now acquired an STD code, 01, that was needed to call it from anywhere outside.
You now needed to dial all seven local digits (but not the 01) to make an call wholly within the 01 area.
The number of lines grew and a temporary solution was needed to avoid running out of numbers, so the London area was split into inner Londion (071) and outer London (081). Within each of these you still only needed to dial the last seven digits, so to call 081 363 3629 from 081 888 9223 you'd omit the 081 (and it was commonly believed that not to do so would cost more). But calling from, say outer London to inner London you had to use all 11 digits: to call London Transport from, say, Croydon you needed to dial 0171 222 1234.
Along came PhoneDay. 071 became 0171, 081 became 0181 but nothing else changed so far as London was concerned.
Later still there was another rejig. London was reunified into a new area code, 020. Those who had been in 0171 had a 7 prefixed onto their numbers, and those with 0181 had an 8. But that 7 and 8 formed part of the locally-significant number. The area code was, and remains, 020.
It was made clear (to those who listened) at the time that BT no longer considered there to be a geographical distinction between 020 7 and 020 8, the distinction was purely historic, and they would introduce new London numbers that did not start with 7 or 8 (e.g. 3).
Once again you could call any London number using just the local part, i.e. the final 8 digits, usually beginning with 7 or 8. But the message never really got home. The split had got people used to dialling the full national number, and the rise of mobiles, which always require the full number, means that local dialling is almost extinct.
Historically when writing London numbers down the first space was always after the area (STD) code, so numbers went from 01 222 1234 to 071 222 1234 to 0171 222 1234 until we reach 020 7222 1234.
The second space was after the old local 'exchange' part, which has become obsolete but the gap aids readability and memorability.
It's only in the last few years that the insidious 0207 etc. has reared its ill-informed head.
-
-
-
-
-
Friday 18th October 2019 09:17 GMT Anonymous Coward
Re: As I've said before
I heartily agree, they have been on my shit-list for nearly 2 decades, after taking money from my bank account without authorisation and basically telling me to fuck off when I complained.
We are not talking a small amount either, it took my bank account £600 beyond my overdraft limit, plus over £100 in bank fees.
-
Friday 18th October 2019 11:33 GMT Kubla Cant
Re: As I've said before
Some years ago I made some purchases from eBay using a PayPal account linked to my credit card. In due course I received an email from PayPal saying "you've spent so much money that you can't use your credit card any more - please link your PayPal account to your bank account". After the briefest consideration I decided that wasn't a good idea.
Sounds like I had a lucky escape.
-
-
-
-
Friday 18th October 2019 10:15 GMT ibmalone
1) contact a retailer from the receipts, explain situation. Dknt ask for the user details because obviously they wont do that but ask them to relay the message?
I wonder how they would go about doing that legally now? It would fit under legitimate interests (the third party, weirdly, being the data subject), but do they have to have outlined the legitimate interests use of the data to the customer in advance? They're also supposed to make a record of the assessment performed. ("We thought they'd like to know their bank details were being sprayed over the internet" should suffice.)
-
-
Thursday 17th October 2019 23:51 GMT .james
I registered my family name with an s on the end and set up catch-all email. Got a load of spam but one address in particular seemed different. Important stuff like doctors appointments were coming in. Eventually I logged into a shopping website with the email and found a mobile number and sent a tentative message. Turns out the guy had the same domain but with 5 on the end. Every time he wrote it on a form somebody thought it was s, so I just set a forwarding address for him.
-
Friday 18th October 2019 05:04 GMT Nick Kew
I had a case like that with my .com domain receiving small amounts of legit-but-misdirected-looking email for the owner of a .net namesake. The email bounced (I don't use a catch-all), but I saw it in the logs with non-spam subject lines. I contacted him, confirmed the situation, and set up forwarding on that address.
-
-
Friday 18th October 2019 01:11 GMT adfh
Trying to report when people sign up with my addresses is painful
I feel the domain owner's pain.. I have several domains, G Suite accounts, plain Google accounts etc.. It seems that one of the gmail accounts in particular is a favourite typo of someone in Ireland, and someone in the US.
I get signups for Nike, Bank of Ireland, school newsletters, Yoga, trade deals in Dubai, stationery purchases in the US etc.
Trying to find a contact address to report this shit is painful.. They all want you to sign in with an account before they even dream of handing over a contact form, and even then, they often just come back with a regurgitated KB article.
What happened to "You can't activate this email address unless you click on this link in the email, get this email by mistake? Click here to cancel it!" Oh no.. these days it's "all good to go, full steam ahead".. how hard would it be to provide a link that says "This email isn't for me!" at the bottom of these things?
-
Friday 18th October 2019 06:49 GMT Tom Wood
Re: Trying to report when people sign up with my addresses is painful
Likewise. I have a vintage Gmail account (from when they rolled it out invite only to Blogger users) with a short username. The number of people who get my email address either through typos or through being too stupid to know their own email address is ridiculous.
I've received all sorts of order confirmations, 'your car is ready to collect from its service', 'reminder of your dentist/hairdresser/therapist etc appointment', website signups, circulars for community groups etc. Aside from the community group ones invariably I have to mark them as spam in Gmail (which they are, since while the businesses may be legitimate they are certainly unsolicited emails).
-
-
Saturday 19th October 2019 19:25 GMT Martin
Re: Trying to report when people sign up with my addresses is painful
I cancelled the hotel booking some dumb cluck made using my email address...
I was a bit kinder than that. The booking included his home address, so I sent him a letter explaining what he'd done. Bit old-fashioned, but it worked.
He emailed me back, very apologetic!
-
-
Friday 18th October 2019 09:18 GMT Anonymous Coward
Re: Trying to report when people sign up with my addresses is painful
Ditto, a few years ago I was receiving newsletters from the Sierra Club, car forum discussions and confirmations for car servicing in Florida etc.
Trying to talk to the companies involved was like talking to a brick wall - except the Sierra Club who stopped it at once, kudos to them.
The car dealership totally ignored me; after two years I had had enough, so I started using the account to book in fictitious and highly expensive cars for servicing and repair work.
A couple of weeks of that and no more emails.
-
Friday 18th October 2019 13:00 GMT WolfFan
Re: Trying to report when people sign up with my addresses is painful
That wouldn’t have been Brandon Volkswagen, would it? Several years ago they started sending me all kinds os bumf and wouldn’t stop... until I started sending, to the listed address for their director of sales, replies asking why I should buy a vehicle which trailed poison gas behind it wherever it went, and if it true that they were really the new SS Special Action Group, this being just after the Great Diesel Scandal. That stopped them. And their site was updated to remove all email addies.
-
Friday 18th October 2019 15:30 GMT JohnFen
Re: Trying to report when people sign up with my addresses is painful
"What happened to "You can't activate this email address unless you click on this link in the email, get this email by mistake? Click here to cancel it!""
Companies should not do that, because of the existence of phishing.
What I've seen more and more of is getting an email without links, but providing a temporary password with instructions to log in to complete account creation, and informing you that if you weren't trying to create an account, then you can ignore the email.
-
-
Friday 18th October 2019 03:22 GMT Allan George Dyer
"as if by magic"
So how was it resolved? How was the owner traced, and how was it confirmed they were really the owner?
Personally, I'd think this is like finding a wallet. It's lost property, hand it in to the Police. Report the situation, and set up a forward to the email of the office on the case.
I wouldn't want to reset the password, even to just look for other contact details, because that would be unauthorised access. The Police can do that in their investigation.
-
-
Friday 18th October 2019 09:53 GMT The Dogs Meevonks
Re: There are no humans at Paypal
The only time I've ever had any kind of email response from them is when I've had to raise an issue over a payment... which is far too often when you get caught out by scamming chinese sellers masquerading as UK ones who sell items with 2-3 day delivery only for the date to suddenly change to 1 month as soon as you've paid.
-
Friday 18th October 2019 03:39 GMT Some Random Kiwi
similar problem but with a GMail account...
Got a GMail account that got associated with someone in the UK's PayPal -- except that I've had it since day 1 of GMail when it was invitation only.
PayPal says they can't possibly have associated the e-mail with the account without the user proving they have access, so they're unwilling to do anything about it. And yet...
All attempts to break the association have failed, even invoking GDPR to have them forget any personally identifiable information.
-
Friday 18th October 2019 09:16 GMT Anonymous Coward
Re: similar problem but with a GMail account...
I'm having an extremely similar situation. I signed up to PayPal years ago with my @googlemail address. About a year ago I started receiving PayPal receipts and info emails to the @gmail version of the address but under someone else's name.
Initially I thought it might be fishing but it appears that somehow PayPal have allowed someone to set up a PayPal account with that email without verification. I basically found out by trying to log in and reset that person's password.
PayPal are adamant it's not there problem but that Google is at fault of they "can't tell the difference between @gmail and @googlemail
Google have quite rightly said the issue lies with PayPal not verifying emails during account set up properly. And I have investigated and determining my Google account has not been compromised.
I've given up trying to get PP to get of their arse and do something.
-
Friday 18th October 2019 07:44 GMT Anonymous Coward
We need legislation to force proper closing of old accounts
I have been receiving emails for years from an incompetent estate agent who is incapable of cancelling them. He cannot find me on their system.
Also I have not worked out the best way to cancel old email or other accounts. If I just cancel straight away there is a chance the new owner will pickup some of my old stray emails. The best way seens to be to have a long idle period before shutting down.
This same issue applies to all such accounts, phone numbers etc. The first difficulty is that there is often no mechaism to cancel anyway or it may involve identification, email or another item which is no longer accessible.
This is a massive problem generally and a clean mechanism for closure should be required by legislation for every such account that is created. The trouble is that doing it properly needs full authentication and destroys the use of anymous inernet.
-
Friday 18th October 2019 08:59 GMT Lee D
Re: We need legislation to force proper closing of old accounts
I once solved a similar problem by creating a rule to bounce all email from that domain back as an "Undeliverable" message to an address I found that auto-responded (someone's vacation address) and their postmaster.
It still took them a few days to spot the problem, but my server was obviously more powerful than theirs and they obviously noticed the email loop and took more notice of that than they ever did of me.
-
-
Friday 18th October 2019 08:35 GMT Lee D
I get this all the time, but from the other side.
I have a surname that's common in Ireland and with my first name is apparently quite a common combination.
Thus I get an awful lot of people thinking that my emails at popular domains (e.g. Gmail etc.) are actually theirs. They often throw in a dot or similar but they always forget that theirs must have a number or a hyphen or something completely else because pretty much any combination of my name and a dot at those domains will drop into my account, not theirs.
I get plane tickets, car rentals, Paypal accounts, demands for debts from Ireland (I've never been to Ireland in my life, and the details aren't mine), Littlewoods, all kinds.
Where possible, I used to inform the companies. They never understand the problem and I end up in circles because I'm NOT the guy who gave them that email, so they won't talk to me. If I unsubscribe, that gets rid of some spam but it doesn't stop the financial stuff and plane tickets, etc. So I've taken to just putting them in the spam folder. Sorry, Mr Lee D in Ireland... I tried but I can't spend my days chasing your stuff for you if you haven't even noticed that your PayPal is on my email not yours, and I could open it up, confirm whenever you try to add a credit card, spend all the money, and close the account and you'd be none the wiser really. I don't. I just delete them. So the account never gets confirmed and eventually you realise. I've even had people PayPal me large amounts of money to that address, obviously thinking it's someone else. I just refused it. They tried three times. Then, I think, they realised their mistake and stopped trying.
Where there were details (e.g. billing addresses on invoices, etc.) I've even sent letters explaining the situation and got polite and grateful replies and had people close their accounts as soon as they received my letter. But it's too much effort to keep doing it, and the companies just don't care about clearing it up unless it comes from the account holder. When it was a one-off, it was just being a good person to someone who had made a silly mistake. Now, it's just spam.
And I've had a couple of "How dare you take over my email?" kind of responses, when I've had the same email addresses for the last 20 years in many cases. I don't need that.
Not for me? It's spam.
Unexpected email from a company I have no dealings with? In the bin.
Fortunately, all my *real* email is at a bunch of domains that redirect all my mail to one location, so it's really easy to tell "real Paypal email" from either complete phishing attempts or people mistakenly signing up with similar names on popular email hosts, even if they all end up in the same mailbox.
After a while, it's really wearing, though.
Hey, Littlewoods Ireland. Sort your system out, and require an opt-in before you send me a copy of every letter you send the guy in Ireland! And have an opt-out on the email itself.
The day we sort out email and have it properly done (i.e. to send me email you need an alphanumeric security token that I send you, and without that you absolutely cannot send me email at all, and you can't re-use that token to send me email from anywhere else, and I can safely refuse all emails without such tokens, even if that's all wrapped up in a client/server certificate verification on the protocol itself), I'm just going to treat it all as spam.
And there's a reason that I never let certain domains expire, and why I have backup domains which I can switch to. I don't want *my* Paypal etc. 2FA emails going somewhere else either.
-
Friday 18th October 2019 11:32 GMT STOP_FORTH
Gmail specific
As well as fat finger problems you have a GMail specific problem. (I apologise if you already know all this but, if not, read on.)
GMail allows uppercase and lowercase letters in e-mail addresses. More importantly you could register LeeD, Leed, leeD, and leed as e-mail names even though they should all map to leed in "SNMP namespace". It then helpfully sends incoming mail to either leed, the first to register or just random variants on "leed".
Spaces, underscores and hyphens are similarly munged, ignored, misaddressed etc.
I think there was an article on the Reg about this earlier this year.
This happened to a friend of mine. (Also has an Irish surname, not sure if that is relevant.)
I have a common Scottish firstname and surname combination which has caused me e-mail problems in the past. For Gmail I added extra letters, which has prevented any problems so far.
-
Friday 18th October 2019 12:02 GMT Loyal Commenter
Re: Gmail specific
This happened to a friend of mine. (Also has an Irish surname, not sure if that is relevant.)
Oddly enough, something very similar happened to my wife a couple of years ago. And yes, she has an Irish surname too. Does Google have something against the denizens of the Emerald Isle perhaps?
-
Friday 18th October 2019 13:49 GMT STOP_FORTH
Re: Gmail specific
My theory is that the Celtic parts of the British Isles don't have such a variety of surnames and firstnames as the Sassenach bit. In addition to that, many Scots families persist in the practice of naming eldest son after the father. So you could have the same name as your father, grandfather and great grandfather. (This was common in England in the Middle Ages, and possibly after.)
Of course, this effect is slightly offset by the sheer number of English people.
Mumble, something something, collision space?
(Icon - See you, see me, you're my f*kken pal.)
-
-
-
Saturday 19th October 2019 18:57 GMT Anonymous Coward
common names
This can be funny to so some levels. I also have a common name and after many years with my ISP I decided I needed some new junk mail mailboxes. Checked and found my name was available as initial+surname. Something not available when I joined, so it was clearly going to have old mail heading for it.
I think Currys were the worst at refusing to delete the data. They got lost in some spiral of demanding Proof of ID from me... while I was pointing out that the ID is not going to match the account due to the out of date data. I think that one is still in place.
The funniest part was when heaps of Masonic emails started to turn up. This guy was high up in his local branch so I'd get tons of details on their next meetings being copied by other members with out of date contact lists. Fascinating stuff.
-
Saturday 19th October 2019 19:23 GMT Anonymous Coward
Re: common names
(Not sure if this post is okay, so I split it from the above in case it upsets anyone)
One bad side of these emails is it showed that this Masonic group was a little "odd". Clearly not normal Masons.
When a series of really extreme racist "jokes" started to be cc'd to me by members of this group they got a reply from me. A rather loud reply quoting their own bible back at them. "Love Thy Neighbour" and all that jazz. I ripped in to their racism and pointed out they need to check who they are copying posts to.
What is funniest is this happened to a group who act so secretive. And yet they can't keep their own address books up to date.
I did get an apology. Though years later I still get the odd message copied from them.
-
-
-
Friday 18th October 2019 08:46 GMT Anonymous Coward
None of the advisors I have spoken to seemed to have any understanding
A full stop is required after this statement. But I'm surprised that he's surprised. I mean, unless he was born yesterday (with a mobile in his mouth), he must have dealt with "customer disservice" from anything big enough to offer this unique, across the board, non-experience. And I don't blame those hapless captains of the gig-economy who are paid peanuts in Indonesia or Mars, I blame us, the "consumers", who have been turning the blind eye as to how the Mr Ebays and Mrs Paypals actually make their fortunes. Rant over.
-
Friday 18th October 2019 09:13 GMT Mike 137
Roll on the disrupters!
Oh the joys of unregulated intruders into regulated industries. One wonders why industries such as banking, taxis, accommodation were regulated in the first place, as the competition seems to be able to sidestep all the hard won protections and nobody seems to care.
-
Friday 18th October 2019 12:45 GMT dajames
Re: Roll on the disrupters!
Oh the joys of unregulated intruders into regulated industries.
Indeed.
PayPal was originally supposed to be for "micro payments" -- for people to use to buy and sell stuff on eBay for a handful of dollars at a time, for payments too small for it to be worth using a credit card. It seemed a fairly neat idea to use such a system for those purposes, at least until the likes of Visa Cash got going ... (Visa what? I hear you ask ... yes, well, it was a long time ago).
Lack of any sort of competition from the established players in the payments industry let them grow too big for their boots, handle larger payments, become credit-card acquirers ...
Then the buggers got greedy.
-
-
Friday 18th October 2019 09:36 GMT Anonymous Coward
Potential Solution
The forwarded emails will contain metadata in the emails from the email account of the stranger who is forwarding them. Look in Message Details under Properties in Outlook or online there will also be an option.
Once you've found that email address, run a search on the WHOIS to find the registrar. It will most likely be redacted however the company it is hosted with will show. Go to that company's website and file a support ticker stating your problem and request they send your contact details onto the owner. If he is worried he will reply guaranteed.
-
Friday 18th October 2019 09:51 GMT The Dogs Meevonks
I've found that in recent months, the only way to get a response from a company and get them to actually take action on something is to simply tweet them a snotty post including hashtags like #scammers #fraudsters #incompetent.... and don't do it once... but repeatedly every hour or so until they respond.
Doing this I've been able to get amazon to resolve an issue where they basically stole over £500 from my bank account, an insurance company who were failing to respond to my claim after an uninsured drunk driver wrote of my car... and that was costing the Motor Insurance Bureau money every day for the hire car (it probably cost almost as much as the payout due to their delays for nearly 2 months).
Then when I wanted to transfer my breakdown cover to my new car... they failed to respond until I again made a snotty tweet... and actually made things far worse by being obnoxious and condescending because I dared to complain publicly about crappy services. In the end I got a full refund and went back to the previous company I was with who ended up being cheaper as a new customer rather than the 'renewal' price that caused me to switch in the first place.
If you can't get the press behind your story to force a response... then the only other choice you have is to make a complete nuisance of yourself and make sure that any searches for hashtags for that company include your irate, condemning results.
-
Friday 18th October 2019 10:37 GMT Hoe
Funny I was thinking just last night, should I move my Paypal to my Domain Email Account, as I hardly use my Yahoo one for much these days other than Paypal.
I nearly did too but couldn't be arsed and thought this weekend, suddently I don't want to thanks, I think I'll move it to gmail instead, not that I am planning to let my Domain exprie but still not wort the risk!
-
Friday 18th October 2019 11:25 GMT Anonymous Coward
Here's the problem: "...catch-all forwarder..."
Never do that. Going back to the mid 1990s I'd got a catchall on my .co.uk domain. It was useful for capturing typos like stephen/steven/stefan/steve as well as a handful of other names into one mailbox. A local university had almost the same domain name but .ac.uk
When I first started getting emails between students, staff and university admin I tried to be helpful but it escalated. When I alerted their admin that I was getting confidential stuff like staff reviews his response was that it was my fault for buying that name, that I was breaching confidentiality by opening the mail (he couldn't explain how I was supposed to know that an email in my mailbox wasn't intended for me without opening it) and that I should relinquish the highly desirable name (short, single word, relevant, proper noun. I've had offers to buy it for USD50k).
The final straw was when I returned from lunch to find 32768 spam emails waiting for me, the most the mailbox could accommodate, each addressed to a different name @my-domain. (That was genuine spam, not university related).
I promptly cancelled the catch-all, flushed the account and set up specific forwarders for stephen/steven/stefan/steve etc to a single mailbox. The university is probably still sending me their staff reviews and salary details but I never have to see or deal with them, what happens to those emails? Do I care? [no].
In this instance, sure the guy with the paypal problem wouldn't have got the recipient or El Reg involved in trying to fix the issue but I'd not give a f*** about that.
-
Friday 18th October 2019 12:09 GMT Anonymous Coward
Had issues with them before
Many years ago bought an old Nokia E71 off someone on Ebay. Took the risk as he had no feedback. It arrived cracked. Informed him and he said "Not my problem, take it up with Royal Mail". No it was your problem, you need to sort it as you're the sender. Anyway, he stopped replying. Put in a case to Pay Pal. They were being awkward. Saying I needed to wait the 30 days for him to reply. Told them he said he wasn't going to reply anymore but they said I had to go through the process anyway.
Called their support, no help when got put through to Ireland support centre, yet when I called later and would get put through to, I believe, their Malaysia line they were really nice and friendly and helpful. They helped get the refund and told me not to send the phone back until they contact me with an address to send it. They never did. I ended up with a cracked phone and money back. But took PayPal a while to actually action it.
I then proceeded to restore the phone as he never securely wiped the data and posted all found photos on the web, along with the mobile numbers found.
-
Friday 18th October 2019 12:21 GMT garethm
I've had almost exactly the same thing! I have an Apple @me.com address from back in the MobileMe days, and someone has registered a PayPal account against it, somehow. That's er... not me.
PayPal literally do not care, do not want to care, and say it's not their problem, which I truly cannot fathom.
-
Friday 18th October 2019 12:58 GMT Pirate Dave
Paypal - where the motto of the Customer Service drones is "Sorry, I can't help you with that!".
Years ago, I got a new credit card specifically to use with PayPal. Something on PayPal's end screwed up as I was trying to get the card registered, and the card number wound up in limbo within their system. Called their "customer service" and was basically told there was nothing they could do about it that I'd have to use another card. Stellar customer service there.
Not to mention the ridiculous amount they skim off when you use them as an Ebay seller. After PP and Ebay take their cuts, it's not even worth the time to use Ebay to sell old low-priced network gear.
-
Friday 18th October 2019 20:17 GMT Ken Moorhouse
I tried to register a business Paypal account...
A few years ago I tried to register a business Paypal account for an organisation I was involved with.
It asked me for the date that the organisation came into being. I typed in 1899, and it refused to accept this, saying it was not possible.
-
Friday 18th October 2019 23:38 GMT MR J
Must admit, I Hate paypal.
I once priced up a new computer, and there was this advert for Aria or Scan or someone like that with a big bonus if you buy via PayPal.... Anyhow, I thought why not - I was going to buy said parts at the site anyhow so why not try to get the bonus.
Purchased said parts and then went to claim reward, was told they only paid it once the warranty expired on all goods I purchased. They said that as such they had to wait at least err, 2 years I think it was, before they could process the claim. Eventually they said it should have been one year (once I could no longer return to retailer). Having lots of spare time on my hands I contacted them regularly and each time was told I had to wait. Then about a year or so after, they said that they had no record of the purchase to said company (I sent them a screenshot of their own transaction page) and they said that the claim wasn't processed in time, I quoted all of the old emails to them and we went to-and-fro quite a bit..
Regardless... That was a bit of meh, but I have seen them make other mistakes and never refund for it.
Living in the UK I once sold something to a US pal. They managed to convert the money 3 times in total (taking a charge EACH TIME!) and refused to refund it. Overall the fee was quite large. Not a happy bunny (that's when I quit using them).
I also have tried to "close" accounts for family who have had the owner die. You get the impression that the account is closed, BUT if you monitor the email addresses on those accounts you will see that after a few months PayPal will start sending out emails again, then follow up with offers and pre-approved goodies. Log in for your reward, statement, whatever. If someone ask me now, I delete all information/cards/everything in the accounts, give it a super-secure password, and change it to a random super-long-name email for gmail and then ask for the account to be shuttered. There should be no reason why an account can't be closed.
-
Saturday 19th October 2019 03:16 GMT Chris Clawson
Mostly related
I discovered last year that Ebay was not bothering to verify email addresses after someone opened an Ebay account using my address. Ebay tech support said they would flag the account to make the owner change the address, but after a few days I got impatient, took control of the account and shut it down.
-
Saturday 19th October 2019 08:14 GMT Anonymous Coward
I have 2 email accounts that I use, both of which someone else believes they own. I have phone registration (Samsung galaxy) so can track their phone, reset it etc, ps4 accounts registered with purchases, wedding registration site sign up with a gift registry. Insurance account and renewals. one point I had an email that included some pictures, with text saying, here are those photos of that cock ring I was talking about.
Then one day I also got an email from one of their wivies, so I emailed he back, after a few emails, this was another person added my email to what they bieved was theirs.
Oh and this is by more than 1 person, I think it's 3 so far. 2 in the US and 1 in the UK.
I contacted Sony over the purchases emails but got no response over it. I reset some of the passwords on some of the accounts they set up in the hope to get them to contact the companies themselves. But just kept getting password reset requests. They did stop after a while.
-
Saturday 19th October 2019 12:31 GMT Danny 2
I had a Facebook account that I only ever used to log in to third party sites. The last time I tried to log in it made me change my password via email, which was fair enough as I hadn't logged in for years. Then it asked me to contact three out of four 'friends' it had selected to vouch for me. One of them is dead, another is someone I only knew via Facebook so not really contactable unless I set up a fake account to contact them. I'd quite like to delete the account as it's slightly disconcerting that a dead guy has a stronger social media presence than I do.
-
Saturday 19th October 2019 14:26 GMT Anonymous Coward
Some Brazilian guy keeps using my gmail for registering accounts. It all started with a PayPal account which is still active, the rest seem to be unused.
It is a travesty that these companies do not verify mail addresses anymore. I do takeover any accounts that I can with forgot password functionality but this doesn't work with PayPal.
-
Sunday 20th October 2019 05:38 GMT hayzoos
I cancelled my paypal after they tried to pull a payment from my checking account when I provided a credit card for payment. I was subscribing to a service which used paypal for payment processing. It was $10 per year. I provided the credit card details for payment. I did not receive a notice from the credit card for the transaction, instead I received notice of overdraft from the bank where the checking account was held. I was maintaining it as a sweep account which is why $10 over drew the account. I immediately contacted the bank to dispute the transaction. They reversed the transaction and cancelled the overdraft fee. The very next day paypal tried it again. I contacted the bank again, they reversed and cancelled again. This time though I asked about putting a stop in place. They said there is a stop fee, I said fine, paypal will continue, and so will I. They put a special stop in place since paypal was changing the id of the transaction and no fee for me.
When I cancel or close an account online, I purge or change as much information as possible before closing or deleting.
Why are these emails coming from "noreply"? Why do we have to jump through hoops to contact these companies to answer an email from a "noreply" address? They should be outlawed.
-
Sunday 20th October 2019 23:11 GMT Rob G
So while not exactly the same cause as the original story, the effect is much the same. I have a gmail address from back when gmail was in beta testing. As such, there are many other people (mostly in the US) with my initials and surname that think they have my email address, forgetting all about the '69' or whatever that's on theirs. Because of this, I regularly get signed up to all sorts of sh't. PayPal accounts, hotel loyalty schemes, online banking and the latest, Sling TV, who I couldn't even contact because they block any access to any part of their website outside of the US. I eventually got through to them via Facebook and they cancelled the account. I also receive many forwards and emails from individuals and companies thinking I'm someone else. These emails often contain sensitive information from medical institutes and government departments. I also get a lot of church group stuff. I learned that replying to them to ask them to stop is a waste of time because they have no clue how to co-ordinate removal of someone from a reply-all thread and instead try to suggest I join them if I start getting irate. On occasion I will reset passwords and change email addresses or close the account, but I try not to be too much of a d'ck about it and consider the impact of doing so. Yes, I could just put all the stuff to junk mail, but I want these people to learn.
I just wish all services insisted on an email verification link or code being sent. I really don't care how inconvenient it is (including for myself) but I think it's absolutely stupid not to do it. I also wish they went a step further and had a "This was not me" link to just fast track the whole thing. Companies just don't want to take this stuff seriously, they just want new users to be able to sign up as fast as possible.