This blog is called "camiloaa." That's my signature username. I use it for my twitter, my instagram, my google account and other services. Having the same username in many services is good for your identity, but it gives scammers an obvious target.
My email gets lots of spam and scamming messages, so I didn't think much last Saturday (2017-08-26) when I got yet another message claiming to be Paypal. They come all the time and I just ignore them. But then another message came telling me that my credit card was registered, and for a second it looked like it was indeed my credit card number.
I got curious and checked the email closer. The message was too well crafted for a scammer. So well crafted that nothing made it look like fishing. The links did indeed point to Paypal. No hidden javascript, nothing suspicious except the fact that I never asked for an account in Paypal. Somebody claiming to be Marisol Diaz registered my camiloaa email address for her Paypal account. That was clearly not a mistake, and it was worrisome.
For those never using Paypal, your email address is the main user-id in for their service. If you want to transfer money to someone, you type in their email address to find them, but their registered name is not revealed. It means that it doesn't matter what you claim your name is, what is important is what email you use.
A quick search in Paypal says that you should contact their fraud team to report it, and they will fix it. So I called Paypal in Sweden, and explained them the situation. Their answer was a straight: "We can't do anything about it, because we can't control what email people use." Not only that, but I am not even a client. We can't help you, goodbye.
So I created a Paypal account and contacted them using the one-time code that they give you. I also recorded the whole conversation, in case they "lose" my report. It didn't go any better. After telling the story again, I got the pretty much the same answer "when it comes to email address used by another account there is not so much I can do, you are not the person registered there" [no shit!]. After a long painful conversation, we came to a few points.
- I should have used hotmail.
- If it "bothered" me so much, I should change my email address,
- Paypal is not a bank and they don't have to protect my identity or prevent fraud.
- She implied that as far as she new, I was the scammer and she was not going to flag the other account for verification.
- It is against the law to record my interactions with a company.
About point 1 and 2, I am afraid that for may victims of identity theft changing your identity is the only hope. Because nothing so extreme has happened to me, I was hopping that a company handling payments was going to be more helpful.
What takes me to point 3. Paypal in Europe is registered in Luxembourg as a bank (PayPal Europe S.à r.l. et Cie, S.C.A. R.C.S. Luxembourg B 118 349) and is subject to banking regulations. She said that she couldn't give me information about the account, it makes sense but I never asked for it and I had to repeat several times that I didn't want access to the account, that I wanted them to verify it because I as almost sure they were scammers.
That discussion quickly degenerated into point 4, when I asked how is it possible that I am calling to report an account as a possible scammer and she can do nothing, she said that she can't just report an account because someone calls. So, me, calling from my personal phone, the one that appears in the white pages, have less credibility than a non-verified two-day-old account. Google blocks videos in youtube because someone anonymously claims it breaks the rules, but Paypal can't investigate a non-anonymous report.
I finally got tired of trying to make my point and ask her if it as an official answer from Paypal, and she said yes. I asked if I could use the record of the conversation as a proof, and she said I was not authorized to record (false) and just hung up.
Thanks God Paypal is not a Swedish company. Later I found the customer support number in the USA. The conversation went much better. After I told them the story again, they transferred me to the fraud department. The fraud department agreed that someone named Marisol, using a mail account called camiloaa was suspicions, so they locked that email address until the person who registered it can verify ownership.
The verification process usually requires just clicking a link, so if someone makes a bogus claim on you, you can fix it within minutes. In this case, they will never be able to click that link, because the email account belongs to me. As a result, I will probably never be able to use that email address. Not ideal, but not a tragedy.
I am surprised that Paypal's verification email doesn't include a "I didn't create this account" link to prevent this kind of impersonation. Other services include such links, and it would be good that a payment service made fraud prevention as seamless as possible.
From this interaction I will recommend you to avoid Paypal, at least in Sweden. If any problem arises they will have no problem lying to you. They lied to me about not being subject to banking regulations, they lied about not being able to prevent anyone to use my email address and they lied about not being allowed to record my interactions with them.
No comments:
Post a Comment