Although scammers did not acquire credit card account numbers from PayPal’s merchants, PayPal warns they could use stolen data like e-mail addresses and information on past purchase transactions to fool consumers into providing account numbers.
Although scammers did not acquire credit card account numbers, experts warn they could use other stolen data like e-mail addresses and information on past purchase transactions to fool consumers into providing account numbers. "Third-parties may seek to use the obtained information to target users with deceptive e-mails appearing to come from PayPal or online merchants," PayPal says.
PayPal, a unit of eBay Inc. that provides a third-party payment service that channels payments from consumers for purchases made on retail web sites, said that scammers had obtained from some of its merchants customer information including first and last names, mailing address, e-mail address and information related to recent transactions. Scammers acquired this information after they acquired the PayPal passwords used by some individual merchants, apparently through spoofed e-mail requests that appeared to come from PayPal, PayPal said.
PayPal said that scammers did not acquire customer passwords or other sensitive information like Social Security, driver’s license or credit card account numbers. But it warned that the scammers could use customers’ names and addresses to send them e-mail appearing to be from PayPal and asking them to update their credit card information.
PayPal said the scam involved a small percentage of the millions of merchants that use its service. "This involved a very small percentage of merchants," a spokewoman says.
The spokeswoman says PayPal decided to alert customers about the scam to better prepare them as well as other merchants against falling prey to future scams. Fraud-prevention experts note that such e-mail scams, also known as "phishing," are becoming a common tactic of scam artists. "What scammers are working on more than anything now are these phishing schemes," says Jeff Foster, executive vice president of Retail Decisions, a provider of credit card processing and fraud-prevention services.
Foster adds that phishing techniques are designed to get around many fraud-prevention methods by tricking consumers or merchants to provide private information. "Many of the fraud-prevention methods we have now assume that people will not voluntarily hand over their information to fraudsters," he says.