Don’t worry, I didn’t! But I will share this with you today for no real reason at all, maybe the slight hope that at least one person will read this and not make the same mistake that I did, which almost cost me everything I had. I hope to write more of these ‘in-the-moment’ type of posts like I used to because my blog is starting to feel a little too planned all the time, so I hope you don’t mind; maybe one of you can relate? Share your experiences with me I always like to hear if others have been in the same situation.
Okay so today I did something really, really stupid. I handed out my bank details to a phisher. Yup. I bet you’re all like “What!? How could you be soo stupid!?” and don’t worry I wouldn’t blame you because I’ve said that to me too, like 1000x times already. For those of you who don’t know what a phisher is it is basically someone who sends out fake emails in an attempt to rob you of your bank details; you get warned about them all the time these days and you think it will never actually happen to you because you’re not THAT stupid.
I was that person; I’ve had so many emails from my ‘bank’ or ‘Paypal’ claiming that my account shows fraudulent activity that obviously hasn’t happened, or someone in some unheard of country claiming that they have £££ that they need to transfer into my account for me to hold/inherit/or whatever. I just delete them, I know the drill, and I was so sure I wouldn’t get caught out…Until this morning.
I received this email and started to freak out; I’ve never had one of these before, an actual receipt that tells me I have made a transaction that I didn’t make?? Alarm bells started to ring because nothing is familiar; not the $69.99, not the store, not the item or where ‘I’ bought it from. I check the address where it was supposedly coming from, ‘Crawfordsvle’ doesn’t even come up and wants to be corrected to Crawfordsville which is somewhere in Indiana. I see the mug shot of a drug dealer pop up and I start to freak out even more as it hits home that someone, somewhere has accessed my Paypal account.
I call R to see if he has used my card for anything online, I ask him this without thinking because he knows my pin; a compressor was purchased, whatever the hell that is, and it sounds like it might have something to do with cars which R is all over at the moment because he is currently fixing up his Land Rover. A glimmer of hope is sat in my chest but when he tells me no the panic washes over me again. F***, f***, f***, f***. Of course he hasn’t used my card online, he doesn’t know any of my passwords and it would be pot luck if he could even remember my email address as it is so damn long. Before I know it I’m clicking the link to decline the transaction and it sends me over to Paypal.com where it asks for all of my details to get it cancelled. I think nothing of it, I even fret to my manager about where the sort code is on my card as I try to get it cancelled asap; complete panic has taken over and all common sense has evaporated, someone has my details and I need to stop it now!!
I call Paypal and tell them everything, the guy on the other end (thankfully could speak and understand good English) tells me that there is no such transaction on my account and the email is a fake, he assures me everything is fine and that I should just delete the email and ignore it. I feel a little better and I ring R again to tell him what has happened, he reassures me that it is all sorted now and we hang up…but there is something niggling me…Why do I feel that something is wrong…?
And then it dawns on me. I have just handed out all of my bank details to a fake email. Fake email – fake link – fake website page. The email that I thought was from Paypal.com was fake, which meant that the link I clicked to request a cancellation for that transaction also sent me to a fake webpage where I entered all of my information and willingly sent it on its way to some thief. Shit. It doesn’t matter if this person had had access to my Paypal account (which he never had in the first place), he now has all of my direct bank details including the codes you never normally use and the answer to my security question (which may or may not be right); this person now has EVERYTHING they need to hack into my bank account and steal all of my money and savings. I was so busy panicking about a measly $69.99 that I failed to realise I had just handed them everything to an account that holds much, much more.
I want to be sick and cry but I hold it together and I’m back on the phone to Paypal; I explain the situation to them and he advises me to change my password to my Paypal account to protect that from any future hacking which I had already done. He then advises me to go to my bank and cancel my card, explaining the situation to them so that they can sort it out, he tells me this whilst I am running to my bank which thank God opened at 09:30am. How could I be so stupid!? (x1001 now) I know more than most people to NEVER EVER click a link in a suspicious email; not only was it fake, but it could’ve contained a virus and completely destroyed my computer. I was so overwhelmed by the panic that I didn’t stop to think about contacting the company first, that and my mood has been very low, lack of sleep and I’m ill, I just over all wasn’t in the best state of mind to think logically.
Thankfully I wasn’t waiting in line for too long before the lady withdrew me some money and cancelled my card. I will get my new card next week and I’ve changed passwords and security questions on my Paypal and bank account, and I keep checking it every now and then to ensure everything is still there. I was so lucky that they had not managed to hack into my account during the time it took me to sort it out with Paypal TWICE and run to the bank to get it cancelled; so, SO lucky.
Now I’m just reeling from my stupidity, I’m really angry and ashamed of myself for being caught in their trap. I bet you anything that that is how they get so much of their information, from people panicking about this unauthorised transaction that they do exactly what I did and throw all of their details at what they think is Paypal in order to get the transaction cancelled. I was stupid, the invoice didn’t even look anything like a receipt I had seen before and a number of small things (like it coming from email@example.com instead of firstname.lastname@example.org and addressing me by email address instead of my name) should’ve had me suspecting something odd, but it didn’t; the webpage they sent me to looked EXACTLY like Paypal.com, so nothing struck me as being odd since the page looked so familiar.
Moral of the story is: 1) DO NOT CLICK LINKS IN EMAILS THAT YOU ARE UNSURE OF and 2) DO NOT GIVE YOUR PERSONAL INFORMATION OUT TO ANYONE, ESPECIALLY BEFORE YOU HAVE CHECKED WITH THE WEBSITE THEMSELVES. Always call the website/bank first and sort it out with them because transactions will show up immediately for them whereas it doesn’t always for you; my bank was able to see that I had spent £3.55 yesterday when it hadn’t even shown up on my bank transactions online yet. I am so thankful that everything is safe and sound, I have worked so hard for the money I have in my savings that I honestly don’t know what I would’ve done if it had been stolen. I will never ever be so stupid again!! Please learn from my silly mistake!!