728_header.jpg (23748 bytes)
 EB Blog 
 AB Blog 
EcommerceBytes-NewsFlash, Number 2356 - August 26, 2010 - ISSN 1539-5065    1 of 5

PayPal Addresses Fraud Involving Unauthorized iTunes Payments

By Ina Steiner
August 26, 2010

Email This Story to a Friend

The Guardian newspaper's technology blogger has been covering the recent rash of scams involving PayPal and iTunes. Consumers have reported that scammers have drained their bank accounts through unauthorized iTunes payments made using PayPal - see, "So what has been going on with iTunes and PayPal?" (link).

PayPal's Chief Information Security Officer Michael Barrett addressed users concerns on the PayPal blog on Wednesday. Barrett assured PayPal users that PayPal was not compromised and said, "if you have been affected by this issue, the criminals behind it have not taken over or logged into your PayPal account." He said Apple also confirmed that iTunes' servers were not compromised.

Barrett reminded users of ways to protect their accounts:

  • Use a safe password: use a strong password which includes a combination of upper and lowercase letters and numbers. But don't use the same password for every online account you have. That's basically like using the same key for your house, your car, your office and your safety deposit box. If you lose that key, you're in trouble.

  • Protect your computer: use a modern, supported operating system such as Windows 7 or Apple's OS X Snow Leopard. You should also use an updated Internet browser that blocks fraudulent websites, like Internet Explorer 8, Safari 5, Firefox 3 or higher. As always, keep your antivirus software updated.

  • Don't click on links in email: never click on links in email and then enter your username, password or other sensitive information - even if the email looks like it's from your bank, an e-commerce site, the IRS or popular sites like PayPal.

  • Use common sense: if you wouldn't do something in the offline world, don't assume it's safe online. If a stranger walked up to you at a gas station and said, "Please give me the key to your house; I need to make sure there are no burglars there," you'd probably tell him to go take a hike. Likewise, if you get an email, phone call or some other unexpected message demanding that you turn over your username and password, don't do it. Trust your instincts.

Ironically, PayPal itself includes links in its email, despite warning users not to click on links in an email to sign in to their accounts (see bullet point number three above) - here's a screenshot of an email PayPal sent me on Monday.

About the author:

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email This Story to a Friend
Email this story to a friend.

1 of 5

Sponsored Ad