Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Tuesday April 18 2017, @03:48PM   Printer-friendly
from the Email-confirmation-just-slows-us-down dept.

Recently, I received an email from PayPal asking to confirm my email address for a new account. Since I do not use PayPal, I figured it was a phishing scam and ignored it. However, I started getting other emails, which included updated address information and a sales transaction. The name for the account was not mine (but the first name was the same), and the address was in a different state.

Looking at the raw email headers, it appeared to be legitimate emails from PayPal. What confused me was that I never responded to the email confirmation message, so why would PayPal allow a person to perform a transaction without confirmation? Since the email in question is a Gmail account, I have had since Gmail beta, I wondered if my account had been compromised, but there is nothing to indicate that. Another idea was someone could be intercepting/listening to my email, but that is a lot of effort to do for a simple paypal transaction.

The likely scenario is PayPal failed to check the account email and suspend any further actions until the address is confirmed. PayPal sends an email to confirm the address, but does not bother to wait for the confirmation.

I called PayPal support, and after some time and educating the support person on how technology works, the person put in a support ticket. Not sure if the problem will ever get resolved or if PayPal will admit they have a problem. As of now, I have not received any more emails. I will have to decide if it is worth my time to call support again and get the disposition of the ticket.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by termigator on Wednesday April 19 2017, @01:35PM

    by termigator (4271) on Wednesday April 19 2017, @01:35PM (#496286)

    Doubt this was the case since I received an email to confirm the address. If it did happen to be a secondary address, PayPal failed to wait for confirmation of it since I received subsequent messages about account updates and a sales transaction. Why ask for confirmation if the system will still use it regardless?

    Also, when talking to Paypal support, they did not state it was a secondary address. I got the direct impression that my address was the primary address on the account.

    As others have noted, lack of confirmation seems to be a security problem since it is common for systems to use email addresses for password resets. I thought about seeing if this was the case, but I did not want to connect to Paypal in anyway that could legitimize my address with the account (I do not use Paypal so I do not know how their site operates).

    Fortunately, I did not have to wait as long on the phone as someone else posted. However, I found it sad the lack of technical knowledge the second support person had. The first person transfered me over to someone else that could assist with the problem, but the second person was definitely limited knowledge-wise, including limits on what Paypal systems actually do. Note, the support person was nice and comprehended why the lack of confirming an email address is a problem.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2