PUEBLO, Colo. - An international hacking scam is targeting people in Southern Colorado who use the online payment service PayPal.
How the scam works
A formal investigation found hackers pinpoint their victims who have active PayPal accounts but show no activity on their account for several months or years.
The scam can work in many ways but typically is executed by hackers breaking into an account by changing the password of the original user and then making unauthorized purchases. That's the scam.
It's also common for scammers to change answers to security questions and other information in order to block the victim's access back into their account.
Val DeSantis gets paid every two weeks. Last week, when he went to see if his check was deposited, he noticed money missing from his account.
"I had two overdraft fees and $1,000 was missing," DeSantis said.
After digging into it, DeSantis learned hackers living in France accessed his account and made unauthorized charges.
Since his account had been inactive for three years, the investigation revealed his profile was targeted.
Internet security experts suggest this is one of many loopholes hackers use to get around the security of the site.
"It's frustrating, they need better cyber security," said DeSantis.
Tips and tricks
It's important to consistently change your password every three weeks to a month.
Hackers target accounts without frequent use or activity for that reason.
Det. Jon Price with the El Paso County Sheriff's Office explains this is a typical practice among scammers.
"It's scary because there's always going to be someone out there that's smarter than you," said Price. "You need to take every precaution to protect yourself."
Bottom line, if you use a PayPal account link it to a separate bank account that's not expendable. Also, make sure you log on at least every two weeks to avoid being a target for scammers.
Report a scam
If you have a scam you'd like us to investigate, email me at Stephanie.Sierra@krdo.com.