It’s pretty alarming when, using your debit card in the checkout line at the market, the clerk tells you the card’s been rejected. Especially when you know you have more than $1,000 in your checking account.

After being "so embarrassed I could have died," Roseanna Boyce, 55, of White City, called her bank, Washington Mutual at Fred Meyer North and found that three withdrawals using PayPal had drained her account.

PayPal, the international money-changing giant owned by eBay, found the funds had been changed to British pounds and transferred overseas — and were no longer traceable.

Both PayPal and her bank promised to "make her whole," that is, cover money lost through any unauthorized transaction, said Boyce, though both took more than a week to do it — first the bank filling the gap, then PayPal refunding the money, which totaled $1,012.

Boyce, a Vietnam War widow now on Social Security disability, maintained she did not fall prey to any "phishing" e-mails, the ones that pose as PayPal, eBay or other financial institution and ask for your password or account numbers so they can have illegal access to your accounts.

Advertisement

"I have no idea how it could have happened," said Boyce. "PayPal told me it’s getting to be more and more of a problem. I thought my information with PayPal was secure."

However, PayPal spokesperson Amanda Pires, in San Jose, Calif., said there’s virtually no other way it could have happened than by phishing.

"There is no way anyone can get in your account unless they have your password. Even we (at PayPal) don’t know your password and can’t find it out. I’m sorry she had to go through this, but for someone to get her password, she has to give it to them."

The only other way crooks get passwords is for you to be too obvious — using your birthday or last name or other obvious words, Pires added.

"Absolutely be random in choosing your password and mix in random numbers and symbols, too," said Pires. "And change it often, like monthly."

Fraud such as Boyce suffered doesn’t happen that often, because Internet users are becoming more and more suspicious and understand that such phishing e-mails — as well as appeals for cash from a Nigerian ambassador’s nephew with the promise of a huge amount in return — are good only for deleting, Pires said.

Shelly Miller of Evergreen Federal in Medford said phishers are "pretty sly" about getting information out of people and will even pose as legitimate local businesses.

One scam these days involves a merchant send you a check for $2,000, then asking you to send only $200 back to them, she notes. The check, of course turns out to be no good.

Be wary, said Miller, of addresses in Spain, Nigeria and Eastern Europe — and don’t comply with any merchant’s request to wire money.

Miller advises Internet shoppers to peruse their checking account statement often and make sure all purchases are theirs.

"A lot of people don’t look at it because they don’t want to balance it," she said.

While Washington Mutual will provide stopgap coverage for fraudulently drained accounts, if their investigation shows the client gave passwords or bank account numbers to phishers, the client will suffer the loss, said WaMu spokesman Gary Kishner in Los Angeles.

PayPal, however, would cover all losses from fraud, even if the victim is responsible, Pires said.

Medford Police Detective Sue Campbell, who handled the case, said it’s a good idea to close dormant accounts at PayPal or anywhere else. Such hijacking of accounts through PayPal are rare and this is the first one she’s encountered, she said.

Brett Johnson of the Ashland Police Department’s financial fraud unit, said he considers PayPal "about as secure as you can get" and notes that, even if you get e-mails with the PayPal or eBay logo, that does not mean they’re genuine.

"If you make the mistake of clicking ‘return,’ on such an e-mail, you will be linked to a Web site that may have the word "paypal" in it, but it won’t be PayPal, he said.

"Know who you’re dealing with," said Johnson. "PayPal is not going to e-mail you and ask you to sign in. If you have any question, go to their Web site. I’ve done business with it and I know they’re safe."

Tips to avoid ‘phishers’