Was it from Bestbuy? There was a rash of email's about computer purchases with paypal. They were scams. Is it possible he misread the email? Did he forward a copy to you?

I've seen a lot of virus messages that disguise themselves as a laptop purchase through PayPal. They try to get you to click on the supposed .PDF attachment and launch the virus payload.

Without knowing more details of this particular incident, it's impossible to know what the real story is. There are way too many variables involved. As you mentioned, the customer may have giver her login to others. She may have a virus/Trojan on her computer that has logged her keystrokes or gove through her e-mail messages. It may be like the above virus and the message was sent to the same e-mail she uses for PayPal (realistically, how many non-tech savy people have more than 1 e-mail address?). Or it could have been some other scam e-mail sent to her e-mail. Or a security breach at another site she used and paid through PayPal.

Of course, it's also possible that your site may have been compromised as well. What processing are you doing on your site, or are you sending custoemrs directly to the PayPal site for the entire transaction?

The customer did not send me a copy of the email of the attempted purchase. I didn't think to ask for it.

All payment processing happens on Paypal. However, I do have a script installed on my site that sends a the customer a confirmation email after paying through Paypal. Interestingly, this customer claims they did not get an email. I should have mentioned this in my first post, but it slipped my mind at the time.

How would I find out if this script is a/the problem?

How would I find out if this script is a/the problem?

Ask your other customers if they got one and/or send one to yourself.

As long as the customer is typing their password in on the PayPal site, and not on your site (no merchant should be collecting PayPal username & password from the buyer) then none of the information sent to or from PayPal as part of your checkout should be enough for the PayPal account to be compromised.

If the customer received an email that appeared to be a PayPal receipt for a payment they did not authorize, the customer should not click any links in the email, and should go to the PayPal website & log in to their account to see whether the payment actually occurred. If the payment does not appear in the account, then the receipt email was a spoof. If an unauthorized payment does appear, the customer should contact PayPal directly to report it.

I get scam emails like this every day. It sounds like the customer bought from you then received one of those scam emails and associated it with your account when it likely wasn't.

You might ask to see the email then you'll be sure.

It sounds like a coincidence. They can happen from time to time.

I had some issues last week with a recurring bill on Paypal. So I sent them an email. I received an auto-reply within a few minutes and then I got another email re: problems with my account. It looked like the first one but it was a phishing email.

-Corey