I recently had a fraudulent direct debit charge marked as Paypal Australia
to one of my bank accounts recently.
Upon going back through the invoice history I noticed two small single-digit cent charges to the account, much like those you might receive when linking a bank account to a payment service and they ask you to recount the digits to prove you have full account access to the specified bank account.
This was barely a month ago and I have no recollection of sharing these charge details with a payment service, let alone creating a new Paypal bank connection. Moreover, my PayPal is linked to a completely different bank account, so I would have no need to setup a new direct debit connection.
Best case I'm retarded and have just done some stupid stuff regarding payments somewhere. Worst case I have some session hijacker malware on my main PC that managed to capture me logging on to my online banking (I have 2FA up the wazoo / password manager so any brute force attack would raise some flags). Tin foil case my bank has an insider.
Thoughts?
EDIT: thought it important to mention this bank account is 'dead' - not used for any recurring debits, not linked to any credit cards. Leftover account from when youthsaver expired
(apologies if this is the wrong subthread)
afaik, they only need your bank details for a fraudulent direct debit.