Just thought I'd throw this out there given the time of the year. It might not be a bad idea for folks to pay special attention to their bank or card statements. While waiting for a direct deposit to be made to a paypal account I got an email notification that said my card had been used at an IHOP in Ohio 2 states away. Contacted paypal by email (not through any email links contained in the message) to double check and called them directly on the phone. The email response from paypal said it was false, a spoof/phishing attempt. The person on the phone said it was a real attempt. Still attempting to get to the bottom of it and sort out why paypal said two different things. Thankfully the card only gets used so many places, most of them local. If in fact it is a real attempt to use the card it means not only did someone snatch the card number they had to have turned it into a physical card (since it was a brick and mortar purchase attempt, not an online payment). Online payments made within the past month or so have only been to 1 ejuice vendor (vapewild), amazon.com and the rest local physical stores (grocery, walmart, farm/feed stores locally owned and the local bank's atm). Will be contacting the bank to have them check their atm for a skimmer. Not suggesting it's vapewild in any way. Could have just as easily been amazon or a local store. Given the season and people taking advantage of the holidays and spending these sort of things tend to happen more and folks may not realize they've been compromised. Hoping others stay safe and keep their banking secure.