These are all good questions - you know, truthfully, I don't know how they do it exactly - there are a few ways one of which involves software that tries endless combinations of logins, another is stealing keystrokes (like at a public computer), or hacking into your email. These emails I was referring to just get you to click a bogus link and then records your info so they can access your account later.

I change my passwords every couple of months and I *never* use the same password on all of my access accounts at the same time. Another thing I will change from time to time is the primary email on record. I do this with my bank, with Paypal, and any other account that maintains my financial info (like our servers or Amazon Web Services which bill me automatically every month).

The thing about any emails from your bank or Paypal, eBay, etc. is to NEVER click the links-instead, just open a new browser window and type in the URL manually, then log in - you'll be able to see if whatever the email reported is actually true relative to your account status once you're in and you've avoided clicking a potentially dangerous link.

__________________