Changing eBay password didn’t stop the PayPal payment email address changed scam

No primary category set

We’ve been contacted this morning by yet another seller who has had their PayPal payment email address changed on eBay and in this case has lost in the region of £6,500.

With typical sales ranging from around £10-£35 and between 100 to 150 orders a day, it really isn’t easy to notice a couple of quid going missing here and there but over a month the sums soon add up.

What’s particularly egregious in this instance is that having spotted the fraud, the seller changed their eBay password, their PayPal password and their email address password at around 8pm yesterday evening. When they came back into work this morning they discovered the PayPal payment email address changed once again on a couple of their listings.

It’s easy to say that it’s the responsibility of the seller to keep their eBay account secured, but having changed all their passwords and not telling anyone what their new passwords were, how did the scammer get back into their account? What can sellers do to protect themselves if scammers appear to have unfettered access to their eBay accounts and the ability to steal funds at will?

We’ve been asking sellers which tools and services they use run their businesses, but in this case as in a couple of others the seller uses no external tools. That means it can not be an external tool which has been compromised and the hackers must have a method of accessing eBay directly (or indirectly via a method that a password change won’t put a stop to once the account is compromised).

Whilst we believe PayPal have questions to answer such as how on earth the accounts receiving the stolen funds are passing European Anti-Money Laundering checks, we believe the responsibility for stopping the fraud where sellers discover that a PayPal payment email address changed and funds diverted into a scammers PayPal account.

There also needs to be some much stronger collaboration between eBay, PayPal and the Police. Currently PayPal are (rightly) blaming eBay as it is on eBay where the PayPal payment email address changed. eBay are shrugging their shoulders saying that as they never had the funds the seller should work with PayPal to recover them. The local Police are powerless and simply direct sellers to Action Fraud. It’s time that when a fraud is reported that eBay use their connections with law enforcement to actively report the cases themselves and give the Police every assistance in tracking down the culprits and for PayPal to assist and if possible track down and recover the funds.

There’s also the question of innocent consumer’s personal data. Tens of thousands of consumer’s names, home addresses, email addresses and a record of a recent purchase are sitting in scammers’ PayPal accounts. What’s to stop these scammers sending out a phishing email saying “You bought that, you might like this?” in a double dipping scam?

eBay need to take decisive action now. They rolled out a seller release yesterday, but if sellers can’t have confidence that they accounts are secure then all the seller releases in the world won’t stop them leaving eBay, either because they lose faith in the security of the marketplace or simply because they lose so much money they go bust and are put out of business.

14 Responses

  1. interesting.
    I’d suggest the seller check for any “authorised apps” in his ebay account.
    if the scammer already had an authorisation token then the password change might not (but should) have blocked that.
    Otherwise the scammers are totally bypassing ebay security, maybe through a dodgy API, and there’s not a thing we sellers can do about it until ebay sort it.

  2. we were effected by this scam earlier this year. the scammer accessed our account through a phishing scam text message. saying someone else had my phone number and to log into to ebay through the link given in the text.

  3. Hi
    Just wondering if anyone has managed to recover any of the lost money from the scam at all, we are victims too 🙁

  4. Only realised today I had been scammed to this method…eBay’s advice “go to paypal”….PayPal’s advice “please email the fraudster and request them to forward the payments to your PayPal account”……eBay and PayPal, you deserve to have sh*t thrown at you

  5. @ Tyler
    I an frustrated with this whole situation. PayPal should not allow new accounts to acquire money so quickly and withdraw. Yes eBay have got a flaw in their system. Ultimately PayPal can claw back the fraudulent payments and rightfully return them back to us. Otherwise how on earth can they justify their payment cut?….PayPal promise to keep our money safe

  6. we have just been hit with this as well

    changed password on the 4th September due to ebay locking us out and requiring password change, then that password change is used to get into our account, emails are from within ebay message system, 4 listings changed after that to siphon monies, it does not show up on the revisions as having been changed, but quantities were changed, luckily noticed it today only because we went to check an address, both paypal and ebay will do nothing about this, just cancelled over 20 orders to try to ensure people got refund, they may not re-order, wedding items, can imagine we will be getting lot of angry buyers of next few weeks, i believe this may be internal fraud inside ebay, or a unknown keylogger (although they have not attempted any other fraud on paypal etc) this is a huge mess, I am a computer programmer, and i could have spotted this in seconds with the recorded IP address of logins, all of which is recorded – this type of scam was first recorded over a year ago on ebay forums, they have done nothing to make it easy to find, ie text alert to that field being changed, alert email within their system to ask if you intentionally changed where the monies are going, they don’t give a s*&t

  7. ebay have just sent an email locking us out and stating the 4 listing I had to get THEM to find for me 24 hrs ago as being hacked, we sorted back to our proper paypal 24 hours ago, they have just reversed a sale on one of those items through paypal despite the fact that we had sorted this issue, talk about closing the barn doors after the horse has bolted, Ebay has sent an internal email through their messages centre stating that we should “work with paypal and your buyers to recover any other lost funds” but nothing about alerting all these buyers to the fact that their details have been sent to fraudsters who can target them, looks like ebay is playing catch up after 2 years, not impressed, can’t imagine their customers will be when they find plenty of them have just given detail to fraudsters

RELATED POSTS..

Button Batteries - eBay Safety & Awareness webinar

Button Batteries – eBay Safety & Awareness webinar

eBay - The Future of Ecommerce for Enthusiasts

eBay – The Future of Ecommerce for Enthusiasts

eBay Business Roadshow 2024 kicks off at Ascot

eBay Business Roadshow 2024 kicks off at Ascot

eBay Seller Update - eBay UK Fee Changes Shop Fees Regulatory Operating Fee per-order fee

eBay.com per-order fee rises to $0.40

eBay Seller Update - eBay UK Fee Changes Shop Fees Regulatory Operating Fee per-order fee

New eBay Regulatory Operating Fee Surcharge

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars