Following yet more reports over the weekend of sellers who have fallen victim to the eBay PayPal payment email address fraud. They have all seen the payment email address changed on several of their listings, diverting thousands into fraudsters PayPal accounts, today we share the steps one eBay seller has put in place to attempt to prevent the fraud being repeated on their eBay account.
In this case, between August 2017 and January 2018, they lost over £8,000 from 1200 plus eBay transactions. Less than 10 listings from their total of over 12,000 active eBay listings were targeted over that period, but these were 10 from of their top 100 listings. In some cases the hackers changed the paypal address back to the normal for a day or two, then back to their fraudulent one making the eBay PayPal payment email address fraud a very hard scam to detect. Just one letter in their eBay PayPal payment email address was changed from a “t” to an “f”.
The fraud, as in other cases that we’ve been told about, was only discovered when they were going to issue a refund for a returned item and discovered that they’d never been paid in the first place.
Steps taken by an eBay seller to avoid the eBay PayPal payment email address fraud
- The seller has the Linnworks channel integration PayPal address verification method set up
- Two Step Authentication on eBay login has been implemented, although this is frankly a pain in the neck as verification codes are sent to a single mobile. This means that the business owner has to be aware a member of their staff are about to log into eBay and be available to tell them the code as soon as it arrives before the login times out.
- A daily PayPal report from Linnworks was commissioned using the old transaction table method – this is apparently no longer in use by Linnworks so needed re-writing.
- The seller has now commissioned a daily PayPal report from Linnworks with the PayPal email addresses pulled from an XML file and spreadsheet emailed to the seller. We’re hoping that this will prove a reliable method of checking email addresses as, whilst eBay change the data available via the API and may no longer include the PayPal payment email address, it is still included in the XML report.
The one thing we’re taking away from the steps this seller has taken is that there is no easy way to verify that your account is secure and your funds are not being stolen. They have had to pay for multiple reporting methods to be coded just to later discover that through eBay changes the reports fail and they’ve had to start again and seek alternative methods to confirm that they are no longer being scammed. Whilst it’s encouraging to discover that there are ways to check your account, the steps described above are onerous and beyond the skill set of the majority of eBay sellers to implement.
Sellers need eBay to either make it impossible to edit payment details to stop the eBay PayPal payment email address fraud, or at the very least to notify sellers if they are changed. A simple report in the Seller Hub detailing payment totals by PayPal payment email address would suffice – if sellers saw their payments going to multiple PayPal email addresses they’d immediately be alerted that something was wrong, but even here they shouldn’t have to check daily – eBay should tell sellers if this vital information has been tampered with.