Following yet more reports over the weekend of sellers who have fallen victim to the eBay PayPal payment email address fraud. They have all seen the payment email address changed on several of their listings, diverting thousands into fraudsters PayPal accounts, today we share the steps one eBay seller has put in place to attempt to prevent the fraud being repeated on their eBay account.
In this case, between August 2017 and January 2018, they lost over £8,000 from 1200 plus eBay transactions. Less than 10 listings from their total of over 12,000 active eBay listings were targeted over that period, but these were 10 from of their top 100 listings. In some cases the hackers changed the paypal address back to the normal for a day or two, then back to their fraudulent one making the eBay PayPal payment email address fraud a very hard scam to detect. Just one letter in their eBay PayPal payment email address was changed from a “t” to an “f”.
The fraud, as in other cases that we’ve been told about, was only discovered when they were going to issue a refund for a returned item and discovered that they’d never been paid in the first place.
Steps taken by an eBay seller to avoid the eBay PayPal payment email address fraud
- The seller has the Linnworks channel integration PayPal address verification method set up
- Two Step Authentication on eBay login has been implemented, although this is frankly a pain in the neck as verification codes are sent to a single mobile. This means that the business owner has to be aware a member of their staff are about to log into eBay and be available to tell them the code as soon as it arrives before the login times out.
- A daily PayPal report from Linnworks was commissioned using the old transaction table method – this is apparently no longer in use by Linnworks so needed re-writing.
- The seller has now commissioned a daily PayPal report from Linnworks with the PayPal email addresses pulled from an XML file and spreadsheet emailed to the seller. We’re hoping that this will prove a reliable method of checking email addresses as, whilst eBay change the data available via the API and may no longer include the PayPal payment email address, it is still included in the XML report.
The one thing we’re taking away from the steps this seller has taken is that there is no easy way to verify that your account is secure and your funds are not being stolen. They have had to pay for multiple reporting methods to be coded just to later discover that through eBay changes the reports fail and they’ve had to start again and seek alternative methods to confirm that they are no longer being scammed. Whilst it’s encouraging to discover that there are ways to check your account, the steps described above are onerous and beyond the skill set of the majority of eBay sellers to implement.
Sellers need eBay to either make it impossible to edit payment details to stop the eBay PayPal payment email address fraud, or at the very least to notify sellers if they are changed. A simple report in the Seller Hub detailing payment totals by PayPal payment email address would suffice – if sellers saw their payments going to multiple PayPal email addresses they’d immediately be alerted that something was wrong, but even here they shouldn’t have to check daily – eBay should tell sellers if this vital information has been tampered with.
8 Responses
Ebay says pay useing PP I did but didn’t recive the article but didn’t get a PP refund. Reason was the company said it was delivered SOMEWHERE. BOLLICS
How many more eBay ?? Its embarrassing.
Tens of thousands of customer details compromised and in the hands of fraudsters. Tens of thousands of pounds stolen from eBay sellers and eBay continue to sit on their hands and do nothing.
Its happening as we speak and nobody cares.
Our £54k fraud was reported to the Police on July 20th. I am now in possession of the server logs from eBay showing every login to our account for the 18 months the fraud was ongoing. I have discovered an IP address from where our account was logged into and the product pages visited of the listings that were changed. This IP address I have traced to a an office complex in Islington North London.
I have the IP address, I have the physical address, I have the dates and times, I have a name of the fraudster that was on one of the PayPal accounts that was set up. I have passed this onto the Police and they are still not interested.
There are a lot of business’s registered to this serviced office block and I have been searching Companies House to see if our fraudster is a director of one of them but no luck so far.
All we are asking the Police to do is make a formal request to PayPal to obtain the details of the person who opened these PayPal accounts and identify the Bank Accounts that are linked to them. If they also request the details from the domain hosting company of who registered the domains you never know they might be able to link it all together as it now looks like this fraud was committed by someone in the UK.
Like I say nobody cares.
Ebay and PayPal as let a customer down rely badly and have caused me such stress and the buyer so much stress that we both did not need…. the problem is still not sorted out the poor customer has still not had his refund from weeks ago!!!!!
Richard turn to social media- The Guardian are usually pretty good at this sort of thing. Present the facts as known- it’s definitely in the public interest. eBay, PayPal and the police need a kick up the backside
Here are a few curated Tweets for anyone interested (sorry, we don’t do FB):
? https://bit.ly/2HX43tW
Anyone sympathetic to Richard (and other eBay fraud victims) can share any of these, as well as future TameBay & This is Money coverage to friends, family, media, and police agencies.
Most ‘big six’ US media tends to be overly friendly to eBay (Omidyar effect, perhaps).
Should anyone reading this have media contacts in the US that may be interested in picking this up story, *that* may be the momentum needed to break eBay’s silence (if StockX’s recent data breach is any indicator – StockX’s new CEO is former eBay SVP Scott Cutler, well versed in eBay’s PR disaster management protocols)
Launch a claim against eBay in the county court. They have a duty to provide a safe trading platform.
I HAVE CHANGED MY CARD NUMBER. HOW DO I TALK LIVE CHAT TO YOU TO TELL YOU MY NEW NUMBER MR G BARNARD