It is becoming clear that eBay are contacting sellers who are victims of the changed PayPal address on their listings resulting in funds being diverted to scammers. We have now identified some three dozen sellers who between them have lost over £600,000. These are really significant sums for the sellers who have been scammed on eBay and we have no idea how many more may have been impacted. Some may not have come forward whilst others may not even have discovered the losses yet.
We believe that eBay could be assisting sellers more, whilst they are contacting sellers they are generally forcing a password change and delinking PayPal accounts. Delinking the genuine PayPal account does nothing other than mean eBay bills can’t be automatically paid until the account is relinked. What eBay haven’t been spelling out in initial contacts is that the problem is with PayPal addresses in individual listings. However they appear to be forcing sellers to telephone after the password reset and in some instances have been trying to reach sellers by telephone. eBay also appear to continue to refund fees for transactions where the funds were stolen.
The good news is that with eBay actively contacting sellers that we should soon stop hearing of new cases and whilst this is a crippling impact for sellers who have been scammed on eBay, when you consider that there are 200,000 businesses trading on eBay the number of sellers impacted is relatively low.
The bad news is that eBay are still telling sellers to contact PayPal to recover funds. PayPal shrug and point out that the fraud took place on eBay. Both suggest contacting the police who direct sellers to Action Fraud who some say is misnamed as they haven’t taken any action whatsover on cases reported to them.
How to protect your account from being scammed on eBay
Today we wanted to share the steps we believe will best protect your eBay account.
eBay 2-Step Verification
eBay have been clear in the short comments they have made that they are recommending the use of 2-step verification. 2-step verification involves sending a one time code to your mobile as a text message or a notification in the eBay app every time you log into eBay.
The issue with 2-step verification is that only the owner of the mobile gets the one time codes and in many businesses multiple people need access to the eBay account. There is a fudge where once the notification has been sent you can ignore it and request a follow up via email which is accessible to anyone with access to the email address registered on the eBay account. If you give employees access to this email address then as many people as you like can access the account through 2-step verification, although that does ask how effective it is in the first place and means you need to ensure your email account is never compromised.
We’ve set out eBay 2-Step Verification set up instructions here.
Advice from eBay customer support to some sellers has been to bulk edit their listings on a daily basis to ensure that the PayPal address is reset to the correct one. Apart from this advice being a bit barmy as you will then never know if a hacker is changing it back five minutes later, if you have thousands of listings it’ll take forever editing just 500 listings at a time.
A better solution is to use eBay Business Policies and check them daily to ensure that the only payment policies are the ones you’ve set. Most sellers will only need a single payment policy as they’ll only ever use one PayPal email payment address. Those who also have a PayPal micro-payments account might need two payment policies, but it will still be easy to see if a third or fourth has been created by a hacker.
If you haven’t opted in to Business Policies previously, when you opt in eBay already create payment, shipping and returns policies in the background each time an item is listed for sale. These remain hidden until you opt in to eBay Business Policies at which point they become available for you to manage. You’ll see a policy for each set of payment, shipping and returns terms that you’ve used recently and the first one to check is how many payment policies appear – if there are more than you are expecting then you’re being scammed on eBay and you’ll want to look more closely. If you see two payment policies that look identical, remember that hackers have been swapping an ‘l’ for an ‘I’ (lower case ‘L’, upper case ‘i’) as they look identical.
You can opt in to use eBay Business Policies here