We’ve heard back from Tamebay reader Iain who was one of those who feel victim in the eBay scam when a fraudster changed his eBay PayPal payment email address and at the time he lost around £8,000. Now it’s happened again.
Since being scammed the first time, Iain badgered eBay to help him set up payment polices but in themselves this is still not a secure option. It’s all too easy for a scammer to change the policies for a couple of hours and then change them back making it hard to notice the money dribbling out of the account as it’s not continuous.
Having just come back from a week’s holiday, Iain did a check and sure enough a new payment policy has been set up on his eBay account, although when spotted it wasn’t assigned to any listings. After a call to PayPal he discovered that there is a balance on the fraudster’s PayPal account so his worst fears have been realised – it looks like he’s being scammed again.
Naturally PayPal won’t divulge how much is in the account so Iain is waiting for eBay to supply a spreadsheet of transactions where the payments were diverted. On the plus side, this time around it’s only been running for 10 days at worst so losses will be limited. The question now is what method can be used to retrieve the funds from the fraudster’s PayPal account and return them to Iain, or will they end up simply being paid out to a fraudster as has happened in the past.
It’s worth noting that Iain has not been using 2-step verification – there are 7 employees who work on his eBay account and sometimes they’ll be at work before him and sometimes he needs to work from home in the evening. A text message to authenticate every log in simply isn’t practicable as it will only go to a single mobile phone and it can’t be in two places at once.
Today Iain has been looking at the possibility of ignoring text message 2-step verification messages as they come in as it’s then possible to request access to the account via email, but the option to do so appears to be missing when he’s tried to log in this way.
It’s fair to point out that we stopped writing about this eBay scam when readers stopped contacting us to say that they had fallen victim which tends to suggest that eBay have got a grip on the problem. We were being contacted daily, sometimes multiple times a day but Iain is the first to contact us for three weeks.
We’re hoping that this is a one off but it does demonstrate that it’s still possible for sellers to be compromised. If you’re not already using 2-step verification on your eBay account we would strongly recommend that you do so. Full instructions on how to set it up are available here.