Announcement

Collapse
No announcement yet.

New Ebay/Paypal Scam?? Anyone had this before

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Ebay/Paypal Scam?? Anyone had this before

    Hey,
    I just had an interesting experience - I guess you'd call it identity theft - someone just charged $1000 AUD for an iPhone to my paypal account!

    I think I know who it was too. I was selling a small item (part for a macbook) on ebay for a few bucks and some guy from Australia bought and immediately paid, I mean within 5 minutes of closing - but minus the shipping amount. I contacted him and eventually had to file a complaint through ebay. He finally gets in touch and says "oh, turns out that it won't fit my computer, sorry - refund my money and I won't leave you negative feedback. So after researching and finding no obvious way to make an issue of this, since he did pay partially pay and ebay has odd rules it seems for those instances, I ended up giving a refund, and he left glowing feedback.

    Flash forward a few hours. Fortunately I'm obsessive about checking email and about an hour ago I get one in saying congrats on your purchase of a new iPhone. At first I thought maybe my wife did it since she's been looking for one, although the price on this one was insanely high. But when I looked at the shipping address it was going to Yuri Svjagintsev in Virginia. Now, Virginia's a beautiful state, but I've only been there for about an hour in my whole life. And my wife, though American, is from Minnesota, so something's odd... When I look into it the address is showing as a "paypal confirmed" address, but it's not confirmed in my paypal account. So I have no idea how they did it, but I got scammed. My wife's on the phone with paypal and the banks (x3 since we have a bunch of accounts linked to paypal). What a pain!

    I'm nearly certain the way this happened was basically this - a guy is running a phony, or maybe semi legit, business in Australia selling iphones etc. He bids on items from sellers willing to ship internationally and wins, pays immediately, but only partially. Then he asks for a refund, and somehow in that rigamarole he gets my account login and password. He then uses that to order an iphone from himself to a fake address in the US, getting paid without shipping. How he's getting the address listed for my paypal account as confirmed I have no idea.

    Now just to be clear, my password was not "password" or somesuch. It was a random alphanumeric sequence 8 characters long. It's hash is not listed in any hash databases for any encryption algorithms I've ever checked. I thought I was being quite careful, but obviously it just goes to show that when you trust an outside entity for your security you're SOL if they want to lax.

    So, to get to the question - has anyone else experienced anything like this? Any suggestions (besides the obvious change passwords and contact paypal/the banks) on what I should do? I know I will likely never offer international shipping again, and that's a shame. Most international buyers I've dealt with have been easier to get along with than NA ones. But now I've got at least a week to live while paypal "investigates" that I don't have access to funds in 3 banks & their credit cards, besides paypal. Hmmm... I guess that'll be going down to 1 account from now on!

    Terry

  • #2
    Terry, I don't see how that would work? You can refund a Paypal transaction, but that's a specific payment -- there's a multi-digit transaction number that you're refunding. The other party has no further information about your account.

    Then he asks for a refund, and somehow in that rigamarole he gets my account login and password.
    I really don't think that's possible, unless you replied to a scam email with bogus Paypal links/information in it, and he actually snooped your login. If that's the case, there wouldn't be an actual refund processed by PayPal.

    But to be sure, you should never log in to Paypal through an email link...
    Last edited by lazlo; 05-12-2010, 06:57 PM.
    "Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did."

    Comment


    • #3
      Terry;

      This is why I have a dedicated savings account for Paypal transactions. I can transfer funds from one account to another online. But if PayPal tries to debit it without my permission, it will bounce! They can keep trying, but it fails until I transfer funds.

      Also I do not sell on Ebay anymore because they are a pile of crap. But I do use Paypal for other online sales, and purchases. When I receive a payment through Paypal, I immediately transfer it OUT of my account. So if the buyer trys to pull some sort of scam, I still have my money.

      Comment


      • #4
        Originally posted by ADGO_Racing
        Also I do not sell on Ebay anymore because they are a pile of crap.
        True, but they do have the best (machinist) toys
        "Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did."

        Comment


        • #5
          I deregistered my bank account entirely with paypal after they changed the default payment from my credit card to bank account with no notice.
          Yes.. 'Instant payment from my bank account!'.. that did not have the funds, So I had to rush down and put funds into the account in person to avoid an expensive, annoying/credit ruining bounced withdrawl.

          That then took 7 days to clear because 'instant payment!' is not instant in the slightest, and even tells the seller to NEVER EVER ship the item untill the 7 day 'Clearing funds' process is complete if the buyer uses his bank account.
          Resulting in my item taking another week to ship, just because paypal wants to screw me around and withdrawl from my bank account insted of CC, when it used to ALLWAYS default to CC.

          To clarify, Paypal advertises all over to the buyer that bank payment is 'INSTANT' but advertises all over to the seller to wait 7 days for it to clear.
          CC has 0 clearance time and is actualy Instant, and provides the buyer with MUCH more protection includeing chargeback incase of fraud. Paypal does not like it when its buyers have fraud protection.

          If you must register a bank account with paypal to withdrawl funds, Deregister it right after to avoid paypal scams/fraud. Only have your credit card registered with paypal as its the fastest and most secure way to pay for things through paypal.
          Play Brutal Nature, Black Moons free to play highly realistic voxel sandbox game.

          Comment


          • #6
            I had a laptop charged to me from Tiger Direct. They said they called and spoke to me to approve the transaction due to the amount. When asked what number they called it was not mine, although they INSISTED they got a 'verification' code from me.

            But I *HAVE* gotten some pretty convincing fishing e-mails that, unless CLOSELY examined would have you calling a 'support number' that was not even associated with the merchant. Like a USA seller (major chain) with a UK phone number.

            I like the idea of transferring money into a paypal only account and never linking with your real one.

            Comment


            • #7
              It is more likely that the two incidents are unrelated.

              The second e-mail is a common form of phishing. A fake Pay-Pal "confirmation is sent. If you reply to it to contest the charge, it will ask for your account information. Do not reply, but forward it to [email protected] They will confirm if it is an actual charge or a phishing scam. I suspect the latter as I have received several such e-mails.
              Jim H.

              Comment


              • #8
                You must watch Paypal closely. I too have had them switch from my CC to the bank account, without notice, or me telling them too/selecting that option.

                It obviously saves them money by doing that. They are supposedly there to protect us from the fraudsters, who protects us from Paypal and/or Ebay?

                Comment


                • #9
                  Look in your computer history and see if you unknowingly clicked on a link in an email that you thought was taking you to PayPal.

                  If I wanted you to send me some money via paypal I could tell you that here's an icon you can click on to pay me FOR YOUR CONVIEANCE. What you might not be aware of is that icon will take you to my website with a page I copied from paypal. So you answer the questions that the fake paypal is asking only you are really giving it to my website.
                  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                  Thank you to our families of soldiers, many of whom have given so much more then the rest of us for the Freedom we enjoy.

                  It is true, there is nothing free about freedom, don't be so quick to give it away.

                  Comment


                  • #10
                    My Wife sells a lot on Ebay and when she has several items coming down she will get emails from perspective bidders asking questions about an item that have attachments
                    that I am sure are key loggers and back doors to her computer she also gets links emailed to her that look just like Ebay or PayPal login pages asking her to log in to verify
                    something. Ebay and Paypal will not email you and ask you to log in to your account. If you enter your username and password into these pages the crooks have them.

                    Terry

                    Comment


                    • #11
                      I have not had any such problems yet ............... but Paypal will only default to your bank account. You have to choose "The more funding options" link and change it to your CC. It's a real pain to have to remember to do that every time and a few times late at night and tired I forgot to change it and once the payment is taken from your bank account it's done, no reversing it.

                      JL...................

                      Comment


                      • #12
                        Originally posted by lazlo
                        I really don't think that's possible, unless you replied to a scam email with bogus Paypal links/information in it, and he actually snooped your login. If that's the case, there wouldn't be an actual refund processed by PayPal.

                        But to be sure, you should never log in to Paypal through an email link...
                        I'm positive. Only myself and my wife have access to the account, all email for it is directed to a special gmail account, and there has been nothing come in that hasn't been legit - I rechecked them immediately. Both of us work in tech, and although I know that being tech-savy doesn't guarantee a mistake would be made, it wouldn't be through an illegitimate email. In fact we don't even reply to questions, etc. from ebay via email links - we always go to ebay and log in, then do whatever we need to do through MyeBay.

                        I agree that it shouldn't be possible assuming Paypal/eBay implemented a sensible security system. Having some experience in this stuff I know that's not always the case, even with some of the big boys. Just look at the trouble Facebook has been having recently.

                        Comment


                        • #13
                          Originally posted by Farbmeister
                          I had a laptop charged to me from Tiger Direct. They said they called and spoke to me to approve the transaction due to the amount. When asked what number they called it was not mine, although they INSISTED they got a 'verification' code from me.
                          Don't get me started on Tiger Direct. I've had them do the stupidest things - not send half and order (but bill me up until delivery, then reverse it) with no notice about what's sent or not, send duplicate items (eg 8x2GB DDR memory when 1 strip was ordered...), but the worse was when I ordered a 28" monitor for a CAD workstation for a client and they shipped a 21" instead, and then ARGUED FOR 20 MINUTES ON THE PHONE that the 21" was a better deal so that's why they shipped it. What?!?

                          I kissed my keyboard when Newegg came to Canada.

                          Comment


                          • #14
                            Originally posted by JCHannum
                            It is more likely that the two incidents are unrelated.

                            The second e-mail is a common form of phishing. A fake Pay-Pal "confirmation is sent. If you reply to it to contest the charge, it will ask for your account information. Do not reply, but forward it to [email protected] They will confirm if it is an actual charge or a phishing scam. I suspect the latter as I have received several such e-mails.
                            Just to clarify - I didn't click anything in any email. I went to ebay, logged in, and it's listed in My Ebay as a purchase (with the timestamp the same as the email indicated). I phoned PayPal and they confirmed. So it's not a spoof.

                            Comment


                            • #15
                              Originally posted by terry_g
                              ...she has several items coming down she will get emails from perspective bidders asking questions about an item that have attachments
                              that I am sure are key loggers and back doors to her computer ...

                              Terry
                              It wouldn't matter for me as we're running all Macs/OSX with no native win32 binary support, for that reason. Yes, theoretically an OSX binary could be sent but there'd be no way it'd get ran on any machine here. Nothing gets installed without my consent, and I log (and monitor log files) religiously. But I agree false attachments are a huge risk these days, particularly on Windows machines and/or machines set to run code in MS Office apps (which we don't use either).

                              Comment

                              Working...
                              X